Peter, is right.. The gotcha here is full BW usage and NBAR.. There are a lot of things that add up.. If you want to Run an NBAR type feature, it is a CPU / throughput killer. If you just want to see the type of traffic crossing a router, and not do per flow QoS- look for that in a separate box...
J -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Rathlev Sent: Wednesday, January 30, 2008 2:16 PM To: Patrick Giagnocavo Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] recommended Cisco router/firewall for 10 to 100Mbps, dual homed Hi Patrick, The 2821 the Jim mentions theoretically does 87 mbps @ 170 kpps when fast/CEF switching. Add NBAR and you probably end up a lot nearer the router's process switching performance of 5.8 mpbs @ 11.5 kpps. It really depends a lot on what kind of traffic, what kinds of classification and so on. If you have a 10 Mb/s connection now and average is no more than about 6 Mb/s a 2821 would probably be fine most of the time. If you need to NBAR ~60 Mb/s average you probably need a 7200 NPE-G1 or similar. (It'll do 500 Mb/s CEF switched, ~40 Mb/s process switched.) Regards, Peter On Wed, 2008-01-30 at 13:49 -0500, Jim McBurnett wrote: > A 2821 would work nicely.. > For true 100 Meg that may be stretched.. > It has Gig E interfaces... > > If you want full tables add some RAM... > YMMV.. > > Jim > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Patrick > Giagnocavo > Sent: Wednesday, January 30, 2008 12:13 PM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] recommended Cisco router/firewall for 10 to 100Mbps, > dual homed > > Hi > > Currently I am using an OpenBSD box which has given no problems, as a > router/firewall for some colocated systems. > > However, I would like to take advantage of some of the Cisco features > like NBAR, and the FTP proxy code (systems needing FTP with the > OpenBSD router lose most of their firewall protection because the FTP > proxy is not very good, so we just open a large range of ports). > > We are using 10Mbps currently but want to buy something that can > handle 100Mbps as that is the next jump we will make. > > Would a non-VXR 7204 do it? 1841? We don't need VPN sessions, but > being able to SSH into the Cisco would be preferred. > > Cordially > > Patrick Giagnocavo > [EMAIL PROTECTED] > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/