[c-nsp] recommended Cisco router/firewall for 10 to 100Mbps, dual homed

Aivars aivars at ml.lv
Wed Jan 30 15:28:34 EST 2008 

Well, NBAR is CPU intensive, no doubt on that, however I have seen
in real life 1812 with NBAR on, 90M in, 60M out on the interface
and CPU load ~55%. I think this really depends on the traffic pattern.

Aivars

Wednesday, January 30, 2008, 9:15:47 PM, you wrote:

PR> Hi Patrick,

PR> The 2821 the Jim mentions theoretically does 87 mbps @ 170 kpps when
PR> fast/CEF switching. Add NBAR and you probably end up a lot nearer the
PR> router's process switching performance of 5.8 mpbs @ 11.5 kpps.

PR> It really depends a lot on what kind of traffic, what kinds of
PR> classification and so on. If you have a 10 Mb/s connection now and
PR> average is no more than about 6 Mb/s a 2821 would probably be fine most
PR> of the time. If you need to NBAR ~60 Mb/s average you probably need a
PR> 7200 NPE-G1 or similar. (It'll do 500 Mb/s CEF switched, ~40 Mb/s
PR> process switched.)

PR> Regards,
PR> Peter


PR> On Wed, 2008-01-30 at 13:49 -0500, Jim McBurnett wrote:
>> A 2821 would work nicely..
>> For true 100 Meg that may be stretched..
>> It has Gig E interfaces...
>> 
>> If you want full tables add some RAM...
>> YMMV..
>> 
>> Jim
>> 
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>>  [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Patrick
>>  Giagnocavo
>> Sent: Wednesday, January 30, 2008 12:13 PM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] recommended Cisco router/firewall for 10 to 100Mbps,
>>  dual homed
>> 
>> Hi
>> 
>> Currently I am using an OpenBSD box which has given no problems, as a
>> router/firewall for some colocated systems.
>> 
>> However, I would like to take advantage of some of the Cisco features
>> like NBAR, and the FTP proxy code (systems needing FTP with the
>> OpenBSD router lose most of their firewall protection because the FTP
>> proxy is not very good, so we just open a large range of ports).
>> 
>> We are using 10Mbps currently but want to buy something that can
>> handle 100Mbps as that is the next jump we will make.
>> 
>> Would a non-VXR 7204 do it?  1841?  We don't need VPN sessions, but
>> being able to SSH into the Cisco would be preferred.
>> 
>> Cordially
>> 
>> Patrick Giagnocavo
>> patrick at zill.net
>> 
>> 
>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/

PR> _______________________________________________
PR> cisco-nsp mailing list  cisco-nsp at puck.nether.net
PR> https://puck.nether.net/mailman/listinfo/cisco-nsp
PR> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list