[c-nsp] Router/switch suggestions

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Thu Aug 26 10:05:10 EDT 2004


james,

	i tend to agree with most of your ideas except the one about the
firewall 
	as a router. routing software can be complicated code and i
certainly don't
	think i want that code running on the firewall.

	let routers route and firewalls protect.

v/r,
~piranha


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of James
Sent: Wednesday, August 25, 2004 3:08 PM
To: Olav Langeland
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Router/switch suggestions


On Wed, Aug 25, 2004 at 12:31:51PM +0200, Olav Langeland wrote:
> Hi,
> 
> I am putting together a proposal for border routers and core switches at
> a new hosting facility.
> 
> The routers should be able to handle STM-1 (and up), gigabit ethernet,
> BGP, Netflow, CEF. Nothing exotic , so a stable workhorse is good. I was
> looking at 7206, but NSE-1? NPE-400? What is the major differences
> between these two?

NPE-400... let see.. that thing tips over with OC3 full of small-packet
DDoS. :(

NSE-1 AFAIK (correct me please if I am wrong here..) is NPE300 with PXF
acceleration. I've heard mediocre to bad stories about PXF mostly in
software
bugs.

If I were you... NPE-G1 finally makes a 7200 extremely useful again.. ;)

Juniper M5 or M7i can also be a viable alternative as well. 

> 
> Core switches, maybe 6503 or 6506? They would basically push out fiber
> to Catalyst 3500/3550 switches, do VLANs and ACL on VLANS. Peeked at
> cisco.com and if I understand it correctly, sup720 is a big brother
> version of the sup2? With a sup2 I would also need a MSFC2 module?

Depends on what you are trying to accomplish. Are you looking for Layer3
core routing using these switches? If so 6500 is the way to go. Yes you
definately need MSFC2 for routing heavy traffic with full routes.
If you are looking for just layer2 and vlan capabilities, and be able to
just
dot1q-trunk them up to the routers, then msfc2 isn't really necessary; you 
should be able to just do it fine with 3550, 3750's even.. But since you 
mentioned "ACL" I assume you are looking for layer3 routing.


> 
> Both routers and switches will be setup 2x in a redundant layout
> ofcourse. Firewalls is not a part of this deal, but will be placed i the
> middle (routers <-> firewall <-> switches). Thanks for any comments or
> suggestions. 

Just make sure your firewalls are capable to route as much as your routers
and core switches.. Usually firewalls go at the access layer or below..

HTH,
-J

-- 
James Jun                                            TowardEX Technologies,
Inc.
Technical Lead                        Network Design, Consulting, IT
Outsourcing
james at towardex.com                  Boston-based Colocation & Bandwidth
Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc:
www.twdx.net
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list