[c-nsp] 7200 vs. 7600

F. David Sinn dsinn at dsinn.com
Tue Oct 5 18:00:22 EDT 2004

So the Sup720 affords you the best set of options to do what you want.

You are correct about my comment on dot1q.  Not too sure about BPDU or 
CDP filtering, as I haven't tried turning them off.

The Sup720 with the 3BXL will be more then capable to handle a full 
route table in the TCAM on the PFC.  Just make sure you have enough 
DRAM (128Meg's +) to handle multiple BGP feeds.  That being said, a 
Sup2/MSFC2 can take full routes too, though not if you also want uRPF.  
uRPF is also a PFC enabled feature, so you should be good there on the 

Normal extended and named ACL are supported on the PFC and with the 
3BXL you can get hit counters again.  Not sure what you were meaning by 
more complex.

L2TP is not implemented on the PFC.  They have done GRE, so support for 
L2TP shouldn't be too hard, but you will need to ask Cisco if they have 
it on their roadmap.

Netflow can be an issue if you have too many flows, in that you can 
blow out the Netflow TCAM cache.  I haven't tested the real to 
advertised flow cache ability of a 3BXL, but have seen issues with the 
PFC2 which has half as many entries.  Ad servers and others that lots 
of tiny flows normally are the spots you will see this.

You will also be able to V6 and Multicast in hardware.  One careful 
note:  Partial switched multicast flows are troublesome (especially 
with OSM's) and result when the set of active interfaces don't share 
the same MTU.  So if your WAN links have greater then 1500 MTU, punts 
can ensue (along with other strangeness on the OSM).  It is cleanest to 
have just 1500 byte MTU, but may not be doable in your environment.

Hope that helps.


On Oct 4, 2004, at 12:32 PM, Ryan O'Connell wrote:

> On 04/10/2004 18:52, F. David Sinn wrote:
>> What Supervisor are you looking to use in your 7600?  That will 
>> determine some of the answers to your questions below.
> Sup720-3BXL, specifically to start with:
> C7609-SUP720XL-PS
> WS-CAC-4000W-INT (Second PSU)
> WS-X6548-GE-TX (For peering/transit connections and connections to 
> access-layer switches)
> OSM-4OC3-POS-SI+ (For aggregation/leased line termination)
>> The only one that is consistent is the re-use of dot1q tags.  Since 
>> the 7600 is a ethernet switch at heart, using the same tag on two 
>> interfaces puts them on the same broadcast domain.  Also, I don't 
>> believe that they have implement the physical sub-interface style of 
>> configuration for dot1q as the regular routers do, so you would have 
>> to migrate to VLAN interfaces to support dot1q (please correct me if 
>> this has been fixed).
> Not sure I follow in terms of "VLAN interfaces"? Do you mean you can 
> only do:
> interface GigabitEthernet1/1
>  switchport
>  switchport mode trunk
>  switchport trunk allowed vlan 111,222
> !
> interface VLAN111
>  ip address
> !
> interface VLAN222
>  ip address
> But not:
> interface GigabitEthernet1/1
>  no ip address
> !
> interface GigabitEthernet1/1.111
>  encapsulation dot1q 111
>  ip address
> !
> interface GigabitEthernet1/1.222
>  encapsulation dot1q 222
>  ip address
> I can cope with that, as long as features such as BPDU filter are 
> still available on ports configured as switchports. (I.e. I don't want 
> customers/peering partners seeing BPDUs, CDP etc etc. and I don't want 
> them sending me similar and breaking things)
> I've heard mention that the TCAM table on the 7600s can't handle a 
> full routing table - however, I've been unable to verify this so I 
> suspect it applies to Sup2s/MSFC2s and below only.
>> On Oct 3, 2004, at 1:49 AM, Ryan O'Connell wrote:
>>> Looking at the second hand cost of 6500/7600 parts vs. 7200s, 
>>> they're very well priced so I'm considering 7600s instead of 
>>> upgraded/additional 7200s with NPE-G1s for a forthcoming network 
>>> upgrade.
>>> However, I'm aware there are some things a 7600 can't do that a 7200 
>>> with trunks to a lot of attached switches can. The ones I'm aware of 
>>> are:
>>> - It appears you can't (usefully) do anything ADSL/L2TP related on 
>>> the 7600. (Which means you can't terminate an ATM circuit from a 
>>> provider on it and use it as an L2TP Tunnel Switch, nor can you 
>>> terminate L2TP circuits on it)
>>> - You can't use the same dot1q encapsulation on two seperate 
>>> interfaces, even if they're configured as Layer 3 interfaces.
>>> - I presume the same restrictions on ACLs apply as when using 6500s 
>>> with MFSCs in Hybrid mode. (I.e. src/dst port/ip can be 
>>> hardware-switched, if you put anything more complex in there it's 
>>> going to be process-switched and kill the CPU)
>>> Is everything else possible? Features I'm using excluding ADSL at 
>>> the moment are pretty basic ISP ones - BGP, OSPF, SPAN, ip verify 
>>> unicast reverse-path, ACLs, BPDU filter, (Which I guess I won't need 
>>> on 7600) Leased Line aggregation, (PA-MC-STM-1MM, but that could 
>>> stay on a 7200) Netflow and some fairly basic rate-limiting on some 
>>> (troublesome) customers ports. I'll probably also need Multicast 
>>> soon and IPv6 "sometime".
>>> -- 
>>>         Ryan O'Connell - CCIE #8174
>>> <ryan at complicity.co.uk> - http://www.complicity.co.uk
>>> I'm not losing my mind, no I'm not changing my lines,
>>> I'm just learning new things with the passage of time
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> -- 
>         Ryan O'Connell - CCIE #8174
> <ryan at complicity.co.uk> - http://www.complicity.co.uk
> I'm not losing my mind, no I'm not changing my lines,
> I'm just learning new things with the passage of time

More information about the cisco-nsp mailing list