dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6555
share rss forum feed

macallah

join:2003-01-22
Wichita Falls, TX
reply to HELLFIRE

Re: [H/W] Home Setup - 50MB Cable Connection

said by HELLFIRE:

@macallah
From my personal experience, I had a 5505/10-user Base and a downstream 3750
with a 1000+ DHCP pool, never had a complaint about people accessing the Internet
simultaneously. This was an actual client that took the phrase "Cheap, Fast,
Perfect AND Ready By Yesterday" to the extreme everytime.

Was going to say that idolclub has a basic load test of a 5505 here as a performance baseline as well »ASA 5500 Series 8.3(x) Memory Requirements

Regards
That is the solution I think I am going to go with. I am just wondering how long I have to wait until the stock of the 256MB 5505s goes away since Cisco says they now need 512MB.

My current plan is to hook the ASA up to the WAN, then the LAN connection going to my switch. I will run the firewall and NAT on the ASA.

I will hook my current 861 up to the switch on the LAN side (just leave the 861 WAN disconnected) and have it handle all the stuff I already have in it like DHCP addresses, NTP and DNS services. May as well put the 861 to work since it is already here.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK

You could just as easily pick up a stick of desktop 512MB DDR1 rather
than playing a waiting / guessing game for a 512MB-equipped ASA, but
that's your choice macallah.

Regards


macallah

join:2003-01-22
Wichita Falls, TX
reply to ImranUK

Well as an update, there seems to be a huge backlog on the ASAs. Looking like summer before more in stock.

So, I slid on over to ebay and picked up a 3745 to play with (er I mean hold me over) for $225. It is as noisy as a freight train, but lucky I have a basement wiring closet to stash it in.

It does max out the connection now (30mbit/sec) compared to the 861, and does not break a sweat (the 861 was maxing CPU). It looks like it will be able to go to 100mbits without really an issue when/if they get DOSIS 3.0 working here.


nosx

join:2004-12-27
00000
kudos:5

I use ebay'd 3745s a couple places (cheap places). They are deffinetly fast little packet pushers.
Keep in mind that they can do alot of traffic if its just plain and simple packet pushing. If you try tunneling around with ipsec etc make sure to pick up the VPN AIM module or they will spike their CPUs and start screwing up. I really love them for the price.



smunro622
Premium
join:2006-02-15
Madison Heights, MI
Reviews:
·Comcast Business..
reply to ImranUK

well, i have the 512 mb flah in the asa, the dram i ordered was for a 5510. found another site for the dram which is for the 5505. I have a 5520, w/aip and 5510 with malware on order fro work and they are saying July. I do have the 1 gig flash in the asa, just waiting on the dram. this will be connected to a 3550 and wireless curiosity of a 1252 ap when completed. I am getting much more faster downloads then before with my apple airport. It seems the price of the asa's are going up weekly on the used market as more and more are back ordered


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK

@macallah
Any possibility of you taking a peek at the fans the 3745 uses? I'm wondering what size they are and
how many wires they use for a quieting project if possible.

Regards


macallah

join:2003-01-22
Wichita Falls, TX

said by HELLFIRE:

@macallah
Any possibility of you taking a peek at the fans the 3745 uses? I'm wondering what size they are and
how many wires they use for a quieting project if possible.

Regards
Well I thought about that... Doing from memory:

Across the front there are 4 (approx) 92mm fans. They are all wired into a custom connector, 3 wires each.

You can take off the fan front plate, but the thing is still noisy because the 2 power supplies each have a small (50mm?) fan that also are crazy noisy.

I decided to just put it in the basement wiring closet and shut the door, rather than try to silence them.

In my case I am just waiting until ASA 5505s come back in stock and I will remove the 3745 from service (it was just a cheap stopgap).

Here is a nice blog entry with pictures and discussion of changing the fans out: »www.trygve.com/blog_2009_08.html (3745 fan discussion/pictures about 2/3 down the page).

He replaced the 4 front fans, but be aware the power supply fans still run like mini dust busters. You cannot hear them over the front plate ones, but once those front fans are silent, these come to light.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK

Thanks for the link macallah, definately a help.

Getting a 3745 is a possibility given the price, and the
expandability has possibilities for future learning experiences,
but the thought of living next to a jet turbine 24x7 has the
appeal of a full-mouth root canal

Regards


bclbob

join:2000-06-23
Oak Park, IL

I have a 3745 and I can push 60Mbit from my comcast connection no problems, and somehow I now have a 1000+ line config. I don't know how that happened, it's a great piece of kit. However it is noisy!!


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK

Not to diverge too much off topic, but just how bad is the 3745 CPU at crypto / VPN?
Obviously if you were doing an enterprise hub-and-spoke or multi-site to site setup
you'd want to get the crypto AIM or a newer platform, but say you wanted a home setup
on a 100Mbit pipe or less, with provisions for a single remote or site-to-site VPN
connection, could the 3745 do that unassisted?

Regards


bclbob

join:2000-06-23
Oak Park, IL

It's not great, from what I remember it can only pass about 10Mbit using PPTP (Microsoft VPN) to my office. I've bought a AIM-VPN for $20 on ebay in anticipation of my office switching to IPSEC though. I think that should work pretty well.


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK

Are you doing anything else majorly heavy in your config bclbob, or is it
a pretty vanilla setup for an internet edge router? Which firewall type
are you using? CBAC or Zone-Based?

Ever test and see how the 3745 did with IPS enabled as well?

Regards


bclbob

join:2000-06-23
Oak Park, IL

1 edit

said by HELLFIRE:Which firewall type
are you using? CBAC or Zone-Based?

Ever test and see how the 3745 did with IPS enabled as well?
:

No IPS, but have it load balancing with 2 ISPs with ip sla to test when they are up and optimized edge routing, also running 2 VPN connections. Using Zone-based security. I'm amazed I've got so much config already.

bclbob

join:2000-06-23
Oak Park, IL
reply to HELLFIRE

said by HELLFIRE:

Ever test and see how the 3745 did with IPS enabled as well?
I just tested IPS as set up here: »learningnetwork.cisco.com/thread/12294

25Mbit down/9Mbit up. With IPS off the inbonud interface, 60Mbit down/10Mbit up

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK

Thanks for testing bclbob. After having a go with a piece of Cisco gear
on his home internet, a friend's been very interesting procuring a piece
for himself, but obviously the newer stuff's alittle out of his price
range. He'll be happy to hear the 3745s still a contender, so long as
he budgets for a VPN module, and if we can do something about the fan noise.

Regards


bclbob

join:2000-06-23
Oak Park, IL

said by HELLFIRE:

He'll be happy to hear the 3745s still a contender, so long as he budgets for a VPN module, and if we can do something about the fan noise.
Remember the AIM-VPN does not accelerate Microsoft PPTP, only IPSEC, so he might need to take that into consideration.

Also you can occasionally find 3745 fan tray/front panels on ebay, and I think it would be trivial to mod them with quiet fans. I'm not sure about how much noise the PSUs make though, I'm just glad I have a basement!

bclbob

join:2000-06-23
Oak Park, IL
reply to HELLFIRE

said by HELLFIRE:

Thanks for testing bclbob.
HELLFIRE:

I'm doing some more testing with IPS: It definently affects the performance of my cable connection, downloads go from about 3MB/sec to 2.2MB/sec. However the cpu stats show:
CPU utilization for five seconds: 46%/44%; one minute: 43%; five minutes: 34%

so the router is busy but I'm not maxing out the CPU ... any ideas what I should check next?

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK

Can't think of anything else bclbob. Mostly I'm thinking along a typical
edge router setup for a home internet connection, so NAT/PAT, CBAC or ZBFW,
inbound ACL, IPS, LLQ or CBWFQ QoS, IPSEC VPN, and possibly PPPoE. Running
a routing protocol would be another way to stress the 3745s, but RIPv1 / v2
would be nothing in terms of performance penalty and I suspect most providers
just inject a default route for home internet networks.

Anything else above that would be amusing to watch, but I think alittle out
of the scope of this thread... and require resources that a major regional
ISP / telco would have easy access to but be alittle out of reach for
individuals like us

Anyone else have any other thoughts?

Regards


bclbob

join:2000-06-23
Oak Park, IL

said by HELLFIRE:

Can't think of anything else bclbob.
I meant to help try and figure out why my performance is lower with IPS active? I think the next stage (after I bump up the router mem to 512Mb) is to start disabling rules until I found the one that is causing the slowness.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK

Just out of curiousity, are you running IPS in both in and outbound directions, or
just inbound bclbob?

I'm not sure if disabling signatures is going to help, and in my view selective
detection of signatures just because of poor performance == no protection at all.
I've also heard anecdotally -- and if someone is more versed in the nuts and bolts
of IOS than me, please do correct me if I'm wrong -- that IPS sends the stuff
straight to CPU, hence the performance hit.

Regards