[c-nsp] Advice on Core Swithes / Routers

Phil Mayers p.mayers at imperial.ac.uk
Thu Jan 13 04:36:56 EST 2011


On 01/13/2011 09:23 AM, Chris Knipe wrote:
> Hi All,
>
> I need a Layer 2&  3 device that is fully capable of BGP, OSPF, HRSP, IPSEC,
> NAT, and Clustering/Load Balancing certain inbound services.  The device
> needs to terminate various Serial Interfaces (up to 8 E1's) as well as
> provide 10/100 Ethernet on a switching as well as routing level.
>
> I was thinking of a small 6500 - but I'm not sure about Serial interfaces on

IPSec on 6500 is complex. You need SPA (maybe ES?) linecards to do it in 
hardware, and you *don't* want to do it in software.

SLB on the 6500 (as opposed to with an ACE module) has caveats; it's 
slow (as initial packets are punted to CPU) and Cisco don't really 
support it AFAICT.

Same applied to NAT on the 6500.

> the 6500.  Is there any other devices that I could possibly look at.  I
> would like to hear some recommendations.
>

Give up on the idea of using one device. You might be better off with a 
layer2 switch and a real router with crypto module (maybe an ASR100x). 
I'm not sure about the SLB - you might end up needing a 3rd device.


More information about the cisco-nsp mailing list