[c-nsp] Upgrading edge router

Ben Steele ben.steele at internode.on.net
Tue Nov 11 19:50:14 EST 2008 

Without looking at the article (don't have time right now) "flexible packet
matching" and firewalling are definitely 2 different things, i'd say packet
matching is referring more to something like NBAR with some additional
features, remember it only says packet matching(not blocking), the latter is
the full stateful firewall feature set, so if you aren't wanting it to do
proper firewalling then you want that one.

As for licenses this one is a little weird, basically adv enterprise is
cheaper than adv ip even though it has all the features of adv ip, seems to
be purely based on ppl not wanting features they will never use available on
an image and Cisco making them pay more for that feature, my advice is buy
the cheaper adv enterprise, it will do IPv6.



-----Original Message-----
From: Affan Basalamah [mailto:affanzbasalamah at gmail.com] 
Sent: Tuesday, 11 November 2008 10:25 PM
To: Ben Steele
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Upgrading edge router

Thank you for your prompt response,
I would like to know a thing about ASR1000 software components :

- It says on ASR1000 software ordering guide
(http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_
c07-448862.html)
that there is a FPM (flexible packet matching) service license and
Firewall service license. I would like to know the difference between
two license, since the latter cost the double from the former.
- What version of IOS-XE is integrated in ASR1000 bundle ? Is it IP
Base or Advanced IP Services ? I would like to run IPv6  on the
router, so the router will need Advanced IP Services IOS.

Regards,

-affan

On Tue, Nov 11, 2008 at 6:08 PM, Ben Steele <ben.steele at internode.on.net>
wrote:
> I'd try and go the ASR1002 option, it shouldn't be too far off your 35k
> budget without smartnet, although i'd recommend maintenance on the
software
> as you will want access to TAC for bugs, also if you can option in the HA
> feature so you can get ISSU.
>
> With 5Gb of throughput, dual psu and 4Gb(SFP) int's out the box with room
> for expansion it's good bang for buck, the ASR is really aimed as the next
> generation 7200 swiss army knife, being a software based feature platform
> rather than a hardware(ie 7600/6500) it's a welcome new product and you
> should see good life out of it, it has some limitations in its current
form,
> the only one that may concern you with your list that I can think of is
lack
> of AToM MPLS support, but that is due out in upcoming software release.
>
> Put the quagga to rest! :)
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Affan Basalamah
> Sent: Tuesday, 11 November 2008 9:19 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Upgrading edge router
>
> Hi all,
>
> I am network admin in university that have a UNIX PC that functions as
> core router and firewall to accomodate :
> - 2 x 45 Mb link to research education network (REN)
> - 100Mb link to local exchange point
> - 10Mb link to Internet
> Currently we accept partial route from Internet, and aggregated with
> REN prefixes, we have at least 30k prefixes.
>
> We would like to upgrade our router to accomodate :
> - new STM-1 link (physical connector is not STM1 port, but it is
> converted to Gigeth by our telco)
> - at least 4 1000BaseT port
> - firewall feature (packet filter and inspection) would be nice
> - IPv6 multicast and MPLS feature
> - can keep up the load at least for 5 years
> - budget around $35k
>
> I have done some research, and our choice could come to :
> - Cisco 7603 with Sup32. I think this is the cheapest solution with 8
> port gigabit ethernet, but I don't know whether it could handle the
> load. I also see it as integrated packet inspection with PISA
> daughterboard, but I don't have any experience with that. The
> supervisor is a bit old compared to ASR1000.
> - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet
> inspection, but I don't know whether it can suit the budget.
> - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't
> compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit
> ports, and separate AS module can cost you too much. I don't know
> whether it suits the budget.
> - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had
> experience with this box, but the specs looks promising, and maybe it
> suits the budget.
>
> I would like your suggestion about my plan above, perhaps I can come
> out with better plan.
>
> Thank you,
> Regards,
>
> -affan
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 10/11/2008
> 7:53 AM
>
>

More information about the cisco-nsp mailing list