Re: 7206 VXR NPE-G1 throughput
On Thursday, February 13, 2014 12:28:47 AM Vlade Ristevski wrote: My Cisco SE brought up an interesting alternative. This summer we're replacing our 6513 Sup720 with a pair of 6807 with redundant Sup 2Ts. It is where all our internal Fiber terminates and where internal routing happens. He said we can add extra memory and terminate our BGP sessions here and use that for our Internet connections. After thinking it over, I'd still rather have dedicated routers for our Internet access but I'm curious what you guys think about this suggestion. If you have the budget, run dedicated peering/upstream routers. Hierarchical separation of functions at the hardware level provides lots of flexibility in other areas as your network grows. If cash is not a constraint, go for it, I'd say. Mark. signature.asc Description: This is a digitally signed message part.
Re: 7206 VXR NPE-G1 throughput
On Thursday, February 13, 2014 05:08:02 AM Mikael Abrahamsson wrote: A lot of people use SUP720-3BXL and RSP720-3CXL for full BGP table routing. This will work just fine until the IPv4 routing table reaches 800k entries or something (if you want to do IPv6 at the same time, you probably don't want to go over 800k IPv4 routes and 50k IPv6 routes to have a little bit of margin of the around 1M routes the XL sup can handle). Or route churn which quickly shows the inadequacies of the CPU in those control planes. An NPE-G1/G2 has a much quicker CPU. Mark. signature.asc Description: This is a digitally signed message part.
Re: 7206 VXR NPE-G1 throughput
Dan Brisson wrote the following on 2/12/2014 9:06 PM: My Cisco SE brought up an interesting alternative. This summer we're replacing our 6513 Sup720 with a pair of 6807 with redundant Sup 2Ts. It is where all our internal Fiber terminates and where internal routing happens. He said we can add extra memory and terminate our BGP sessions here and use that for our Internet connections. After thinking it over, I'd still rather have dedicated routers for our Internet access but I'm curious what you guys think about this suggestion. I think at the Internet edge, physical separation trumps logical unless you have no other choice. Personally, I would keep them separate. My .02, -dan A point to consider: Layer 3 infrastructure and the services that run on L3 devices (ssh, ntp, routing protocols, packet classification, monitoring, shaping, etc) have a much higher surface area for attack and bugs. They therefore (theoretically) require more frequent updates and encounter more problems. Do you want to disrupt your layer 2 infrastructure every time you update your L3 infrastructure? Do you want to expose your L2 infrastructure to the potential bugs in L3 and above code? Separate physical devices can create a more available network. Counter point: A router in front of a router adds an additional point of failure. If you're not gaining anything (features, redundancy, etc) by its introduction you're just wasting money and hurting your (potential) availability. If you provide a lot of L2 only services, or have a substantial amount of traffic that never leaves L2, I would recommend dividing your network by OSI layer. This allows you to easily have different update, security, warranty, etc policies for the different services your network provides. If you are an ISP offering L3 only services or all traffic on your network hits L3, then a failure of any one layer will disrupt all communication; In this case, you may save time/money and increase availability by combining L2 and L3+ functions. --Blake
Re: 7206 VXR NPE-G1 throughput
Thanks for all the responses. It's been very helpful. Based on your collective feedback, I'm definitely going to retire the 7206 this summer. I'm looking at the ASR-1002-X and Juniper MX-5, MX-10. I may as well go with something 10Gig capable. My Cisco SE brought up an interesting alternative. This summer we're replacing our 6513 Sup720 with a pair of 6807 with redundant Sup 2Ts. It is where all our internal Fiber terminates and where internal routing happens. He said we can add extra memory and terminate our BGP sessions here and use that for our Internet connections. After thinking it over, I'd still rather have dedicated routers for our Internet access but I'm curious what you guys think about this suggestion. -- Vlad
Re: 7206 VXR NPE-G1 throughput
My Cisco SE brought up an interesting alternative. This summer we're replacing our 6513 Sup720 with a pair of 6807 with redundant Sup 2Ts. It is where all our internal Fiber terminates and where internal routing happens. He said we can add extra memory and terminate our BGP sessions here and use that for our Internet connections. After thinking it over, I'd still rather have dedicated routers for our Internet access but I'm curious what you guys think about this suggestion. I think at the Internet edge, physical separation trumps logical unless you have no other choice. Personally, I would keep them separate. My .02, -dan
Re: 7206 VXR NPE-G1 throughput
On Wed, 12 Feb 2014, Vlade Ristevski wrote: My Cisco SE brought up an interesting alternative. This summer we're replacing our 6513 Sup720 with a pair of 6807 with redundant Sup 2Ts. It is where all our internal Fiber terminates and where internal routing happens. He said we can add extra memory and terminate our BGP sessions here and use that for our Internet connections. After thinking it over, I'd still rather have dedicated routers for our Internet access but I'm curious what you guys think about this suggestion. A lot of people use SUP720-3BXL and RSP720-3CXL for full BGP table routing. This will work just fine until the IPv4 routing table reaches 800k entries or something (if you want to do IPv6 at the same time, you probably don't want to go over 800k IPv4 routes and 50k IPv6 routes to have a little bit of margin of the around 1M routes the XL sup can handle). -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: 7206 VXR NPE-G1 throughput
We run 7206 NPE-G1s on some GigE peering points. At about 800Mbps of aggregate Internet traffic (inbound + outbound, as measured from Cacti) the CPU sits around 70%. Setup: - inbound and outbound Internet-facing ACLs (50 lines and 25 lines respectively, turbo ACL) - Inbound Internet-facing policy-map to remark DSCP (references 7-line ACL) - minimal routes via BGP (approx 1500) - 15.1 SP train YMMV, but they work well for us in this scenario. With downstream-to-upstream traffic patterns of approx 7-to-1 the GigE and CPU will peak out at about the same time. Side note - our G2s at that same 800Mbps traffic rate run at approx 60% CPU. Cheers Mark W On 2/11/14 2:10 AM, Geraint Jones gera...@koding.com wrote: Or assuming your using an Ethernet of some sort as your upstream connections you could grab something like a CCR from mikrotik for $1k and sleep easy knowing you're only using 6% of it's capacity. Sent from my iPhone • On 11/02/2014, at 3:52 pm, Octavio Alvarez alvar...@alvarezp.ods.org wrote: On 02/10/2014 06:05 PM, Vlade Ristevski wrote: Are you suggesting getting the default gateway from both providers or getting the full table from one and using the default as a backup on the other (7206)? Whatever suits you best. Test and see. I'd just receive the full table anyway but filter them out, letting only the default routes go into the RIB. This should streamline your FIB. As I say, you lose outbound load balancing and your redundancy becomes all-or-nothing, but you save a few cycles. Again, I wouldn't recommend any of this because of the drawbacks, but along with other recommendations that others have made, like Turbo ACLs, it may buy you some time.
Re: 7206 VXR NPE-G1 throughput
Our G2 with BGP full-view and sampled netflow 1:100 doing 1,2Gbit with about 88% load. On 12.02.2014 1:03, Mark Walters wrote: Side note - our G2s at that same 800Mbps traffic rate run at approx 60% CPU.
Re: 7206 VXR NPE-G1 throughput
I generally spec the NPE-G1 as up to 1Gbps if you're using the onboard ports. This assumes ISP type loads with little upstream, lots of downstream, and relatively large flows (mostly 1500 byte packets) on ethernet. It sounds like this fits your usage case well. If one were to throw in ATM or another media type I'd drop the performance quote to half. If you cannot make use of CEF, or use source based routing, drop the performance to ~ 100Mbps. NPE-G1 with 1Gbps of RAM can take 2 full BGP feeds (about 700MB of memory used). Each additional feed will likely require another 100-200MB of memory (no soft reconfig). NPE-G2 w/ 2GB of RAM can take several full feeds and may be able to operate up to 2Gbps using the onboard ports. I haven't pushed one of these to its limits, most people seem to move on to newer platforms first. --Blake Vlade Ristevski wrote the following on 2/10/2014 9:17 AM: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. Answers on and off list are appreciated. Thanks,
7206 VXR NPE-G1 throughput
We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. Answers on and off list are appreciated. Thanks, -- Vlad
Re: 7206 VXR NPE-G1 throughput
On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Regards, Remco Bressers Signet B.V.
Re: 7206 VXR NPE-G1 throughput
I have one but I never ran that much BW thru mine. But the CPU usage is what will kill you. Also the entire platform is rate for 1.8Gbs aggregated which mean depending on which interface you have, and which bus they are connected to, 900Mbps might be its limit. - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 02/10/14 10:30, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Regards, Remco Bressers Signet B.V.
Re: 7206 VXR NPE-G1 throughput
We're still on the 12.4 train. I do use an ACL with less than 100 entries which handle BCP38 and block a few bad actors and private IPs on the Internet. I will be moving the BCP38 ACL closer to the hosts before the upgrade so the ACL will be a bit shorter in the future. We won't be doing any QOS or IPv6 on it but it does take a full BGP table. I just need it to last another year or two out of it if possible. I believe this platform goes End of Support in Spring 2016. On 2/10/2014 10:30 AM, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Regards, Remco Bressers Signet B.V. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854
Re: 7206 VXR NPE-G1 throughput
On 2/10/14, 7:17 AM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. I wouldn't expect a g1 to do much more than half a gig... https://supportforums.cisco.com/servlet/JiveServlet/download/561469-9512/routerperformance.pdf Answers on and off list are appreciated. Thanks, signature.asc Description: OpenPGP digital signature
Re: 7206 VXR NPE-G1 throughput
Both the inside and outside interfaces are on the same NPE-G1 card. Thanks, On 2/10/2014 10:40 AM, Alain Hebert wrote: I have one but I never ran that much BW thru mine. But the CPU usage is what will kill you. Also the entire platform is rate for 1.8Gbs aggregated which mean depending on which interface you have, and which bus they are connected to, 900Mbps might be its limit. - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 02/10/14 10:30, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Regards, Remco Bressers Signet B.V. -- Vlad
Re: 7206 VXR NPE-G1 throughput
On 02/10/2014 04:43 PM, Vlade Ristevski wrote: We're still on the 12.4 train. I do use an ACL with less than 100 entries which handle BCP38 and block a few bad actors and private IPs on the Internet. I will be moving the BCP38 ACL closer to the hosts before the upgrade so the ACL will be a bit shorter in the future. We won't be doing any QOS or IPv6 on it but it does take a full BGP table. I just need it to last another year or two out of it if possible. I believe this platform goes End of Support in Spring 2016. On 2/10/2014 10:30 AM, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Full routing and ACL 100+ entries? I would ditch the 7200+NPE-G1 or upgrade to an NPE-G2.. Regards, Remco Bressers Signet B.V.
Re: 7206 VXR NPE-G1 throughput
Thanks for the link. When I looked at it, the PPS and bandwidth didn't really match what I see on my network so I'm curious to see what people are actually seeing. It looks like their test is done using very small packets (64K). Our traffic is mostly web with a lot of Video (netflix , Hulu, youtube, Flash etc) so we're dealing with a lot less packets that are much larger. Based on the numbers I posted, we' would be at the BW limit without even coming close the PPS limit (if we were running the traffic through the 7206). On 2/10/2014 10:41 AM, joel jaeggli wrote: On 2/10/14, 7:17 AM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. I wouldn't expect a g1 to do much more than half a gig... https://supportforums.cisco.com/servlet/JiveServlet/download/561469-9512/routerperformance.pdf Answers on and off list are appreciated. Thanks, -- Vlad
Re: 7206 VXR NPE-G1 throughput
The ACL is a recent addition and we can probably do away with it. I didn't notice a significant increase in CPU or drops since adding it. But we usually peak at about 200Mbps on this link. The full routing table is a must since we're dual homed. On 2/10/2014 10:55 AM, Remco Bressers wrote: On 02/10/2014 04:43 PM, Vlade Ristevski wrote: We're still on the 12.4 train. I do use an ACL with less than 100 entries which handle BCP38 and block a few bad actors and private IPs on the Internet. I will be moving the BCP38 ACL closer to the hosts before the upgrade so the ACL will be a bit shorter in the future. We won't be doing any QOS or IPv6 on it but it does take a full BGP table. I just need it to last another year or two out of it if possible. I believe this platform goes End of Support in Spring 2016. On 2/10/2014 10:30 AM, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Full routing and ACL 100+ entries? I would ditch the 7200+NPE-G1 or upgrade to an NPE-G2.. Regards, Remco Bressers Signet B.V. -- Vlad
Re: 7206 VXR NPE-G1 throughput
On 02/10/2014 04:30 PM, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. I do share the same thoughts as Remco. We've actually several NPE-G1 in production environments with full BGP feed. We saw a decrease in forwarding performance since 12.4T and up. We also recently disabled some features like netflow and ip inspection, which seemed relatively CPU intensive. I do remember we were able to forward around ~700Mbps of 1500 bytes traffic with old IOS images and no ACLs.
Re: 7206 VXR NPE-G1 throughput
On 2/10/14, 7:43 AM, Vlade Ristevski wrote: We're still on the 12.4 train. I do use an ACL with less than 100 entries which handle BCP38 and block a few bad actors and private IPs on the Internet. I will be moving the BCP38 ACL closer to the hosts before the upgrade so the ACL will be a bit shorter in the future. We won't be doing any QOS or IPv6 on it but it does take a full BGP table. I just need it to last another year or two out of it if possible. I believe this platform goes End of Support in Spring 2016. yeah so you'll probably make it on a pure pps basis. On 2/10/2014 10:30 AM, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Regards, Remco Bressers Signet B.V. signature.asc Description: OpenPGP digital signature
Re: 7206 VXR NPE-G1 throughput
On 2/10/14, 7:57 AM, Vlade Ristevski wrote: Thanks for the link. When I looked at it, the PPS and bandwidth didn't really match what I see on my network so I'm curious to see what people are actually seeing. It looks like their test is done using very small packets (64K). Our traffic is mostly web with a lot of Video (netflix , Hulu, youtube, Flash etc) so we're dealing with a lot less packets that are much larger. Based on the numbers I posted, we' would be at the BW limit without even coming close the PPS limit (if we were running the traffic through the 7206). so those pps numbers are worst case (small packet) but the acl count /distribution and so on are going to impact what you actually get in the downward direction. On 2/10/2014 10:41 AM, joel jaeggli wrote: On 2/10/14, 7:17 AM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. I wouldn't expect a g1 to do much more than half a gig... https://supportforums.cisco.com/servlet/JiveServlet/download/561469-9512/routerperformance.pdf Answers on and off list are appreciated. Thanks, signature.asc Description: OpenPGP digital signature
RE: 7206 VXR NPE-G1 throughput
600Mb is going to be really pushing it. I doubt it will be able to handle that kind of throughput. Even with G2 I would think you would be pushing it. -Original Message- From: Remco Bressers [mailto:re...@signet.nl] Sent: Monday, February 10, 2014 9:56 AM To: nanog@nanog.org Subject: Re: 7206 VXR NPE-G1 throughput On 02/10/2014 04:43 PM, Vlade Ristevski wrote: We're still on the 12.4 train. I do use an ACL with less than 100 entries which handle BCP38 and block a few bad actors and private IPs on the Internet. I will be moving the BCP38 ACL closer to the hosts before the upgrade so the ACL will be a bit shorter in the future. We won't be doing any QOS or IPv6 on it but it does take a full BGP table. I just need it to last another year or two out of it if possible. I believe this platform goes End of Support in Spring 2016. On 2/10/2014 10:30 AM, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Full routing and ACL 100+ entries? I would ditch the 7200+NPE-G1 or upgrade to an NPE-G2.. Regards, Remco Bressers Signet B.V.
Re: 7206 VXR NPE-G1 throughput
On 10/02/2014 15:30, Remco Bressers wrote: This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. in fact, the npe-g1 uses a BCM1250 which is a dual CPU unit but vanilla IOS is not able to use the second CPU for packet forwarding. Unsubstantiated rumour claimed that modular IOS (QNX kernel) could push about 1.6x the throughput of vanilla IOS, as it was smp capable. Pity it was never released. Nick
Re: 7206 VXR NPE-G1 throughput
On 02/10/2014 08:05 AM, Vlade Ristevski wrote: The ACL is a recent addition and we can probably do away with it. I didn't notice a significant increase in CPU or drops since adding it. But we usually peak at about 200Mbps on this link. The full routing table is a must since we're dual homed. You don't necessarily need the full routing table for dual home, only for outgoing load balance. You can have BGP, filter your routes away, just leave a default gateway and still have dual homing. Your outgoing traffic will work as if it were active-standby, though. My 0.02.
Re: 7206 VXR NPE-G1 throughput
On 10.02.2014 21:58, Nick Hilliard wrote: Unsubstantiated rumour claimed that modular IOS (QNX kernel) could push about 1.6x the throughput of vanilla IOS, as it was smp capable. Pity it was never released. You mean IOS XR? Which was never released for software based routers, right? as it QNX in core.
Re: 7206 VXR NPE-G1 throughput
On Monday, February 10, 2014 05:17:09 PM Vlade Ristevski wrote: This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. An NPE-G2 has a better chance of handling 600Mbps. Mark. signature.asc Description: This is a digitally signed message part.
Re: 7206 VXR NPE-G1 throughput
On Monday, February 10, 2014 05:40:04 PM Alain Hebert wrote: Also the entire platform is rate for 1.8Gbs aggregated which mean depending on which interface you have, and which bus they are connected to, 900Mbps might be its limit. I've done 900Mbps on an NPE-G2 with 95% CPU utilization and no packet drops, in a core router role. An NPE-G1 won't do that. Mark. signature.asc Description: This is a digitally signed message part.
Re: 7206 VXR NPE-G1 throughput
On Monday, February 10, 2014 05:43:04 PM Vlade Ristevski wrote: We're still on the 12.4 train. I do use an ACL with less than 100 entries which handle BCP38 and block a few bad actors and private IPs on the Internet. I will be moving the BCP38 ACL closer to the hosts before the upgrade so the ACL will be a bit shorter in the future. Be sure to enable Turbo ACL's for best ACL processing optimization on this platform. Mark. signature.asc Description: This is a digitally signed message part.
Re: 7206 VXR NPE-G1 throughput
On 10/02/2014 19:44, Nikolay Shopik wrote: You mean IOS XR? Which was never released for software based routers, right? as it QNX in core. no, I meant modular IOS, not XR. This was an attempt to run a non bare-metal IOS. The kernel was based on qnx (http://goo.gl/9RSwHn), and cisco released it for the C6500 on the SXH and SXI code train. It turned out not to be much of a success in the end - very little of use was modularised, and it was canned after two minor code train releases. A bit sad really, because it never had enough time to mature. It was never released for any other platform. IOS-XE was a better implementation of non bare-metal ios Nick
Re: 7206 VXR NPE-G1 throughput
On Monday, February 10, 2014 06:08:42 PM Nicolas Chabbey wrote: I do remember we were able to forward around ~700Mbps of 1500 bytes traffic with old IOS images and no ACLs. The trick is some of those additional features are better optimized in more modern IOS releases (SRE, 15S). Quagmire. Mark. signature.asc Description: This is a digitally signed message part.
Re: 7206 VXR NPE-G1 throughput
On Monday, February 10, 2014 07:58:16 PM Nick Hilliard wrote: in fact, the npe-g1 uses a BCM1250 which is a dual CPU unit but vanilla IOS is not able to use the second CPU for packet forwarding. Unsubstantiated rumour claimed that modular IOS (QNX kernel) could push about 1.6x the throughput of vanilla IOS, as it was smp capable. Pity it was never released. Haha, you remind me of PXF (although that was the NSE-100 and NSE-150). Mark. signature.asc Description: This is a digitally signed message part.
Re: 7206 VXR NPE-G1 throughput
On Mon, 10 Feb 2014, Vlade Ristevski wrote: Answers on and off list are appreciated. At 700-800 megabit/s aggregated througput (in+out), you're very clsoe to the max performance envelope of the G1. If you're going down this route, be prepared to purchase new hardware at short notice in case your traffic increases faster than you anticipated. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: 7206 VXR NPE-G1 throughput
Cisco once implemented and released this feature to use the second core of the NPE-G1, most notably to manage the BRAS en/decapsulations tasks for LAC/LNS/PTA (PPPoE, L2TP...), effectively offering such 1.6 factor. It was called MPF, and was released in special 12.3-YM IOS (in 2004/2005 I guess). The first core was still running normal IOS while the second core was running a dedicated microcode (acting as some sort of data plane). However several features were not available, and it was quite buggy and unstable (unless you only used the very minimum features implemented in the MPF microcode: no MSS adjust, no ACL for PPP sessions...). It was quickly deprecated anyway. http://www.cisco.com/en/US/prod/collateral/routers/ps341/prod_end-of-life_notice0900aecd8067dd9f.html Le 10 févr. 2014 à 21:38, Mark Tinka mark.ti...@seacom.mu a écrit : On Monday, February 10, 2014 07:58:16 PM Nick Hilliard wrote: in fact, the npe-g1 uses a BCM1250 which is a dual CPU unit but vanilla IOS is not able to use the second CPU for packet forwarding. Unsubstantiated rumour claimed that modular IOS (QNX kernel) could push about 1.6x the throughput of vanilla IOS, as it was smp capable. Pity it was never released. Haha, you remind me of PXF (although that was the NSE-100 and NSE-150). Mark.
Re: 7206 VXR NPE-G1 throughput
Are you suggesting getting the default gateway from both providers or getting the full table from one and using the default as a backup on the other (7206)? Thanks, On 2/10/2014 1:27 PM, Octavio Alvarez wrote: On 02/10/2014 08:05 AM, Vlade Ristevski wrote: The ACL is a recent addition and we can probably do away with it. I didn't notice a significant increase in CPU or drops since adding it. But we usually peak at about 200Mbps on this link. The full routing table is a must since we're dual homed. You don't necessarily need the full routing table for dual home, only for outgoing load balance. You can have BGP, filter your routes away, just leave a default gateway and still have dual homing. Your outgoing traffic will work as if it were active-standby, though. My 0.02. -- Vlad
Re: 7206 VXR NPE-G1 throughput
On 02/10/2014 06:05 PM, Vlade Ristevski wrote: Are you suggesting getting the default gateway from both providers or getting the full table from one and using the default as a backup on the other (7206)? Whatever suits you best. Test and see. I'd just receive the full table anyway but filter them out, letting only the default routes go into the RIB. This should streamline your FIB. As I say, you lose outbound load balancing and your redundancy becomes all-or-nothing, but you save a few cycles. Again, I wouldn't recommend any of this because of the drawbacks, but along with other recommendations that others have made, like Turbo ACLs, it may buy you some time.
Re: 7206 VXR NPE-G1 throughput
Or assuming your using an Ethernet of some sort as your upstream connections you could grab something like a CCR from mikrotik for $1k and sleep easy knowing you're only using 6% of it's capacity. Sent from my iPhone On 11/02/2014, at 3:52 pm, Octavio Alvarez alvar...@alvarezp.ods.org wrote: On 02/10/2014 06:05 PM, Vlade Ristevski wrote: Are you suggesting getting the default gateway from both providers or getting the full table from one and using the default as a backup on the other (7206)? Whatever suits you best. Test and see. I'd just receive the full table anyway but filter them out, letting only the default routes go into the RIB. This should streamline your FIB. As I say, you lose outbound load balancing and your redundancy becomes all-or-nothing, but you save a few cycles. Again, I wouldn't recommend any of this because of the drawbacks, but along with other recommendations that others have made, like Turbo ACLs, it may buy you some time.
