cisco 1720

Discussion in 'Cisco' started by Aditya Ivaturi, Oct 12, 2004.

  1. We are a small hosting company wiht 4 webserver and a mailserver. So far we
    have been using home-brewn iptables-based linux firewall. But soon we will
    outgrow the capacity of the firewall we have. To reduce maintenance headache
    we are in the process of assessing firewall appliances. We are getting a
    good deal on a cisco 1720 router. So here is my question. Is this particular
    model suitable for a situation like ours? Our server network experiences
    traffic anywhere between 50GB - 100GB/month and we are expecting this
    traffic to increase constantly.

    1) Can this router handle multiple IP allocations to its external NIC?
    2) How much flexibility does it provide to modify routes etc. Does it allow
    you to mess with its IPtables directly?
    3) How reliable is it?

    Thanks for your input.

    --Turi
    Aditya Ivaturi, Oct 12, 2004
    #1
    1. Advertising

  2. "Aditya Ivaturi" <> wrote in message
    news:uFWad.3391$-kc.rr.com...
    > 1) Can this router handle multiple IP allocations to its external NIC?


    Yes.

    > 2) How much flexibility does it provide to modify routes etc. Does it

    allow
    > you to mess with its IPtables directly?


    It is not Linux. It is pretty customizable, but it is different form
    IPtables.


    > 3) How reliable is it?


    "Set it, and forget it."
    Phillip Remaker, Oct 12, 2004
    #2
    1. Advertising

  3. >> 2) How much flexibility does it provide to modify routes etc. Does it
    > allow
    >> you to mess with its IPtables directly?

    >
    > It is not Linux. It is pretty customizable, but it is different form
    > IPtables.


    If not iptables, does it support RIP. And this might be a dumb question, can
    I mod 1720 to support iptables? I am more at ease with iptables and it is
    not that I don't want to learn new stuff but when it comes server
    environment I'd rather implement something I already know.

    And finally, Do you think, it is ideal for a server envorniment? Based upon
    the literature on the net, it seems like 1720 is more suitable for
    low-bandwidth LAN-to-LAN application. Can it scale along with our server
    infrastructure? Thanks.

    --Turi
    Aditya Ivaturi, Oct 12, 2004
    #3
  4. "Aditya Ivaturi" <> wrote in message
    news:EQXad.3446$-kc.rr.com...
    > If not iptables, does it support RIP.


    It will run all routing protocols Known To Man, with more knobs and twiddles
    that you can imagine.

    > And this might be a dumb question, can
    > I mod 1720 to support iptables?


    Nope. Cisco IOS is it's own thing.

    > And finally, Do you think, it is ideal for a server envorniment? Based

    upon
    > the literature on the net, it seems like 1720 is more suitable for
    > low-bandwidth LAN-to-LAN application. Can it scale along with our server
    > infrastructure? Thanks.


    The 1720 is more intended for the small office/home office market. I don't
    know the performance numbers. You quoted 100G/month, which is about
    sustained 400k/sec average. The 1720 is targeted at Lan to Lan speeds at
    10Mb/s half-duplex, so I see no trouble with that load. If anything, the
    half-duplex ethernet interface might be a worry.
    Phillip Remaker, Oct 12, 2004
    #4
  5. In article <EQXad.3446$-kc.rr.com>,
    Aditya Ivaturi <> wrote:
    :If not iptables, does it support RIP.

    Sure does. But if you are pushing as much data per month as you
    indicate, then you should probably be working on internal archictures
    that call for OSPF or EIGRP, and you should be working on peering
    your network connections with BGP. RIP is for small time networks.


    :And this might be a dumb question, can
    :I mod 1720 to support iptables? I am more at ease with iptables and it is
    :not that I don't want to learn new stuff but when it comes server
    :environment I'd rather implement something I already know.

    There is a project floating around somewhere to impliment Linux on
    some of the Cisco hardware. But it does so by -replacing- IOS, not by
    allowing you to hook an arbitrary feature into IOS.


    :And finally, Do you think, it is ideal for a server envorniment? Based upon
    :the literature on the net, it seems like 1720 is more suitable for
    :low-bandwidth LAN-to-LAN application. Can it scale along with our server
    :infrastructure? Thanks.

    What are your plans to scale your network connections? The 1720
    is limited to 2.0 Mbps sync or async WAN interfaces, and is limited
    to 8.4 Kpps (packets per second.) That's as low as 5 1/2 megabits per
    second half duplex.

    To get to 10 megabits per second half duplex, you need at least
    a 2610 or 2612. To get to 10 megabits per second full duplex, you
    need at least a 2620XM or 2621XM.

    If you are expecting the device to also act as a LAN router, such
    as to route between multiple subnets (your IP address ranges are
    likely to become disjoint as you expand), or to route between multiple
    VLANs, then you get about 3/4 of the way there with a 3660
    (top of the line for the 3600 series), but you have to go for
    a level above that to be sure of achieving 100 megabits/second full
    duplex routing.


    I would tend to doubt that the 1720 could handle two T1's simultaneously,
    but I could be wrong about that. If the T1's were full duplex and being
    run flat out, it wouldn't be able to keep up, especially if you are
    putting firewall rules in.


    All in all, if you have plans for growth, I would suggest that the
    1720 running firewall software is not the right device for you.
    In your situation, I would suggest that you would be better off
    separating the WAN handling and the firewall/VPN handling into different
    devices, and treat the WAN device as expendable as you increase in
    growth. A 1720 might do for the moment, but a 1721 would provide more
    breathing room, and a 2600XM would provide a lot more expansion room
    than the 1720. For the firewall/VPN duties, I would suggest that a
    PIX 506E would be a good device to start with, perhaps working
    upwards towards a 515E or 525 (or whatever new device they will
    introduce next) as you start implimenting DMZ's and want more
    distinct LAN interfaces.
    --
    millihamlet: the average coherency of prose created by a single monkey
    typing randomly on a keyboard. Usenet postings may be rated in mHl.
    -- Walter Roberson
    Walter Roberson, Oct 13, 2004
    #5
  6. Aditya Ivaturi

    John Smith Guest

    plan for future growth and go with a 2600 model router.
    linux iptables can scale well...if yo'ure more comfortable with it and your
    company doesn't mind supporting it, stick with linux as your firewall, just
    make sure linux itself is locked down well. if your company wants a
    commercial product, go with either a Pix or a watchguard.. i dont care much
    for watchguard, but it runs IPtables (i think the guy who wrote
    ipchains/tables works for watchguard.) , however it is totally GUI, so you
    actually never 'see' any of the text files you are probably used to.
    a 1Ghz 256/512MB Ram computer should scale pretty well for iptables. thats
    all cisco's biggest PIX is.

    "Aditya Ivaturi" <> wrote in message
    news:uFWad.3391$-kc.rr.com...
    > We are a small hosting company wiht 4 webserver and a mailserver. So far
    > we have been using home-brewn iptables-based linux firewall. But soon we
    > will outgrow the capacity of the firewall we have. To reduce maintenance
    > headache we are in the process of assessing firewall appliances. We are
    > getting a good deal on a cisco 1720 router. So here is my question. Is
    > this particular model suitable for a situation like ours? Our server
    > network experiences traffic anywhere between 50GB - 100GB/month and we are
    > expecting this traffic to increase constantly.
    >
    > 1) Can this router handle multiple IP allocations to its external NIC?
    > 2) How much flexibility does it provide to modify routes etc. Does it
    > allow you to mess with its IPtables directly?
    > 3) How reliable is it?
    >
    > Thanks for your input.
    >
    > --Turi
    >
    John Smith, Oct 13, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nite Rider

    Cisco 1720 access-lists

    Nite Rider, Nov 1, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,274
    Nite Rider
    Nov 1, 2003
  2. George M. Karaganis

    Walkthrough for VPN setup on Cisco 1720

    George M. Karaganis, Dec 12, 2003, in forum: Cisco
    Replies:
    0
    Views:
    515
    George M. Karaganis
    Dec 12, 2003
  3. Blech

    Cisco 1720 Dialup Failover

    Blech, Feb 5, 2004, in forum: Cisco
    Replies:
    1
    Views:
    536
    Aaron Leonard
    Feb 9, 2004
  4. sychial
    Replies:
    0
    Views:
    585
    sychial
    Feb 18, 2004
  5. Guest

    Cisco 1720 & WIC 1T Card

    Guest, Apr 12, 2004, in forum: Cisco
    Replies:
    1
    Views:
    3,463
    Doug McIntyre
    Apr 12, 2004
Loading...

Share This Page