[c-nsp] Cisco gear for hosting provider

Matthew Marlowe matt at deploylinux.net
Sun Nov 19 23:18:30 EST 2006 

We just had a similiar business requirement here, and decided to deploy two Cisco 3845's w/ 
1 EtherSwitch Service Module in each. the service modules have built Cat3750 Stack 
connectors and management of the 3750 stack can be performed directly in the router.

Pro:
   Service contracts are cheaper as we get rid of some switches and firewalls
   IPS weekly signature updates + AIM-VPN on the 3845 are quite nice (no need for seperate firewalls, 
       or vpn concentrators and able to filter all ingres links)
   built in redundant power supplies compared to the 2800's, no need for redundant power on some switches
   1GB ram and minimal worries about being dropped into process switching on ISR's
   Builtin Dual Gige Ports + 4 Network Module Slots + 4 HWICS
   Add on cards are relatively inexpensive (50% less?) compared to 7200/7500
   ISR platform but nearly every component is easy to swap in/out, OIR on network modules
   Very reliable downlink to switching layer
   Should be well supported for any reasonable life time.

Con:
   Hardware relatively expensive
   Even though the 3845 is rated to ~250Mbps, enabling IPS + ip inspect effectively results in a max of 50-100Mbps.
   We have to run 12.4T, ugh......TAC will be our best friend.
   No real long term experience in hosting provider environment, vendors also arent very familiar with the config
   Some questions about BGP scaleability, but given that I've seen 3662's do many bgp peers fine in the past - no real concern.

I think what sold us is consolidated/ease of manageability, nice integration/downlink to the 3750's, and relatively 
low long term support contract costs which if the gear lasts 5-10 years will be much more than the initial 
hardware.  Given that we are supporting a hosting environment, our clients appreciate the filtering on all ingress + weekly IPS updates.

Of course, our needs on the hosting front are a little different -- all the systems are client owned standardized vmware esx 
boxes w/ their own local storage.   Security + reliability + FE density + ease of management are much more important than 
raw performance or cost.   I'm not sure we'll ever exceed 100Mbps, but easily have a dozen wan links (t-1 / ipsec over gre / bgp).

Matt

More information about the cisco-nsp mailing list