Re: [c-nsp] Recommendation for small GBit router
On Wednesday, January 11, 2012 04:28:55 AM Andrew Hoyos wrote: > IIRC, there is two different versions of the CER, the > "CER" and "CER-RT", the latter having 1.5mil v4 FIB. That, then, could be it. When we were looking at Brocade back in 2009, there was only the CER2000 and the CES2000. The CES2000 only handled 8,000 v4 entries in the FIB (although the latest documentation suggests 32,000 entries for v4 and 8,000 entries for v6), while the CER2000 was, as mentioned before, 512,000. Perhaps the hardware has since been revised. To be fair, we haven't looked at Brocade since we settled on the ME3600X. In our initial requirements, we thought needing a large FIB would be great as we extended IP/MPLS into the Access, to have end-to-end MPLS forwarding, but later on, we figured that it's really not that necessary. One option was to use the MPLS Default Route Label feature, but after much thought and planning, we just ended up originating a regular IP default route toward our ME3600X's from our route reflectors. As the route reflectors do not run MPLS, there was no outgoing MPLS label attached to the next-hop address of that default route, i.e., the route reflector. So traffic to the Internet from customers in the Access is MPLS-switched through the Access network. When it hits the Aggregation network (Juniper M320's, T320's and MX480's today), it finds that no label is assigned to the route reflector route. At that point, IP forwarding occurs, and since PHP happened before the packet got to the Aggregation routers, the Aggregation routers now impose a new MPLS label on to the IP packet because they contain the full BGP routing table, which means they have MPLS FEC's. In the end, traffic never has to go to the route reflectors after the last hop ME3600X in the Access ring. Pretty cool. Totally negates the need for a device with a large FIB in the Access, without restricting IP/MPLS forwarding flexibility. Of course, it means customers that need a full BGP routing table from you would need to run eBGP Multi-Hop. While I don't particularly fancy eBGP Multi-Hop, it's a small price to pay for the overall benefit. One thing to note - unlike Junos and IOS XR, IOS and IOS XE will, by default, assign a label to a route that is coming from a box which does not run MPLS, even though there won't be an outoging label assigned to it. Junos and IOS XR will not assign any labels to any routes that come from boxes not running MPLS. So no extra tweaking is needed to have this functionality. Not sure how an IOS or IOS XE box would perform in this topology without manually configuring label assignments/bindings, as our Aggregation testing has centred around Junos and IOS XR - but one would be able to make it work either way. If needed, all the knobs are there :-). Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Jan 10, 2012, at 10:52 AM, Mark Tinka wrote: > On Tuesday, January 10, 2012 08:59:43 PM Eugeniu Patrascu > wrote: > >> they advertise it as 512k ipv6 and 1.5mil ipv4 iirc. > > That's interesting - I pulled down the data sheets for the > CER2000, and it does say 1,500,000 for v4 in FIB + 256,000 > for v6 in FIB. > > This is weird, because I know v4 was 512,000 when we were > evaluating this box more than 2 years ago. > > Maybe the hardware has been revised. IIRC, there is two different versions of the CER, the "CER" and "CER-RT", the latter having 1.5mil v4 FIB. -- Andrew Hoyos hoy...@gmail.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Tuesday, January 10, 2012 08:59:43 PM Eugeniu Patrascu wrote: > they advertise it as 512k ipv6 and 1.5mil ipv4 iirc. That's interesting - I pulled down the data sheets for the CER2000, and it does say 1,500,000 for v4 in FIB + 256,000 for v6 in FIB. This is weird, because I know v4 was 512,000 when we were evaluating this box more than 2 years ago. Maybe the hardware has been revised. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Tue, Jan 10, 2012 at 10:43, Mark Tinka wrote: > On Monday, January 09, 2012 02:12:42 AM Eugeniu Patrascu > wrote: > >> if you want something else than cisco, you may want to >> take a look at brocade cer2000 routers/switches. >> 1U, has support for 10GE interfaces. >> list price for a 24 port GE model starts at around >> $12-14k and it's very cheap compared to either cisco or >> juniper in this regard. > > And only takes 512,000 IPv4 entries. they advertise it as 512k ipv6 and 1.5mil ipv4 iirc. > > Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Monday, January 09, 2012 02:12:42 AM Eugeniu Patrascu wrote: > if you want something else than cisco, you may want to > take a look at brocade cer2000 routers/switches. > 1U, has support for 10GE interfaces. > list price for a 24 port GE model starts at around > $12-14k and it's very cheap compared to either cisco or > juniper in this regard. And only takes 512,000 IPv4 entries. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Fri, Dec 16, 2011 at 01:25, "Rolf Hanßen" wrote: > Hello, > > I am looking for a stable, reliable router / Layer3 switch that can do the > following: > -forward at least 1GBit / 1Mpps > -full support of IPv6 > -provide NetFlow data or similar for several hundred connected hosts in a > way that can be used for IP-based accounting (including IPv6 and not > sampled) > -small size (max. 5HU) > -redundant PSU > > nice to have: > -bgp > -hsrp/vrrp > > not needed: > -full table > -SFP or 10G Interfaces > -high amount of interfaces (3x 1000T is ok) > > At the moment there is a GSR 12008 used for it but it has no IPv6 support > (apart from senseless size and power wasting). > I got a suggestion to take a refurbished 7206VXR + NPE-G1 but it still > looks expensive to me for such old piece of hardware. > Can you suggest a better/cheaper solution ? if you want something else than cisco, you may want to take a look at brocade cer2000 routers/switches. 1U, has support for 10GE interfaces. list price for a 24 port GE model starts at around $12-14k and it's very cheap compared to either cisco or juniper in this regard. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Monday, December 19, 2011 11:43:29 AM Frank Bulk wrote: > It's too bad that they don't have a release that supports > both IPv6 PBR and DHCPv6-PD with static route insertion. From my quick search on FN, both those features seem to be available in: - SRD2a - SRC3 - SRC2 - SRC1 - SRC Weird. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
It's too bad that they don't have a release that supports both IPv6 PBR and DHCPv6-PD with static route insertion. Frank -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark Tinka Sent: Sunday, December 18, 2011 7:28 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Recommendation for small GBit router On Sunday, December 18, 2011 03:06:18 AM Andrew Miehs wrote: > Apart from running something like running lots of E1s, > x21 interfaces I would no longer purchase a new 7200. As > for second hand boxes - if you can get a service > contract for them, ok. Same. If we're buying for small-to-medium Ethernet requirements, the ASR1000's are the platform to pick on the Cisco side of things. If we need low-speed non-Ethernet, the 7200 is hard to beat, even today. > I still remember a friend of mine buying 4x 7500s filled > with VIPs and ?Supervisors?… Every card, and even the > chassis all had problems! But it was not that the cards > didn't work - they booted, came on line, and then > crashed after 2 days, etc. He spent 6 months debugging > the issues with these boxes due to that and EVERY single > piece needed replacing. Needless to say, it ended up > costing the company more than it would have to buy new. I don't think it would be fair to compare the 7500 to the 7200. They may share port adapters, but that's about it. The NPE-G1 and NPE-G2 on SRE are pretty modern if you're not looking at pushing lots of bandwidth. It's a shame the platform has been discontinued in the long-term, but it's still has miles to run in the short-to-medium term. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Monday, December 19, 2011 04:26:37 AM Andrew Miehs wrote: > Hi Mark, > > this wasn't meant a s speed comparison, but rather what > can go wrong if you buy second hand without service. Agree. We've had 7200's fail on us, both new and refurbished. Either way, getting a yearly renewable support contract can't hurt, yes. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On 18/12/2011, at 2:28 PM, Mark Tinka wrote: >> I still remember a friend of mine buying 4x 7500s filled >> with VIPs and ?Supervisors?… Every card, and even the >> chassis all had problems! But it was not that the cards >> didn't work - they booted, came on line, and then >> crashed after 2 days, etc. He spent 6 months debugging >> the issues with these boxes due to that and EVERY single >> piece needed replacing. Needless to say, it ended up >> costing the company more than it would have to buy new. > > I don't think it would be fair to compare the 7500 to the > 7200. They may share port adapters, but that's about it. Hi Mark, this wasn't meant a s speed comparison, but rather what can go wrong if you buy second hand without service. Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Sunday, December 18, 2011 03:06:18 AM Andrew Miehs wrote: > Apart from running something like running lots of E1s, > x21 interfaces I would no longer purchase a new 7200. As > for second hand boxes - if you can get a service > contract for them, ok. Same. If we're buying for small-to-medium Ethernet requirements, the ASR1000's are the platform to pick on the Cisco side of things. If we need low-speed non-Ethernet, the 7200 is hard to beat, even today. > I still remember a friend of mine buying 4x 7500s filled > with VIPs and ?Supervisors?… Every card, and even the > chassis all had problems! But it was not that the cards > didn't work - they booted, came on line, and then > crashed after 2 days, etc. He spent 6 months debugging > the issues with these boxes due to that and EVERY single > piece needed replacing. Needless to say, it ended up > costing the company more than it would have to buy new. I don't think it would be fair to compare the 7500 to the 7200. They may share port adapters, but that's about it. The NPE-G1 and NPE-G2 on SRE are pretty modern if you're not looking at pushing lots of bandwidth. It's a shame the platform has been discontinued in the long-term, but it's still has miles to run in the short-to-medium term. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
7300 series will also "never have 4 byte ASN support" ? Last I heard, admittedly over a year ago, but likely a side issue to the topic. On 18 December 2011 11:45, wrote: > > > The NSE-* have hardware forwarding that never really worked, so the > > > whole product line was abandoned. Short summary. Don't Go There. > > > > Not really. It's true for 7200 and NSE-1. But not true for 7304 and > > NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and > > NSE-150 based as access-routers at happy with them. > > Experiences evidently vary. We phased out our last 7304 in February > this year - and we were happy to see the end of it. > > Steinar Haug, Nethelp consulting, sth...@nethelp.no > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
> > The NSE-* have hardware forwarding that never really worked, so the > > whole product line was abandoned. Short summary. Don't Go There. > > Not really. It's true for 7200 and NSE-1. But not true for 7304 and > NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and > NSE-150 based as access-routers at happy with them. Experiences evidently vary. We phased out our last 7304 in February this year - and we were happy to see the end of it. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Sat, Dec 17, 2011 at 4:53 PM, Gert Doering wrote: >> What throughput can bigger/newer plattform like Sup32/ASR provide with >> netflow ? Sup32 is PFC3B so same as Sup720/PFC3B. PFC3B supports 128K NetFlow entries. For us it was OK for ~2Gbps traffic with smalls customers traffic from BRAS (a lot of flows). If you have Sup720/PFC3B then do the POC. > The NSE-* have hardware forwarding that never really worked, so the > whole product line was abandoned. Short summary. Don't Go There. Not really. It's true for 7200 and NSE-1. But not true for 7304 and NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and NSE-150 based as access-routers at happy with them. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
This provides a type of overview http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf although your milage will change based on which software features you enable. On 17/12/2011, at 6:34 PM, Mark Tinka wrote: > As I've mentioned before a couple of times on this list, > we've pushed an NPE-G2 up to an aggregated forwarding > performance of 950Mbps @ 90% CPU utilization. > > The box was running in a P role (way back when the network > was much smaller), so IPv4, IPv6, IS-IS, MPLS, BGP for IPv6, > LDP, RSVP and BFD. No ACL's (pure P role), no QoS. 9,000 > bytes MTU on all interfaces. Apart from running something like running lots of E1s, x21 interfaces I would no longer purchase a new 7200. As for second hand boxes - if you can get a service contract for them, ok. I still remember a friend of mine buying 4x 7500s filled with VIPs and ?Supervisors?… Every card, and even the chassis all had problems! But it was not that the cards didn't work - they booted, came on line, and then crashed after 2 days, etc. He spent 6 months debugging the issues with these boxes due to that and EVERY single piece needed replacing. Needless to say, it ended up costing the company more than it would have to buy new. The original poster still hasn't indicated what type of interfaces he requires, but if they really are ethernets - and he is really interested in going "cheap" I would use a PC. Regards Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Saturday, December 17, 2011 11:53:42 PM Gert Doering wrote: > To complement what Jared said: The NPE-G1/G2 are > software forwarding platforms, so you get the maximum in > flexibility, but the G1 will NOT give you 1gbit/s of > forwarding performance. The G2 is supposed to (but I've > not personally verified that). As I've mentioned before a couple of times on this list, we've pushed an NPE-G2 up to an aggregated forwarding performance of 950Mbps @ 90% CPU utilization. The box was running in a P role (way back when the network was much smaller), so IPv4, IPv6, IS-IS, MPLS, BGP for IPv6, LDP, RSVP and BFD. No ACL's (pure P role), no QoS. 9,000 bytes MTU on all interfaces. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Hi, On Sat, Dec 17, 2011 at 03:08:15PM +0100, "Rolf Hanßen" wrote: > ok, nevertheless, what can I expect from these 4 processors / plattforms ? > As far as I found NPE-G1 / NPE-G2 will have SW updates till 2013/2015. > > What throughput can bigger/newer plattform like Sup32/ASR provide with > netflow ? To complement what Jared said: The NPE-G1/G2 are software forwarding platforms, so you get the maximum in flexibility, but the G1 will NOT give you 1gbit/s of forwarding performance. The G2 is supposed to (but I've not personally verified that). The Sup32 will you give >20 Gbit/s hardware forwarding throughput, but comes with some caveats, like "very slow CPU for anything done in software", "netflow without TCP flags" and "limited memory for netflow" (but 1Gbit/s *should* be fine, unless you have extremely high flow churn). The NSE-* have hardware forwarding that never really worked, so the whole product line was abandoned. Short summary. Don't Go There. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp9vHiRUXQnH.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Dec 17, 2011, at 9:08 AM, Rolf Hanßen wrote: > Hi, > > ok, nevertheless, what can I expect from these 4 processors / plattforms ? > As far as I found NPE-G1 / NPE-G2 will have SW updates till 2013/2015. > > What throughput can bigger/newer plattform like Sup32/ASR provide with > netflow ? the sup32 will have limited Netflow capability. I recommend against it unless you understand the technical details/risks of the platform. You are better off using a NPE-G1/G2 or ASR based device. If you don't actually *need* Netflow, but it's a "nice-to-have", then sup32 may meet your needs. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Hi, ok, nevertheless, what can I expect from these 4 processors / plattforms ? As far as I found NPE-G1 / NPE-G2 will have SW updates till 2013/2015. What throughput can bigger/newer plattform like Sup32/ASR provide with netflow ? kind regards Rolf > Hi, > > On Fri, Dec 16, 2011 at 03:37:59PM +0100, "Rolf Hanßen" wrote: >> What about a NSE-100 ? Looks cheap on Ebay. > > There's a reason for that. End-of-life, and abandoned architecture (PXF). > > gert > > > -- > USENET is *not* the non-clickable part of WWW! >//www.muc.de/~gert/ > Gert Doering - Munich, Germany > g...@greenie.muc.de > fax: +49-89-35655025 > g...@net.informatik.tu-muenchen.de > On 16.12.2011 15:37, "Rolf Hanßen" wrote: > Hello, > > 2nd hand is no problem, I did not think about new stuff at all. > > What about a NSE-100 ? Looks cheap on Ebay. > Docs say "3.5 Mpps (PXF); 450 kpps (RP)". Is IPv6 forwarded in hardware or > via RP on NSE ? > > Concerning Netflow on NSE-100/NSE-150/NPE-G1/NPE-G2 cards: > What traffic amount is realistic ? Is the limitation factor bandwidth or > pps ? > What happens beyond the point it can handle to send the Netflow data > properly ? Does that affect Netflow only (for example it sends incomplete > data or switches to a sampling mode to reduce load) or will packet > forwarding also be affected ? > > Im just looking for high pps capability for flooding scenarios only. > If just accounting loses some data in such cases it is not a big issue. > > Anything else to take care of ? > > Concerning other/software based solutions: > I prefer some box that can exchange the existing one without much time > effort for testing/preparing/configuring. > > regards > Rolf ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Friday, December 16, 2011 09:21:02 AM Andrew Miehs wrote: > I wouldn't buy a new 7200 nowerdays - they are not that > much cheaper than the ASR1001s (if at all). Unless you're buying them on the used market. The 7200's are still useful if you require port density, especially for non-Ethernet interfaces. We use them to aggregate a bunch of E1's (cSTM-1), and it's much cheaper to do that (refurbished units) on the 7200 because it's a software router, and the bandwidth requirements of E1 customers aren't a major threat to the system. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Friday, December 16, 2011 11:14:07 PM Jared Mauch wrote: > Wish Cisco would actually save these parts of the config > but having a recoverable device isn't a priority > apparently. Well, the same goes for SSH keys and SNMPv3 activations. These are the 2 bits I've found are easy to forget when bringing a system back online from a backed up configuration. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
> > At the moment there is a GSR 12008 used for it but it has no IPv6 support > > (apart from senseless size and power wasting). > > I am a little curious about what IPv6 support/feature is missing on your > GSR 12008... For instance 6VPE, in IOS. Yes, this is supported in IOS XR for the GSR, but that has its own challenges... Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On 16/12/2011 16:00, Gert Doering wrote: > On Fri, Dec 16, 2011 at 03:37:59PM +0100, "Rolf Hanßen" wrote: >> What about a NSE-100 ? Looks cheap on Ebay. > > There's a reason for that. End-of-life, and abandoned architecture (PXF). and hasn't been able to handle a full DFZ since 2007 or so. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Hi, Il 16/12/2011 0.25, "Rolf Hanßen" ha scritto: At the moment there is a GSR 12008 used for it but it has no IPv6 support (apart from senseless size and power wasting). I am a little curious about what IPv6 support/feature is missing on your GSR 12008... Thanks -- BR Tiziano D'Inca' CTO at ASDASD srl Helpdesk 800.0306.88 ASDASD.it - POPWIFI.it tizi...@asdasd.it Direct041.9636.508 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Hi, On Fri, Dec 16, 2011 at 03:37:59PM +0100, "Rolf Hanßen" wrote: > What about a NSE-100 ? Looks cheap on Ebay. There's a reason for that. End-of-life, and abandoned architecture (PXF). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp39ltSfyCIf.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Dec 16, 2011, at 5:33 AM, Robert Hass wrote: >> Cisco-wise you'll find nothing that can push bandwidth. The cheapest >> option you have would probably be a WS-3560, but you'll need an >> "advanced ip services" image which does not come for free. > > But 3560 doesn't provide netflow at all (even sampled). And no SVI statistics. > So it's out of requirements. Sometimes it's easier to just do a SPAN and look at that instead of running flow on the device. I was also going to suggest the 3560 as it's "cheap-enough" and works relatively well. You have to reconfigure it to run IPv6 by default in my experience, and keep notes on how to do this since it's not saved in a 'wr mem', so won't automatically be saved if you need to swap the device. Wish Cisco would actually save these parts of the config but having a recoverable device isn't a priority apparently. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Hello, 2nd hand is no problem, I did not think about new stuff at all. What about a NSE-100 ? Looks cheap on Ebay. Docs say "3.5 Mpps (PXF); 450 kpps (RP)". Is IPv6 forwarded in hardware or via RP on NSE ? Concerning Netflow on NSE-100/NSE-150/NPE-G1/NPE-G2 cards: What traffic amount is realistic ? Is the limitation factor bandwidth or pps ? What happens beyond the point it can handle to send the Netflow data properly ? Does that affect Netflow only (for example it sends incomplete data or switches to a sampling mode to reduce load) or will packet forwarding also be affected ? Im just looking for high pps capability for flooding scenarios only. If just accounting loses some data in such cases it is not a big issue. Anything else to take care of ? Concerning other/software based solutions: I prefer some box that can exchange the existing one without much time effort for testing/preparing/configuring. regards Rolf > On 16 December 2011 10:53, Phil Mayers wrote: > >> On 12/16/2011 01:09 AM, "Rolf Hanßen" wrote: >> >>> Hi Andrew, >>> >>> just pure forwarding of a few public networks towards each other and >>> internet with default route. >>> No tunnels, no NAT, no DHCP, no VPN or something similar. >>> Concerning "relatively cheap": Im searching for "below 3000 Euro >>> absolutely". ;) >>> >> >> You'll get nothing in the Cisco range with that feature set for that >> price >> unless you go 2nd hand, IMO. >> >> Netflow at the same time as 1Gbit/sec is the killer - platforms that do >> both are lots. >> >> At this level of performance, consider whether a network tap & linux >> machine with one of the software flow capture engines would be an >> alternative - then buy a low-end 3x50 catalyst, which will easily >> perform >> and do IPv6. >> >> Or tolerate <1Gbit/sec and buy one of the ISRs. > > > > ASR1001 would be my recommendation or there is a "service module" for the > Cat 3560X switch that adds netflow capability. > > ASR1001 MSRP $17k + $5k for IP BASE licence > > WS-C3560X-24T-S MSRP $4,300 + $3,750 for C3KX-SM-10G service module + $500 > for dual PSU > > neither of these options is close to the 3k target, and neither is > readily > available used. > > Up until recently Cisco had few low-end router platforms that could shift > 1Gbps - only the 7304 NSE-150 or 7200 NPE-G2. Both are available used - > I'd recommend the G2 above the NSE. > > The Cat switches can move the packets but support for IPv6 and Netflow are > limited. I don't know how software in Nexus is shaping up. > , > Other than that you're looking at high-end routers like OSR (10k), GSR > (12k) or CRS which are overkill for the requirements. > > If you're looking for a non-Cisco solution, how about a Mikrotik? > According to them the RB1100AHx2 can do >1Gbps and nearly 1Mbpps for less > than 500, which is cheap enough to try one to see if it meets your needs > - > http://routerboard.com/RB1100AHx2 > > Aled > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On 16 December 2011 11:58, Andrew Miehs wrote: > HI Aled, > > On Fri, Dec 16, 2011 at 12:29 PM, Aled Morris wrote: > >> ASR1001 MSRP $17k + $5k for IP BASE licence >> > > I think the IP BASE license is included with the ASR1001 for US$17K list. > Sadly not, you have to pay. I did forget to include the SFPs that are also needed, even for UTP. Aled ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
There are 'other' vendors out there besides Cisco who's switches provide SFlow which will give you information you're looking for as compared to netflow, assuming your collector supports it. These same vendor/switches also can do the routing as you're asking about for the low cost you're looking for. On Fri, Dec 16, 2011 at 7:25 AM, Garry wrote: > On 16.12.2011 00:25, "Rolf Hanßen" wrote: > > Hello, > > > > I am looking for a stable, reliable router / Layer3 switch that can do > the > > following: > > -forward at least 1GBit / 1Mpps > [..] > Rolf, sorry to say, but for the price range of 3000€ you'll have a hard > time finding anything, even used, that has both the "Cisco" name tag and > the 1Gbit L3 forwarding ability ... especially with all the additional > features ... you can't expect an enterprise, high-end product for a > SoHo/Mid-Range price ... > > I second the ASR 1001 option, nice box with lots of performance for > relatively good price, be aware of the limits in BGP (500k prefixes IIRC > ?) though ... but as you wrote, you don't need a full table, so that > shouldn't be a problem. Not sure how much of a performance hit the > Netflow will be once you are actually pushing the 1G through the box ... > > -garry > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On 16.12.2011 00:25, "Rolf Hanßen" wrote: > Hello, > > I am looking for a stable, reliable router / Layer3 switch that can do the > following: > -forward at least 1GBit / 1Mpps [..] Rolf, sorry to say, but for the price range of 3000€ you'll have a hard time finding anything, even used, that has both the "Cisco" name tag and the 1Gbit L3 forwarding ability ... especially with all the additional features ... you can't expect an enterprise, high-end product for a SoHo/Mid-Range price ... I second the ASR 1001 option, nice box with lots of performance for relatively good price, be aware of the limits in BGP (500k prefixes IIRC ?) though ... but as you wrote, you don't need a full table, so that shouldn't be a problem. Not sure how much of a performance hit the Netflow will be once you are actually pushing the 1G through the box ... -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
HI Aled, On Fri, Dec 16, 2011 at 12:29 PM, Aled Morris wrote: > ASR1001 MSRP $17k + $5k for IP BASE licence > I think the IP BASE license is included with the ASR1001 for US$17K list. Street price should be about EUR10K . (OP seems to be in euro zone). He will however require a few sfps. I personally would steer clear of second hand boxes. Regards Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On 16 December 2011 10:53, Phil Mayers wrote: > On 12/16/2011 01:09 AM, "Rolf Hanßen" wrote: > >> Hi Andrew, >> >> just pure forwarding of a few public networks towards each other and >> internet with default route. >> No tunnels, no NAT, no DHCP, no VPN or something similar. >> Concerning "relatively cheap": Im searching for "below 3000 Euro >> absolutely". ;) >> > > You'll get nothing in the Cisco range with that feature set for that price > unless you go 2nd hand, IMO. > > Netflow at the same time as 1Gbit/sec is the killer - platforms that do > both are €lots. > > At this level of performance, consider whether a network tap & linux > machine with one of the software flow capture engines would be an > alternative - then buy a low-end 3x50 catalyst, which will easily perform > and do IPv6. > > Or tolerate <1Gbit/sec and buy one of the ISRs. ASR1001 would be my recommendation or there is a "service module" for the Cat 3560X switch that adds netflow capability. ASR1001 MSRP $17k + $5k for IP BASE licence WS-C3560X-24T-S MSRP $4,300 + $3,750 for C3KX-SM-10G service module + $500 for dual PSU neither of these options is close to the €3k target, and neither is readily available used. Up until recently Cisco had few low-end router platforms that could shift 1Gbps - only the 7304 NSE-150 or 7200 NPE-G2. Both are available used - I'd recommend the G2 above the NSE. The Cat switches can move the packets but support for IPv6 and Netflow are limited. I don't know how software in Nexus is shaping up. , Other than that you're looking at high-end routers like OSR (10k), GSR (12k) or CRS which are overkill for the requirements. If you're looking for a non-Cisco solution, how about a Mikrotik? According to them the RB1100AHx2 can do >1Gbps and nearly 1Mbpps for less than €500, which is cheap enough to try one to see if it meets your needs - http://routerboard.com/RB1100AHx2 Aled ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On 12/16/2011 01:09 AM, "Rolf Hanßen" wrote: Hi Andrew, just pure forwarding of a few public networks towards each other and internet with default route. No tunnels, no NAT, no DHCP, no VPN or something similar. Concerning "relatively cheap": Im searching for "below 3000 Euro absolutely". ;) You'll get nothing in the Cisco range with that feature set for that price unless you go 2nd hand, IMO. Netflow at the same time as 1Gbit/sec is the killer - platforms that do both are €lots. At this level of performance, consider whether a network tap & linux machine with one of the software flow capture engines would be an alternative - then buy a low-end 3x50 catalyst, which will easily perform and do IPv6. Or tolerate <1Gbit/sec and buy one of the ISRs. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
> Cisco-wise you'll find nothing that can push bandwidth. The cheapest > option you have would probably be a WS-3560, but you'll need an > "advanced ip services" image which does not come for free. But 3560 doesn't provide netflow at all (even sampled). And no SVI statistics. So it's out of requirements. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
I'd say if he really want to go cheap, IP base probably do fine, only difference is no BGP in it. Adv.IP services license cost half of hardware while ipbase few hundered $. On 16/12/11 12:27, Elmar K. Bins wrote: The cheapest option you have would probably be a WS-3560, but you'll need an "advanced ip services" image which does not come for free. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
n...@rhanssen.de ("Rolf Hanßen") wrote:
> Hi Andrew,
>
> just pure forwarding of a few public networks towards each other and
> internet with default route.
> No tunnels, no NAT, no DHCP, no VPN or something similar.
> Concerning "relatively cheap": Im searching for "below 3000 Euro
> absolutely". ;)
Cisco-wise you'll find nothing that can push bandwidth. The cheapest
option you have would probably be a WS-3560, but you'll need an
"advanced ip services" image which does not come for free.
You will be able to push a lot of packets through that box, and it
can do v4 and v6 routing. I have not tried v6 BGP yet on that one;
I know it works on 3750s (since Jan 2011), and my guess is that
Cisco would have implemented the feature on the 3560s too.
Yours,
Elmi.
--
"Machen Sie sich erst einmal unbeliebt. Dann werden Sie auch ernstgenommen."
(Konrad Adenauer)
--[ ELMI-RIPE ]---
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Fri, Dec 16, 2011 at 12:25 AM, "Rolf Hanßen" wrote: > I am looking for a stable, reliable router / Layer3 switch that can do the > following: > -forward at least 1GBit / 1Mpps > -full support of IPv6 > -provide NetFlow data or similar for several hundred connected hosts in a > way that can be used for IP-based accounting (including IPv6 and not [...] Maybe 6503/Sup32 It's same as Sup720 becouse it's also use PFC3B. On second hand market you can have it for 4-5k EUR with chassis and PS/PEMs. Limitations - no good linecards like 67xx. if not then ASR1002F or ASR1001 or older 7304/NSE-100 or NSE-150 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Hi Rolf, On 16/12/2011, at 2:09 AM, Rolf Hanßen wrote: > Hi Andrew, > > just pure forwarding of a few public networks towards each other and > internet with default route. > No tunnels, no NAT, no DHCP, no VPN or something similar. > Concerning "relatively cheap": Im searching for "below 3000 Euro > absolutely". ;) I assume then you are looking for a router with gigabit ethernet interfaces - i.e.: no STM-4, no serials, etc. I wouldn't buy a new 7200 nowerdays - they are not that much cheaper than the ASR1001s (if at all). You can get them from around 10K Euro. If you want to go cheap and nasty, you could always use a PC. Regards Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Hi Andrew, just pure forwarding of a few public networks towards each other and internet with default route. No tunnels, no NAT, no DHCP, no VPN or something similar. Concerning "relatively cheap": Im searching for "below 3000 Euro absolutely". ;) regards Rolf > Hi Rolf, > > On 16/12/2011, at 12:25 AM, Rolf Hanßen wrote: >> I am looking for a stable, reliable router / Layer3 switch that can do >> the >> following: >> -forward at least 1GBit / 1Mpps >> -full support of IPv6 >> -provide NetFlow data or similar for several hundred connected hosts in >> a >> way that can be used for IP-based accounting (including IPv6 and not >> sampled) >> -small size (max. 5HU) >> -redundant PSU > > What type of connections do you want to terminate? > An ASR1001 is pretty cheap (relatively) and a great little box - 1HE. > > Regards > > Andrew > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Hi Rolf, On 16/12/2011, at 12:25 AM, Rolf Hanßen wrote: > I am looking for a stable, reliable router / Layer3 switch that can do the > following: > -forward at least 1GBit / 1Mpps > -full support of IPv6 > -provide NetFlow data or similar for several hundred connected hosts in a > way that can be used for IP-based accounting (including IPv6 and not > sampled) > -small size (max. 5HU) > -redundant PSU What type of connections do you want to terminate? An ASR1001 is pretty cheap (relatively) and a great little box - 1HE. Regards Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
Rolf, On Thu, Dec 15, 2011 at 4:25 PM, "Rolf Hanßen" wrote: > I am looking for a stable, reliable router / Layer3 switch that can do the > following: > -forward at least 1GBit / 1Mpps > -full support of IPv6 > -provide NetFlow data or similar for several hundred connected hosts in a > way that can be used for IP-based accounting (including IPv6 and not > sampled) > -small size (max. 5HU) > -redundant PSU > > nice to have: > -bgp > -hsrp/vrrp > > not needed: > -full table > -SFP or 10G Interfaces > -high amount of interfaces (3x 1000T is ok) > > I got a suggestion to take a refurbished 7206VXR + NPE-G1 but it still > looks expensive to me for such old piece of hardware. > Can you suggest a better/cheaper solution ? Vyatta - www.vyatta.com It will do all of the above... Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
