Which router do we need?

Discussion in 'Cisco' started by John Aldrich, Apr 13, 2009.

  1. John Aldrich

    John Aldrich Guest

    We have just upgraded to a Metro Ethernet internet connection. Our ISP
    has loaned us a Cisco 1841 router for a month. After that we either
    have to buy a router or pay rental.

    Now, one potential vendor has suggested that a Cisco 1811 would be the
    best option for us, but our ISP has supplied an 1841. After hearing
    what the difference is, I'm not sure what the best option would be for
    us. The 1811 seems a bit small for our needs, but the 1841 seems like
    overkill. Is there something in between the two? We will NOT be using
    a T1, just an ethernet connection. Also, we don't need a firewall as
    we have an ASA handling firewall duties.

    We are doing some routing of our old T1 IP addresses over the Ethernet
    connection, so please keep that in mind. I know next to nothing about
    Cisco routers so I need an expert opinion.
    John Aldrich, Apr 13, 2009
    #1
    1. Advertising

  2. John Aldrich <> writes:
    >We have just upgraded to a Metro Ethernet internet connection. Our ISP
    >has loaned us a Cisco 1841 router for a month. After that we either
    >have to buy a router or pay rental.


    >Now, one potential vendor has suggested that a Cisco 1811 would be the
    >best option for us, but our ISP has supplied an 1841. After hearing
    >what the difference is, I'm not sure what the best option would be for
    >us. The 1811 seems a bit small for our needs, but the 1841 seems like
    >overkill. Is there something in between the two? We will NOT be using
    >a T1, just an ethernet connection. Also, we don't need a firewall as
    >we have an ASA handling firewall duties.


    >We are doing some routing of our old T1 IP addresses over the Ethernet
    >connection, so please keep that in mind. I know next to nothing about
    >Cisco routers so I need an expert opinion.



    Why have a router at all if you have an ASA behind it?
    Obviously with the T1, you needed it for the conversion from the T1(s)
    onto Ethernet, but with a metro ether and you just routing ether to ether,
    what's the point the router is doing?

    If the provider is routing down two blocks, (ie. an connected one for
    the router WAN side, and an LAN one for the router), why not reclaim
    the first block, and just go with the LAN block.

    (We're not recommending routers for any our metro ether customers,
    just plug directly into their firewall). I've done many cuts of T1
    customers onto metro ether just by making my side appear what their T1
    router used to look like. They make sure they see the new MAC address,
    and away we go. Very simple cuts.

    Granted, if your network is a bit more complex, and you are routing
    different IPs to different things, or doing VPLS or something else,
    you're going to need it, but I wouldn't think you are with an 1841/1811
    in consideration. (If you do go for one of those, I'd choose the 1841
    over the 1811 just for more future upgrade options, and its not much
    more than the 1811).
    Doug McIntyre, Apr 13, 2009
    #2
    1. Advertising

  3. John Aldrich

    John Aldrich Guest

    On Apr 13, 11:35 am, Doug McIntyre <> wrote:
    > John Aldrich <> writes:
    > >We have just upgraded to a Metro Ethernet internet connection. Our ISP
    > >has loaned us a Cisco 1841 router for a month. After that we either
    > >have to buy a router or pay rental.
    > >Now, one potential vendor has suggested that a Cisco 1811 would be the
    > >best option for us, but our ISP has supplied an 1841. After hearing
    > >what the difference is, I'm not sure what the best option would be for
    > >us. The 1811 seems a bit small for our needs, but the 1841 seems like
    > >overkill. Is there something in between the two? We will NOT be using
    > >a T1, just an ethernet connection. Also, we don't need a firewall as
    > >we have an ASA handling firewall duties.
    > >We are doing some routing of our old T1 IP addresses over the Ethernet
    > >connection, so please keep that in mind. I know next to nothing about
    > >Cisco routers so I need an expert opinion.

    >
    > Why have a router at all if you have an ASA behind it?
    > Obviously with the T1, you needed it for the conversion from the T1(s)
    > onto Ethernet, but with a metro ether and you just routing ether to ether,
    > what's the point the router is doing?
    >
    > If the provider is routing down two blocks, (ie. an connected one for
    > the router WAN side, and an LAN one for the router), why not reclaim
    > the first block, and just go with the LAN block.
    >
    > (We're not recommending routers for any our metro ether customers,
    > just plug directly into their firewall). I've done many cuts of T1
    > customers onto metro ether just by making my side appear what their T1
    > router used to look like. They make sure they see the new MAC address,
    > and away we go. Very simple cuts.
    >
    > Granted, if your network is a bit more complex, and you are routing
    > different IPs to different things, or doing VPLS or something else,
    > you're going to need it, but I wouldn't think you are with an 1841/1811
    > in consideration. (If you do go for one of those, I'd choose the 1841
    > over the 1811 just for more future upgrade options, and its not much
    > more than the 1811).
    >

    Ok. Thanks for the info. What happened is that our ISP ran out of IP
    addresses and had to get a new allocation for their Metro Ethernet and
    so what they're doing is routing the old T1 IP addresses to the Metro
    Ethernet connection. We tried to use the ASA to handle the routing,
    but couldn't get it to work, so we're going with a router. The problem
    with just giving up the old T1 addresses is that we don't really want
    to give them up... we have some externally accessible intranet
    resources that we want to keep where they are, IP-wise.
    John Aldrich, Apr 13, 2009
    #3
  4. John Aldrich

    bod43 Guest

    On 13 Apr, 16:40, John Aldrich <> wrote:
    > On Apr 13, 11:35 am, Doug McIntyre <> wrote:
    >
    > > John Aldrich <> writes:
    > > >We have just upgraded to a Metro Ethernet internet connection. Our ISP
    > > >has loaned us a Cisco 1841 router for a month. After that we either
    > > >have to buy a router or pay rental.
    > > >Now, one potential vendor has suggested that a Cisco 1811 would be the
    > > >best option for us, but our ISP has supplied an 1841. After hearing
    > > >what the difference is, I'm not sure what the best option would be for
    > > >us. The 1811 seems a bit small for our needs, but the 1841 seems like
    > > >overkill. Is there something in between the two? We will NOT be using


    You just need to work out the packets per second rate
    that you will have and choose the appropriate router.

    Aim for a bit of spare capacity - say 50%. There seems
    to be more scope for things to go wrong if the router is
    run at 100% CPU.

    http://www.cisco.com/web/partners/downloads/765/tools/quickreference/...
    Seems to work without login, even though it is "partners" page.

    It is OK to assume fast switching.
    I think that the bits per second figures in the document
    will be for 64 byte packtes and this is really over conservative
    for web browsing and the like. Of course for voice the packets
    are quite small.

    If you want to come up with a estimate and post it
    then maybe someone will go over it.
    bod43, Apr 13, 2009
    #4
  5. "John Aldrich" <> wrote in message
    news:...
    > We have just upgraded to a Metro Ethernet internet connection. Our ISP
    > has loaned us a Cisco 1841 router for a month. After that we either
    > have to buy a router or pay rental.
    >


    From my own experience I can tell that for example 2811 with IOS FW (CBAC),
    NAT/PAT, QoS (traffic shaping with nested CBWFQ)+IPS melts down on 16 Mbps
    Internet connection. CPU was at 50 - 60 % average but several times knocked
    up to 100% during peak hours with around 3000 connections per second.

    Another example is customer with 1811 on metro 5 mbps line. User experience
    is very slow Internet browsing with more than 1000 connections per second
    (with only 3 users on the LAN side) due to CBAC firewall turned on. After
    disabling CBAC and implementing reflexive acls + PAT web surfing was fast
    as on "normal" linksys routers:)

    My point here is when choosing the right router/firewall for your internet
    connection you need to pay attention on connections per second that this box
    is able to handle if you need PAT and statefull inspection features because
    every time your users clicks on the link router/firewall has to make cpu
    interrupt to create a new entry for that connection in it's nat and
    statefull tables. Your torrent clients can kill your router just like that
    if you allow that kind of traffic outbound. This was obvious in my examples
    above. Look at the number of connections per second.

    Packets per second is also very important + size of the packets used in that
    measurement. Usually manufacturers uses 64 bytes packets, but on Internet
    average packet size is (AFAIK) is 356 bytes or something around that value,
    so your router can do more work for you in real environment (ISP
    connection), but pay attention with what features enabled manufacturers are
    conducting tests. If they don't have NAT and statefull firewall turned on
    when they measures router's performance then numbers they told you are much
    lower in reality;) unless you use your router for pure CCNA:) packet
    routing.

    Another thing...I noticed that statefull firewall which on Cisco ISR routers
    that also utilizes so called "deep packet inspection" causes Internet
    browsing experience very slow even if you type 'no ip inspect myfw http'
    with only 'ip inspect myfw tcp' statement, so I always recommend to my
    customers ASA firewalls (if we are talking about Cisco) if they can afford
    it.



    My 2 cents:)




    Igor
    Igor Mamuzic aka Pseto, Apr 15, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kralizec Craig
    Replies:
    5
    Views:
    705
    Craig Ian Dewick
    Dec 8, 2005
  2. jh3ang
    Replies:
    2
    Views:
    2,960
    stephen
    Aug 14, 2006
  3. Replies:
    1
    Views:
    351
    Brian
    Feb 14, 2007
  4. Piper
    Replies:
    4
    Views:
    403
    Leythos
    Jan 1, 2007
  5. The Jesus of Suburbia

    Microcontrollers: which one ? which language ? which compiler ?

    The Jesus of Suburbia, Feb 11, 2006, in forum: NZ Computing
    Replies:
    2
    Views:
    493
Loading...

Share This Page