[c-nsp] 2801 - can it handle this?

[Roy]

Michael Malitsky wrote:
>> Date: Sun, 4 May 2008 00:36:01 -0500
>> From: "Dan Letkeman" <danletkeman at gmail.com>
>> Subject: [c-nsp] 2801 - can it handle this?
>> To: cisco-nsp at puck.nether.net
>> Message-ID:
>> 	<dcbb85870805032236w46b1b210k492dec5603593107 at mail.gmail.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> Hello,
>>
>> I have a 2801 router with the firewall IOS.   I have a 10mbit
>> connection to the internet.  There will be anywhere from 100-300 users
>> using this router for browsing the internet at one time.
>>
>> I will be running ips and some security acl's.  No voip, maybe one or
>> two video connections.
>>
>> Will this router be able to handle this amount of connections?
>>
>> Thanks,
>> Dan.
>
>
> The specs from Cisco say no problem, but I've run into a number of
> issues trying to use ISRs (2800 and 1800 series) for multiple purposes
> simultaneously (router, firewall, etc).  The closest case I had to your
> scenario was trying to use 2 2811s as a failover/redundant firewall with
> NAT and IPS.  We hardly had traffic reaching 10Mb, but the setup kept
> crashing - the reason was never fully tracked down, TAC was taking too
> long.  Replaced with a pair of ASAs, not a single hiccup since.  
> Similar experiences elsewhere - I don't see these platforms as viable
> for firewall/IPS purposes unless the traffic levels are very low.  I
> don't know if this is due to bugs or performance limitations.
> For similar money, the PIX or ASA appliances are far more stable and can
> handle much higher loads.
>
> Michael
>
>   
I too would be a little cautious on selecting the 2801.  The Cisco 
router performance guide shows the 2801 rated at 90 kpps and 46 Mbps but 
only in the CEF mode.  Process switch shows only 2 kpps and 1.5 Mbps.  
The connection starts and stops will be process switched so an active 
user population could stress the 2801.

Roy