cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1125
Views
0
Helpful
7
Replies

Advice on 1941 router scalability

fred.weston
Level 1
Level 1

My organization is presently using a pair of 1941 routers as our Internet gateways.  Each router is connected to a different ISP via gig0/1 and to a local switch via gig0/0. The routers are running BGP - each router peers with it's assigned ISP as well as with the other 1941.  We are only running IPv4 and are presently announcing routes for two /24s.  Each ISP is giving us a full IPv4 route feed.  The routers are running HSRP and we use the virtual HSRP address as the default gateway for our 5515-X firewall cluster.  

At present the two ISPs we're using are Level3 and Bright House (the local cable company, a small regional carrier).  The Bright House connection is primarily only there for a failover scenario in which our connection to Level3 becomes unavailable.  With Level3 we pay for 100 Mb/s committed bandwidth and with Bright House we pay for 50 Mb/s committed bandwidth.  Since Level3 is a much larger ISP and is interconnected much better than Bright House is (i.e. shorter AS paths), most of our traffic (80%+) goes through the Level3 router and we're beginning to see times where we're maxing out the 100 Mb/s connection, so I want to look at upgrading that connection to 200 Mb/s, or potentially a bit beyond that depending on what the 1941 platform can handle.

According to what I've read online, the 1941 is pretty grossly undersized for what we're using it for, however we've never had any trouble with them and based on the metrics I've looked at, they still have some capacity to spare.  Each router has been upgraded to max memory (2.5G, I believe) and using MRTG I can see that their average CPU utilization is somewhere around 15% and memory utilization is just above 25%.

At the end of the day, what I'm trying to figure out is if we can safely upgrade our bandwidth from 100 Mb/s to 200 Mb/s without getting to a point where the routers are unable to keep up.  Based on the metrics I've mentioned above, it looks to me like we could probably do so, but I'm reaching out to get more qualified opinions, as well as find out if there are other / additional metrics I should be looking at in order to make a more informed decision.

Based on the info I've found online, it seems like the ASA 5515-X firewall is good up to at least 300 Mb/s or so, so it looks like the routers are the only potential bottleneck.  

We're open to upgrading the routers, but as with any IT shop, we only have so many budget dollars to go around so I'd rather not spend money if I don't have to.  Any advice or suggestions would be appreciated.

7 Replies 7

Philip D'Ath
VIP Alumni
VIP Alumni

I know 1941's can do 100Mb/s with NAT and zone based firewall enabled, and those features chew a lot of CPU.

I'm guessing you are using neither of these, and just doing plain routing.  That being the case, and that your CPU is around 15% I don't think you will have any issues going to a 200Mb/s circuit.

If it was me, I would do the 200Mb/s upgrade.  It will be fine.

The next model up you could look at is the 4000 series of routers.

http://www.cisco.com/c/en/us/products/routers/4000-series-integrated-services-routers-isr/models-comparison.html

These routers use "performance licences".  So if you buy a 300Mb/s performance licence  - that is what you will get.  No less (and importantly, no more).  Note the performance is the combined throughput, in and out.  So if you had a 200Mb/s circuit, and wanted to drive 200Mb/s in and 200Mb/s out you would need a licence for 400Mb/s of performance (or the router would automatically shape it down to what you had paid for).

In your case, you would probably be best looking at a 4431.  500Mb/s of initial throughput upgradeable to 1Gb/s.  Off the top of my head, a 4431 is about ten times the price of a 1941 ...

Thanks for the info and suggestions.  Just out of curiosity, is there any benefit to going with a 4XXX series router upgrade instead of something like an ASR1001?  From the brief research I've done it seems like the ASR series can handle much more throughput and although list price on an ASR is much more than a 4XXX, from what I have seen the difference in street price is not that much.  I don't ever expect that I'll be in a situation where the difference in capacity will matter, but if we're talking a difference of $2-3k over a 5 year lifetime then it's not much of a difference at all.

Whenever I had quoted up an ASR1k versus a 4000 series the ASR usually works out at least twice the price - as in tens of thousands of dollars more.

If you can afford the ASR go that way, otherwise the 4000 series are very capable.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Regarding the 1941's performance, you might find the attachment of interest.

Although your average CPU MRTG utilization appears to have ample excess capacity, does the CPU graphs, on the router itself, show CPU spikes?  If not, then yes, you might be okay, doubling your WAN capacity.

BTW, unsure your 1941 supports the feature, and they might need a feature IOS upgrade, but PfR might be considered to optimize your egress WAN bandwidth.  (With PfR, you might also be able to just use a default route to both providers and obtain even better performance rather than using full BGP route tables.)

The 1941's can do Pfr with the "AX" feature licence.

No spikes - the highest I ever see CPU usage go is about 20% during our nightly backups when we're saturating our bandwidth for a few hours.  Is it safe to assume that CPU usage scales relatively linearly - i.e. if I'm seeing 20% CPU at 100 Mb/s, does it follow that I could expect roughly 40% CPU at 200 Mb/s?

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

One would expect, for same traffic, with just increased volume, CPU hit would be linear, but I don't think that always holds.  However, I wouldn't expect a huge difference from what's expected.

For example, if you're using 20% for 100 Mbps, and the only change was doubled volume to 200 Mbps, you might expect 40% utilization, but it might be more or less than that.  Yet, I doubt it would more than triple for double the volume.  (Again, all else being equal but overall volume.)

Review Cisco Networking for a $25 gift card