[c-nsp] Beyond 1 Gbps

Zoe O'Connell zoe at complicity.co.uk
Fri Aug 4 09:18:47 EDT 2006


On Fri, Aug 04, 2006 at 08:56:13AM -0400, Joe Loiacono wrote:
> We have a 6509 GigE link that is becoming saturated. The 6509 connects to 
> a Juniper M10 and there is a firewall between them. In this situation, a 
> migration to 10GigE looks too expensive.
> 
> So one would think EtherChannel. However, now both the firewall and the 
> Juniper have to be able to do EtherChannel (I've seen the recent 
> discussion on Fast Ether Channel vs. IEEE 802.3ad.)
> 
> Anyone have any experience in getting past 1GigE in a mixed environment 
> like this?

You should be OK, the main caveat that springs to mind is to watch the
load-balancing algorithms. Depending on your CatOS/IOS/Sup, you might be
restricted to MAC-address load-balancing only which would probably mean
you can't go past 1Gb/s - certainly later IOSes on the Sup720 use the
source and destination IPs by default. I can't speak for the Juniper
side of things as I've never got into that much depth with them.

I'm assuming that the firewall you have is some form of routing firewall
rather than a transparent ("Layer 2") one - any issues you face will
probably be relevant to the Cisco->Firewall and Juniper->Firewall
interaction.


More information about the cisco-nsp mailing list