I suppose it's cost effective if you need that much throughput, but it's definitely a big jump to the ASR if you simply want to run BGP on a firewall 1Gbps or lower.
On Sat, Oct 30, 2010 at 11:07 AM, <[email protected]> wrote: > 30k for an ASR 1002 vs. 225k for an ASA 5585? > The 1002's support VASI (VRF aware service infrastructure) and ZBF, > (mpls+bgp+ldp+ospf), making them a passable inter-vrf mpls-vpn > transport/routing/firewall device. > > John > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Keegan Holley > Sent: Saturday, October 30, 2010 9:54 AM > To: Mack O'Brian > Cc: [email protected] > Subject: Re: [c-nsp] BGP support on the new ASA5585-X > > On Sat, Oct 30, 2010 at 2:08 AM, Mack O'Brian <[email protected] > >wrote: > > > On Fri, Oct 29, 2010 at 3:37 PM, Chris Evans <[email protected] > > >wrote: > > > > > If you have to have cisco you could use an asr1k. They support line > rate > > > stateful firewalling and all routing protocols that you could think of. > > > > > > > > > After reading your comment on asr1k, I started reading and here is what > > Cisco marketing says; how good asr1k be in reality for fw is something > > different: > > > > "Up to 20 Gbps of Zone Based Firewall, Deep Packet Inspection, in-box > > stateful firewall failover for nonstop services, all firewall processing > > done in Cisco Quantum Flow Processor, Integrated threat control to > prevent > > and defend against attacks." > > > > sounds expensive... > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
