Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > cisco 1720

Reply
Thread Tools

cisco 1720

 
 
Aditya Ivaturi
Guest
Posts: n/a
 
      10-12-2004
We are a small hosting company wiht 4 webserver and a mailserver. So far we
have been using home-brewn iptables-based linux firewall. But soon we will
outgrow the capacity of the firewall we have. To reduce maintenance headache
we are in the process of assessing firewall appliances. We are getting a
good deal on a cisco 1720 router. So here is my question. Is this particular
model suitable for a situation like ours? Our server network experiences
traffic anywhere between 50GB - 100GB/month and we are expecting this
traffic to increase constantly.

1) Can this router handle multiple IP allocations to its external NIC?
2) How much flexibility does it provide to modify routes etc. Does it allow
you to mess with its IPtables directly?
3) How reliable is it?

Thanks for your input.

--Turi


 
Reply With Quote
 
 
 
 
Phillip Remaker
Guest
Posts: n/a
 
      10-12-2004

"Aditya Ivaturi" <(E-Mail Removed)> wrote in message
news:uFWad.3391$(E-Mail Removed)-kc.rr.com...
> 1) Can this router handle multiple IP allocations to its external NIC?


Yes.

> 2) How much flexibility does it provide to modify routes etc. Does it

allow
> you to mess with its IPtables directly?


It is not Linux. It is pretty customizable, but it is different form
IPtables.


> 3) How reliable is it?


"Set it, and forget it."


 
Reply With Quote
 
 
 
 
Aditya Ivaturi
Guest
Posts: n/a
 
      10-12-2004
>> 2) How much flexibility does it provide to modify routes etc. Does it
> allow
>> you to mess with its IPtables directly?

>
> It is not Linux. It is pretty customizable, but it is different form
> IPtables.


If not iptables, does it support RIP. And this might be a dumb question, can
I mod 1720 to support iptables? I am more at ease with iptables and it is
not that I don't want to learn new stuff but when it comes server
environment I'd rather implement something I already know.

And finally, Do you think, it is ideal for a server envorniment? Based upon
the literature on the net, it seems like 1720 is more suitable for
low-bandwidth LAN-to-LAN application. Can it scale along with our server
infrastructure? Thanks.

--Turi


 
Reply With Quote
 
Phillip Remaker
Guest
Posts: n/a
 
      10-12-2004

"Aditya Ivaturi" <(E-Mail Removed)> wrote in message
news:EQXad.3446$(E-Mail Removed)-kc.rr.com...
> If not iptables, does it support RIP.


It will run all routing protocols Known To Man, with more knobs and twiddles
that you can imagine.

> And this might be a dumb question, can
> I mod 1720 to support iptables?


Nope. Cisco IOS is it's own thing.

> And finally, Do you think, it is ideal for a server envorniment? Based

upon
> the literature on the net, it seems like 1720 is more suitable for
> low-bandwidth LAN-to-LAN application. Can it scale along with our server
> infrastructure? Thanks.


The 1720 is more intended for the small office/home office market. I don't
know the performance numbers. You quoted 100G/month, which is about
sustained 400k/sec average. The 1720 is targeted at Lan to Lan speeds at
10Mb/s half-duplex, so I see no trouble with that load. If anything, the
half-duplex ethernet interface might be a worry.


 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      10-12-2004
In article <EQXad.3446$(E-Mail Removed)-kc.rr.com>,
Aditya Ivaturi <(E-Mail Removed)> wrote:
:If not iptables, does it support RIP.

Sure does. But if you are pushing as much data per month as you
indicate, then you should probably be working on internal archictures
that call for OSPF or EIGRP, and you should be working on peering
your network connections with BGP. RIP is for small time networks.


:And this might be a dumb question, can
:I mod 1720 to support iptables? I am more at ease with iptables and it is
:not that I don't want to learn new stuff but when it comes server
:environment I'd rather implement something I already know.

There is a project floating around somewhere to impliment Linux on
some of the Cisco hardware. But it does so by -replacing- IOS, not by
allowing you to hook an arbitrary feature into IOS.


:And finally, Do you think, it is ideal for a server envorniment? Based upon
:the literature on the net, it seems like 1720 is more suitable for
:low-bandwidth LAN-to-LAN application. Can it scale along with our server
:infrastructure? Thanks.

What are your plans to scale your network connections? The 1720
is limited to 2.0 Mbps sync or async WAN interfaces, and is limited
to 8.4 Kpps (packets per second.) That's as low as 5 1/2 megabits per
second half duplex.

To get to 10 megabits per second half duplex, you need at least
a 2610 or 2612. To get to 10 megabits per second full duplex, you
need at least a 2620XM or 2621XM.

If you are expecting the device to also act as a LAN router, such
as to route between multiple subnets (your IP address ranges are
likely to become disjoint as you expand), or to route between multiple
VLANs, then you get about 3/4 of the way there with a 3660
(top of the line for the 3600 series), but you have to go for
a level above that to be sure of achieving 100 megabits/second full
duplex routing.


I would tend to doubt that the 1720 could handle two T1's simultaneously,
but I could be wrong about that. If the T1's were full duplex and being
run flat out, it wouldn't be able to keep up, especially if you are
putting firewall rules in.


All in all, if you have plans for growth, I would suggest that the
1720 running firewall software is not the right device for you.
In your situation, I would suggest that you would be better off
separating the WAN handling and the firewall/VPN handling into different
devices, and treat the WAN device as expendable as you increase in
growth. A 1720 might do for the moment, but a 1721 would provide more
breathing room, and a 2600XM would provide a lot more expansion room
than the 1720. For the firewall/VPN duties, I would suggest that a
PIX 506E would be a good device to start with, perhaps working
upwards towards a 515E or 525 (or whatever new device they will
introduce next) as you start implimenting DMZ's and want more
distinct LAN interfaces.
--
millihamlet: the average coherency of prose created by a single monkey
typing randomly on a keyboard. Usenet postings may be rated in mHl.
-- Walter Roberson
 
Reply With Quote
 
John Smith
Guest
Posts: n/a
 
      10-13-2004
plan for future growth and go with a 2600 model router.
linux iptables can scale well...if yo'ure more comfortable with it and your
company doesn't mind supporting it, stick with linux as your firewall, just
make sure linux itself is locked down well. if your company wants a
commercial product, go with either a Pix or a watchguard.. i dont care much
for watchguard, but it runs IPtables (i think the guy who wrote
ipchains/tables works for watchguard.) , however it is totally GUI, so you
actually never 'see' any of the text files you are probably used to.
a 1Ghz 256/512MB Ram computer should scale pretty well for iptables. thats
all cisco's biggest PIX is.

"Aditya Ivaturi" <(E-Mail Removed)> wrote in message
news:uFWad.3391$(E-Mail Removed)-kc.rr.com...
> We are a small hosting company wiht 4 webserver and a mailserver. So far
> we have been using home-brewn iptables-based linux firewall. But soon we
> will outgrow the capacity of the firewall we have. To reduce maintenance
> headache we are in the process of assessing firewall appliances. We are
> getting a good deal on a cisco 1720 router. So here is my question. Is
> this particular model suitable for a situation like ours? Our server
> network experiences traffic anywhere between 50GB - 100GB/month and we are
> expecting this traffic to increase constantly.
>
> 1) Can this router handle multiple IP allocations to its external NIC?
> 2) How much flexibility does it provide to modify routes etc. Does it
> allow you to mess with its IPtables directly?
> 3) How reliable is it?
>
> Thanks for your input.
>
> --Turi
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 1720 & WIC 1T Card Cisco 1 04-12-2004 05:32 PM
Cisco 1720 Router/Cisco 1538 Micro Hub for SALE! CHEAP sychial Cisco 0 02-18-2004 09:20 AM
Cisco 1720 Dialup Failover Blech Cisco 1 02-09-2004 11:21 PM
Walkthrough for VPN setup on Cisco 1720 George M. Karaganis Cisco 0 12-12-2003 05:12 PM
Cisco 1720 access-lists Nite Rider Cisco 0 11-01-2003 06:11 AM



Advertisments