[c-nsp] ASR1004 vs 7606(RSP720-CXL)
Dobbins, Roland
rdobbins at arbor.net
Fri Nov 27 23:03:45 EST 2009
On Nov 28, 2009, at 11:48 AM, Justin Shore wrote:
> A 65/7600 with IPSec SPAs, FWSMs 67xx 10G LCs feeding Nexus or 4900 top-of-rack switches would be such a solution.
Note that w/N7K, you get usable NetFlow, per-interface uRPF configuration, and less ACL constraints, all of which are extremely useful.
If customers insist on placing stateful firewall chokepoints and such in front of their servers, 6500s can be used as service switches. They can handle IPSEC, as well.
So, this simply leaves MPLS termination as the primary issue, does it not? If this is the case, then placing an MPLS-capable box at the DC distribution gateway level takes care of this, yes?
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the cisco-nsp
mailing list