[c-nsp] 6500 SUP720 datacenter setup

Greg Whynott Greg.Whynott at oicr.on.ca
Mon Jan 24 10:32:19 EST 2011 

Its been awhile and things may of changed but as I recall,   it can only handle up to 4Gbits of traffic total so that may be a bottle neck.   you can run multiple context and in transparent mode,  giving each customer an instance.

I think you would be better off with an external solution,  and aggregate if you need more bandwidth.  FWSM is getting long in the tooth and I can't see it being around much longer unless there are huge improvements made in terms of the amount of traffic it can process.


greg





On Jan 23, 2011, at 2:34 PM, Lars Eidsheim wrote:

> I am looking for advice regarding a 6500 layout in a datacenter setup. The 6500 has SUP720-3B running 12.2(33) SXI4 Adv.IP Services. The initial design was to terminate and route customers on the 6500 using a unique VLAN for each customer and allocate a IP subnet for each VLAN.
>
> An issue about this solution is firewalling and we will need to firewall some customers. According to other threads the IOS firewalling feature is limited on the 6500 platform and should be avoided. A stateful portbased firewall using ACLs would be sufficient for our need if it would be the same as in router IOS. A quick solution would be to terminate all customers on a router, eg a 7200, which would  do the job, but we would have all traffic routed over a single interface which would make the router a bottleneck.
> Another solution might be to use FWSM as a transparent firewall (see diagram below). I would prefer to terminate interfaces on the 6500 rather than on the FWSM in a routed setup.
>
> Vlan 200 (WAN 1) (x.y.z.1/30)
>                |
>                |
> .-----------.
> |6500 SUP720|
> '-----------'
>                |
>                |
> Vlan 100 (CUST A) (a.b.c.1/30)
> Vlan 101 (CUST B) (a.b.c.5/30)
> Vlan 102 (CUST C) (a.b.c.9/30)
>
>
> I would be happy to hear your thoughts and experience on the subject.
>
> Regards,
>
> Lars Eidsheim
>
>
>
> ________________________________
> This email has been scanned and secured by Intellit
>
> This communication is for use by the intended recipient and contains information that may be privileged, confidential and exempt from disclosure or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any dissemination, use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


--

This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.

More information about the cisco-nsp mailing list