Re: [c-nsp] Upgrading edge router
Ben Steele [EMAIL PROTECTED] writes: As for licenses this one is a little weird, basically adv enterprise is cheaper than adv ip even though it has all the features of adv ip, seems to be purely based on ppl not wanting features they will never use available on an image and Cisco making them pay more for that feature, my advice is buy the cheaper adv enterprise, it will do IPv6. It is a bit weird that an edge router in 2008 doesn't ship with IPv6 in its base image. It's also a bit weird that the price of the base image is separate from the price of the router. You can't just grab a random Linux distribution and install that... /Benny ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Upgrading edge router
Hi all, I am network admin in university that have a UNIX PC that functions as core router and firewall to accomodate : - 2 x 45 Mb link to research education network (REN) - 100Mb link to local exchange point - 10Mb link to Internet Currently we accept partial route from Internet, and aggregated with REN prefixes, we have at least 30k prefixes. We would like to upgrade our router to accomodate : - new STM-1 link (physical connector is not STM1 port, but it is converted to Gigeth by our telco) - at least 4 1000BaseT port - firewall feature (packet filter and inspection) would be nice - IPv6 multicast and MPLS feature - can keep up the load at least for 5 years - budget around $35k I have done some research, and our choice could come to : - Cisco 7603 with Sup32. I think this is the cheapest solution with 8 port gigabit ethernet, but I don't know whether it could handle the load. I also see it as integrated packet inspection with PISA daughterboard, but I don't have any experience with that. The supervisor is a bit old compared to ASR1000. - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet inspection, but I don't know whether it can suit the budget. - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit ports, and separate AS module can cost you too much. I don't know whether it suits the budget. - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had experience with this box, but the specs looks promising, and maybe it suits the budget. I would like your suggestion about my plan above, perhaps I can come out with better plan. Thank you, Regards, -affan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading edge router
Thank you for your prompt response, I would like to know a thing about ASR1000 software components : - It says on ASR1000 software ordering guide (http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html) that there is a FPM (flexible packet matching) service license and Firewall service license. I would like to know the difference between two license, since the latter cost the double from the former. - What version of IOS-XE is integrated in ASR1000 bundle ? Is it IP Base or Advanced IP Services ? I would like to run IPv6 on the router, so the router will need Advanced IP Services IOS. Regards, -affan On Tue, Nov 11, 2008 at 6:08 PM, Ben Steele [EMAIL PROTECTED] wrote: I'd try and go the ASR1002 option, it shouldn't be too far off your 35k budget without smartnet, although i'd recommend maintenance on the software as you will want access to TAC for bugs, also if you can option in the HA feature so you can get ISSU. With 5Gb of throughput, dual psu and 4Gb(SFP) int's out the box with room for expansion it's good bang for buck, the ASR is really aimed as the next generation 7200 swiss army knife, being a software based feature platform rather than a hardware(ie 7600/6500) it's a welcome new product and you should see good life out of it, it has some limitations in its current form, the only one that may concern you with your list that I can think of is lack of AToM MPLS support, but that is due out in upcoming software release. Put the quagga to rest! :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Affan Basalamah Sent: Tuesday, 11 November 2008 9:19 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Upgrading edge router Hi all, I am network admin in university that have a UNIX PC that functions as core router and firewall to accomodate : - 2 x 45 Mb link to research education network (REN) - 100Mb link to local exchange point - 10Mb link to Internet Currently we accept partial route from Internet, and aggregated with REN prefixes, we have at least 30k prefixes. We would like to upgrade our router to accomodate : - new STM-1 link (physical connector is not STM1 port, but it is converted to Gigeth by our telco) - at least 4 1000BaseT port - firewall feature (packet filter and inspection) would be nice - IPv6 multicast and MPLS feature - can keep up the load at least for 5 years - budget around $35k I have done some research, and our choice could come to : - Cisco 7603 with Sup32. I think this is the cheapest solution with 8 port gigabit ethernet, but I don't know whether it could handle the load. I also see it as integrated packet inspection with PISA daughterboard, but I don't have any experience with that. The supervisor is a bit old compared to ASR1000. - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet inspection, but I don't know whether it can suit the budget. - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit ports, and separate AS module can cost you too much. I don't know whether it suits the budget. - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had experience with this box, but the specs looks promising, and maybe it suits the budget. I would like your suggestion about my plan above, perhaps I can come out with better plan. Thank you, Regards, -affan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 10/11/2008 7:53 AM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading edge router
I'd try and go the ASR1002 option, it shouldn't be too far off your 35k budget without smartnet, although i'd recommend maintenance on the software as you will want access to TAC for bugs, also if you can option in the HA feature so you can get ISSU. With 5Gb of throughput, dual psu and 4Gb(SFP) int's out the box with room for expansion it's good bang for buck, the ASR is really aimed as the next generation 7200 swiss army knife, being a software based feature platform rather than a hardware(ie 7600/6500) it's a welcome new product and you should see good life out of it, it has some limitations in its current form, the only one that may concern you with your list that I can think of is lack of AToM MPLS support, but that is due out in upcoming software release. Put the quagga to rest! :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Affan Basalamah Sent: Tuesday, 11 November 2008 9:19 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Upgrading edge router Hi all, I am network admin in university that have a UNIX PC that functions as core router and firewall to accomodate : - 2 x 45 Mb link to research education network (REN) - 100Mb link to local exchange point - 10Mb link to Internet Currently we accept partial route from Internet, and aggregated with REN prefixes, we have at least 30k prefixes. We would like to upgrade our router to accomodate : - new STM-1 link (physical connector is not STM1 port, but it is converted to Gigeth by our telco) - at least 4 1000BaseT port - firewall feature (packet filter and inspection) would be nice - IPv6 multicast and MPLS feature - can keep up the load at least for 5 years - budget around $35k I have done some research, and our choice could come to : - Cisco 7603 with Sup32. I think this is the cheapest solution with 8 port gigabit ethernet, but I don't know whether it could handle the load. I also see it as integrated packet inspection with PISA daughterboard, but I don't have any experience with that. The supervisor is a bit old compared to ASR1000. - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet inspection, but I don't know whether it can suit the budget. - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit ports, and separate AS module can cost you too much. I don't know whether it suits the budget. - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had experience with this box, but the specs looks promising, and maybe it suits the budget. I would like your suggestion about my plan above, perhaps I can come out with better plan. Thank you, Regards, -affan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 10/11/2008 7:53 AM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading edge router
Without looking at the article (don't have time right now) flexible packet matching and firewalling are definitely 2 different things, i'd say packet matching is referring more to something like NBAR with some additional features, remember it only says packet matching(not blocking), the latter is the full stateful firewall feature set, so if you aren't wanting it to do proper firewalling then you want that one. As for licenses this one is a little weird, basically adv enterprise is cheaper than adv ip even though it has all the features of adv ip, seems to be purely based on ppl not wanting features they will never use available on an image and Cisco making them pay more for that feature, my advice is buy the cheaper adv enterprise, it will do IPv6. -Original Message- From: Affan Basalamah [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 November 2008 10:25 PM To: Ben Steele Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Upgrading edge router Thank you for your prompt response, I would like to know a thing about ASR1000 software components : - It says on ASR1000 software ordering guide (http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_ c07-448862.html) that there is a FPM (flexible packet matching) service license and Firewall service license. I would like to know the difference between two license, since the latter cost the double from the former. - What version of IOS-XE is integrated in ASR1000 bundle ? Is it IP Base or Advanced IP Services ? I would like to run IPv6 on the router, so the router will need Advanced IP Services IOS. Regards, -affan On Tue, Nov 11, 2008 at 6:08 PM, Ben Steele [EMAIL PROTECTED] wrote: I'd try and go the ASR1002 option, it shouldn't be too far off your 35k budget without smartnet, although i'd recommend maintenance on the software as you will want access to TAC for bugs, also if you can option in the HA feature so you can get ISSU. With 5Gb of throughput, dual psu and 4Gb(SFP) int's out the box with room for expansion it's good bang for buck, the ASR is really aimed as the next generation 7200 swiss army knife, being a software based feature platform rather than a hardware(ie 7600/6500) it's a welcome new product and you should see good life out of it, it has some limitations in its current form, the only one that may concern you with your list that I can think of is lack of AToM MPLS support, but that is due out in upcoming software release. Put the quagga to rest! :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Affan Basalamah Sent: Tuesday, 11 November 2008 9:19 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Upgrading edge router Hi all, I am network admin in university that have a UNIX PC that functions as core router and firewall to accomodate : - 2 x 45 Mb link to research education network (REN) - 100Mb link to local exchange point - 10Mb link to Internet Currently we accept partial route from Internet, and aggregated with REN prefixes, we have at least 30k prefixes. We would like to upgrade our router to accomodate : - new STM-1 link (physical connector is not STM1 port, but it is converted to Gigeth by our telco) - at least 4 1000BaseT port - firewall feature (packet filter and inspection) would be nice - IPv6 multicast and MPLS feature - can keep up the load at least for 5 years - budget around $35k I have done some research, and our choice could come to : - Cisco 7603 with Sup32. I think this is the cheapest solution with 8 port gigabit ethernet, but I don't know whether it could handle the load. I also see it as integrated packet inspection with PISA daughterboard, but I don't have any experience with that. The supervisor is a bit old compared to ASR1000. - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet inspection, but I don't know whether it can suit the budget. - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit ports, and separate AS module can cost you too much. I don't know whether it suits the budget. - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had experience with this box, but the specs looks promising, and maybe it suits the budget. I would like your suggestion about my plan above, perhaps I can come out with better plan. Thank you, Regards, -affan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 10/11/2008 7:53 AM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive
