Solved: Thanks, all. IPSEC/GRE

Troy.Tripp1 · ‎05-12-2016

First off, my creds: I've been working with Cisco for almost 20 years, so I'm very familiar with routing and switching. But my long experience seems to be working against me in my current environment with regards to large WAN circuits being installed in my data centers.

Currently I have a small number of 10G MPLS WAN circuits coming into my DCs, and more are on the way. My ASR 1001-X CE routers are maxed out on the number of 10G ports they support. My solution is to move to the ASR 1006 routers, which will give me more ports for the planned number of circuits and spare capacity for future expansion.

But I've got another Cisco engineer (also very knowledgeable) saying we should move away from routers and deploy Nexus 93xx switches as our CE routers instead. His point is that the Nexus switches are both cheaper than the ASRs and have many more 10G ports for future expansion.

This is where my long experience is working against me, because my opinion is that routers are routers, switches are switches, and every time I've seen people try to blur the lines between the two, it's come back to bite them. The other engineer's attitude is that my approach is outdated and that Nexus switches can do the job just as well for far less.

So, does anyone have experience using Nexus 93xx as WAN routers? Were there any problems? Were they actually better? I'm not trying to prove that I'm right and that he's wrong, just looking for anyone who has real-life experience using switches as routers. Thanks for your opinion.

nagasheshu2010 · ‎05-12-2016

Hi Troy,

Hope you are doing good.

I have not used Nexus 9 series but familiar with Nexus 7 and 5k's.

I would go with ASR's (in actual means, a router facing WAN) because there are some configuration limitations in Nexus which are yet to be dealt and cisco is aware of those.

Check this link for one of the Nexus inability.

https://supportforums.cisco.com/discussion/12748066/equivalent-command-nx-os-7000-series-ip-tcp-adjust-mss-or-alternate-way

Also, there are problems in IPSEC/GRE tunnel with Nexus. ( Again, I am not 100% sure about this, just heard a flying news otherwise cisco might hit me :P)

Regards,

Nagasheshu.

View solution in original post

nagasheshu2010 · ‎05-12-2016

Hi Troy,

Hope you are doing good.

I have not used Nexus 9 series but familiar with Nexus 7 and 5k's.

I would go with ASR's (in actual means, a router facing WAN) because there are some configuration limitations in Nexus which are yet to be dealt and cisco is aware of those.

Check this link for one of the Nexus inability.

https://supportforums.cisco.com/discussion/12748066/equivalent-command-nx-os-7000-series-ip-tcp-adjust-mss-or-alternate-way

Also, there are problems in IPSEC/GRE tunnel with Nexus. ( Again, I am not 100% sure about this, just heard a flying news otherwise cisco might hit me :P)

Regards,

Nagasheshu.

Troy.Tripp1 · ‎05-16-2016

Thanks, all. IPSEC/GRE problems may be the answer that can convince people this isn't the way to go, as iWAN relies on tunnels and that is a technology we are looking at deploying.

Muhammad Thanveer · ‎05-17-2016

I go with Nagasheshu, Let the router do its Job.

Vinit Jain · ‎05-12-2016

Hello,

Nexus 9300 is a good platform but good for deploying as DC leaf nodes or border leaf. having said that, i dont think it is a good idea to terminate multiple WAN circuits on Nexus 9300.

With ASR 1006, there are multiple options you can go with. Its not only the 10G ports that you need to consider but also keep in mind on what ESP card you would want to use. I think based on ur increasing environment, you should go for ESP100 card with RP2. You can refer to the data sheets for both of them.

Yes, Nexus 9300 is cheap and has good capabilities, but it also depends on what all features you want to run and if the platform will be capable to meet your future requirements.

Hope this helps.

Regards

Vinit

Thanks
--Vinit

Joseph W. Doherty · ‎05-16-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The thing that often comes back to haunt you, when you use a L3 switch rather than a "router", routers generally have much richer feature support. If you don't need "router" features, L3 switches can work very well, and often at less cost.

So, I think not only is there the question of 10g port support, but the question of feature support. If you don't need "router" features, then the Nexus 93xx might work just fine for you, but when looking at 10g ports supported and features, you might want to consider other Cisco product lines too.

I might add, my company uses lots and lots of Nexus 9Ks, although I'm not sure which models (as I don't support that part of our network).

Which is better for 10G WAN, ASR or Nexus?