dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1356

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

Recommend a new router / platform

Hi Group,

We are currently using a redudant pair of Cisco 3560G L3 switches for both our WAN routing and LAN switching needs. We have firewalls sitting behind these switches that handle our internal NAT and firewall needs.

This solution has been working well for the past 5 years. We are pumping 30Mbps through the wan side of these switches along with our lan needs. Everything is isolated with intravlan routing.

We have a need now to add another separate connection from the datacenter for an additional 20Mbps and I thought this would be the ideal time to stop using our L3 switches in this way and move to dedicated routers. We will let the new routers route and the existing switches just switch.

To add to this scenario, we have a second set of Cisco 3560G switches serving as our iscsi switches for vmware. We are 10gig iscsi ready with the exception of the switches.

I've been considering a chassis based solution that could handle our routing, lan switching, and 10gig iscsi needs. However, I could forgo the chassis solution and consider a stackable solution as well. Or I could forgo that and simply have 2 routers, 2 switches, and 2 10gig switches for iscsi.

Looking for a recommendation. One thing we lack today on the 3560G switches is netflow. Also, in order to bring this new connection from the data center online, the router will need to have at a minimum 2 external ethernet ports and 2 internal ethernet ports plus 2 extra switch ports for traffic that does not pass through our firewall (needs to go around our firewall). We have no need for any specialized router interfaces, just ethernet.

Thanks in advance, looking forward to hearing your recommendations. Although I am fluent in Cisco, I am not up on the latest hardware.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

said by tomkb:

I've been considering a chassis based solution that could handle our routing, lan switching, and 10gig iscsi needs. However, I could forgo the chassis solution and consider a stackable solution as well. Or I could forgo that and simply have 2 routers, 2 switches, and 2 10gig switches for iscsi.

4500 or 6500-chassis perhaps... if you had a million dollar+ budget to blow?

To KISS, I'd probably go the "2 routers, 2 switches, 2 10GigE switches" route.
said by tomkb:

One thing we lack today on the 3560G switches is netflow.

Could look at the X-series 3560 and 3750 switches with this little darling. Or go straight to the 3800 series, both do full netflow functionality.
said by tomkb:

Also, in order to bring this new connection from the data center online, the router will need to have at a minimum 2 external ethernet ports and 2 internal ethernet ports plus 2 extra switch ports for traffic that does not pass through our firewall (needs to go around our firewall). We have no need for any specialized router interfaces, just ethernet.

Now are the external and internal interfaces going to be layer 2 or layer 3 interfaces? Easy enough to get a switch module in
xWIC or NM format... but the only ISRs with 4inbuilt layer 3 interfaces is the 39XXE and 4xxx series. The rest only have two or three.

My 00000010bits

Regards

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

Thanks Hellfire.

I was hoping to get more feedback.

Can anyone make a recommendation then on simply replaced a 3560G used in L3 routing on the wan?

Requirements would be as follows: ability to add a module for wan connectivity other than ethernet, at least 4 ethernet ports for routing, netflow.

Thanks
markysharkey
Premium Member
join:2012-12-20
united kingd

markysharkey

Premium Member

Don't you need NAT? AFAIK, Layer 3 switches have plenty of routing features but lack NAT capability. Or is it a private/MPLS/VPLS network?

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

No NAT is needed. There are a few firewalls that sit behind this L3 switch and handle LAN functions.
markysharkey
Premium Member
join:2012-12-20
united kingd

markysharkey

Premium Member

OK, so the next question is do you need dynamic routing protocols like EIGRP or OSPF? If not then pretty much any 2960X, 3750 or 3850 will work as long as it has LANBase or IPServices IOS. LANLite won't cut it. If you do need dynamic routing protocols then I think you'll need a 3750 or 3850 with IPServices IOS. Nothing else will do, BUT, check with your VAR to be sure, or have a shufty on the IOS Feature navigator at cisco.com.

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

Ok those are switches are you recommending stay L3 switches? I want the option to have different WAN modules in the future.
markysharkey
Premium Member
join:2012-12-20
united kingd

markysharkey

Premium Member

All have Layer 3 capability. The 3750 and 3850 will do everything the 3560 will do, the 2960X doesn't have dynamic routing capability but other than that it's a Layer 3 switch in a Layer 2 "wrapper".

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to tomkb

MVM

to tomkb
said by tomkb:

Can anyone make a recommendation then on simply replaced a 3560G used in L3 routing on the wan?

tomkb See Profile, it really depends on several factors:
• number of expansion options/modules. also -- what type of connectivity are we talking here? ds1? ds3? sonet?
• is this for pure wan routing? any services need to be hosted on the device?
• are you taking full routes from your provider? are you just taking a default? what does your igp/egp situation look like?
•what is the number of pps or mbps that you're looking to push through the box?

you have several options -- the isr/4000 series, asr1k (1001 or so), or possibly a used c7200vxr with an appropriately sized npe. without knowing above -- we're shooting in the dark.

q.

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

said by tubbynet:

said by tomkb:

Can anyone make a recommendation then on simply replaced a 3560G used in L3 routing on the wan?

tomkb See Profile, it really depends on several factors:
• number of expansion options/modules. also -- what type of connectivity are we talking here? ds1? ds3? sonet?
• is this for pure wan routing? any services need to be hosted on the device?
• are you taking full routes from your provider? are you just taking a default? what does your igp/egp situation look like?
•what is the number of pps or mbps that you're looking to push through the box?

you have several options -- the isr/4000 series, asr1k (1001 or so), or possibly a used c7200vxr with an appropriately sized npe. without knowing above -- we're shooting in the dark.

q.

Right now we accept an ethernet handoff from the datacenter but I want the option to go with a module for DS3 or some other legacy type of handoff- Also want the option to interface with 2 different ISP's on the router wan side. I want options on the modules. There will be two routers for redundancy unless a chassis option then dual sup.

Yes, this is for pure WAN routing. Right now our L3 switches do both routing and switching and I want to move away from that.

We are currently only a static routing to our datacenter but we are looking to move away from datacenter bandwidth as we are approaching 50Mbps right now and it may be more economical in the future to supply our own bandwidth as we will grow into 100Mbps soon, arin ip address block, and BGP to 2 providers. Nothing internal as far as routing goes, just static.

I know our 3560G switches claim 38 Mpps and 32Gbps fabric but I'm not sure if that applies when using routed ports or not. In any event we have a few firewalls that sit behind these switches which add up to more than 32Gbps through. Where do I want to be? I've considered the 6500 with sup720 @ 720Gbps and I think that is too much for our needs and price tag, I'm thinking somewhere on the order of 100Gbps is good.

Thanks for taking an interest, looking forward to hearing back.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by tomkb:

I know our 3560G switches claim 38 Mpps and 32Gbps fabric but I'm not sure if that applies when using routed ports or not.

nearly. if a switch supports layer-3 -- it will perform it in hardware. in this way -- if the port can handle it -- it will pass it.
however -- be wary of things like qos, etc -- as these are generally (poorly) supported for "wan type qos" -- since the needs are drastically different. also -- the tcam size of these boxen is limited. most will support about 8k ipv4 routes in hardware (with a pure routing emphasis).
said by tomkb:

I'm thinking somewhere on the order of 100Gbps is good.

you're mixing up too many different things here.

the sup720 says its 720gbps because of the ingress and ingress interconnects between all slots across the 9-slot chassis. this is *drastically* different between wan bandwidth and support for things like routing, qos, etc.
said by tomkb:

I've considered the 6500 with sup720

gross. the sup720 is aging, has a myriad of caveats, wan module support is dropping, and if you don't know how to run the box -- have fun.

when spec'ing out your edge -- you need to look at the aggregate throughput required across the box. factor anything like qos or services at the edge (i.e. you should be shaping your traffic to your upstreams to make end-to-end qos actually work). from there -- start looking at the connectivity options to the inside of the network.

from a current platform perspective -- something in the isr/4000 series should work fine. the isr4331 gives you up to 300mbps, the isr4351 will work up to 400mbps, the isr4431 will allow you to grow up to a 1gbps, and the isr4451 will allow you to grow to 2gig. each of these numbers is with the "performance" license (stock they will support about 1/2 of the quoted numbers). this is across all packet sizes and service implementations. they will speak bgp and do what you need them to do from an edge perspective.

again -- this is completely independent of your internal needs. if you're looking to pass traffic at 10g linerate between campus and datacenter -- its a different conversation completely.

q.

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

Thanks. The only 10gig we are considering right now is for iscsi. This is why I considered a chassis solution.

May I ask your opinion on the 4000 vs asr1000 as a possible candidate?

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by tomkb:

Thanks. The only 10gig we are considering right now is for iscsi. This is why I considered a chassis solution.

but you're not pushing that over the wan -- so again -- i'm a little confused. maybe a diagram to help picture everything. as i see it -- this is just an edge for your connectivity -- not a pure core device.
said by tomkb:

May I ask your opinion on the 4000 vs asr1000 as a possible candidate?

depends on what speeds, etc -- you'll be needing.
the isr/4000 series is pretty nifty. very neat the way that they crafted the entire system around the construct of a "nearly qfp-like" architecture using x86.
the asr1000 is also quite keen -- but its much bigger iron than the isr/4000. the asr1002-x will give you 36gbps forwarding capacity across nearly all traffic profiles, with an rp2 to boot (very fast control-plane). if you want to go expandable/redundant -- you'll need to jump up to an asr1006 chassis -- which gets steep quick -- but you'll have redundant rp's, redundant esp -- and support for up to 100gbps of chassis throughput (with the esp100, i don't believe the 1006 supports the esp200).

q.

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

No, we are not pushing 10gig over the wan. We have a need for 10gig switching for iscsi, a completely separate project. This is why I was considering a chassis solution, to cram my routing, switching, and iscsi switching into once space. My full need is outlined in my original post. Thanks for your response.

At this point in time I am shopping to take me 5 years out. The maximum bandwidth I can see on the wan during this period is a total of 200Mbps over 2-3 interfaces, some of them not ethernet. QOS I'm handling on our firewalls. Netflow is a must. Redundant. BGP.

It sounds to me that I should be looking at the 4000 series.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by tomkb:

QOS I'm handling on our firewalls.

qos is a broad term.
generally -- not only will you want to honour and prioritize based on markings -- but generally -- you'll want to shape and queue on each interface for anything less than line rate. so -- even if your firewalls are prioritizing -- you'll want to make sure that your "wan" interfaces also have an appropriate classification and shaping policy.
said by tomkb:

Netflow is a must.

full flexible netflow supported on asr1k and isr/4000.
said by tomkb:

Redundant.

define what you mean by redundant. multiple power supplies? multiple data-planes? multiple control-planes? each "yes" answer increases the single-box cost.
said by tomkb:

BGP.

this is a pretty standard support thing in cisco-land anymore. bgp is not only the protocol of the providers, but of the enterprise, and the datacenter as well.

q.
aryoba
MVM
join:2002-08-22

aryoba to tomkb

MVM

to tomkb
said by tomkb:

No, we are not pushing 10gig over the wan. We have a need for 10gig switching for iscsi, a completely separate project. This is why I was considering a chassis solution, to cram my routing, switching, and iscsi switching into once space. My full need is outlined in my original post. Thanks for your response.

tubbynet See Profile, would this be a candidate to Nexus 6000 or even 9000 model?

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

for the 10gbe core -- sure -- though thr n9k will need the 40gbe breakout cables to split the 40gbe to (4) 10gbe.
for their use case -- a 5600 would work as well.

q.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to tomkb

MVM

to tomkb
Dumb question for ya at this point tomkb See Profile , do you have

a) a diagram of the existing setup and
b) a budget (figure) nailed down?

...we can spit the makes and models of the latest and greatest gear to ya all day long, but I think about
this point to REALLY help ya, we need that information.

...Just my 00000010bits

Regards

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

I don't have one handy but I can tell you the following.

We have a small wan block shared with the data center. Each of our switches has a routed port and we have that setup as HSRP between the two switches. We route to the data centers HA HSRP address split across to of their distribution switches.

Then on the inside of the switch, we have a vlan interface setup which also participates in an HSRP HA setup with the other switch. This block of IP addresses is configured to talk to the outside interfaces of a few of our firewalls.

The rest of the switch is setup for LAN switching with various vlans. I'm looking to remove the L3 function from the switches with dedicated routers.

I don't have a firm dollar amount but I'm shooting for a budget of $15,000 for both routers. There is some flexibility with the budget.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to tomkb

MVM

to tomkb
Just my 00000010bits, but you may want to commit that to a diagram sometime...
said by tomkb:

The maximum bandwidth I can see on the wan during this period is a total of 200Mbps over 2-3 interfaces, some of them not ethernet. QOS I'm handling on our firewalls. Netflow is a must. Redundant. BGP.

said by tomkb:

I'm shooting for a budget of $15,000 for both routers. There is some flexibility with the budget.

...I presume that price includes smartnet in some way?

Agree with tubbynet See Profile the ASR1K's a powerhouse in a 1U formfactor -- 4GE SFP interfaces, but I'd look into the datasheets to confirm WAN interface compatibility. The ISR 4K promises guarenteed speeds WITH services. You COULD look into the 3900 series, but you mentioned growth out a couple years...

My 00000010bits

Regards

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

I don't see a 3900 series anywhere on ciscos offerings on the website, do you have a link?

battleop
join:2005-09-28
00000

battleop to tomkb

Member

to tomkb
Do you have a budget? With your 10G iscsi do you need it? It wouldn't make much sense to spend the money on 10G if we were barely doing 1-2Gb. If you need 10G how many ports do you need?

Are you speaking BGP? If your going to use this box to speak BGP and take full tables your choices are going to get narrow and expensive. If you don't have to take full tables from multiple providers then you can get into the 6500/7600 cheap.

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

If we are talking just iscsi budget is $30,000. Current need is 6 ports per switch but that will grow to around 10 per switch within 5 years which is the expected useful life.

partial tables in bgp only.

At this point, I'm leaning toward a non-chassis solution, doesn't seem like the right fit anymore.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to tomkb

MVM

to tomkb
said by tomkb:

I don't see a 3900 series anywhere on ciscos offerings on the website, do you have a link?

this would fall under the isr/g2 platform (2nd generation integrated services router).
while capable for your needs -- the isr/g2 is being superseded by the isr/4000 series routers. for any new installs going forward -- i'd look to the newer kit -- especially as it offers enhancements in the way of performance and code (running xe rather than monolithic ios).

q.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to tomkb

MVM

to tomkb
3900 series for you

Regards
aryoba
MVM
join:2002-08-22

aryoba to tubbynet

MVM

to tubbynet
said by tubbynet:

said by tomkb:

I don't see a 3900 series anywhere on ciscos offerings on the website, do you have a link?

this would fall under the isr/g2 platform (2nd generation integrated services router).
while capable for your needs -- the isr/g2 is being superseded by the isr/4000 series routers. for any new installs going forward -- i'd look to the newer kit -- especially as it offers enhancements in the way of performance and code (running xe rather than monolithic ios).

q.

Pricewise, are 3900 series and 4000 series comparable?