Re: [c-nsp] Recommended 2800 ISR
Jay Nakamura wrote: What about going with an ASA? Much more performance for the money. But it depends on what all you want to do on the router. IOS is a lot more flexible on what you can do. But, an ASA or PIX is far more optimised for NAT and ACL duty. -- Alex Balashov Evariste Systems Web: http://www.evaristesys.com/ Tel: (+1) (678) 954-0670 Direct : (+1) (678) 954-0671 Mobile : (+1) (706) 338-8599 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
Cisco actually is pretty honest about the performance of the routers with most/all security features enabled if you go to the QA section of the product pages and click on router model and look for the question What is the performance of router XX?. At which point, they'll state that a Cisco 3845 can process a single T3 and that the 28xx's performance is measured in multiples of T-1's (with 2851 being 6xT1 and 2801 being 1xT1). I've done some measuring of 2800/3800 series performance and the statements seem to be born out. If you have the acl's/inspection/ips enabled, a 3845 really will give out around 50Mbps, even though the router is rated with a raw capacity of ~250Mbps. If you just have reasonable acl's and stateful firewall/inspection features, performance seems to double and you might get ~100Mbps on a 3845 imho, I'd think the ratio would be about the same on a 28xx(2851 - 18Mbps?). Your mileage may vary. The recommendation to look at ASA's is pretty good and would be cheaper. Otherwise, among the ISR's, a 3825 would be the safe bet. Regards, Matt -- Matthew Marlowe [EMAIL PROTECTED] DeployLinux Consulting, Inc Direct: 858-217-5730 Senior Infrastructure Consultant Office: 888-459-0515 Cell: 805-857-9144 Fax: 858-876-1692 YIM:deploylinuxconsulting Designing, Securing, and Maintaining Mission Critical Linux Servers for Successful Internet Applications -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Buhrmaster, Gary Sent: Thursday, September 04, 2008 8:41 PM To: Dan Letkeman; [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Recommended 2800 ISR I have read that document before, do those numbers (2811 - 61.44mpbs CEF Fast switching) mean that it can process that bandwidth with nothing else running on the router? With the wind behind the bits heading downhill. The first paragraph says: Numbers are given with 64 byte packet size, IP only, and are only an indication of raw switching performance. These are testing numbers, usually with FE to FE or POS to POS, no services enabled. As you add ACL's, encryption, compression, etc - performance will decline significantly from the given numbers The moment you add (for example) NAT or Firewall features, expect significantly less performance. As always, your Mbps will vary and your situation will be unique (and almost never to your benefit). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have two 2811s with a full view on each and partial for ibgp, no issues. Justin M. Streiner wrote: On Thu, 4 Sep 2008, Dan Letkeman wrote: I was wondering if anyone has recommendations for a 2800 series router for a 20-30mbit internet connection. I would like to run a firewall IOS and, nat and basic ACL's. Would a 2811 be an appropriate choice? If you're not running BGP with full feeds, you *might* be able to get away with a 2811, given that you're running IOS firewall and NAT as well, but you probably wouldn't have much headroom for growth, or if you decide you need additional features in the future (Netflow, QoS, routing protocols, etc). jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIwVvNw+p9Y9BHZ8kRAtBBAJ9MVa6OsKlL3fRZ73LrSGjqSMIk3QCghJBz YC6nP2buuoVWQE5H3cUJKjg= =o7vd -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
I would agree. I've actually found they are a little conversative in their numbers from their concentrators up to the routers. tv - Original Message - From: Matthew Marlowe [EMAIL PROTECTED] To: 'Buhrmaster, Gary' [EMAIL PROTECTED]; 'Dan Letkeman' [EMAIL PROTECTED]; [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Sent: Friday, September 05, 2008 9:52 AM Subject: Re: [c-nsp] Recommended 2800 ISR Cisco actually is pretty honest about the performance of the routers with most/all security features enabled if you go to the QA section of the product pages and click on router model and look for the question What is the performance of router XX?. At which point, they'll state that a Cisco 3845 can process a single T3 and that the 28xx's performance is measured in multiples of T-1's (with 2851 being 6xT1 and 2801 being 1xT1). I've done some measuring of 2800/3800 series performance and the statements seem to be born out. If you have the acl's/inspection/ips enabled, a 3845 really will give out around 50Mbps, even though the router is rated with a raw capacity of ~250Mbps. If you just have reasonable acl's and stateful firewall/inspection features, performance seems to double and you might get ~100Mbps on a 3845 imho, I'd think the ratio would be about the same on a 28xx(2851 - 18Mbps?). Your mileage may vary. The recommendation to look at ASA's is pretty good and would be cheaper. Otherwise, among the ISR's, a 3825 would be the safe bet. Regards, Matt -- Matthew Marlowe [EMAIL PROTECTED] DeployLinux Consulting, Inc Direct: 858-217-5730 Senior Infrastructure Consultant Office: 888-459-0515 Cell: 805-857-9144 Fax: 858-876-1692 YIM:deploylinuxconsulting Designing, Securing, and Maintaining Mission Critical Linux Servers for Successful Internet Applications -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Buhrmaster, Gary Sent: Thursday, September 04, 2008 8:41 PM To: Dan Letkeman; [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Recommended 2800 ISR I have read that document before, do those numbers (2811 - 61.44mpbs CEF Fast switching) mean that it can process that bandwidth with nothing else running on the router? With the wind behind the bits heading downhill. The first paragraph says: Numbers are given with 64 byte packet size, IP only, and are only an indication of raw switching performance. These are testing numbers, usually with FE to FE or POS to POS, no services enabled. As you add ACL's, encryption, compression, etc - performance will decline significantly from the given numbers The moment you add (for example) NAT or Firewall features, expect significantly less performance. As always, your Mbps will vary and your situation will be unique (and almost never to your benefit). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Recommended 2800 ISR
I was wondering if anyone has recommendations for a 2800 series router for a 20-30mbit internet connection. I would like to run a firewall IOS and, nat and basic ACL's. Would a 2811 be an appropriate choice? Thanks, Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
On Thu, 4 Sep 2008, Dan Letkeman wrote: I was wondering if anyone has recommendations for a 2800 series router for a 20-30mbit internet connection. I would like to run a firewall IOS and, nat and basic ACL's. Would a 2811 be an appropriate choice? If you're not running BGP with full feeds, you *might* be able to get away with a 2811, given that you're running IOS firewall and NAT as well, but you probably wouldn't have much headroom for growth, or if you decide you need additional features in the future (Netflow, QoS, routing protocols, etc). jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
If you don't plan on expanding that 20-30Mbit too much in the future even 2801 will handle that fairly comfortably, the main killer in your list is the IOS firewall, the rest would have been cef switched, i've done between 20-30Mbit on a 2801 with all the below running with no issues before, 2811 would definitely handle it ok. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Letkeman Sent: Friday, 5 September 2008 9:38 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Recommended 2800 ISR I was wondering if anyone has recommendations for a 2800 series router for a 20-30mbit internet connection. I would like to run a firewall IOS and, nat and basic ACL's. Would a 2811 be an appropriate choice? Thanks, Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
Dan, Yes. It is a good choice. Take a look: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf Its an initial guide for router performance. Att, Giuliano I was wondering if anyone has recommendations for a 2800 series router for a 20-30mbit internet connection. I would like to run a firewall IOS and, nat and basic ACL's. Would a 2811 be an appropriate choice? Thanks, Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.169 / Virus Database: 270.6.16/1652 - Release Date: 04/09/2008 18:54 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
What about going with an ASA? Much more performance for the money. But it depends on what all you want to do on the router. IOS is a lot more flexible on what you can do. On Thu, Sep 4, 2008 at 8:43 PM, GIULIANO (UOL) [EMAIL PROTECTED]wrote: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf Speaking of performance guide, does anyone know if there are any document like that one that is a little more up to date and include performance numbers for some of the switches that do L3 routing? I use that PDF all the time but wished it was updated more often. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
I have read that document before, do those numbers (2811 - 61.44mpbs CEF Fast switching) mean that it can process that bandwidth with nothing else running on the router? On Thu, Sep 4, 2008 at 7:43 PM, GIULIANO (UOL) [EMAIL PROTECTED] wrote: Dan, Yes. It is a good choice. Take a look: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf Its an initial guide for router performance. Att, Giuliano I was wondering if anyone has recommendations for a 2800 series router for a 20-30mbit internet connection. I would like to run a firewall IOS and, nat and basic ACL's. Would a 2811 be an appropriate choice? Thanks, Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.169 / Virus Database: 270.6.16/1652 - Release Date: 04/09/2008 18:54 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
Those figures aren't a real world typical example, they are based on small(64byte) packet sizes x pps the router can do, if you increase the byte size to above 1000 you can see those numbers quickly explode to a more realistic figure. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Letkeman Sent: Friday, 5 September 2008 11:32 AM To: [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Recommended 2800 ISR I have read that document before, do those numbers (2811 - 61.44mpbs CEF Fast switching) mean that it can process that bandwidth with nothing else running on the router? On Thu, Sep 4, 2008 at 7:43 PM, GIULIANO (UOL) [EMAIL PROTECTED] wrote: Dan, Yes. It is a good choice. Take a look: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerp erformance.pdf Its an initial guide for router performance. Att, Giuliano I was wondering if anyone has recommendations for a 2800 series router for a 20-30mbit internet connection. I would like to run a firewall IOS and, nat and basic ACL's. Would a 2811 be an appropriate choice? Thanks, Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.169 / Virus Database: 270.6.16/1652 - Release Date: 04/09/2008 18:54 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended 2800 ISR
I have read that document before, do those numbers (2811 - 61.44mpbs CEF Fast switching) mean that it can process that bandwidth with nothing else running on the router? With the wind behind the bits heading downhill. The first paragraph says: Numbers are given with 64 byte packet size, IP only, and are only an indication of raw switching performance. These are testing numbers, usually with FE to FE or POS to POS, no services enabled. As you add ACL's, encryption, compression, etc - performance will decline significantly from the given numbers The moment you add (for example) NAT or Firewall features, expect significantly less performance. As always, your Mbps will vary and your situation will be unique (and almost never to your benefit). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
