[c-nsp] ASR1004 vs 7606(RSP720-CXL)
Derick Winkworth
dwinkworth at att.net
Fri Nov 27 23:43:56 EST 2009
..and now you have a sh*tpile of boxes in your environment running different versions of software with varying features for management and so forth. And if your like most IT companies, some mgmt turd will eventually let maintenance go on some of these boxes are not stick with the architectural plan and it will turn into spaghetti because they look at all these boxes and they think "we have tons of empty slots and ports."
I guess to some extent this is unavoidable.
________________________________
From: "Dobbins, Roland" <rdobbins at arbor.net>
To: Cisco-nsp <cisco-nsp at puck.nether.net>
Sent: Fri, November 27, 2009 10:03:45 PM
Subject: Re: [c-nsp] ASR1004 vs 7606(RSP720-CXL)
On Nov 28, 2009, at 11:48 AM, Justin Shore wrote:
> A 65/7600 with IPSec SPAs, FWSMs 67xx 10G LCs feeding Nexus or 4900 top-of-rack switches would be such a solution.
Note that w/N7K, you get usable NetFlow, per-interface uRPF configuration, and less ACL constraints, all of which are extremely useful.
If customers insist on placing stateful firewall chokepoints and such in front of their servers, 6500s can be used as service switches. They can handle IPSEC, as well.
So, this simply leaves MPLS termination as the primary issue, does it not? If this is the case, then placing an MPLS-capable box at the DC distribution gateway level takes care of this, yes?
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list