[c-nsp] in praise of the cat6500 Re: Flow tools
Jeff Bacon
bacon at walleyesoftware.com
Fri Jan 20 09:23:24 EST 2012
<apologies for length and soul-baring>
> On 18/01/12 14:07, Nick Hilliard wrote:
> >
> > Gert, hardware upgrades need to happen; otherwise we would all be stuck
> > using bus interfaces designed in the early 1990s. Nobody likes paying for
> I tend to agree with this. Our sup720 have been really REALLY good
> boxes, with exceptionally good lifetime.
echoed.
The sup720 has flaws, sure. How old is the design? How much engineering
went into creating the ASIC matrix? It's amazing to me that Cisco has
managed to reprogram those same ASICs to add all of these features
over the last near-decade. And resale value on a vs720 is still
right up there.
>
> In fact, with the exception of a couple of features (IPv6 uRPF springs
> to mind) and the low 10gig port density, they still compare favourably
> with current-generation kit for certain workloads.
On the other hand, if you compare it to an ASR9000, the port
density is pretty damn good, and the throughput is incredible.
Is it a router? No. But it sure as hell plays one on TV. Enough so
that I can run an enterprise network completely without routers -
my 6500 ring are the routers.
Can an ASR9k do more? Sure. Can an ASR9k deterministically switch
100GB of traffic with 7-10us latency? HAHAHAHAHAHAHAHHAHAHAHA
(OK. If you do a tunnel-recirc or GRE encap, you need another pass
and you add another 7-8 mics. Right. NAT appears to require a recirc
as well, though it's not stated, as on the vs720 at least it adds
another 7-8. Again. Please find me a router that can do that. One
that I can pick up refurb from my friendly vendor for dirt cheap.)
> I tend to think of them as the swiss army knife. You *could* buy a large
> array of random different boxes from other vendors, but why bother?
So I don't. It makes for an interesting network in a way, because
I am taking 2-3 layers and collapsing them all into one switch - but
I can because the 6500 lets me, and lets me do it so trivially easy.
I've just implemented rosen-MVPN across the ring. It's cleaned up the
network way more than before, with better isolation and security, and
the configuration is even more understandable.
Swiss army knife is right. They take some understanding and care
and feeding but they are the jack-of-all-trades sitting right
in the center of the line. It's taken too damn long, but I think
Cisco has finally managed to position the product correctly
vis Nexus and cat4k - it's an ultimate edge device that can
also be a core.
I love my 6500s. You'll pry 'em from my cold dead fingers. Unless
someone really does show me something that can do what they do better.
(my network is a little unusual, in that I have maybe 200-300 hosts
strung across 10 locations with 10G interconnects and mostly
low packet rates except for about 20 minutes each day when traffic
rates go through the ceiling and only reliable answer available
is massive sledgehammer overkill so cheap big iron is a savior.
I tried the cheap provision-what-you-need route because the
then-boss was a cheapskate. I spent a lot of time chasing errors
caused by under-provisioned hardware and lots of small boxes.
I gave up and forced in my first 6500s because we were losing money
hand over fist on it and I was tired and I knew they worked
from previous experience. I got lots of bitching on that one.
Until the network problems all went away. Things have been
dead stable for years now. Previous boss was fired for being
a cheapskate over solving the problems. Now I run things.
So I might be biased.)
-bacon
More information about the cisco-nsp
mailing list