dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
47
badsykes1
join:2004-12-08

badsykes1 to HELLFIRE

Member

to HELLFIRE

Re: [H/W] Cisco 1921 vs 880 and 890 series

Hello Hellfire

First of all thx for all the Help and info and stuff durring all this years...I am still impressed about your patience and activity around here...You should try teaching if you don't do it already...

back to topic...Here is the interface i am talking about:

»www.senetic.ro/product/E ··· IC-4ESG=

Is a local site but the explanation is in english...
The price is in Euro w/o VAT and Ron w/ VAT included
So add 24% to the euro price and you get the picture...

"The 4- and 8-port Gigabit Ethernet EHWICs provide line-rate Layer 2 switching across onboard Gigabit Ethernet ports. "

I need only switching on these ports and i want to use the Router GE ports for Wan links...Theoretically a good ALL in ONe router resembling home routers is the 1941w with that card..Wireless, gigabit and security in one box...The combination costs more than 1000$...

Regarding those tiers (500 and 1gbps) i don't wanna spend the price of a second hand car on a router (ISR4451X and so on).
After all i can disable firewall and get decent gigabit or wirespeeds...

Seems the SRX210 is faster and can activate the firewall and still 100mbps speeds...At least this is what i can get reading the datasheet...

»www.juniper.net/us/en/lo ··· 1-en.pdf

Why Cisco routers feels slow or cisco don't want to make them too speedier so keep everyone in chess...I read the Huawei AR1220 datasheet and it feels faster and more interfaces than 891 and 1921/1941 series...

Huawei aR1220 forwarding capacity is 350kpps

»www.huawei.com/ucmf/grou ··· 3990.pdf

Wan speed with services is 25mbps vs 15mbps for 1941 ...

Maybe because is very rare stuff ?

kamikatze
join:2007-11-02

kamikatze

Member

said by badsykes1:

I read the Huawei AR1220 datasheet and it feels faster and more interfaces than 891 and 1921/1941 series...

Huawei aR1220 forwarding capacity is 350kpps
[..]
Maybe because is very rare stuff ?

Let me just stop you right there and steer you towards this particular Defcon talk:

»www.youtube.com/watch?v= ··· uY#t=0m9


Your ISP is residential RDS Romania. There is zero doubt at this point :)
What you forgot to mention is that this very good service has the downside of being wrapped in PPPoE. So, CPU overhead. Lots of it. This is never done in silicon on the low end stuff, including the 4451-X, maybe in the ASR1k, but certainly not ISRs (the G2 is pretty much a software only platform, whatever you turn on eats processor cycles). I can't comment on how Juniper's low end SRX handles PPP but i feel it through watching lots of astrophysics talks lately that it's done in software too.

If this is of any help i can tell you the 2921 handles 100Mbps with NAT and very light reflexive ACLs (no PPP) with about 50% CPU load. Throw in PPP and you've just maxed it out.

ISR2921#sh proc cpu sort | e _0.00 (i'm really sorry cramer)
CPU utilization for five seconds: 53%/48%; one minute: 32%; five minutes: 20%
 PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process
 130    79359448   327518925        242  3.11%  2.76%  3.18%   0 IP Input
 319        1184         417       2839  1.03%  0.62%  0.19% 388 Virtual Exec
   6     6460236     1153091       5602  0.55%  0.10%  0.06%   0 Check heaps
 101       79004   959076102          0  0.15%  0.17%  0.16%   0 Ethernet Msec Ti
 325       39348     8091934          4  0.15%  0.14%  0.14%   0 IP RACL Ager
 126       26688   236279082          0  0.07%  0.04%  0.02%   0 IPAM Manager
  85       85680    30291634          2  0.07%  0.13%  0.15%   0 Netclock Backgro
 154       49176     8146373          6  0.07%  0.02%  0.01%   0 CEF: IPv4 proces
  67       30372     7579009          4  0.07%  0.05%  0.06%   0 Per-Second Jobs
 
badsykes1
join:2004-12-08

badsykes1

Member

That clip was plenty of fun...Well thank for opening my eyes....To require knowing chinesse or neeed a chinesse guy to actually debug my router is kinda....Meh..
No access to firmwares....Is ok from their point of view but i prefer the DIY way and security is an unknown...Unknown is exciting ... Seems the guy that talked first and played with the router got excited too ... Definetly he had a good laugh durring the interaction with the router.. ...
Defcon stuff is surely fun to see and pretty much eyes open...They put on the table all things vulnerabilities, support quality and you can choose if you prefer what you see or not...
Yes i am on RDS residential Romania... :P
I worked in RDS for 2 and half year and i can tell you that very good service moved to PPPOE for Bussiness zone too...They migrated everyone from Static ip to PPPOE and alocating the same static IP ... Juniper SRX is a competition for ISR series so no wonder if they do it in software anyway but at least i am not buying an external gigabit card to actually build the switch portion...I haven't studied PPPOE overhead but seems the implementation is kinda complicated...

I looked at 2921 and is not my preference...The price, the bulk etc...Some people here recommended me Netscreen series if i want a sustained 100mbps pipe with firewall too...And is cheap stuff on ebay...

Thanks for the info...

kamikatze
join:2007-11-02

kamikatze

Member

Well now, if it doesn't really have to be an ISR or SRX, why not go with a classic + a small switch to trunk some vlans to it. Might even want to throw an Olive at it.
»www.intel.com/content/ww ··· iew.html