07-11-2012 12:42 AM - edited 03-04-2019 04:56 PM
Hello
I want to get a Cisco router for central point of 100 GRE tunnels and total 10G traffic coming from those tunnels. I used 6500 but its CPU became high in less than 2 G traffic. Can you identify me a suitable router for this purpose. I think the router must process the GRE in hardware.
Thank you
Solved! Go to Solution.
07-11-2012 02:00 AM
Hello Ali,
you may need a bigger chassis like ASR 1006 but there is a 10 GE SPA for ASR 1000
see
Cisco 1-Port 10 Gigabit Ethernet Shared Port Adapter, Version 2
Single height
SPA-1X10GE-L-V2
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.html
You should also consider the use of 2VSPA+SSC600 in your existing C6500 chassis
Hope to help
Giuseppe
07-11-2012 08:26 AM
Hello Ali,
it should be possible to deploy the ASR 1000 in this setup, however you may need a more powerful ESP (40 Gbps) to take in account also the metro ethernet traffic volume. This is to provide margin for the network to grow.
You should deploy a redundant configuration with two route processors and two ESPs if this router will be the only aggregation device of your network.
About the features there should be no problem with ASR 1000 it provides support for L3 VPN, and L2 VPN including VPLS ( last add in IOS XE)
Edit:
considering the cost of a redundant configuration I would again consider the 2VSPA+SSC600 in your existing C6500 chassis if you have already two supervisors and appropriate linecards ( like ES ES+). However, I can understand the desire to have a dedicated device for termination all the GRE tunnels.
You could also consider to terminate GRE traffic over the ASR 1000 and the metroethernet traffic over the C6500 to achieve node fault tolerance (if the design allows for this).
Hope to help
Giuseppe
07-11-2012 12:53 AM
Hi Ali,
we are using around 100 tunnels on router and it is C3845 router.
So may be you can use this, but again you have to see .
Regards
please rate if it helps.
07-11-2012 01:13 AM
Hello Ali,
here the challenge is not the number of GRE tunnels but the required traffic performance,
for IPSec there are security bundles that can be installed on the C6500 like the following ( VPN SPA over SSC 600 up to 2 VPN SPA in one SSC 600 service module)
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/data_sheet_c78_492120.html
However, if you have GRE tunnels without IPSec protection
the VPN SPA VSPA provides also HW acceleration for GRE Traffic so it is a valid option
see in the same data sheet
>> The Cisco VSPA provides hardware acceleration for both IPsec and GRE, comprehensive support of site-to-site IPsec, remote-access IPsec, and >> certificate authority/public key infrastructure (CA/PKI).
But you may need two VSPA installed in the SSC 600 to reach the required performance.
Another option is ASR 1000 with appropriate ESP companion processor
see the security bundles list
ASR1004-20G-VPN/K9
Cisco ASR 1004 Router VPN Bundle with the 20 Gbps ASR1000-ESP20 Embedded Services Processor, ASR1000-RP1 Route Processor, ASR1000-SIP10 Carrier Card, SASR1R1-AESK9-22SR consolidated software package, and FLASR1-IPSEC-RTU (IPsec VPN) feature license
see table 5 in the following ESP datasheet
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070.html
the ESP-20 allows for up to 2,000 GRE tunnels and has 20 Gbps of throughput
Hope to help
Giuseppe
07-11-2012 01:35 AM
Thank you all.
Hello Giuseppe,
ASR looks good for me but as I checked it doesn't support 10 GE. So it will be hard to aggregate these amount of traffic over 1GE. Do you know other models?
Regards,
Ali
07-11-2012 02:00 AM
Hello Ali,
you may need a bigger chassis like ASR 1006 but there is a 10 GE SPA for ASR 1000
see
Cisco 1-Port 10 Gigabit Ethernet Shared Port Adapter, Version 2
Single height
SPA-1X10GE-L-V2
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.html
You should also consider the use of 2VSPA+SSC600 in your existing C6500 chassis
Hope to help
Giuseppe
07-11-2012 03:40 AM
Hello Giuseppe,
Thank you for your offer. I have other question. I need to use this router in HQ and all the PoPSites will be connected by two link type. One L3 network and GRE and other over Metro Ethernet network. Soo this will be an aggregation router for all the popsites. IGP is OSPF and MPLS VPN (Layer 2 and 3) is used in the network. Whats your idea about using this platform in this location? Consider that it uses IOS XE versions.
Regards,
Ali
07-11-2012 08:26 AM
Hello Ali,
it should be possible to deploy the ASR 1000 in this setup, however you may need a more powerful ESP (40 Gbps) to take in account also the metro ethernet traffic volume. This is to provide margin for the network to grow.
You should deploy a redundant configuration with two route processors and two ESPs if this router will be the only aggregation device of your network.
About the features there should be no problem with ASR 1000 it provides support for L3 VPN, and L2 VPN including VPLS ( last add in IOS XE)
Edit:
considering the cost of a redundant configuration I would again consider the 2VSPA+SSC600 in your existing C6500 chassis if you have already two supervisors and appropriate linecards ( like ES ES+). However, I can understand the desire to have a dedicated device for termination all the GRE tunnels.
You could also consider to terminate GRE traffic over the ASR 1000 and the metroethernet traffic over the C6500 to achieve node fault tolerance (if the design allows for this).
Hope to help
Giuseppe
07-16-2012 10:10 PM
Hello Giuseppe,
I'm preparing LOM of ASR. I have another question. Are you familiar with Poilicy Managers and their intraction with RADIUS systems? I know CIsco policy manager and Procera. Have you worked with them? Do you know other models?
Thank you,
07-17-2012 12:49 AM
Hello Ali,
I'm not familiar with policy managers
Best Regards
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide