[c-nsp] two ISPs, two routers, one firewall - bgp question

2009-04-06 Thread Rossella Mariotti-Jones 
Hello all, I have a question regarding this scenario:
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example
09186a00800945bf.shtml#conf5

My R2 link to ISP is 100M
R1 link to ISP is a DS3

If my firewall has a default route of 192.168.21.2 and  I have a 10M
download going with AS300, my firewall is going to send out my traffic
through its default gateway which is 192.168.21.2, R2 knows through iBGP
that R1 is the best path to AS300, so it sends the traffic to R1,
traffic coming back goes through R1, R2, firewall to get to the client,
so basically in this case the link between my firewall and R2 is taken
up twice. Am I understanding this correctly? Thanks everyone in advance.

rossella

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jon Lewis
Sent: Monday, April 06, 2009 8:12 AM
To: Rick Ernst
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Getting ready to pull the trigger: RSP720/SUP720

On Mon, 6 Apr 2009, Rick Ernst wrote:

 I'm planning on collapsing the border/core into a pair of
 7600/Sup720-3BXLs, and it looks like they will be almost idle with
this
 amount of load.

That really depends on the features you enable.  Try doing full netflow
on 
a sup720 doing a few hundred mbit's of traffic, and they're suddenly not

so mighty.

 The problem I am running into is spec'ing the aggregation layer.
Almost
 all of our traffic is ethernet now, and all the interfaces need
 bi-drectional rate-limiting/traffic-shaping/policing.  We have a
variable
 bandwidth model and need to cap traffic at 1Mbs granularity. 1,5, and
 10Mbs connections are common, and 20,50,100Mbs connections exist with
a
 200Mbs pipe in process.

We've been using 3550's for years for this, as they have the ability to 
police in both directions, per port, at whatever granularity you like. 
The 3560, which was supposed to be an improvement/replacement for the
3550 
lost this ability, which really shocked me when I configured my first
one.
It can do per-port output shaping, but the granularity kind of blows. 
You're limited to 1/N * port rate, where N is an integer from 0 to
65535. 
This gives plenty (actually a huge waste of range) of granularity at the

low end of bandwidth, but at the high end, you're limited to full rate, 
50%, 33%, 25%, 20%, etc.  If I'm wrong here, I'd love to hear it and be 
told how to limit a 100mbit port to say 40mbit/s.

--
  Jon Lewis   |  I route
  Senior Network Engineer |  therefore you are
  Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] moving from FWSM to ASA

2008-06-19 Thread Rossella Mariotti-Jones 
Hello all, does anybody know of a tool that we can use to convert the
configuration from FWSM to ASA?
Thanks in advance.


***
Rossella Mariotti-Jones
[EMAIL PROTECTED]


Network Analyst, SS - SPIR - IT TAC
desk 503-589-7775

 PRIVILEGED AND CONFIDENTIAL COMMUNICATION   This electronic
transmission, and any documents attached hereto, may contain
confidential and/or legally privileged information.  The information is
intended only for use by the recipient named above.  If you have
received this electronic message in error, please notify the sender and
delete the electronic message.  Any disclosure, copying, distribution,
or use of the contents of information received in error is strictly
prohibited.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] bgp router

2008-06-04 Thread Rossella Mariotti-Jones 
Hello all, we're looking to buy a router on which to run BGP that can
take full BGP routes, I know all Cisco routers (1800 up) with Advanced
IP services IOS will do BGP and I've been told that if we max out the
memory we'll be fine with any router. We're going to need some ports (up
to 24) in this router. We're looking at a 7604 with sup720-3b and 1gb of
memory, a 2821 or 2851 with an nme and 1gb of memory, or another
possibility is the ASR platform, but I haven't looked into this well
yet. Any recommendations? Thanks in advance.

***
Rossella Mariotti-Jones
[EMAIL PROTECTED]


Network Analyst, SS - SPIR - IT TAC
desk 503-589-7775 - cell 503-480-4255

 PRIVILEGED AND CONFIDENTIAL COMMUNICATION   This electronic
transmission, and any documents attached hereto, may contain
confidential and/or legally privileged information.  The information is
intended only for use by the recipient named above.  If you have
received this electronic message in error, please notify the sender and
delete the electronic message.  Any disclosure, copying, distribution,
or use of the contents of information received in error is strictly
prohibited.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/