[c-nsp] recommended Cisco router/firewall for 10 to 100Mbps, dual homed
Jim McBurnett
jim at tgasolutions.com
Wed Jan 30 15:07:37 EST 2008
Peter, is right..
The gotcha here is full BW usage and NBAR..
There are a lot of things that add up..
If you want to Run an NBAR type feature, it is a CPU / throughput killer.
If you just want to see the type of traffic crossing a router, and not do per flow QoS- look for that in a separate box...
J
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Rathlev
Sent: Wednesday, January 30, 2008 2:16 PM
To: Patrick Giagnocavo
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] recommended Cisco router/firewall for 10 to 100Mbps, dual homed
Hi Patrick,
The 2821 the Jim mentions theoretically does 87 mbps @ 170 kpps when
fast/CEF switching. Add NBAR and you probably end up a lot nearer the
router's process switching performance of 5.8 mpbs @ 11.5 kpps.
It really depends a lot on what kind of traffic, what kinds of
classification and so on. If you have a 10 Mb/s connection now and
average is no more than about 6 Mb/s a 2821 would probably be fine most
of the time. If you need to NBAR ~60 Mb/s average you probably need a
7200 NPE-G1 or similar. (It'll do 500 Mb/s CEF switched, ~40 Mb/s
process switched.)
Regards,
Peter
On Wed, 2008-01-30 at 13:49 -0500, Jim McBurnett wrote:
> A 2821 would work nicely..
> For true 100 Meg that may be stretched..
> It has Gig E interfaces...
>
> If you want full tables add some RAM...
> YMMV..
>
> Jim
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Patrick
> Giagnocavo
> Sent: Wednesday, January 30, 2008 12:13 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] recommended Cisco router/firewall for 10 to 100Mbps,
> dual homed
>
> Hi
>
> Currently I am using an OpenBSD box which has given no problems, as a
> router/firewall for some colocated systems.
>
> However, I would like to take advantage of some of the Cisco features
> like NBAR, and the FTP proxy code (systems needing FTP with the
> OpenBSD router lose most of their firewall protection because the FTP
> proxy is not very good, so we just open a large range of ports).
>
> We are using 10Mbps currently but want to buy something that can
> handle 100Mbps as that is the next jump we will make.
>
> Would a non-VXR 7204 do it? 1841? We don't need VPN sessions, but
> being able to SSH into the Cisco would be preferred.
>
> Cordially
>
> Patrick Giagnocavo
> patrick at zill.net
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list