Well, NBAR is CPU intensive, no doubt on that, however I have seen in real life 1812 with NBAR on, 90M in, 60M out on the interface and CPU load ~55%. I think this really depends on the traffic pattern.
Aivars Wednesday, January 30, 2008, 9:15:47 PM, you wrote: PR> Hi Patrick, PR> The 2821 the Jim mentions theoretically does 87 mbps @ 170 kpps when PR> fast/CEF switching. Add NBAR and you probably end up a lot nearer the PR> router's process switching performance of 5.8 mpbs @ 11.5 kpps. PR> It really depends a lot on what kind of traffic, what kinds of PR> classification and so on. If you have a 10 Mb/s connection now and PR> average is no more than about 6 Mb/s a 2821 would probably be fine most PR> of the time. If you need to NBAR ~60 Mb/s average you probably need a PR> 7200 NPE-G1 or similar. (It'll do 500 Mb/s CEF switched, ~40 Mb/s PR> process switched.) PR> Regards, PR> Peter PR> On Wed, 2008-01-30 at 13:49 -0500, Jim McBurnett wrote: >> A 2821 would work nicely.. >> For true 100 Meg that may be stretched.. >> It has Gig E interfaces... >> >> If you want full tables add some RAM... >> YMMV.. >> >> Jim >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Patrick >> Giagnocavo >> Sent: Wednesday, January 30, 2008 12:13 PM >> To: cisco-nsp@puck.nether.net >> Subject: [c-nsp] recommended Cisco router/firewall for 10 to 100Mbps, >> dual homed >> >> Hi >> >> Currently I am using an OpenBSD box which has given no problems, as a >> router/firewall for some colocated systems. >> >> However, I would like to take advantage of some of the Cisco features >> like NBAR, and the FTP proxy code (systems needing FTP with the >> OpenBSD router lose most of their firewall protection because the FTP >> proxy is not very good, so we just open a large range of ports). >> >> We are using 10Mbps currently but want to buy something that can >> handle 100Mbps as that is the next jump we will make. >> >> Would a non-VXR 7204 do it? 1841? We don't need VPN sessions, but >> being able to SSH into the Cisco would be preferred. >> >> Cordially >> >> Patrick Giagnocavo >> [EMAIL PROTECTED] >> >> >> >> _______________________________________________ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> _______________________________________________ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ PR> _______________________________________________ PR> cisco-nsp mailing list cisco-nsp@puck.nether.net PR> https://puck.nether.net/mailman/listinfo/cisco-nsp PR> archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/