[c-nsp] CSM for service providers

Mon Apr 7 18:24:21 EDT 2008

I've been running the CSM for about the year and a half I've been at the
service provider I work for. I like the fact that it's pretty scalable and
that you can be multiple "L2 hops" down the line and build it out however
you like, and every port in the chassis is a load balanced capable port... I
haven't been using the config sync feature since it requires a CSM software
upgrade, which requires us to do an IOS upgrade; from what I can hear I
haven't missed much. The fault tolerance has worked alright, I just had my
first failover last night - I had some config sync related issues but that
was due to our environment and not the blade... I push a fair amount of
traffic through it and it doesn't skip a beat. However, other than the basic
load balancing / health probes and the occasional serverfarm nat, I don't
really use the CSM to it's fullest extent. I will also agree that the
documentation is horrible; I learned more by running it than I ever did
reading the documentation... Overall I think it's pretty decent though... I
did hear it's on it's way out also, but I haven't used the ACE....

Chris

On Mon, Apr 7, 2008 at 5:33 PM, Ross Vandegrift <ross at kallisti.us> wrote:

> On Mon, Apr 07, 2008 at 08:30:17PM +0000, Ramcharan, Vijay A wrote:
> > Last I knew, the CSM was on its way out and being replaced with the ACE
> > blade/appliance. That's not quite the answer to the question you asked
> > but it does address the long term viability issue. I don't believe you
> > should be looking at the CSM as a long-term solution. If it's in place
> > and working then it may have some life left in it. If it's for a new
> > deployment, look elsewhere. I mean seriously look at other options. You
> > just need to look at the bug list for the ACE releases to get a teeny
> > bit wary of the ACE in general. There is no Safe Harbor code release as
> > yet and it's been probably over a year since the product was available.
>
> We have two existing CSM installations, and the question is going to be
> do we size-up these to match demand or do we start moving to another
> solution?
>
> As for the ACE: unless the ACE represents substantial benefits,
> there's no way the cost of all the license crap is going to be worth
> it.  And if Cisco wants to hold us CSM customers hostage for working
> redundancy, we'll find another solution.
>
> Interesting that the safe-harbor listing is gone - CSM does receive
> safe-harbor qualifications, and I know that 4.2(5) was previously
> listed as receiving qualifications.  See the stub at:
>
> http://www.cisco.com/en/US/docs/safe_harbor/enterprise/csm/4_2_5__12_2_18_sxf5/425.html
> Interesting that this isn't linked from the main safe-harbor page
> anymore.
>
> Moreover, CSM 3.X has announced end-of-support in 2011.  While there
> is no comparable EOL/EOS data (that I know of) on CSM 4.2 software, I
> have no reason to think it's going to drop out of support soon.
>
> Ross
>
>
> >
> > Vijay Ramcharan
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ross Vandegrift
> > Sent: April 07, 2008 15:20
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] CSM for service providers
> >
> > Hello everyone,
> >
> > I'm looking to solicit some input from others that are using the Cisco
> > CSM, in particular, service providers that are using it to host layer
> > 4-7 switching for customers.  The archives don't seem to have a ton of
> > opinions on these guys.
> >
> > In general, I like the device's performance and scalability.  I have
> > actually seen them handle a million simultaneous sessions, and I've
> > seen VIPs with 900+k sessions cause no impact to other VIPs.
> >
> > However, we're run into some issues that are a bit troublesome:
> >
> > 1) Fault-tolerance is a feature that was obviously tacked-on after the
> > fact.  Config sync is slow process that interacts badly with other IOS
> > features like SNMP.  We've been reduced to manually syncing all
> > configs because of IOS crash risk associated with config-sync.
> >
> > 2) The documentation is awful.  I have read pretty much everything
> > Cisco has published and some that hasn't been published.  There's more
> > undocumented features to this device than there are documented features!
> > Has anyone found any good resources?  I've read the configuration
> > guide, Designing Content Switching solutions, Content Network
> > Fundamentals, and some random MS Word files I've been emailed from
> > TAC.  They are all crappy.
> >
> > 3) There's a general mystery surrounding the CSM - it's incredibly
> > difficult to get decent answers to fairly simple questions.
> >
> >
> > In short - I basically like the CSM, but I'm questioning it's long-term
> > viability right now.  Any input would be greatly appreciated.
> >
> >
> > --
> > Ross Vandegrift
> > ross at kallisti.us
> >
> > "The good Christian should beware of mathematicians, and all those who
> > make empty prophecies. The danger already exists that the mathematicians
> > have made a covenant with the devil to darken the spirit and to confine
> > man in the bonds of Hell."
> >       --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> Ross Vandegrift
> ross at kallisti.us
>
> "The good Christian should beware of mathematicians, and all those who
> make empty prophecies. The danger already exists that the mathematicians
> have made a covenant with the devil to darken the spirit and to confine
> man in the bonds of Hell."
>        --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>