[c-nsp] Advice on Core Swithes / Routers
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jan 13 04:36:56 EST 2011
On 01/13/2011 09:23 AM, Chris Knipe wrote:
> Hi All,
>
> I need a Layer 2& 3 device that is fully capable of BGP, OSPF, HRSP, IPSEC,
> NAT, and Clustering/Load Balancing certain inbound services. The device
> needs to terminate various Serial Interfaces (up to 8 E1's) as well as
> provide 10/100 Ethernet on a switching as well as routing level.
>
> I was thinking of a small 6500 - but I'm not sure about Serial interfaces on
IPSec on 6500 is complex. You need SPA (maybe ES?) linecards to do it in
hardware, and you *don't* want to do it in software.
SLB on the 6500 (as opposed to with an ACE module) has caveats; it's
slow (as initial packets are punted to CPU) and Cisco don't really
support it AFAICT.
Same applied to NAT on the 6500.
> the 6500. Is there any other devices that I could possibly look at. I
> would like to hear some recommendations.
>
Give up on the idea of using one device. You might be better off with a
layer2 switch and a real router with crypto module (maybe an ASR100x).
I'm not sure about the SLB - you might end up needing a 3rd device.
More information about the cisco-nsp
mailing list