Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
4
Replies

SSM Blades Bandwidth

Jim Thomas
Level 4
Level 4

‎11-25-2009 03:38 PM - edited ‎03-11-2019 09:42 AM

This will be interesting but I'll throw this out there. It seems on the ASA 5550, the module that ships with it is 8 physical ports yet 4 of them are used, no biggie here. The thing that is interesting is that this blade is the only blade that can be used in the chassis, not an AIP or CSC. My question to the group is why? I'm chewing on the thought that on my customers 5510s, 5520s and 5540s that when I configure the IPS blade on those firewalls, it indicates a backplane speed of a single GigabitEthernet0/1 connection. If cisco is using the same chassis for the 5550 then is it using the same single GigabitEthernet0/1 as the other models or is there a higher backplane speed to support the 5550 gbic module (4 gig ports) ? I'm wondering if that is why the non-interoperability between the blades and this chassis.

Thanks

Jim

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674
Labels:
0 Helpful
4 Replies 4

Panos Kampanakis
Cisco Employee
Cisco Employee

‎11-25-2009 04:00 PM

Interesting question.

Even though the architecture is the same, the 5550 is designed for high traffic sitting closer to the edge.

Putting a module in it that can do much less traffic is like you downgrade the high end firewall. It is like you put a bottleneck inside your own device.

I believe that is the main reaso nwhy the 5550 was not designed and implemented with lower end cards while it can do much more traffic.

I hope it helps.

PK

0 Helpful

Jim Thomas
Level 4
Level 4
In response to Panos Kampanakis

‎11-25-2009 04:31 PM

Hmmmm lets put a spin on it then and say I have policed some traffic to 768k on my 5550 and want to send it through an IPS blade so that bandwidth is not an issue. Say we are a good customer and spent $200k on an IPS blade and want to use it in the 5550. The IPS is not supported on the 5550 but why? There has to be a limiting factor here. Can the BU shine a little light ?

Gracias,

Jim

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674
0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Jim Thomas

‎11-25-2009 05:46 PM

But then I would ask you, if you only want to IPS inspect 800Kbps what do you need the 5550 for?

And you would reply, I want to do other traffic too but only 800Kbps will be IPS-ed!

I don't think if it a matter of "there might be cases where the IPS could be useful even for a 5550" but more of "why was the decision made". I believe the rationale I metnioned is valid a contributed to the decision. There might be some design concerns also that we are missing.

To dive deeper I think you should open a TAC case.

I doubt if you could get a more detailed and accurate answer in this forum.

PK

0 Helpful

Jim Thomas
Level 4
Level 4
In response to Panos Kampanakis

‎11-25-2009 09:14 PM

Fair enough ,thanks for taking the time to answer. I'll hit the BU.

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card