dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8434
share rss forum feed


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
reply to HELLFIRE

Re: Which Router?

said by HELLFIRE:

As for getting some ASR9Ks tubbynet, sure the cherries on top would be your very own 10GbE line somewhere, huh?

nosx See Profile knows what i'm talking about.
if the pot is sweet enough, one may consider an employment change.

of course -- then i'd be busier during the day and would be less likely to be comic relief for the likes of all the regulars.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to HELLFIRE

said by HELLFIRE:

As for getting some ASR9Ks tubbynet, sure the cherries on top would be your very own 10GbE line somewhere, huh?

As long as you don't spend your own money to pay the 10 G line

HELLFIRE
Premium
join:2009-11-25
kudos:15
reply to HELLFIRE

...Isn't that always the trick, spending someone else's money and having a grand old time doing it?

Regards



tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1

said by HELLFIRE:

...Isn't that always the trick, spending someone else's money and having a grand old time doing it?

Regards

again -- thats why you become a consultant.

i'm not sure why this hasn't sunk in yet

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

OPM - Other Peoples Money

My old boss used to say this a lot. The last two networks we built were done as projects for a Govt department. Our contribution was in-kind, as in an equivalent (or agreed) value of human resources to design and build, and subsequently maintain and run them, as opposed to any direct monetary contribution.

And then theres consulting, basically telling people how to spend their own money.


markysharkey
Premium
join:2012-12-20
united kingd
reply to markysharkey

Meanwhile...
Understandably we have focused on commercial grade kit when answering my question. Currently the site is utilising the ISP's router which, thanks to Tubbynet, we know runs at somewhere around the 800meg mark. So what's wrong with a Cisco RV180? Not quite as fast, but it does at least support VLAN's and DOT1Q trunking, which the ISP router does not.
»www.smallnetbuilder.com/security···?start=3
I await your comments, criticisms and perhaps not-so-stifled laughter
--
Binary is as easy as 01 10 11


sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
Reviews:
·T-Mobile US
·Verizon FiOS

said by markysharkey:

Meanwhile...
Understandably we have focused on commercial grade kit when answering my question. Currently the site is utilising the ISP's router which, thanks to Tubbynet, we know runs at somewhere around the 800meg mark. So what's wrong with a Cisco RV180? Not quite as fast, but it does at least support VLAN's and DOT1Q trunking, which the ISP router does not.
»www.smallnetbuilder.com/security···?start=3
I await your comments, criticisms and perhaps not-so-stifled laughter

Well to being with, it tops out at 800Mbps, which is still 200 Mbps short of 1Gbps. Second, the number of simultaneous connections is pitifully low at 10,000, even the RV042 has more connections.

HELLFIRE
Premium
join:2009-11-25
kudos:15
reply to markysharkey

said by markysharkey:

So what's wrong with a Cisco RV180?

The only thing wrong with that piece of kit is if it matches your price range, level of technical expertise,
but NOT the business / technical needs of the connection and setup. We're only here to make suggestions
and constructive criticisms. In the end, your customer has to live with it, and you're going to be the one
picking up the phone markysharkey See Profile...

Regards

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to markysharkey

said by markysharkey:

So what's wrong with a Cisco RV180?

I thought it was going to be either 1921 model or higher, or some Juniper SRX model? What caused the heart change? Customer forced you to look into different avenue?

markysharkey
Premium
join:2012-12-20
united kingd

No, no change of mind as such, I am still researching. I have not yet had to present options to the customer. The 1921, as pointed out earlier will slow massively when I add CBAC / ACL's / NAT to the config.
I could use a Juniper SRX as suggested as long as it has an easy to understand GUI. I am NOT a Juniper guy right now.
The ASR1001 will probably be judged too pricy and my reseller had reservations about the 7200 as suggested by Tubbynet, and even if they didn't, I don't have the rack space for it.

quote:
Well to being with, it tops out at 800Mbps, which is still 200 Mbps short of 1Gbps. Second, the number of simultaneous connections is pitifully low at 10,000, even the RV042 has more connections.
It's going in a domestic environment so the number of connections should be adequate, and at 800Mb it matches the ISP router throughput. The advantage is the RV supports VLAN's and DOT1Q trunks which the ISP router does not.
--
Binary is as easy as 01 10 11

aryoba
Premium,MVM
join:2002-08-22
kudos:4

I don't use GUI on Juniper gears so I can't say much of it. If you prefer 1RU Cisco gears (that won't take too much rack space), something like ASA 5545-X model should do. Here is the spec comparison.
»www.cisco.com/en/US/products/ps6···l#~tab-b


markysharkey
Premium
join:2012-12-20
united kingd

Yup, the ASA is on my list of possibles.
I'm still yet to hear a good reason why the RV180 shouldn't be on the list.
--
Binary is as easy as 01 10 11


aryoba
Premium,MVM
join:2002-08-22
kudos:4

The RV routers are ex-Linksys which Cisco resellers usually don't carry/support. I've heard lots of stability issues in regards of these ex-Linksys models compared to IOS-based ones.


sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
Reviews:
·T-Mobile US
·Verizon FiOS
reply to markysharkey

said by markysharkey:

Yup, the ASA is on my list of possibles.
I'm still yet to hear a good reason why the RV180 shouldn't be on the list.

If it's an acceptable solution if you don't mind coming back every so often to fix it. It also doesn't have the features, and like I said, the number of simultaneous connections is low if anyone in the household downloads or games.

markysharkey
Premium
join:2012-12-20
united kingd

No gamers, downloads are on a separate VLAN via a different ADSL ISP which sits behind an 887 and provides VPN access for me and the Crestron programmers. The customer has a service contract so we visit every 3 months.
I doubt the ISP router is any better (or worse) than the RV180, but I can drive an RV180 much better than I can drive the ISP device.
I'm putting it on the list!
--
Binary is as easy as 01 10 11


sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
Reviews:
·T-Mobile US
·Verizon FiOS

said by markysharkey:

No gamers, downloads are on a separate VLAN via a different ADSL ISP which sits behind an 887 and provides VPN access for me and the Crestron programmers. The customer has a service contract so we visit every 3 months.
I doubt the ISP router is any better (or worse) than the RV180, but I can drive an RV180 much better than I can drive the ISP device.
I'm putting it on the list!

If downloads are via a meager ADSL line, what does your customer need 800Mbps for? Streaming Netflix?

HELLFIRE
Premium
join:2009-11-25
kudos:15
reply to markysharkey

@sk1939

»www.youtube.com/watch?v=kV7ou6pl5wU
-- 'nuff seid

said by markysharkey:

The router will be doing some CBAC, NAT and split tunnel VPN's for remote support, and not much else as I have a Layer 3 switch doing DHCP / LAN side ACL's and Inter VLAN routing.

Reviewing this again -- a) don't know for sure if the RV180 can split tunnel VPN or not, so you'll definately
want to doublecheck this, and b) how many remote VPN connections are you looking to run, worst-case
scenario? Cisco's data sheet claims 10 IPSec, 10 QuickTunnel, 10 PPTP, but willing to bet it is NOT a case
of "running simultaneously."

My 00000010bits

Regards

sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
Reviews:
·T-Mobile US
·Verizon FiOS

said by HELLFIRE:

@sk1939

(youtube clip)
-- 'nuff seid

said by markysharkey:

The router will be doing some CBAC, NAT and split tunnel VPN's for remote support, and not much else as I have a Layer 3 switch doing DHCP / LAN side ACL's and Inter VLAN routing.

Reviewing this again -- a) don't know for sure if the RV180 can split tunnel VPN or not, so you'll definately
want to doublecheck this, and b) how many remote VPN connections are you looking to run, worst-case
scenario? Cisco's data sheet claims 10 IPSec, 10 QuickTunnel, 10 PPTP, but willing to bet it is NOT a case
of "running simultaneously."

My 00000010bits

Regards

I would do no more than 4, and even then the spec's are not rated for full speed VPN tunnels. For IPSec your looking at a maximum of 50.9 Mbps throughput, and 7Mbps with PPTP.

That being said, the SEC-K9 licenses limit tunnel counts to 225 tunnels IPsec, SSL VPN, a secure time-division multiplexing (TDM) gateway, and secure Cisco Unified Border Element (CUBE). It also limits encrypted throughput to around 170Mbps with an ISR G2 router.

markysharkey
Premium
join:2012-12-20
united kingd
reply to sk1939

Sorry, my bad. The cinema / movie / blu-ray systems need to download album art when new content is added, as well as requiring access to the net for firmware upgrades and that sort of thing. ALL the AV kit resides on VLAN's pointing at the ADSL line. The customer will surf the internet on the Gigabit connection. All the customer "computers" hit the fast connection on a different VLAN. As far as "needing" a gigabit internet connection, I agree, almost no-one "needs" one, but if you could have one for a hundred bucks a month, why wouldn't you? It definitely comes under the banner of "vanity purchase" but it's not my job to judge, just deliver...

The VPN is for me to get in, not for the customer to get out. I have limited the number of VPN addresses in the VPN pool to 6 by using a /29 address pool. I doubt there will ever be more than one VPN tunnel live at any one time and if it doesn't do split tunnels I'll work with whatever it does do.
--
Binary is as easy as 01 10 11



DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

I wonder why put the AV gear on the slow connection?


sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
Reviews:
·T-Mobile US
·Verizon FiOS
reply to markysharkey

said by markysharkey:

Sorry, my bad. The cinema / movie / blu-ray systems need to download album art when new content is added, as well as requiring access to the net for firmware upgrades and that sort of thing. ALL the AV kit resides on VLAN's pointing at the ADSL line. The customer will surf the internet on the Gigabit connection. All the customer "computers" hit the fast connection on a different VLAN. As far as "needing" a gigabit internet connection, I agree, almost no-one "needs" one, but if you could have one for a hundred bucks a month, why wouldn't you? It definitely comes under the banner of "vanity purchase" but it's not my job to judge, just deliver...

The VPN is for me to get in, not for the customer to get out. I have limited the number of VPN addresses in the VPN pool to 6 by using a /29 address pool. I doubt there will ever be more than one VPN tunnel live at any one time and if it doesn't do split tunnels I'll work with whatever it does do.

Any kind of downloads, especially something like Bittorrent, will bring that device to it's knees. It's NAT table is limited to 10,000 entries, which is the same as the base 5505.


OVERKILL

join:2010-04-05
Peterborough, ON

Yup. For comparison, the 5510 in base config is 50,000 with 130,000 with the upgraded license.

I think the OP should look at the 5512-X.

»www.cisco.com/en/US/prod/collate···1635.pdf


markysharkey
Premium
join:2012-12-20
united kingd

1 edit
reply to sk1939

quote:
I wonder why put the AV gear on the slow connection?
Because the ISP router does not support trunk links. I had to choose which of the 5 VLAN's had internet access. As the owner wants the fast connection for internet access oviously I put his "internet" VLAN on to the ISP router. If I can add a router that supports VLAN's / DOT1Q trunks, of course I'll add the AV gear to the fast internet connection and ditch the ISP supplied router.
The AV gear is VLAN'd off because several components are prone sending out more broadcast traffic than we would expect from a "proper" computer. Furthermore one of the supporting AV devices is not happy with this broadcast traffic so it resides on a VLAN of it's own. Then we need to separate control traffic for the Crestron system and other HVAC and BMS systems in the property.
As I have said many times, it is a domestic install but when the property costs in excess of $10,000,000US the supporting systems tend to be cranked up a notch.

The RV180 is still an improvement on the ISP supplied router which is currently in use. There won't be any torrent use and the most powerful user device in the place is an iPad (well, about 10 of them actually), so no-ones going to be playing World of Warcraft. No VC, no IP phones no powerful desktops for the aforementioned games or torrenting, just a bit of face-time / Skype / iTunes and Youtube as well as regular web surfing.
--
Binary is as easy as 01 10 11


OVERKILL

join:2010-04-05
Peterborough, ON

What do you have managing the VLAN's, just the switch? I mean you could do VRF's for each of the VLAN's on an ISR for example and route each of the VLAN's to a particular Internet connection relatively easily.

Is the only reason for the RV180 because it is cheap and easy to configure? I'm of the impression that a lot of superior choices have been suggested here and given that you keep citing the value of the property, I'm having a hard time grasping why springing for an ASA or something that is more "in-line" with the high-brow scope of the install here is being skirted?

Please correct me if I'm out of line of course.


markysharkey
Premium
join:2012-12-20
united kingd

Budget in theory is not an issue, BUT I also have to consider the process of suggesting hardware that will flow through several layers of (mis)understanding before it is presented to someone who has budgetary control. So far I have not had to present any options so I'm still gathering ideas but I suspect I'll need to be getting quotes this week for putting in to a proposal.

Yes the switch is handling the VLAN's and inter VLAN routing as well as DHCP duties.

Sadly I'm not as up with VRF as I should be so I will look into that with the help of a mate who teaches CCNP. Any "quick start" example configs would be appreciated! That said, ISR's have generally been ruled out (back on page 2 or 3) as they will lose much of their speed when I add NAT / CBAC / VPN's (and now VRF) to the config. And to be fair, if an ISR could have done the job we wouldn't have got past page 1 and I would have installed it already.
This means an ASA 55xx is the most likely candidate as I probably wouldn't be able to learn Juniper commands in time to make the SRX viable and I don't have the rack space for a 72xx.
The RV180 does indeed represent a quick and dirty solution. But it still outperforms the equipment currently in use since the internet connection upgrade, and it resolves the issue of some VLAN's being cut off from the internet due to the shortcomings of the aforementioned ISP router.
--
Binary is as easy as 01 10 11



tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1

vrf's are easy.
create the vrf definition. map interfaces to the vrf using 'ip vrf forwarding (foo)'. then -- all of your show commands must just relate to the vrf in question (as they are different routing tables altogether).

here is a good link to get you started.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


markysharkey
Premium
join:2012-12-20
united kingd

Thanks Tubbynet. I just saw you saying the same thing back on page 2 or 3. Time to fire up the lab.
Having reviewed the thread, all the answers are here. I think at this point we are in danger of going round in circles, so please consider my questions answered. If the discussion carries on so be it, but it's time for me to put my customers money where my mouth is!

As always, I thank you ALL for your input. I look forward to the next one
--
Binary is as easy as 01 10 11



OVERKILL

join:2010-04-05
Peterborough, ON
reply to markysharkey

said by markysharkey:

Budget in theory is not an issue, BUT I also have to consider the process of suggesting hardware that will flow through several layers of (mis)understanding before it is presented to someone who has budgetary control. So far I have not had to present any options so I'm still gathering ideas but I suspect I'll need to be getting quotes this week for putting in to a proposal.

Yes the switch is handling the VLAN's and inter VLAN routing as well as DHCP duties.

Sadly I'm not as up with VRF as I should be so I will look into that with the help of a mate who teaches CCNP. Any "quick start" example configs would be appreciated! That said, ISR's have generally been ruled out (back on page 2 or 3) as they will lose much of their speed when I add NAT / CBAC / VPN's (and now VRF) to the config. And to be fair, if an ISR could have done the job we wouldn't have got past page 1 and I would have installed it already.
This means an ASA 55xx is the most likely candidate as I probably wouldn't be able to learn Juniper commands in time to make the SRX viable and I don't have the rack space for a 72xx.
The RV180 does indeed represent a quick and dirty solution. But it still outperforms the equipment currently in use since the internet connection upgrade, and it resolves the issue of some VLAN's being cut off from the internet due to the shortcomings of the aforementioned ISP router.

My suggestion for the ISR was ONLY to manage the VRF's, you'd still need something like an ASA to handle NAT at the speed which you are looking for with respect to that one high-speed Internet connection.

At that point the speed of the ISR only relates to its ability to route packets, which means it doesn't have to be a high-end piece of hardware.


OVERKILL

join:2010-04-05
Peterborough, ON
reply to markysharkey

said by markysharkey:

Thanks Tubbynet. I just saw you saying the same thing back on page 2 or 3. Time to fire up the lab.
Having reviewed the thread, all the answers are here. I think at this point we are in danger of going round in circles, so please consider my questions answered. If the discussion carries on so be it, but it's time for me to put my customers money where my mouth is!

As always, I thank you ALL for your input. I look forward to the next one

Great to hear, let us know what you end up doing

markysharkey
Premium
join:2012-12-20
united kingd

At this point I think I might cut my own ear off and paint daffodils...

I have an 887 sitting in the rack but it doesn't have the horsepower. I will present the ASA55xx and RV180 to the customer with an executive summary and see where we go. If he goes for the ASA expect to see an URGENT request for how to get one of them going 'cos I've never had to do one before.
--
Binary is as easy as 01 10 11