Taffic shaping and eigrp eat a lot. inspection is huge as well. I have no ida what the new zone based firewalling will do to a 2800, but after seeing it on an 1800, I know it will not be pretty. static acls should be easy if they are not really large. I wouldn't go out and grab the new CRYMU bogon list, that would kill you. The problem is the router CAN do these things, but if you want any management on the back end you get in trouble. things like NBAR and netflow are incredibly important, but the router cannot handle all these services and the routing protocols and the traffic. If you are not doing nbar or netflow today, that doesn't mean you won't in the near future. I have been finding that getting a router that is too small puts you in a precarious position at times. You can either know where your traffic is going and have a router that drops packets, or you can run blind knowing that all those unmonitored packets are getting through.
Dylan Ebner, Network Engineer Consulting Radiologists, Ltd. 1221 Nicollet Mall, Minneapolis, MN 55403 ph. 612.573.2236 fax. 612.573.2250 dylan.eb...@crlmed.com<mailto:dylan.eb...@crlmed.com> www.consultingradiologists.com<http://www.consultingradiologists.com> From: Jeffrey Negro [mailto:jne...@billtrust.com] Sent: Monday, April 12, 2010 1:26 PM To: Dylan Ebner Cc: nanog@nanog.org Subject: Re: Router for Metro Ethernet In our case I believe we would be dealing with just static routes and a lines of ACL. Do you think the routing protocols are your largest resource usage in your scenario, or is it also just simple routing as well? Jeffrey Negro, Network Engineer Billtrust - Improving Your Billing, Improving Your Business www.billtrust.com<http://www.billtrust.com> 609.235.1010 x137 On Mon, Apr 12, 2010 at 1:55 PM, Dylan Ebner <dylan.eb...@crlmed.com<mailto:dylan.eb...@crlmed.com>> wrote: We use metro E for our WAN and our internet access delivery. The 2600 series routers do not have enough horsepower to do a 40 Mb connection and eigrp. The 2811 can do 40 mb and eigrp but they start to have difficulty when you add in inspection or large ACLs. We just last week turned a 40mb metroe circuit into a 60mb and the router, a 2811, is now have constant problems. We are replacing it with a 2921. However, this router also has 2 100mb connections from local lans that it is also terminiating. For our 100mb metro e connections we use 3845s. The 100 mb service terminates into NM-GEs, which have a faster throughput than the hwics. This setup works well. On our internet edges we use 2811s with their memory maxed. We have partial BGP routers from 2 isps. One connection is a 30mb and the other is a 25mb. no inspection is done on these but we do have stateless acls running on the inbound. these are running just fine today, but they sit at about 20% cpu all the time. When doing a metro e connection, make sure the router/switch can do traffic shaping. If it can't, you are relying on the provider to shape your outgoing traffic, which of course will happen down the line, adding additional delay during high usage times. You should also look at the new cisco small metro switches. They can traffic shape, do bgp and have more than one interface. one of the annoying thing about metro e(at least with qwest) is they have a tendancy to install new pe switches at your locations when you upgrade your service. this means a new connection from them and unless you have extra fiber or copper ports on your router. So to transition to the new circuit, you need to unplug your existing service first. And that means downtime, which no one likes. Dylan -----Original Message----- From: Jeffrey Negro [mailto:jne...@billtrust.com<mailto:jne...@billtrust.com>] Sent: Monday, April 12, 2010 12:29 PM To: nanog@nanog.org<mailto:nanog@nanog.org> Subject: Router for Metro Ethernet Before I get taken for a ride by salespeople, I figured it would be best to ask the experts of Nanog.... My company is currently in talks to bring an ethernet circuit into our headquarters, initially committing around 40Mbps. The ISP will be providing ethernet handoff, but I do not want their managed router offering (Adtran 4430) since it is pricey, non-redundant and I'd rather manage it myself. My question is about hardware. Can I assume that I can use something like a Cisco 2000 series router with two built in fast/gig ethernet ports, without a WIC? and since both sides are ethernet would the routing throughput be near fast ethernet speed? This is my first dealing with metro ethernet offerings, and I don't want to assume that the Cisco throughput rates listed for T1/ADSL etc. are the same for a metro ethernet as the WAN. Any and all suggestions on the hardware would be greatly appreciated. Thank you in advance!
