Solved: SMB edge (Internet) Router performance: 87x vs. 18xx vs. 28xx

thomasdzubin · ‎07-22-2008

I work with a lot of single-site small and medium-sized businesses (10-100 users) that just need a single router to connect their LAN to the Internet... so it needs to do NAT, IOS Firewall (ip inspect), and various incoming PAT port forwardings. Streaming media is popular so it's likely the WAN connection won't be as bursty as you might think.

I know it's really hard to generalize but as a first approximation, I've been recommending the Cisco 87x series when the ISP provides a connection up to 2Mbps, a Cisco 18xx when the ISP WAN connection is 2Mbps-5Mbps, and finally a Cisco 28xx when the ISP WAN connection guaranteed service speed is between 5Mbps and 10Mbps

(I also recommend the ASA 55xx series, but this note is just wanting to know about IOS ROUTER performance, not PIX/ASA)

My question: I realize that each customer is different and all factors (like VPNs, big access-lists, etc) have to be considered, but is my "first guess" of a 87x, 18xx, or 28xx router model based completely on the ISP WAN speed reasonable or am I completely off base?

In my googling, I've seen various tables of SWITCHING performance of various routers, but can those pps numbers be applied to ROUTING performance as well?

(I'm guessing routing/nat/firewall is more CPU intensive that just port-to-port switching..)

Thanks for any opinions...

Joseph W. Doherty · ‎07-24-2008

The switching performance often would be routing in the sense that a complete route table lookup isn't performed for the packet, instead the packet is L3 "switched". I.e. the maximum performance that should be obtainable with something like a file copy. However, as the document also notes, actual performance could be much less. (Much depends on the configuration. Something like NAT/PAT could have a big impact.) Also, when doing an actual file copy using TCP, don't forget the router also has to process the return ACK flow.

View solution in original post

lgijssel · ‎07-22-2008

I would say that your default dimensioning is quite reasonable. To determine it better than this would indeed require specific knowledge about what the router is intended to do. It should be perfectly in order when nothing special is required.

Some other thoughts:

-Just natting should not be a problem.

-Make sure that acl's are optimized and not longer than necessary.

-Always use a router with vpn accelerator when vpn's are to be terminated on it.

regards,

Leo

Joseph W. Doherty · ‎07-22-2008

Have you seen? . . .

thomasdzubin · ‎07-24-2008

Yes I have seen that chart, but it seems to be measuring Process switching and Fast/CEF switching... is "routing" considered part of this?

I know for a fact that I won't get 12.80Mbps routing performance out of an 87x router

(I've done file copies from one LAN to another and it doesn't come anywhere near 12.80... a file copy through the router's four-port switch within the same LAN will certainly be fast, but I'm wondering about the routing numbers)

Joseph W. Doherty · ‎07-24-2008

The switching performance often would be routing in the sense that a complete route table lookup isn't performed for the packet, instead the packet is L3 "switched". I.e. the maximum performance that should be obtainable with something like a file copy. However, as the document also notes, actual performance could be much less. (Much depends on the configuration. Something like NAT/PAT could have a big impact.) Also, when doing an actual file copy using TCP, don't forget the router also has to process the return ACK flow.