>Apart from cisco certifications, and Cisco Live seminars where it
>seems PfR predominantly lives - has anyone actually used this in the
>real world?
I designed it into a network of about 90 sites (global, not US) and it
was not a resounding success. The management was ugly, but more
importantly it just didn't play well with others and at some clear
points wasn't working at all. It was pulled out in favor of a WAN opt
solution (Cisco WaaS appliance in that case). I reviewed it again and
did some testing for a larger network of 400+ sites recently, but the
feature set wasn't measuring up to the requirements and the customer
stuck Riverbeds ahead of the IOS boxes and is quite happy with the results.
Some of this could have been my fault: at some point, piling on the IOS
features generates conflicts in how things are pipelined through the
router and you have to back out, re-engineer/redesign, change
maps/acls/routes/etc. This particular network (the 90 site one) was
trying to use every IOS WAN feature imaginable. The customer had bought
IOS instead of a firewall, but what they really wanted was a UTM
firewall with some minimal VPN and routing capability, instead of a
router with some security features. The Cisco name was unbeatable and so
we did a lot of square-peg into round-hole work.
So: my experience is that in complicated configurations with global
WANs, it either doesn't work, or conflicts with something else, or
doesn't have the feature set you want (NBAR should influence routing).
If you are doing nothing BUT PfR at the edge and the config is otherwise
clean, it might be made to work depending on exactly what you want out
of it.
YMMV.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
[email protected] http://www.opus1.com/jms
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
