[c-nsp] ASA or FRSW in transparent mode over qinq
Raul Lopez Nevot
r.nevot at gmail.com
Fri Jul 11 14:27:51 EDT 2008
>
> > As far as I heard, now a single FWSM can scale to 50Gbps if you have a
> > Supervisor 720-10G-3C and don't want stateful inspection...
>
> The FWSM has a 6x1GB Etherchannel connection to the switch, so 50 Gbps
> seems a little much. Even then, a FWSM without stateful inspection would
> be a little pointless. The Sup720 can use L4 access-lists in hardware,
> so no reason to throw money away on the extra hardware.
>
> Regarding the scaling: A single FWSM can handle multi gigabit traffic in
> hundreds of contexts. Ten of these can do ten times that amount. :-)
> Just like having more than one router in a POP, there's nothing keeping
> you from having multiple FWSM installations, spreading the customers
> among them.
>
Some people told me about cisco expectation for the future release... this
speeds are achieved by authorizing only the connection on FWSM, and once
authorized, passing connections to the supervisor and not on the
etherchannel (to the supervisor forwarding engine). That's how they will
multiply speeds, not passing all the packets through FWSM (and that's why
it's incompatible with deep protocol inspection.
Yeah, I know it's only a rumor some people near cisco told me. I don't know
if anybody at cisco reading this list can confirm it.
Regards
More information about the cisco-nsp
mailing list