[c-nsp] recommended Cisco router/firewall for 10 to 100Mbps, dual homed

Peter Rathlev peter at rathlev.dk
Wed Jan 30 14:15:47 EST 2008 

Hi Patrick,

The 2821 the Jim mentions theoretically does 87 mbps @ 170 kpps when
fast/CEF switching. Add NBAR and you probably end up a lot nearer the
router's process switching performance of 5.8 mpbs @ 11.5 kpps.

It really depends a lot on what kind of traffic, what kinds of
classification and so on. If you have a 10 Mb/s connection now and
average is no more than about 6 Mb/s a 2821 would probably be fine most
of the time. If you need to NBAR ~60 Mb/s average you probably need a
7200 NPE-G1 or similar. (It'll do 500 Mb/s CEF switched, ~40 Mb/s
process switched.)

Regards,
Peter


On Wed, 2008-01-30 at 13:49 -0500, Jim McBurnett wrote:
> A 2821 would work nicely..
> For true 100 Meg that may be stretched..
> It has Gig E interfaces...
> 
> If you want full tables add some RAM...
> YMMV..
> 
> Jim
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
>  [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Patrick
>  Giagnocavo
> Sent: Wednesday, January 30, 2008 12:13 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] recommended Cisco router/firewall for 10 to 100Mbps,
>  dual homed
> 
> Hi
> 
> Currently I am using an OpenBSD box which has given no problems, as a
> router/firewall for some colocated systems.
> 
> However, I would like to take advantage of some of the Cisco features
> like NBAR, and the FTP proxy code (systems needing FTP with the
> OpenBSD router lose most of their firewall protection because the FTP
> proxy is not very good, so we just open a large range of ports).
> 
> We are using 10Mbps currently but want to buy something that can
> handle 100Mbps as that is the next jump we will make.
> 
> Would a non-VXR 7204 do it?  1841?  We don't need VPN sessions, but
> being able to SSH into the Cisco would be preferred.
> 
> Cordially
> 
> Patrick Giagnocavo
> patrick at zill.net
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list