So what's the thoughts on this? Specifically the 4431, 4351, 4331, and 4321. List prices I could find on the SEC models.
$21000 ISR4451-X-SEC/K9 1GBPS to 2GBPS $14000 ISR4431-SEC/K9 500MB to 1000MB $10000 ISR4351-SEC/K9 200MB to 400MB $4500 ISR4331-SEC/K9 100MB to 300MB $2995 ISR4321-SEC/K9 50MB to 100MB Higher speed numbers require license upgrade
So basically they are selling guaranteed throughput no matter what servers you have running, such as NAT/QOS/ZBFW, etc? So if you run tons of services, this may be better than the G2, but if you don't and have large packet sizes, you may have much better throughput on G2 than the new "G3".
Trying to read around to find out, but does anyone know how the throughput is measured? Is it egress only?
...other than wanting one for my home internet / lab... not much. I forget who it was that mentioned they got into a technical deep dive on this platform earlier this year. Position-wise, yeah, they're smack dab in the middle between ISR G2 and the ASR1Ks, I'd wager.
Anyone have them deployed, or planning to have them deployed where they are? Inquiring minds want to know!
the funny part is that i have steffan mansson on audio saying that there will not be an isr/4400-series -- that the 4451-x is just to fill a gap in current cisco offerings.
So basically they are selling guaranteed throughput no matter what servers you have running, such as NAT/QOS/ZBFW, etc? So if you run tons of services, this may be better than the G2, but if you don't and have large packet sizes, you may have much better throughput on G2 than the new "G3".
Trying to read around to find out, but does anyone know how the throughput is measured? Is it egress only?
traffic is total aggregate across the box. essentially -- the goal of the isr/4400 is to create a qfp-like architecture using x86. in the 4400-series -- there are dedicated cores to data and control-plane, while the 4300-series has a processor sharing mechanism. as far as i've been told -- there is no way to adjust the core allocation for data or control-plane activities (i.e. pure control-plane box for bgp-rr or so).
the architecture is built with a shaper on the box that limits overall speed. if i purchase the 4451-x -- i get the 1gig license. this is 1gig throughout all traffic profiles (64-byte to jumbo mtu). this is with any number of services enabled on the platform. likewise -- if i purchase the 2gig box -- i get 2gig of services through all of my service combinations. this trickles down to all other platforms in the 4000-series portfolio -- just at different rates.
the thinking behind this is that we often play a guessing game with the current isr/g2 around throughput with service combinations enabled. nat, fw, h-qos all put a hit on the box -- but its an inexact science on how much and when. that has been removed.
additionally -- these routers run ios-xe -- which supports multi-threaded processes and service containers -- so its possible to instantiate different processes on the box (outside of iosd) in unique userspace. this allows for things like v-waas to be deployed on a single box to bolster things like the avc component of the router.
also -- while you may have corner cases of a performance/dollar ratio being better in the g2 -- in the long run -- the 4000-series will give you a better performance experience (especially as you look at the 4400-series -- since the isr/g2 tops out at a few hundred meg/sec -- which was why the whole incentive to produce the 4451-x was made in the first place).
So basically they are selling guaranteed throughput no matter what servers you have running, such as NAT/QOS/ZBFW, etc? So if you run tons of services, this may be better than the G2, but if you don't and have large packet sizes, you may have much better throughput on G2 than the new "G3".
Trying to read around to find out, but does anyone know how the throughput is measured? Is it egress only?
traffic is total aggregate across the box. essentially -- the goal of the isr/4400 is to create a qfp-like architecture using x86. in the 4400-series -- there are dedicated cores to data and control-plane, while the 4300-series has a processor sharing mechanism. as far as i've been told -- there is no way to adjust the core allocation for data or control-plane activities (i.e. pure control-plane box for bgp-rr or so).
the architecture is built with a shaper on the box that limits overall speed. if i purchase the 4451-x -- i get the 1gig license. this is 1gig throughout all traffic profiles (64-byte to jumbo mtu). this is with any number of services enabled on the platform. likewise -- if i purchase the 2gig box -- i get 2gig of services through all of my service combinations. this trickles down to all other platforms in the 4000-series portfolio -- just at different rates.
the thinking behind this is that we often play a guessing game with the current isr/g2 around throughput with service combinations enabled. nat, fw, h-qos all put a hit on the box -- but its an inexact science on how much and when. that has been removed.
additionally -- these routers run ios-xe -- which supports multi-threaded processes and service containers -- so its possible to instantiate different processes on the box (outside of iosd) in unique userspace. this allows for things like v-waas to be deployed on a single box to bolster things like the avc component of the router.
also -- while you may have corner cases of a performance/dollar ratio being better in the g2 -- in the long run -- the 4000-series will give you a better performance experience (especially as you look at the 4400-series -- since the isr/g2 tops out at a few hundred meg/sec -- which was why the whole incentive to produce the 4451-x was made in the first place).
q.
Makes sense. We run a lot of services on ISR G2 boxes, and the throughput really does fall pretty quick. Does the 43xx/44xx do IOS IPS? The spec sheet just says "Yes" for IPS, but they do have some CON-SU1 part numbers which leads me to believe it does it just like the ISR G2. So if the throughput is total both ways, if you had a 100mb/100mb circuit, you would need at least something with a 200mb license to cover full duplex traffic if you wanted to be able to max it out both ways?
IMHO 4331 with the license upgrade to 300MB looks like a decent good deal to me. License upgrade is only around 1k, so for ~$5500 list you can do 300MB guaranteed.
G2 is no longer on their website. But this guy here says that it's not even close to EOL and you can still order it.
in everything that i've been told -- the g2 will be supported the same length of time as the g1 series. as such -- they are predicting about 7-7.5 years of support on those boxen. given that they were introduced about 3.5-4 years ago -- i'd say that those boxen will be supported for another 3ish years.
the thinking behind this is that we often play a guessing game with the current isr/g2 around throughput with service combinations enabled. nat, fw, h-qos all put a hit on the box -- but its an inexact science on how much and when. that has been removed.
...think all of us can see that here, given the number of threads we see that say "I have speed X, what router should I buy," and we direct them to routerperformance.pdf, but have to add "oh, by the way..." at the end.
8:43 of kamikatze 's video... I TOTALLY agree with that guy. Cisco PLEASE communicate CLEARLY exactly what this can and cannot do.
meh -- semantics. i still see the g2 line being supported until 2017. too large of an install base (much like the 6500 zealots). the isr/4000-series is a kick ass upgrade though. and honestly -- 7 year lifecycles are damn good.
Got a call setup on monday with our reseller, will try to get some of my remaining questions answered, but im thinking i may get one in house in the next month or two for testing. Since we are service heavy it should really make sense for us. Really weird timing as i was just thinking last week about how our 2921's arent so great when loaded down with services. I actually took the time to make a spreadsheet calcuating values based on the cost and performance specs (IMIX,Firewall,PAT,etc) and it was interesting as the 2951 was a worse value per dollar when compared to performance than the 2921, so i was looking at the 3925 or 3925E for new sites. Now with the new 43xx or 44xx I know what i need for a given circuit size to nearly guarantee throughput levels no matter the services.
@cooldude9919 Let us know how that goes... and if you do get one inhouse... can you leave a remote access session for me?
Mind also posting up that spreadsheet... just for some reference?
Regards
Here it is, keep in mind it was quick and dirty, router pricing is based off MSRP, but obviously the differential will be the same no matter your discount level. Some things to keep note of, as i said the 2951 is a worse value per dollar than the 2921, and the 3925E is approximately a 3x better value per dollar than the 3925, given you have to spend more to get there. Also the values for the calculation were gotten from the PDF i attached, which is a white paper that gives "real world" g2 performance specs.
get your ass south of the 48th and that may happen. the weather is much warmer down here. hell -- half of your country comes down here in the winter anyway.
get your ass south of the 48th and that may happen. the weather is much warmer down here. hell -- half of your country comes down here in the winter anyway.
;-P
q.
Actually ill be in phoenix in a few weeks, will you be in town the week of the 17th tubby?
@cooldude9919 Thanks for that... though if I'm reading your numbers right, the 2951 is actually cheaper on a cost per Mbit throughput vs the 2921 in some cases, no? Or am I reading something incorrectly?
@tubbynet If I'm in the neighborhood, you'll be the first to know, man
@cooldude9919 Thanks for that... though if I'm reading your numbers right, the 2951 is actually cheaper on a cost per Mbit throughput vs the 2921 in some cases, no? Or am I reading something incorrectly?
@tubbynet If I'm in the neighborhood, you'll be the first to know, man
Regards
No, the higher the numbers at the bottom the better, so the 2951 is a higher cost per mbit for the values than the 2921.
So, essentially Cisco is selling a connection speed and you buy your speed, and do not have to worry about how many services you want on your router. So, will this obsolete the asa firewall line?
no. not by a long shot. for the edge -- as things like dmvpn come into vogue, asa at the edge is going away -- regardless of the isr/4000. for times when you need a firewall -- you need an asa. they are purpose built for high-speed ipsec, nigh numbers of connections per second, and as vpn concentrators.
So, essentially Cisco is selling a connection speed and you buy your speed, and do not have to worry about how many services you want on your router. So, will this obsolete the asa firewall line?
FYI, services are still a factor, just not quite as much as before as they are throwing a ton of cpu cores at it. Check out this report, first real data i could find, given its for the 4451 thats been out for a while now. Main part i am talking about is the graph on page 1 with the details on page 2 talking about performances with different services.