[c-nsp] Smallest VPN/OSPF capable router
Matthew Marlowe
matt at deploylinux.net
Wed Dec 27 11:48:41 EST 2006
>> >
>> > 2801 with AES128/SHA1/GRE encapsulating large packets and no
>> > AIM will come in around 20mbit/s (so you can infer that 1841
>> > won't be quite enough), but with the AIM-VPN will bump up to
>> > around 40.
>>
>> However, if you are planning any sort of routing or QoS or filtering,
>> something a bit more beefy might be wise. If you are going up to 100mbps,
>> something like a 2851 or 3825 minimum, or a 3845 for some headroom.
>>
>> http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.
>> pdf
>>
>>
I've found the routerperformance pdf to be misleading for heavily utilized ISR routers, especially where all the security features are enabled. For instance, the routerperformance guide would suggest 250Mbps for the 3845..but we actually are limited to 50-80Mbps here.
If you carefully read:
http://www.cisco.com/en/US/products/ps5854/products_qanda_item0900aecd80169bd6.shtml
you'll see that cisco actually makes the recommendation that 2801 -> single t1, 2811 -> dual t-1, 2821 -> quad t-1, and 2851 6 x t-1. The 3825 is designed for 1/2 t-3, and the 3845 for full t-3. After seeing some 2801's lag noticeably in office locations even
with a single dsl line, we've pretty much found that keeping to the guidelines above is the safest bet if you dont want any performance surprises.
Of course, sure, if all you are doing is some minimal routing -- the ISR's are blazingly fast for the price compared to their predecessors, but since these are usually deployed in offices to provide consolidated networking -- better to plan for alot of services being enabled.
Also, keep in mind that there are significant differences in noise, number of useable HWIC slots, high-reliability features, and memory limits for the various ISR's. When everything is taken into account, we've generally decided to deploy 2821's in all small offices and 3845's in larger ones. The 2801's just aren't powerful enough, and the lack of gigE slots for switch downlinks and the various hwic slot limitations in the model mean that you are sacrificing quite alot of capabilities for a minimal price savings compared to 2821.
Matt
More information about the cisco-nsp
mailing list