I need to order 2 of the above to host our ISP connection. This routers will act as our internet routers. I need the following services, functions and modules :
I notice some other options and pricing and I couldn’t understand what it is for and whether we need that for the above functionality. Things like:
The 4 onboard 10/100/1000 ports for this particular model is sufficient for now
Any help will be really appreciated
What is your WAN bandwidth?
NOTE: Cisco has recently announced the Catalyst 8300 (yes, it is a ROUTER). If everything goes well, the 8300 will be aimed as the immediate replacement for the ISR 4000 family of router.
Currently 250Mbps. Anticipating to increase to 500Mbps by end of this year or beginning of next year
And 500 Mbps is the TOTAL WAN bandwidth, right?
500Mbps UP and 500Mbps down
Presume the "worst case" scenario, 1 Gbps aggregate/total throughput for the WAN link.
All manufactures "fudge up" numbers. Throughput is no exception.
By default, 4431 supports 500 Mbps. That's means the CPU will be "down rated" to process only 500 Mbps -- This includes total WAN bandwidth as well as LAN.
For 1 Gbps WAN only, 4431 with Performance License is not enough and you may need to look at the Boost License.
Alternatively, you may want to look at the 4451 with Performance License.
Let us do the maths, shall we?
Total WAN Bandwidth: For arguments sake, let's say 900 Mbps (up and down).
LAN: Let's say another 900 Mbps (up and down).
Anything else to consider? Built-in firewall, IPS/IDS, Unified Comms?
1800 Mbps alone takes this to the 4431 with Boost License ...
How long are you expecting to hold on to this router? 3 years? 5 years? More?
What happens if the WAN is not enough? Or you want to connect another 1 Gbps LAN? (Playing Devil's-advocate here.)
I may be mistaken (wouldn't be the first time - laugh) but my understanding of bandwidth throughput caps, on the ISR 4Ks, is based on the bandwidth as it transits the router. I.e. you should only need to sum up all interfaces' ingress bandwidth. (NB: this because, one interface's "in" bandwidth, excluding drops, becomes other interfaces' "out" bandwidth, as it's only processed once, not twice, by the CPU for forwarding. [This is also why, on some device stats, a device's PPS rate's bandwidth is half its "fabric/backplane" bandwidth - for the latter, all interfaces "in" and "out" bandwidth is summed - much like a "duplex" link "counts" the two way bandwidth.])
So, for example, if you have a WAN with 500 Mbps up and down bandwidth, and it's LAN interface(s) were NOT processing any other traffic (e.g. LAN-to-LAN), you would need a performance capacity of 1 Gbps (as the WAN interface could provide 500 Mbps "in", and the LAN interface[s] could provide 500 Mbps, also "in" [directed to the WAN interface's "out"].)
Also BTW, when it comes to and ISR's basic throughtput cap, its "performance" cap and its "boost" cap, the first two are usually "guaranteed", as the router has sufficient reserve capacity to meet those limits regardless of traffic mix and/or router configuration. (NB: encryption is often an exception, but that's encryption hosted on the router. Pass-thru shouldn't be any more demanding than any other traffic.) However, the "boost" caps, removes the logical cap and hence the router works much like earlier ISR generations, i.e. throughput can vary much based on traffic mix and/or configuration.
Just a reminder: @Joseph W. Doherty and I are talking about "pure" router function. This does not include if, for example, the router will be tasked to do other "jobs" like UC, FW/IDS/IPS, encrypted traffic, etc.
Noted. As I said on my initial post I'm after just configuration and specifications and recommendation on the ISR4431 for routing(static and BGP later),PBR, Bandwidth shaping/limiting, Passthrough VPN – IPSEC and GRE over IPSEC. These routers wont be doing those other jobs like UC, FW/IDS/IPS, encrypted traffic, etc
BTW, if you haven't seen it, you may find this of interest Miercom performance .. ISR 4000 family
The 4431 is in that report, but w/o "boost" license stats.
Do take special note of the impact of IPSec (again, that should be when the router is an endpoint for it).