[c-nsp] Question on 6500 series switches

Sigurbjörn Birkir Lárusson sigurbjornl at vodafone.is
Tue Aug 4 17:45:16 EDT 2009 

Never used the VPN services so I can't answer for that.  The FWSMs behave
just like an ASA/PIX.  There is no load-balancing, it's active/standby
failover.

You can achieve active/active by having multiple contexts and spreading the
active/standby pairs, for example

Context    FWSM 1     FWSM 2
A          Active     Standby
B          Standby    Active
C          Active     Standby
D          Standby    Active

Therefore having 2 contexts active on each FWSM and failover for the other
2.

The SUP32 does not support distributed forwarding at all.  The maximum
throughput through the SUP32 is 32Gbps on the shared bus.

The SUP32 also does not support the 6700 or 6800 series linecards, and
features a maximum throughput of 15 Mpps for IPV4 traffic.

The SUP720 does support distributed forwarding and can, with suitable
line-cards and DFCs reach push 720Gbps.

Different beasts for different tasks, it mostly depends on how much traffic
you are looking into pushing through the box.

Kind regards,
Sibbi


On 4.8.2009 20:32, "Steven Pfister" <SPfister at dps.k12.oh.us> wrote:

> We're looking at replacing a 4507R at the core of our network with a 6500
> series. Currently, the 4507R has a supervisor engine IV, 3 48-port copper
> blades, and 2 6-port fiber blades. We're hoping to include in the 6500 series
> replacement the firewall module (to replace a PIX 525), vpn (to replace a 3005
> concentrator), and IDS/IPS.
> 
> I'm a little confused as to what I need from looking at the Cisco product
> pages. Is there a guide somewhere as to what to get? The firewall that we
> would be replacing is actually a pair of PIX 525s in an active/standby pair.
> We'd like to have some redundancy in the 6500 as well. We'd also like some
> sort of failover for the IDS/IPS if possible.
> 
> A couple of questions:
> - if I have two FWSMs installed, they would load balance, and if one failed,
> the other would take over all traffic, correct?
> - I see a "VPN services port adapter" and a "VPN shared port adapter"... I'm
> not sure how they differ
> - The supervisor engine 720 and the supervisor engine 32... we'd need one or
> the other, correct?
> - Would we need the Policy Feature Card and the Distributed Forwarding Card?
> 
> Thanks!
> 
> --Steve
> 
> Steve Pfister
> Technical Coordinator,
> The Office of Information Technology
> Dayton Public Schools
> 115 S. Ludlow St.
> Dayton, OH 45402
>  
> Office (937) 542-3149
> Cell (937) 673-6779
> Direct Connect: 137*131747*8
> Email spfister at dps.k12.oh.us
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list