Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4059
Views
0
Helpful
5
Replies

Capacity Planning / Right Sizing

asharkhalid
Level 1
Level 1

‎06-10-2010 05:20 AM - edited ‎03-04-2019 08:44 AM

Perimeter Router Capacity Planning:

i have some difficulty in capacity planning, or right sizing a perimeter router and a firewall,  yes we do have the recommendations from cisco, that a 1841 or a 2801 are  designed for 1 T1/E1 link, the fact is these are expensive(from a third  world country's prospect) routers and in this age of broadband we do  have circuits in the multiples of E1/T1 how far can we push these  routers in terms of bandwidth, i can understand that this depends  heavily on the feature set enabled on the device but could never get a  clear picture, kindly shed some light on the topic.

Perimeter Firewall:
The Firewall is a mystical device the smallest of them like ASA 5505  have 150Mbps of throughput but does that mean i can use it for a 30+  Mbps circuit i guess no, but why??, that is what i don't know.


Last One:
One last question which might sound stupid, but again to much  networking would never be enough, i can never understand the case for a 1  Gbps access ports for an average enterprise user, Gigabit switches at  access layer are quite expensive when compared to their Fast Ethernet  counterparts, when is it must to have a Gigabit switch in your access  layer.

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-10-2010 06:43 AM

Hello Ashar,

1)  common in the forums there is a datasheet about router performance I've attached it (it may not be the last version)

2) you should be fine with ASA 5505

3) it is clearly a marketing question as you have understood since PC NICs can negotiate at 1000 Mbps giving them a GE port make happy users and PC support people that otherwise will blame the network (there is people that says they see the difference in opening a remote desktop session between having an FE or GE speed let them with their ideas)

Hope to help

Giuseppe

Preview file
106 KB
0 Helpful

asharkhalid
Level 1
Level 1
In response to Giuseppe Larosa

‎06-10-2010 10:21 PM

Giuslar,

(1) I have seen the performance sheet earlier, this is my concern if you can see that 2801 is a 48.0 Mbps Router, then why cisco recommends to not exceed 1 T1/E1 Bandwidth, ISR series comprises of a complex data plane may be in a worst case scenario when you have lots of ACL's and NAT sessions or a statefull firewall enabled in that case may be a circuit greater than 2 Mbps might over utilize the control plane, but im still confused.

You guys have seen these routers in production environments, what is the maximum bandwidth you have seen terminated on a 1841 or 2801 ISR router.

(2) Are you sure a 30+ Mbps internet circuit will not over subscribe ASA 5505, if thats the case then about 75 % of SMB market in a third world country can survive on a 5505.

0 Helpful

bgandhi
Level 1
Level 1
In response to asharkhalid

‎06-11-2010 12:07 AM

Hi,

The perfomance captured is on pure IP traffic processed by the router without any QoS, Encryption or VoIP deployed. Once you enable those services the router performance would be restricted to the mentioned capacity by Cisco. If it is normal trafic without any of the above services, the only deciding factor is packet size. larger the packet size better is the performance privided router does not get involved into fragmentation. Best way to decide on the router capacity is to analyze traffic it is going to handle.

Hope it would give some clarity.

Regards,

Bhavesh

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to asharkhalid

‎06-13-2010 05:08 AM

Hello Ashar,

2)

the ASA 5505 declared performance is reported in table1 of the following link and it should be able to handle 30 Mbps of traffic

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5_ps9774_Products_Data_Sheet.html

the real question is that ASA has not WAN interface option

1) it depends on what you configure in your device if all the hard stuff is done on ASA and you just use ACLs to protect the router itself you can go above a T1 speed.

As you noted it all depends on what features are enabled

Hope to help

Giuseppe

0 Helpful

Mohamed Sobair
Level 7
Level 7

‎06-13-2010 05:29 AM

Hi,

1- To choose the right router depends on the following:

a) the right CPU and memory required.

b) feature set

c) total throughput.

d) Type of interfaces and if its modular or Not

all of the above will be based on the  Fetures need to be set on the routers and the configuration required.

2- To choose the right firewall, there are multiple factors needs to be considered as bellow:

a- Total throughput.

b- Total number of Site to Site VPNs.

c- Total VPN throghput.

d- Maximum Interfaces.

e- High Availability support.

f- Total number of concurrent VPN connections (Easy VPN).


... etc , please check thebellow link for ASA model comparison:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

3- Depends on type of interfaces for the Server farm Zone at the access layer (If you have), it also depends on the Switch fabric . and I think its must if you have Gig speed servers (Application servers) with high speed that users will be accessed , this increases performance , average throughput.

HTH

Mohamed

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card