The end of Vulnerability date for the 4661 is below at 2030. EOV is what our security folks press for replacement based on. the 8500L I have found the EOL date is in 2028.

---

@pcweber wrote:
the 8500L I have found the EOL date is in 2028.

---

Please share this EoS announcement because I believe this is an EoS/EoL announcement for the End-of-Sale and End-of-Life Announcement for the Cisco IOS XE 17.12.x (and not the hardware itself).

"It makes a solid option for dual 10gb interfaces."

Just curious, on what do you base that?

Consider dual 10g interfaces require up to 20 Gbps, and at best, Cisco states up to (!!!) 7 Gbps, how would a 4461 be a "solid" option?

Pretty much, on any 4k, performance beyond the performance license level is very dependent on the traffic mix and the router's config.

I recall (?) the up to boost performance level assumes an IMIX set of traffic with only IP forwarding, i.e no additional services.  If my recollection is correct, even higher throughput would be possible if all packets were 1500.

At the moment, I'm responding from my phone, but I'll try to remember to later provide the Miercom ISR 4k benchmark report (unfortunately, doesn't include the 4461, nor boost level tests - believe their testing precedes both) and a Cisco White Paper on earlier ISR performance.

The takeaway from both, is how much throughput is impacted by traffic mix and router configuration.

Supposedly, one of the "advantages" of the 4Ks standard and performance licenses, they provide guaranteed levels of performance (reading the Miercom benchmarks - occasionally, on some tests, it appears the performance level isn't always quite achieved).

With the White Paper, take special note of the first performance table compared to recommended bandwidth support at the end of the report - often a huge difference!

Given all the above, would a 4461 be a "solid" router for OP?  Sure, it may be, perhaps even more than needed.  However, without more information on what the 4461 will be doing for OP, I don't see how it can be recommended as a "solid" option to OP.  But, maybe you have information about the 4461 that shows it can handle any traffic mix with even all services supporting 20g.  If so, I would agree it would be a "solid" option, although I would then question whether OP needs to truly guarantee max wire-rate or whether a less expensive router, able to handle the expected/average load, with some reserved performance cushion, be a better choice.

My original post said what the routers are used for. ISP edge peering using BGP, no encryption, no other workloads. The 2 existingASR1000-x routers in use peering. Here is the processor load on one of the existing ASR1001-X. Runs at 1% CPU, 99% of the time.

L3-1001X#sh proc cpu
CPU utilization for five seconds: 1%/0%; one minute: 2%; five minutes: 2%

Right, although "no other workloads" excludes any ACLs, NAT, QoS, etc., correct?

Also with your BGP peering, how many peers, what are they accepting from each BGP peer (i.e. from just a default route, to partial Internet routes, to full Internet routes), and no advanced BGP usage (e.g. BGP community, policy maps, etc.)?

The ASRs are currently just using dual 10g interfaces?

Possibly you could post proc cpu history?

Have any 24 hour stats on interface usage?

Is PMTUD enabled?

Expect any significant growth in resource demand?

ASRs show any drops, either on interfaces or buffers?

(Reason for the above questions, BGP can whack CPU too.  Also, if not already using 10g interfaces, they can burst load CPU, which can be more significant, I believe, on 4k series, rather than the ASR series, as I recall the latter has QFP.  [Although the posted CPU stats look great, a 4k is not an ASR and you can have performance issues in sub second spikes while still having a low longer term average.  One of the other advantages, of @Leo Laohoo 's suggested Catalyst 8k router series, I believe their hardware is basically a more powerful version of the ASR series, just as the ASRs were to the 7200/7300 series with the PXF.])

Oh, lastly, I hope I don't seem difficult, but I'm trying for a Goldie Locks recommendation, i.e., one just right.

Link to Miercom 4k performance analysis:  https://miercom.com/pdf/reports/20150817.pdf

Cisco ISR Performance Overview White Paper attached.

Again, the takeaway for the forgoing, the possible impact of different traffic mixes and/or router configs.  Neither, though, addresses the impact of some control plane processing.  (Real example: years ago, had 3660 running with a single DS3, which loaded the CPU to about 30% at max DS3 utilization, but when I took full IPv4 Internet tables, the BGP scanner, alone, crushed the CPU.)

I've also mentioned, in Cisco routers the next step above ISRs, some of their special acceleration hardware, such as the PXF, QFP (see flow processor in the link), (the Catalyst 8K uses the 3rd generation of the QFP, and even possibly more "network processor" components, like the Q100 or Q200 - I doubt you'll need the latter, but wanted to show why ASRs and/or 8Ks, can offer much higher performance, using such hardware for the data plane, lessons the impact of forwarding performance using just "ordinary" CPUs).

Now again, am I saying a 4461 wouldn't be ideal?  I'm not, because I believe there's yet insufficient information to say for your expected usage.  However, as far as I know, the 4461 is NOT dual 10g sustained wire-speed capable under all conditions.

What does Cisco say, regarding a 4461's performance:

It appears to offer about 50% more than a 4451, and the latter is benchmarked in the Miercom report.

In that report, for just IPv4 forwarding (NB: IPv6 throughput is often less than IPv4, another variable), we see the 4451 hits 2 Gbps but with only an 18% CPU load, so it appears, uncapped (boost license), we should be able to achieve about 5x that, or 10g.  And if, the 4461 does have an additional 50% performance, we're now up to about 15g, which is not 20g needed for dual 10g.

If best expected throughput of about 15g is acceptable (discounting any other CPU demand for other "things"), for IPv4 alone (possibly less for IPv6), then you should be fine.

Lastly, as you have ASRs in operation now, studying their stats allow about the best way to estimate what 4K ISR, if any, might be a suitable replacement.  Again, though, a 4K ISR is not an ASR, so direct performance ratios are not a "given".  (BTW, the Cisco White Paper, which has different ISRs, will also often show, performance doesn't "scale" the same way between various models.)

weirdly did not include the 4461 in the report. Largest was the 4451.

---

@pcweber wrote:

weirdly did not include the 4461 in the report. Largest was the 4451.

---

Again, I suspect that due to possibly the 4461 was a later model that came out after the analysis.

Also again, ditto for the boost license, which was a later addition.