Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > cisco router/swtich recomendation ?

Reply
Thread Tools

cisco router/swtich recomendation ?

 
 
raptor
Guest
Posts: n/a
 
      01-06-2005
hi,

Could u point me about the exact "number/series" of router.
I want a router+switch combo that support :
- MPLS
- statesfull firewalling
- BGP

then about it i want to know aprox :

- how many 100Mb and 1Gb ports
- what layer3 troughput can be acheived
- what layer2 troughput can be acheived
- which IOS version is required to support these features.

tia

PS. main software requirement for me is to be able
to pass traffic to specific boxes over layer2 instead
of trought routing engine, so that i can achieve
better troughput.

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      01-06-2005
In article <(E-Mail Removed) .com>,
raptor <(E-Mail Removed)> wrote:
:Could u point me about the exact "number/series" of router.
:I want a router+switch combo that support :
:- MPLS
:- statesfull firewalling
:- BGP

According to the Feature Navigator (which usually has incomplete
information):

models: 2691, 2811, 2821, 2851, 3640, 3660, 3725, 3825, 3845,
7301, 7304-NPE-G100, 8850RPM-PR

series: 7100, 7200, 7400, 7500,
7600-SUP720/MSFC3, CAT5000+RSM, CAT6000+MSFC2,
CAT6000/SUP1+MSFC2, CAT6000/SUP2+MSFC2, CAT6000/SUP720+MSFC3


:then about it i want to know aprox :

:- how many 100Mb and 1Gb ports

Well, let's see... on a fully populated CAT6500, you could have
up to 576 gigabit ports, and up to 1152 100 Mb ports. Is that enough?

:- what layer3 troughput can be acheived

Some of those devices are wire speed when appropriately configured.

:- what layer2 troughput can be acheived

Some of those devices are wire speed when appropriately configured.

:- which IOS version is required to support these features.

12.0(1)T and later on the 3640. 12.3(11)XL or 12.3(11)T for the 3845.


:then about it i want to know aprox :

That's a dozen different individual models plus 10 different series
each with several different models. And the throughputs of the modular
devices are going to depend upon the details of the configuration.
For many of the devices I listed, the firewalling part could slow down
the throughput noticably, especially if you have a lot of
NBAR inspection. The 28xx and 38xx series are supposed to be able
to handle many combinations of features without slowing down.


For more information... please feel free to read the
datasheets on cisco.com, cuz looking up all that information
would take a few days work.

Did I mention that Cisco lists a couple of dozen different
MLPS features, not all of which are supported on all platforms?
But you neglected to tell us what you want out of MLPS.


Why am I getting the feeling that these are homework questions rather
than questions about being real investigations into which model would
suit a real or proposed network? Could it have something to do with the
fact that a serious designer of a network with that kind of complexity
would know to list detailed requirements instead of asking such
open-ended questions? How fast do you *need*? How many ports do you
*need* ? What is the expected traffic patterns that we should take into
account? What kind of budget does this have? How much expandability do
you need? VOIP requirements? If you are planning a network with those
kind of capabilities, why didn't you list as requirements some of the
important features such as hardware-level redundancies; software level
redundancies; accounting tools required; QoS features needed; WAN
interface types; requirements for 2 Gb, 10 Gb? Or even something simple
such as whether those gigabit interfaces should be SX multimode, LX/LH,
ZX single mode extended distance, RJ45 copper, GBICs, SFPs, HSSDC ?


I almost said that I can't believe that someone would specify a
critical network device by such meager criteria, but then I
remembered having encountered an even more vague but
serious specification.
--
Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
Aleph sub {Aleph sub two} little infinities...
 
Reply With Quote
 
 
 
 
Mark Lar
Guest
Posts: n/a
 
      01-06-2005
raptor wrote:
> hi,
>
> Could u point me about the exact "number/series" of router.
> I want a router+switch combo that support :
> - MPLS
> - statesfull firewalling
> - BGP
>
> then about it i want to know aprox :
>
> - how many 100Mb and 1Gb ports
> - what layer3 troughput can be acheived
> - what layer2 troughput can be acheived
> - which IOS version is required to support these features.
>
> tia
>
> PS. main software requirement for me is to be able
> to pass traffic to specific boxes over layer2 instead
> of trought routing engine, so that i can achieve
> better troughput.
>



If you want stateful firewalling, you're looking at (probably) a
6509+FWSM, for MPLS you'll need better than a Sup2, probably Sup720.
That will take up 3 modules (4 if you want redundant Supervisors)
leaving 6 (or 5) for interface blades, (48 port 10/100s or 16 port
1000s) is about the best you'll do but you'll need to do your sums based
on module and chassis ratings to work out how oversubscribed you are in
bandwidth (ie. you can't drive 6 blades of 16 gigabit ports at full
gigabit speed, you want to get closer to that you need to ditch Cisco
and go Juniper or Nortel). Throughput depends on an awful lot of
variables, difficult to estimate without more details.

Basic BGP should be fine with this setup, but if you're getting a full
Internet BGP table you'll need a metric arse-load of RAM in the
Supervisor module to cope. Might be better off pushing the BGP to a
dedicated router in this case.

M.
 
Reply With Quote
 
Mark Lar
Guest
Posts: n/a
 
      01-06-2005
Walter Roberson wrote:

> In article <(E-Mail Removed) .com>,
> raptor <(E-Mail Removed)> wrote:
> :Could u point me about the exact "number/series" of router.
> :I want a router+switch combo that support :
> :- MPLS
> :- statesfull firewalling
> :- BGP
>
> According to the Feature Navigator (which usually has incomplete
> information):
>
> models: 2691, 2811, 2821, 2851, 3640, 3660, 3725, 3825, 3845,
> 7301, 7304-NPE-G100, 8850RPM-PR
>
> series: 7100, 7200, 7400, 7500,
> 7600-SUP720/MSFC3, CAT5000+RSM, CAT6000+MSFC2,
> CAT6000/SUP1+MSFC2, CAT6000/SUP2+MSFC2, CAT6000/SUP720+MSFC3
>
>
> :then about it i want to know aprox :
>
> :- how many 100Mb and 1Gb ports
>
> Well, let's see... on a fully populated CAT6500, you could have
> up to 576 gigabit ports, and up to 1152 100 Mb ports. Is that enough?
>
> :- what layer3 troughput can be acheived
>
> Some of those devices are wire speed when appropriately configured.
>
> :- what layer2 troughput can be acheived
>
> Some of those devices are wire speed when appropriately configured.
>
> :- which IOS version is required to support these features.
>
> 12.0(1)T and later on the 3640. 12.3(11)XL or 12.3(11)T for the 3845.
>
>
> :then about it i want to know aprox :
>
> That's a dozen different individual models plus 10 different series
> each with several different models. And the throughputs of the modular
> devices are going to depend upon the details of the configuration.
> For many of the devices I listed, the firewalling part could slow down
> the throughput noticably, especially if you have a lot of
> NBAR inspection. The 28xx and 38xx series are supposed to be able
> to handle many combinations of features without slowing down.
>
>
> For more information... please feel free to read the
> datasheets on cisco.com, cuz looking up all that information
> would take a few days work.
>
> Did I mention that Cisco lists a couple of dozen different
> MLPS features, not all of which are supported on all platforms?
> But you neglected to tell us what you want out of MLPS.
>
>
> I almost said that I can't believe that someone would specify a
> critical network device by such meager criteria, but then I
> remembered having encountered an even more vague but
> serious specification.

Hmmm, seems like you're right, this is carrier-grade stuff we're talking
about, so surely if you're working for a carrier you have a "serious"
Cisco contract and have Cisco lakeys on hand to answer these types of
questions.
 
Reply With Quote
 
raptor
Guest
Posts: n/a
 
      01-06-2005
thanx alot for the info,
the question was broader so that i can figure out
what class of router i will need...
i've browsed the cisco site and what i read was very "vague"
i.e. it was mentioned that i need a switch + router + some adriotnal
module on the swich to support mpls, then there is several different
variation.
As u said (sorry), now i will try to be more specific :

On the statesfull firewall part i dont need alot of speed, i think
ability to scale
up to ~100Mb, will do it well at the moment.. and probably up to
100-200 access-lists.
(i use linux router at the moment but I want to offload firewall
responsibility
from it 'cause I use it as shaper, on the other hand I dont want to add
another hop)

For the BGP part i need just basic setup.

About the number of ports currently around 24 x 100mb + 2 1gb, soo9n i
will need
some more.

Now the hardest part, I need MPLS enabled router/switch, so that I can
redirect
traffic to specific boxes trought Layer2 i.e i want all traffic from/to
these boxes not be passed to the GW, but hijacked by the switch/router
in the middle of the path.
(simplified picture, sw/router is transparent everything goes trought
GW, one phisical net many layer3 nets, hmm i can't picture it !!!
sorry)


VOIP will be used, but the switch/router is not the bottleneck here.
this is in short..

 
Reply With Quote
 
raptor
Guest
Posts: n/a
 
      01-06-2005
thanx alot for the info,
the question was broader so that i can figure out
what class of router i will need...
i've browsed the cisco site and what i read was very "vague"
i.e. it was mentioned that i need a switch + router + some adriotnal
module on the swich to support mpls, then there is several different
variation.
As u said (sorry), now i will try to be more specific :

On the statesfull firewall part i dont need alot of speed, i think
ability to scale
up to ~100Mb, will do it well at the moment.. and probably up to
100-200 access-lists.
(i use linux router at the moment but I want to offload firewall
responsibility
from it 'cause I use it as shaper, on the other hand I dont want to add
another hop)

For the BGP part i need just basic setup.

About the number of ports currently around 24 x 100mb + 2 1gb, soo9n i
will need
some more.

Now the hardest part, I need MPLS enabled router/switch, so that I can
redirect
traffic to specific boxes trought Layer2 i.e i want all traffic from/to
these boxes not be passed to the GW, but hijacked by the switch/router
in the middle of the path.
(simplified picture, sw/router is transparent everything goes trought
GW, one phisical net many layer3 nets, hmm i can't picture it !!!
sorry)


VOIP will be used, but the switch/router is not the bottleneck here.
this is in short..

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      01-06-2005
In article <(E-Mail Removed) .com>,
raptor <(E-Mail Removed)> wrote:
:Now the hardest part, I need MPLS enabled router/switch, so that I can
:redirect
:traffic to specific boxes trought Layer2 i.e i want all traffic from/to
:these boxes not be passed to the GW, but hijacked by the switch/router
:in the middle of the path.
simplified picture, sw/router is transparent everything goes trought
:GW, one phisical net many layer3 nets, hmm i can't picture it !!!
:sorry)

Hmmm, could you rephrase that? It seems a bit contradictory to me
as phrased.

Does selection for redirection have to happen according to the
MAC address, or could it happen according to the source IP address?

What should happen to the redirected data? You say that it
should not be passed to the 'GW', but 'GW' meaning 'gateway'
is a layer 3 abstraction, not a layer 2. That and your reference
to 'many layer3 nets' suggests to me that you do not need a layer 2
redirection but rather a layer 3 redirection. If that's the case
then you don't need MLPS at all, just plain policy routing
(PBR, Policy Based Routing)


:About the number of ports currently around 24 x 100mb + 2 1gb, soo9n i
:will need some more.

The 3845 with two 9-port EtherSwitch HWICs comes pretty close
to your needs, except in not having as many ports as you were
asking for. Perhaps it would make sense in your architecture to
put two 3845's in?

I haven't looked up the specs for HWICs to see whether 9 x 100 would
be oversubscribing the available bandwidth or not.


If your requirements are definitely for more then 24 ports in a single
chassis (instead of spreading the load over multiple chassis)
then if I recall properly you could meet your specs with
a refurbished Cat5000 with RSM module and gigabit module. I'm
not certain, though -- I have not looked up the backplane figures
on the 5000 recently. The feature navigator says you could
get PBR, Firewall, and BGP4 in a CAT4000+AGM (that wasn't
one of the combinations that supported MLPS by the way). I
have never looked up the specs on the AGM.

A couple of months ago, I did look through the specs on the
CAT450x line, and found that it was able to handle gigabit
wire-rate across the backplane, if you put in a SupIV or SupV
and watched out that you didn't oversubscribe the backplane.
The figure that comes to mind is 6 Gbps, which would be a
4:1 or 8:1 oversubscription if you tried to use all of the 24
or 48 port gigabit card across the backplane. Even the
4503 with SupII+TS could handle gigabit , but the backplane of
the 4503 is relatively limited -- the 4503 chassis forces the
cards to work quite differently than in any of the other 450x
series. Not good over the long-term. But in any case, the
cisco Feature Navigator doesn't list that as one of the
possibilities. Drawing further on my memories (and keep in
mind that I've been up close to 24 hours now), the 4000 series
didn't support the Firewall Feature Set.

I seem to recall that the End of Sale has been announced
on the CAT5000 series.

A CAT6000 with Sup720 would almost certainly be fast enough for your
stated purposes -- it's fast, but I don't know the extent to which
firewalling would slow it down [probably not much.]. Watch out for
the way they calculate the aggregate forwarding rate, though -- you
can't get their aggregate figure across the backplane simultaneously!
The problem with the CAT6000+Sup720 is it's price, especially if
you go redundant power supply and redundant 720 -- the maintainence
cost alone would be more than the cost of buying a new 3845 ever year
[excluding the option cards perhaps.] You can get 5 Gbps of
firewalling per optional Firewall Services Module for the 6500 series...
a quick glance at prices on the net gives a range of $US21K to $US27K
for each of those.
--
The image data is transmitted back to Earth at the speed of light
and usually at 12 bits per pixel.
 
Reply With Quote
 
BradReeseCom
Guest
Posts: n/a
 
      01-09-2005
Raptor,

You may wish to investigate the Cisco Product Advisor:

http://tools.cisco.com/GCT/PCTPST/index.jsp

Hope this helps.

Brad Reese
BradReese.Com Cisco Resource Center
United Kingdom: 44-20-70784294
U.S. Toll Free: 866-864-0506
International: 717-489-1521
Fax: 775-254-3558
AIM: BradReeseCom
Website: http://www.bradreese.com/contact-brad-reese.htm

 
Reply With Quote
 
raptor
Guest
Posts: n/a
 
      01-09-2005
ok let me rephrase it..:")
My setup is not exactly this, but it will explain what i need.
Let I have 2 high troughput boxes with addresses (f.e. ftp's)
10.10.10.1 and 10.10.10.2.
Then I have 10 x class C networks say from 10.10.20.0 to 10.10.30.0.
Then I think if all this goes trought routing engine it will bog the
router down,
so that I want the traffic to these boxes to go trought Layer2 (i.e.
mpls)

as i said this is simplified version, but it explain it.
Keep in mind i havent used mpls, just judging from what i read that
this is
the solutoin.

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      01-09-2005
In article <(E-Mail Removed). com>,
raptor <(E-Mail Removed)> wrote:
:My setup is not exactly this, but it will explain what i need.
:Let I have 2 high troughput boxes with addresses (f.e. ftp's)
:10.10.10.1 and 10.10.10.2.
:Then I have 10 x class C networks say from 10.10.20.0 to 10.10.30.0.
:Then I think if all this goes trought routing engine it will bog the
:router down,
:so that I want the traffic to these boxes to go trought Layer2 (i.e.
:mpls)

:as i said this is simplified version, but it explain it.

I -think- you are saying that you have a local LAN with a number
of hosts, that all of the devices will [likely] be connected to the same
device, that you have a number of different networks, and that
your -functional- requirement is not really "Layer 2" (e.g., you
aren't concerned about distributing broadcasts or non-routable
protocols), but rather that you need some method of high-speed
routing.

What I have understood from your posting is that you have been
investigating MLPS based, to a great extent, upon Cisco's marketing
blurb for MPLS that says,

"Cisco IOS(R) Multiprotocol Label Switching (MPLS) fuses the
intelligence of routing with the performance of switching."

What you have missed in this is that MPLS does not gain switching
speeds *within one device*. MPLS requires that the edge device (LER)
classifies each packet with an MPLS tag; then further devices (LES)
down the path switch based upon the MPLS tag instead of "routing". But the
devices along the path still need to examine the tag, and still need to
make conditional forwarding decisions, so the situation is really
little different than that which is possible to CEF/dCEF, except that
you can send non-IP data through MPLS, and you can't be sure that
everything along an internet path is going to use a technology
equivilent to CEF. But then, you can't be sure that everything
along an internet path is going to pay attention to the MPLS label
either.

If you were running all your hosts on one device, then if each of your
several networks was coming into a unique port, and you want all data
for the same network to be treated equivilently, then potentially there
could be a fast label decision which just assigned a static MPLS label
based upon the input port number, and then forwarded the packet to a
fixed egress port. What I gather from your postings, though, is that
there would be two possible egress ports (the two high-speed boxes)
that need to be distinguished by destination (you don't want the same
traffic forwarded to both, though you might want it load-shared between
the two), so the Layer 3 header at least (and possibly Layer 4 as well)
would have to be be examined as part of the classification procedure.
Clearly if any Layer 3 or Layer 4 decision is involved, the process
will be no faster than the same equipment could make a routing
decision. Conversely, if the label depends only upon which switch port
the traffic entered on, then the process will be no faster than the
same equipment could make an 802.1Q VLAN tag assignment.

When you go to deliver the traffic to the servers, the MPLS label
has to be stripped off before delivery, unless the servers are
MPLS-aware, which is not at all common. It is much more common
for a server to be 802.1Q VLAN aware.

Now let us consider the return traffic. As the return traffic
will originate with only 1 or 2 ports, and might be destined for
any of the other ports, the return traffic will clearly have to
undergo Layer 3 or Layer 4 analysis in order to decide which
MPLS label to assign to it. Again, this process will be no faster
than the same device could perform a routing decision. The device
would then distribute the packet to the appropriate egress port queue,
strip off the MPLS label, and transmit. If the labeling decision comes
down to a pure layer 3 decision, one subnet <-> 1 destination port,
then one could have saved the trouble and expense of MPLS by
going for an 802.1Q aware switch and using an 802.1Q trunk to the
server and having the server perform the routing decision and put in
the appropriate 802.1Q VLAN tag.


I suggest that you have a look at some MPLS tutorials, such as those at
http://www.convergedigest.com/Bandwi...rgallaher1.htm
You will see that MPLS doesn't really gain you much over simple IP
ToS-based QoS until you have multiple hops (or until you need
more than the 8 levels of priority that the the IP ToS field
can signal... but then there are the priority fields available
in 802.1Q tags...)


If it weren't for the Stateful Firewall requirement that you
indicated earlier, I would suggest that you should simply go
for a Cisco 3750G MultiLayer Switch: they are rated to handle gigabit
line rate Layer 3 simultaneously on all ports. The largest
3750G currently is 24 ports of 10/100/1000 TX, plus 4 SFP ports
(modular gigabit connectors in the same vein as GBICs),
but the 3750G/3750G is stackable, with a forwarding bus that runs at
32 Gbps (shared amongst all the 3750/3750G in the stack.)

NB: the 3750G series has varying quantities of 10/100/1000 or
pure gigabit ports; the 3750 non-G series has varying quantities
of 10/100 and [SFP or GBIC] gigabit ports, and is available in
up to 48 ports; the 3750 and 3750G can stack together. There are
also the 2950 (Layer 2) and 3550 (multilayer) series that are
in the same family. The differences between the 3550 and 3750 non-G
are fairly subtle; for your purposes, with your BGP requirement,
I would suggest the WS-C3750G-24TS-E or WS-C3750G-24T-E
(the 24TS has 4 SFP ports where the 24T has none.)

But the 2950/3550/3750* series do -not- have stateful firewall
available, only varying degrees of support for Layer 2 or Layer 3
ACLs (and varying numbers of QoS classifiers and policers). The
3750 with Enhanced Image does support BGP; I don't recall for sure
off the top of my head whether the 3550 with Enhanced Image supports
BGP, but I believe it does.
--
I wrote a hack in microcode,
with a goto on each line,
it runs as fast as Superman,
but not quite every time! -- Don Libes et al.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
profiling software recomendation JML Java 5 12-13-2004 09:34 PM
USB Network Card Recomendation? Les Stewart Computer Support 0 09-23-2003 08:53 PM
pc video editor recomendation please billbo68 Computer Support 1 08-18-2003 10:11 PM
typesafe session recomendation adam ASP .Net 2 08-15-2003 03:23 AM
Game recomendation? Bill Schowengerdt Computer Support 14 07-28-2003 06:51 PM



Advertisments