[nsp] Cat6500 firewall service module
Tony Mucker
tony at tonymucker.com
Mon Nov 24 13:08:08 EST 2003
We currently have two in our 6509's that operate as primary and
secondary units. Of course, we don't run these things at anywhere near
top speed. Looking at my graphs it seems we peaked at just about 32k
connections.
We're still getting used to them. None of us around here were any good
at PIX OS when we got em, so we're still breaking them in. The only
real problems I can think of (which were mostly due to lack of
experience on our side) were the following:
* In a recent data center move, we reconfigured the units, and ran into
a problem with the FWSMs proxy arping. Only thing that had changed is
we added another interface. A quick call to the Cisco TAC introduced me
to my new favorite command, "sysopt noproxyarp."
* Can't do "router on a stick." Again, due to our inexperience.
* IOS issues. When we first got these things about 8 months ago, we ran
into a memory leak in our version of IOS. Luckily, when one 6509
failed, the other took over HSRP and the FWSM duties without a hitch.
My real complaint here is that you're going to be stuck on ED (early
deployment) IOS versions, if your organization can stomach this.
Other than those minor issues, they've performed very well for us. I'd
of course love to see the things handling more traffic then they are, of
course.
On Mon, 2003-11-24 at 07:04, Streiner, Justin wrote:
> Is anyone using or has anyone played with this modile from Cisco? I'm
> just curious what other peoples' experiences with it has been so far.
>
> http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html
>
> jms
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list