[c-nsp] CSM for service providers

Fred Reimer freimer at ctiusa.com
Tue Apr 8 09:06:44 EDT 2008 

Sounds like no one has used the ACE.  I have for two customers, one in
production for approx six months and the other not in production yet.  Other
than some issues with the new load balancing with the GSS, which hopefully
has been resolved now, we haven't run into any problems.

I'm not in sales, so I don't have to worry about cost ;-), but I do know
there was, and still may be, a special on the appliance (not the module)
where you get some large percentage off (35% or 50% or something) in
addition to your normal Cisco discount.  So if you are interested in an ACE,
pick one up now...

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Chris Riling
> Sent: Monday, April 07, 2008 6:24 PM
> To: Ross Vandegrift
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] CSM for service providers
> 
> I've been running the CSM for about the year and a half I've been at
> the
> service provider I work for. I like the fact that it's pretty scalable
> and
> that you can be multiple "L2 hops" down the line and build it out
> however
> you like, and every port in the chassis is a load balanced capable
> port... I
> haven't been using the config sync feature since it requires a CSM
> software
> upgrade, which requires us to do an IOS upgrade; from what I can hear I
> haven't missed much. The fault tolerance has worked alright, I just had
> my
> first failover last night - I had some config sync related issues but
> that
> was due to our environment and not the blade... I push a fair amount of
> traffic through it and it doesn't skip a beat. However, other than the
> basic
> load balancing / health probes and the occasional serverfarm nat, I
> don't
> really use the CSM to it's fullest extent. I will also agree that the
> documentation is horrible; I learned more by running it than I ever did
> reading the documentation... Overall I think it's pretty decent
> though... I
> did hear it's on it's way out also, but I haven't used the ACE....
> 
> Chris
> 
> On Mon, Apr 7, 2008 at 5:33 PM, Ross Vandegrift <ross at kallisti.us>
> wrote:
> 
> > On Mon, Apr 07, 2008 at 08:30:17PM +0000, Ramcharan, Vijay A wrote:
> > > Last I knew, the CSM was on its way out and being replaced with the
> ACE
> > > blade/appliance. That's not quite the answer to the question you
> asked
> > > but it does address the long term viability issue. I don't believe
> you
> > > should be looking at the CSM as a long-term solution. If it's in
> place
> > > and working then it may have some life left in it. If it's for a
> new
> > > deployment, look elsewhere. I mean seriously look at other options.
> You
> > > just need to look at the bug list for the ACE releases to get a
> teeny
> > > bit wary of the ACE in general. There is no Safe Harbor code
> release as
> > > yet and it's been probably over a year since the product was
> available.
> >
> > We have two existing CSM installations, and the question is going to
> be
> > do we size-up these to match demand or do we start moving to another
> > solution?
> >
> > As for the ACE: unless the ACE represents substantial benefits,
> > there's no way the cost of all the license crap is going to be worth
> > it.  And if Cisco wants to hold us CSM customers hostage for working
> > redundancy, we'll find another solution.
> >
> > Interesting that the safe-harbor listing is gone - CSM does receive
> > safe-harbor qualifications, and I know that 4.2(5) was previously
> > listed as receiving qualifications.  See the stub at:
> >
> >
> http://www.cisco.com/en/US/docs/safe_harbor/enterprise/csm/4_2_5__12_2_
> 18_sxf5/425.html
> > Interesting that this isn't linked from the main safe-harbor page
> > anymore.
> >
> > Moreover, CSM 3.X has announced end-of-support in 2011.  While there
> > is no comparable EOL/EOS data (that I know of) on CSM 4.2 software, I
> > have no reason to think it's going to drop out of support soon.
> >
> > Ross
> >
> >
> > >
> > > Vijay Ramcharan
> > >
> > > -----Original Message-----
> > > From: cisco-nsp-bounces at puck.nether.net
> > > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ross
> Vandegrift
> > > Sent: April 07, 2008 15:20
> > > To: cisco-nsp at puck.nether.net
> > > Subject: [c-nsp] CSM for service providers
> > >
> > > Hello everyone,
> > >
> > > I'm looking to solicit some input from others that are using the
> Cisco
> > > CSM, in particular, service providers that are using it to host
> layer
> > > 4-7 switching for customers.  The archives don't seem to have a ton
> of
> > > opinions on these guys.
> > >
> > > In general, I like the device's performance and scalability.  I
> have
> > > actually seen them handle a million simultaneous sessions, and I've
> > > seen VIPs with 900+k sessions cause no impact to other VIPs.
> > >
> > > However, we're run into some issues that are a bit troublesome:
> > >
> > > 1) Fault-tolerance is a feature that was obviously tacked-on after
> the
> > > fact.  Config sync is slow process that interacts badly with other
> IOS
> > > features like SNMP.  We've been reduced to manually syncing all
> > > configs because of IOS crash risk associated with config-sync.
> > >
> > > 2) The documentation is awful.  I have read pretty much everything
> > > Cisco has published and some that hasn't been published.  There's
> more
> > > undocumented features to this device than there are documented
> features!
> > > Has anyone found any good resources?  I've read the configuration
> > > guide, Designing Content Switching solutions, Content Network
> > > Fundamentals, and some random MS Word files I've been emailed from
> > > TAC.  They are all crappy.
> > >
> > > 3) There's a general mystery surrounding the CSM - it's incredibly
> > > difficult to get decent answers to fairly simple questions.
> > >
> > >
> > > In short - I basically like the CSM, but I'm questioning it's long-
> term
> > > viability right now.  Any input would be greatly appreciated.
> > >
> > >
> > > --
> > > Ross Vandegrift
> > > ross at kallisti.us
> > >
> > > "The good Christian should beware of mathematicians, and all those
> who
> > > make empty prophecies. The danger already exists that the
> mathematicians
> > > have made a covenant with the devil to darken the spirit and to
> confine
> > > man in the bonds of Hell."
> > >       --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > --
> > Ross Vandegrift
> > ross at kallisti.us
> >
> > "The good Christian should beware of mathematicians, and all those
> who
> > make empty prophecies. The danger already exists that the
> mathematicians
> > have made a covenant with the devil to darken the spirit and to
> confine
> > man in the bonds of Hell."
> >        --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3080 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080408/0a0a9263/attachment.bin

More information about the cisco-nsp mailing list