They could make it out of the box but this is why Dylan made his statement. The platform simply doesn't perform well enough enough to support all of that functionality on the current ASA models. I know first-hand from much of our testing the ASA's rarely meet the box specs for PPS/throughput simply serving the purpose as a static firewall. They would have to dramatically improve the system performance prior to adding any additional CPU / timing dependent features.
IMHO you would see better performance out of BSD. I won't open that can o' worms but the ROI for the ASA line is quite out of balance. -----Original Message----- From: "Greg Whynott" <greg.whyn...@oicr.on.ca> Sent: Tuesday, November 2, 2010 1:46pm To: "Dylan Ebner" <dylan.eb...@crlmed.com> Cc: "nanog@nanog.org" <nanog@nanog.org> Subject: Re: BGP support on ASA5585-X i couldn't disagree with this statement more than I do. they could make a box do it all if they wanted to, but it does not make business sense. On Nov 2, 2010, at 1:42 PM, Dylan Ebner wrote: > IMHO, I don't think this is a marketing issue for cisco. It's a design issue. > PIX/ASA is good at some things, and bad at others. They have never been good > as routers. You have to remember, EIGRP didn't even come to the security line > until 8.0 code and they still do not support traffic shaping. These services > use memory and cpu resources which can dramatically reduce your ability to > get through very long access lists. I am not positive on the ASAs, but I seem > to remember that the routing features on the PIX was all done in software. If > that is still true today, I can't imagine you could effectively perform > stateful inspection, access lists, maybe VPN services, and BGP for a 100Mb+ > internet connection on even a 5585. They just aren't that powerful. > > > > > > Dylan Ebner > > -----Original Message----- > From: srg [mailto:srgqwe...@gmail.com] > Sent: Friday, October 29, 2010 12:43 PM > To: nanog@nanog.org > Subject: BGP support on ASA5585-X > > Hi: > > At this moment we know that ASA5585-X does not support BGP. > > Does anybody know if BGP support in the ASA5585-X is in roadmap? > More precisely... MP-BGP support in the ASA5585-X? > Any "oficial" link in the Cisco website about this? (I did't find it) > > Thanks a lot and best regards > > -- This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.
