[c-nsp] Recommended 2800 ISR

Matthew Marlowe matt at deploylinux.net
Fri Sep 5 10:52:42 EDT 2008


Cisco actually is pretty honest about the performance of the routers with
most/all security features enabled if you go to the QA section of the
product pages and click on router model and look for the question "What is
the performance of router XX?".     At which point, they'll state that a
Cisco 3845 can process a single T3 and that the 28xx's performance is
measured in multiples of T-1's (with 2851 being 6xT1 and 2801 being 1xT1).

I've done some measuring of 2800/3800 series performance and the statements
seem to be born out.  If you have the acl's/inspection/ips enabled, a 3845
really will give out around 50Mbps, even though the router is rated with a
raw capacity of ~250Mbps.  If you just have reasonable acl's and stateful
firewall/inspection features, performance seems to double and you might get
~100Mbps on a 3845 imho, I'd think the ratio would be about the same on a
28xx(2851 -> 18Mbps?).  Your mileage may vary.

The recommendation to look at ASA's is pretty good and would be cheaper.
Otherwise, among the ISR's, a 3825 would be the safe bet.

Regards,
Matt
--
Matthew Marlowe                              matt at deploylinux.net
DeployLinux Consulting, Inc                  Direct: 858-217-5730
Senior Infrastructure Consultant             Office: 888-459-0515
Cell: 805-857-9144 Fax: 858-876-1692     YIM:deploylinuxconsulting   

Designing, Securing, and Maintaining Mission Critical Linux Servers 
              for Successful Internet Applications


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Buhrmaster, Gary
Sent: Thursday, September 04, 2008 8:41 PM
To: Dan Letkeman; giulianocm at uol.com.br; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Recommended 2800 ISR

 
> I have read that document before, do those numbers (2811 - 61.44mpbs
> CEF Fast switching) mean that it can process that bandwidth with
> nothing else running on the router?

With the wind behind the bits heading downhill.  
The first paragraph says:

  Numbers are given with 64 byte packet size, IP only,
  and are only an indication of raw switching performance.
  These are testing numbers, usually with FE to FE or POS
  to POS, no services enabled. As you add ACL's, encryption,
  compression, etc - performance will decline significantly
  from the given numbers  ....

The moment you add (for example) NAT or Firewall features,
expect significantly less performance.  As always, your
Mbps will vary and your situation will be unique (and
almost never to your benefit).
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list