[c-nsp] LAN + Security solution hint

Gert Doering gert at greenie.muc.de
Wed Feb 3 13:58:56 EST 2016


On Wed, Feb 03, 2016 at 07:34:16PM +0100, james list wrote:
> I'd use cisco 3850/3750 in stack but i m not sure this is the right choice.

The problem is that what you're asking for is nearly impossible, so 
coming up with a "this will work with gear x, that will need y" is quite
a bit of hard work...

The number of ports are easily fulfilled e.g. with an 6880x chassis
(scaling up to 80x10GE ports), or an 6840x scaled-down 6880, but neither 
will give you 10G on Copper - just fiber, or twinax direct attach.

There's 40x10GE copper on a number of Nexus 3xxx or 9xxx 1RU models,
so there might do or not, but these are more "access" type switches,
so, single supervisor, no "non-stop switching/routing" - if it's dead,
it's dead...

The NCS5001 that we discussed these days is brand new and has all the
bandwidth that you'd ever need - but if its control plane fails (single
supervisor engine), it's dead.  Again.

So you might re-think the requirements for resiliency - if you attach
every machine to two of these boxes, and use fiber, I'd go for 2x 6840x
(possibly in a VSS config, or active/passive channels).

Now, for the firewall - what throughput?  Which features (besides
"load balancing" which isn't something firewalls usually do...)?

Very complex requirements, price range from expensive to unbelievable, 
and even then might not sing and dance well enough.


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160203/db89dd1f/attachment.sig>

More information about the cisco-nsp mailing list