An ISR Router that can handle 1000+ simultaneous NAT

Unanswered Question
Dec 30th, 2009
User Badges:
  • Gold, 750 points or more

Hello,

    Due to the limitations of the BPL devices we use in our ISP backbone, we have to handle Network Address Translations centrally. At our perimeter point, we need a router that can

   1)Terminate MetroEthernet at outside FastEthernet interface (Easy)

   2)Perform well in router-on-a-stick scenario for 32 VLANs at inside interface(**)

   3)Handle Network Address Translations for about 1000+ clients(**)

   4)Perform IPS and Firewall


** ->I detached a Cisco 2651XM with latest IOS, configured as router-on-a-stick, router from a location where 500+ NATs were occuring and CPU was hitting %100 and rendering the device unresponsive. This issue might be occuring because of these ** mentioned points above. I attached a simple device called Netasq that runs on FreeBSD platform, configured same, and it performs great with %4 CPU. Maybe it was a bug, I called TAC but it was EOL, opened a topic in NetPro but no solution.


Waiting for suggestions

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (7 ratings)
Loading.
Nagendra Kumar ... Wed, 12/30/2009 - 18:07
User Badges:
  • Cisco Employee,

Hi,


ISR is not a distributed platform like 7600/GSRs. NAT being high CPU intensive feature, I doubt ISR can handle 1000+ simultaneous sessions. Chances are more than it will hit high CPU utilization even before hitting 1000 sessions.


I guess ISR2 is much impreoved in terms of performance.


Regards,

Nagendra

husycisco Thu, 12/31/2009 - 01:59
User Badges:
  • Gold, 750 points or more

Hello naikumar,

     Thank you for your response. Hearing this from a Cisco employee now made me think...

      1)How can a 2k$ FreeBSD based device can handle the load mentioned above with CPU utilization of %10 with all UTM applications included, whereas a 5k$ Cisco device that has its own IOS can not? I can not accept this as a CCSP CCNP network engineer who dedicated his 7+ years to Cisco.

       Can you please ask this issue to a marketing engineer?


Thanks

Peter Paluch Thu, 12/31/2009 - 05:34
User Badges:
  • Cisco Employee,

Hello,


I would also like to see the Cisco marketing engineer's answer to your question, but I would like to share my own view as well.


First, the ISR routers are devices with a low-performance CPU when comparing them to the usual workstation/server processors from Intel or AMD. You cannot expect that a device running an embedded processor clocked at most somewhere around 1 GHz can beat a strong Intel/AMD machine with lots of memory and large caches.


Second, they are, as their name suggests it, "integrated services routers", i.e. universal devices capable of performing many diverse networking functions, and that is true. However, even if a device can provide a particular service, it does not mean that it has unlimited power for providing it, and also if a device supports various features, it does not necessarily mean that you can have all of them turned on and expect that they all will perform well under a high load. The ISR routers are very flexible, however, they are still considered to be, at least from the throughput point of view, low-end routers. Their strength is the versatility, not the raw throughput.


Third, for larger NAT deployments, the ASA is usually recommended instead of ISR routers (note that ASA boxes run Intel processors and Linux-based OS), as it should be capable of handling so many NAT flows and translations.


I would indeed like to read the marketing engineer's response, as it is a fact that the pricing of Cisco products is a topic for itself, but at the same time, I think that here, another point is to be considered: the ISRs simply do not seem to be targeted for the particular application you are trying to implement them in.


Best regards,

Peter

paolo bevilacqua Fri, 01/01/2010 - 10:19
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

1st, NAT on IOS doesn't have "sessions", have "entries". Normal Internet use can generate many tens and even hundreds of entries per user. That is not a problem per-se.


Then, router (or ASA) CPU is not directly affected by number of NAT entries. There is only some background housekeeping work about.


What CPU is affected by, is the amount of traffic. That is, you can max out CPU with 10 entries, or have plenty left with 10,000.


Remember, network performance is primarily measured in packets per seconds, not size of this or that table.

With the large memory sizes of today, huge tables is rarely an issue.

husycisco Tue, 01/05/2010 - 05:57
User Badges:
  • Gold, 750 points or more

Thank you for your valuable responses everyone. If you like to have a little background about the issue, following is the link

https://supportforums.cisco.com/thread/165547


As I remember, ASA had an IOS called Finesse, I think it doesnt run on top of Linux, didnt investigate in google though...


pbevilacqua, packets per second point of view sounds reasonable to me. Please let me link the relationship below.


One interface has 20Mbit MetroEthernet configured. How many packets should be processed to fully utilize 20MBit by router?

Lets say X model of router is introduced to market with 2 100Mbit Full duplex NICs. So can we arrive at the assumption that, this router does have the enough processing power in PPS (packet per-second) to stably utilize the interfaces it has?


When i think of a simple set up router, CPU deals with packets while (excluding minor operations) 1)Deciding where to route the packet, 2)Switching the packet . So the routed and switched packets do have a unit, a measure in PPS. When I read your post, I understand NAT as just a matter of memory. The more memory you have, more entries you can have in NAT table. But isnt NAT the operation to manipulate each packet to change the source IP? Yet another table to look for from CPU's standpoint. Without NAT, while it just checks routing table then forwarding table, now it has to spend cycles to NAT table, routing table and forwarding table. From my point of view, seeing the PPS term also for NAT thread indicates that it is CPU intensive. In addition, correct me if I am wrong, this is just my thinking, each packet, once NAT is enabled, should now be decapsulated-encapsulated untill/from Layer 4, since source and destination ports are needed in NAT table. I mean when i run a show nat with some extra parameter, I can see outs local, outs global ins loc, ins glob and ports, whereas a NAT disabled router only has to do operation at L3, excluding inspections etc.


" NAT on IOS doesn't have "sessions", have "entries". Normal Internet use can generate many tens and even hundreds of entries per user. That is not a problem per-se. (is it per-session?)" can you elaborate this statement?



Thanks

paolo bevilacqua Tue, 01/05/2010 - 06:09
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

The process of table lookup is not a big deal. It uses hashing search algorithm per Knuth's fundamental works.

What matters, is how many times per second it has to be repeated, not how big the table is.

husycisco Tue, 01/05/2010 - 10:30
User Badges:
  • Gold, 750 points or more

"What matters, is how many times per second it has to be repeated, not how big the table is"

Agreed.


As a conclusion, what model of router do you suggest?

Would like to hear your opinion about the issue linked above, when you have time.


Thanks

paolo bevilacqua Tue, 01/05/2010 - 10:33
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

What BW are getting from ISP?


Also, I recommend you use a L3 switch, not router on the stick.

husycisco Tue, 01/05/2010 - 10:53
User Badges:
  • Gold, 750 points or more

"

Also, I recommend you use a L3 switch, not router on the stick."

This was my very first suggestion, but networks admin before me have already made his wrong choice.


"What BW are getting from ISP?"

20MBit MetroEthernet

paolo bevilacqua Tue, 01/05/2010 - 11:03
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

A very minimum of a 2811, see attached document.


However, it will notbe enought for inter-vlan routing. You need a L3 switch.

An important part of the this profession, is to fix other people mistakes.


Please remember to rate useful posts clicking on the stars below.

husycisco Tue, 01/05/2010 - 13:03
User Badges:
  • Gold, 750 points or more

Thanks for the documentation, however according to it, current 2651XM router suits the needs. But it maxes out CPU.


"An important part of the this profession, is to fix other people mistakes."

Well said m8, but before taking action, you have to succesffuly answer the question of your CEO as follows


"You say that router-on-a-stick design is inappropriate, current Cisco device hits CPU %100. You want me to buy another cisco device (L3 switch). Cisco router 2000$+ , cisco L3 switch 3000$+. Then my dear network admin tell me, in another campus, how can a device called Netasq running on BSD worth 1000$ configured as router-on-a-stick with a 250$ L2 3com switch works flwaless with CPU utilization of %5-%10"

paolo bevilacqua Tue, 01/05/2010 - 16:11
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

On that performances sheet, they use uni-directional traffic, so if you have 20 mbps of bi-directional traffic, that equates to 40.

Then you have to allow some safety margin.


Regarding the device they are using now, try copying an huge file between gigabit-equipped servers on different VLANs. Perhaps, throw some ACL in there too. Compare time to the same copy made between servers in the same vlan.

Then, try having a disk crash on that box and see what you are left with.


And, from what I understand, you may be very well set with a 3560-8PC, less than $1,000 street price.


Anybody can do IT/networking cheaply and creatively. But this forum is titled "NetPro", and as such we try to remain.

milan.kulik Wed, 01/06/2010 - 01:57
User Badges:
  • Red, 2250 points or more

Hi,


what about the new ISR G2 routers?

Don't you have similar table available for them, pls?


BR,

Milan

Jon Marshall Tue, 01/05/2010 - 16:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

husycisco wrote:


"

Also, I recommend you use a L3 switch, not router on the stick."

This was my very first suggestion, but networks admin before me have already made his wrong choice.


"What BW are getting from ISP?"

20MBit MetroEthernet


Apologies for stepping into this discussion but just wanted to point out in case you were unaware that unless the L3 switch is a 6500 you cannot do NAT. Only the 6500 supports NAT so you would still need a router for the NAT or a 6500 but i'm guessing your CEO wouldn't be too impressed with that


Jon

Leo Laohoo Tue, 01/05/2010 - 16:52
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Nearly 20% of all posters are due to issues brought about by McDonald-style design and implementation.  When it comes to network design and implentation, I am a firm believer in the adage "You have three options:  cheap, fast and correctly.  Choose two."

winstonritson Tue, 01/05/2010 - 22:22
User Badges:

Hi Husycisco,


This is a very interesting read.


I have not seen a true answer as to either why the Netasq is either cheap or not doing networking properly.


When balancing the cost effectiveness, the ability to do the job, the ability to support the product and the scalability of the solution. I believe (yes this is a Cisco Support Community - but we are networkers solving problems first and foremost) the Netasq outperforms the Cisco in all the above criteria when related to the tasks you require to be performed on your network and the guidelines you have laid out.


We may fudge here and there but based on your posts you really have no option barring brand loyalty :-)

husycisco Wed, 01/06/2010 - 05:09
User Badges:
  • Gold, 750 points or more

Thanks for the heads up jon, been long time, hope you are doing fine. Winston got what I mean actually. Everyone thanks for your valuable inputs


"

Regarding the device they are using now, try copying an huge file between gigabit-equipped servers on different VLANs. Perhaps, throw some ACL in there too. Compare time to the same copy made between servers in the same vlan.

Then, try having a disk crash on that box and see what you are left with"


This statement moves our discussion to another topic, probably called "Router-on-a-stick. Should we consider doing? or not?". Plus, buffering and queing that occur due to the bad nature of R-O-A-S would most probably take place in RAMs not disks. Anyway whaever happens behind the scenes, I am definitely against router on a stick, I also answer questions here and this is how a NetPro thinks. Lets come to the real discussion, which is "But this forum is titled "NetPro", and as such we try to remain."


Lets forget about the name Netasq, its just another firm like Fortigate or any xxx that runs on top of BSD. It is a matter of BSD versus IOS.

We are a BPL ISP with 1000+ clients. Objective is simple. 32 VLANs sometimes more depending on campus, they all have to be just NATed for Internet connection. No inter-vlan routing required.


BSD does it, price is crap CPU util %5

IOS cant, CPU %100, price is 2K

One Network admin is a CCNP CCSP Netpro. Agrees to pay 2K and no solution.

Other admin is a non-cisco guy. Agrees to pay 1K or less to a BSD platform, and everything works like a charm

Countries import CEOs that are good on savings and can survive in this period of economy.

Unemployment is %10 in USA only


Now as such we try to remain?


If Cisco worked, either better or worse than BSD, I could have said that "This is Cisco, the industry leader with its proprietary Operating system" and earn a point. Its not the discussion of BSD does and IOS is worse, it is BSD does and IOS crashes.


With years of Cisco experience of mine, I dont mind whatever the real answer is, my answer is "This is a bug, should be easily solved"

Jon Marshall Wed, 01/06/2010 - 06:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

husycisco wrote:


Thanks for the heads up jon, been long time, hope you are doing fine. Winston got what I mean actually. Everyone thanks for your valuable inputs


"

Regarding the device they are using now, try copying an huge file between gigabit-equipped servers on different VLANs. Perhaps, throw some ACL in there too. Compare time to the same copy made between servers in the same vlan.

Then, try having a disk crash on that box and see what you are left with"


This statement moves our discussion to another topic, probably called "Router-on-a-stick. Should we consider doing? or not?". Plus, buffering and queing that occur due to the bad nature of R-O-A-S would most probably take place in RAMs not disks. Anyway whaever happens behind the scenes, I am definitely against router on a stick, I also answer questions here and this is how a NetPro thinks. Lets come to the real discussion, which is "But this forum is titled "NetPro", and as such we try to remain."


Lets forget about the name Netasq, its just another firm like Fortigate or any xxx that runs on top of BSD. It is a matter of BSD versus IOS.

We are a BPL ISP with 1000+ clients. Objective is simple. 32 VLANs sometimes more depending on campus, they all have to be just NATed for Internet connection. No inter-vlan routing required.


BSD does it, price is **** CPU util %5

IOS cant, CPU %100, price is 2K

One Network admin is a CCNP CCSP Netpro. Agrees to pay 2K and no solution.

Other admin is a non-cisco guy. Agrees to pay 1K or less to a BSD platform, and everything works like a charm

Countries import CEOs that are good on savings and can survive in this period of economy.

Unemployment is %10 in USA only


Now as such we try to remain?


If Cisco worked, either better or worse than BSD, I could have said that "This is Cisco, the industry leader with its proprietary Operating system" and earn a point. Its not the discussion of BSD does and IOS is worse, it is BSD does and IOS crashes.


With years of Cisco experience of mine, I dont mind whatever the real answer is, my answer is "This is a bug, should be easily solved"


It could be a bug but then again it could just be that the BSD box performs this specific set of tasks more efficiently than a Cisco router. I think that can be a problem on these forums sometimes in that we all work with Cisco and so perhaps unwittingly sometimes are not prepared to be too critical of their products.


Cisco make very good networking products but they are not necessarily the best at what they do nor are they the cheapest. I don't accept the idea that if you use Cisco that is a professional solution but if you use BSD then it isn't. As a network designer i was often having to evaluate Cisco against other vendors and as often as not the other product would be as good if not better in terms of performance/features/cost. Nine times out of ten though we would still go with Cisco for the following reasons -


1) Support within the company - I haven't used Netasq, altho i am familiar with Unix, but adding another vendors box into the mix means additional support overheads.


2) Existing investement - can be a bit of a catch 22 this one but if you have invested in CiscoWorks etc.. for managing your network adding non-Cisco devices can become quite a headache


3) Support from Cisco via TAC, these forums, their website etc. - just the amount of information on their website is very impressive in terms of tech docs for just about any scenario


4) Future proofing - Cisco are not going to fold in the next 12 months, or at least we should all hope not or we will be looking for alternative work That's an important factor to take into account altho obviously this applies to the likes of Juniper etc.


5) Size of network. Last place i worked had over 20000 users spread across the whole of the UK. With this sort of setup introducing a new vendor can be very time consuming. Didn't mean we didn't do it though.


Basically if the device did what we wanted of it we would tend to buy Cisco. If another vendors porducts did the same but had another 10 features, if we didn't need them then it was still Cisco.


But without a doubt Cisco do not make the best of everything. They still cannot, for example, support true clustered firewalls with the best they can do being active/active contexts although this is nowhere near the same. It's just a trade off between functionality and all the other costs involved.


Jon

marikakis Wed, 01/06/2010 - 09:13
User Badges:
  • Gold, 750 points or more

I have followed this discussion almost from the beginning and have managed to say nothing up to the point where I've learned that bugs are so easy to resolve. If that's what you think and you are also worried about unemployement, I have good news for you: Cisco is hiring on this field and takes a reeeaally long time for open positions to disappear from cisco's website. I am currently a student (again) and sometimes worried about how things are going to go in general. Still, I'm not in a hurry to apply to any of those jobs or any other similars elsewhere, because it is a fact of life: People prefer to compare 1000$ to say 3000$, come up with an answer that even my 5-year old niece can figure and play it smart CEOs, than get to work and resolve the bugs! Also, what makes you think that software can solve the issues of the hardware? If hardware limitations exist, software can't play it God!


Life is full of trade-off's and machines/systems are no exception. High performance and many features is a tough thing to accomplish in a system. However, all this will be a thing of the past if I decide to get back to work and finally release my super-fast (and most importantly bug-free ;)) multicore processor messaging library. By the way, why is it that before testing everything works perfectly? For some weird reason everything seems to fall apart when I start testing. I removed some sanity checks to make it faster, so if user isn't careful, my super-fast library crashes reeeally fast!


I would like to thank Jon for capturing some of my thoughts on this one. I am not usually a fan of private companies for various reasons, but I throw an exception for cisco notably because I like the products, the very helpful employees, the wealth of open documentation, and other open activities such as NetPro. I have been a fan of cisco for many years, and although cisco doesn't seem to share my feelings so much, I've learned to live with that! I will just add 2 more things to what Jon said:


1. When we entered 3rd year of technical school (more than 10 years ago), a professor encouraged us to go shopping and we happily went for some shopping therapy bying fun stuff like resistors, capacitors, diodes, cables, etc for the purposes of building a circuit from scratch. We were poor students, so we chose the cheapest tools, and guess what? We endeded up buying the expensive one's as well, because some of the tools were not accurate enough to do work with the thin cables we were using! Cheap can turn into more expensive than the expensive sometimes. Not to mention cheap non-cisco memories, full upgrades of 7500 series because some CEO can't understand that a GSR is needed sometimes, etc.


2. Cisco doesn't really have to resolve the bugs. If we take a look at what cisco is doing lately, it would be better if cisco just bought the NetAsq (or whatever). Some companies exist just for the purpose of being sold in the future you know. In this case, if your machine has issues, you could still open a discussion here, instead of trying to find the cost-free NetAsq Support Community!


3. (ok there is a third one as well) If the decision on this one is so obvious and easy, why don't you just buy the non-cisco device and end of the story?

paolo bevilacqua Wed, 01/06/2010 - 10:19
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Some companies exist just for the purpose of being sold in the future you know


You know too much by now Maria. Watch out for white vans around you live.

marikakis Thu, 01/07/2010 - 04:28
User Badges:
  • Gold, 750 points or more

Hi Paolo,


Before I seriously ask for your protection services, and since you have been a Technical Marketing Engineer, could you please enlighten us on what the following press release means?


http://www.business-standard.com/india/news/airbus-arm-starts-india-operations/378475/

[December  4, 2009, 0:18 IST ... "We aim to capture the network security market with aggressive marketing and brand visibility techniques,” Dominique Meurisse, executive vice-president (sales and marketing), NetASQ, told reporters.]


How would you define "aggressive marketing and brand visibility techniques"?


Kind Regards,

Maria

paolo bevilacqua Thu, 01/07/2010 - 09:28
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

How would you define "aggressive marketing and brand visibility techniques"?


AdWords and pray.

Leo Laohoo Thu, 01/07/2010 - 13:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless


How would you define "aggressive marketing and brand visibility techniques"?



Mudslinging, economic sabotage, blackmail, intimidation, buy-out, "payola" (aka the "Intel" way).  This are the things I can come up with which falls in the Terms of Condition with the forum. 

marikakis Thu, 01/07/2010 - 13:33
User Badges:
  • Gold, 750 points or more

Thanks for your replies.


Leo, it's interesting that you mentioned the CSC Acceptable Use Agreement. For some reason I have been reading it today. However, I was more focusing on article 5 (rather than the 2b you were probably referring to ).


5.    Transfers/Competitive Use. [...] You may not use the Site or the Services to advertise, promote, endorse or market, directly or indirectly, any products, services, solutions or other technologies that, in Cisco’s sole and absolute discretion, compete with the products, services, solutions or technologies of Cisco.


However, I am not Cisco and cannot know what "Cisco’s sole and absolute discretion" is!

Jon Marshall Thu, 01/07/2010 - 13:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

marikakis wrote:


Thanks for your replies.


Leo, it's interesting that you mentioned the CSC Acceptable Use Agreement. For some reason I have been reading it today. However, I was more focusing on article 5 (rather than the 2b you were probably referring to ).


5.    Transfers/Competitive Use. [...] You may not use the Site or the Services to advertise, promote, endorse or market, directly or indirectly, any products, services, solutions or other technologies that, in Cisco’s sole and absolute discretion, compete with the products, services, solutions or technologies of Cisco.


However, I am not Cisco and cannot know what "Cisco’s sole and absolute discretion" is!


Now that is interesting, especially the words promote and endorse. I wasn't aware of this, better be careful what we say


Jon

Leo Laohoo Thu, 01/07/2010 - 13:50
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

So does this mean that:


a.  I can have an abusive opinion of products other than Cisco?  (Yipee-ka-ya!)
b.  This post is invalid because it's an "discussion" about a product other than Cisco?

marikakis Thu, 01/07/2010 - 14:42
User Badges:
  • Gold, 750 points or more

a. Yes, you can say anything you like about Internet ExploDer!

b. We could ask Dan, but, in any case, I think cisco is a cool giant. By the way, did you read about the latest acquisition of cisco? The news was released in google finance perhaps at approximately the time I was suggesting about something like that happening. I can assure you I had no inside information!


Anyway, I think most of us were luckily cisco-biased enough to avoid the lawsuit!


p.s. You also got points in this thread (mostly from me), so let's keep this thread a secret! If Dan makes it disappear, you will lose your points!

Leo Laohoo Sat, 01/09/2010 - 20:15
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Thanks Mari.

Leo Laohoo Wed, 01/06/2010 - 13:15
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

I'm sure your CIO knows more than you.  He should.  But how about asking someone to support something they are not familiar with?  Will they provide technical training?  How about time to "get to know" the product, functions, quirks and pitfalls?  How about the documentations?  What about warranties?  When it comes to IT products it's you-get-what-you-paid-for ... Microsoft is an exception to the rule.


Don't rock the boat, in my humble opinion.  If your boss tells you to make a recommendation, make one with the product of their choice and add two more.  List the pros and cons about it and let them soft it out.  When they buy the product of their choosing and it fails, step back and watch the spectacular fireworks as they go off.  7 out of 10 when someone-who's-got-no-idea making the decision someone pays double (or more) just to correct it. 

Leo Laohoo Sat, 01/09/2010 - 20:14
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Take me for example.  A few months ago, our team were asked to design the LAN/WAN for a new building.  Fair enough.  We designed one based on what was required and price.  We submitted the design and quote for the equipments and didn't hear from upper management for a few weeks.


Next thing we know I get a call and was told to receive equipments for the project.  Okey dokey.  When I saw the delivery docket, my jaw dropped.  All the equipments arrived were the wrong models:  The ones that arrived where a few notches down.  We designed the LAN to be able to do QoS and we got ones that WOULDN'T do QoS.  We designed the LAN to require PoE and we got switches that can only do 8 ports PoE.


How did this happen?  Apparently, someone from the food chain decided otherwise.  The retard asked the authorized Cisco reseller for the cheapest price for the particular model and got it.  This soon-to-be-deceased person didn't go through the requirement and didn't go through the proper channel and ordered me 50 units of useless equipments.   Come Monday morning, I'm taking one of the useless equipments out of the box, walk over to his office and [email protected] out of him.


(Okey, okey, okey.  I promised my parole officer to calm down.  I'll just gingerly walk over to his office and spike his coffee with ex-Lax!)


It all boils down to someone who can't tell the difference between a loaf of bread and a fried chicked was asked to do a job outside his IQ range.  Price has got nothing to do with this.  There are things FreeBSD can do and Cisco can't.  But there are things Cisco can do that FreeBSD can't.  But when things starts falling apart, you reap what you sow.

marikakis Sun, 01/10/2010 - 00:26
User Badges:
  • Gold, 750 points or more

Leo, you are probably right that price has nothing to do with the answer to the question which device can do NAT better. Still, I do not see any reason why IOS cannot do NAT from an operating system perspective. First of all, it obviously can, since it does it. Second, it's not like I've put IOS in my notebook and try to use it to post to this forum. [My notebook came with XP (hehe). Could have been Vista, but in my country we say 'ta vista svista', which means 'erase the vista' (hehe). I also have ubuntu installed, but honestly I use any OS that fits purpose, no problem with that (hehe), although I might have preferred the IOS look and feel (hehe)]. I tend to agree with Peter's original post on this point. That is, this is a matter of hardware and not software. Bugs are part of the ecosystem, but, assuming an ideal world without cockroaches, a high performance CPU, caches, plenty of memory, high performance bus or even switched internal interconnect are hard(ware) things to beat, no matter which operating system you are using. My notebook might do NAT better than an old cisco device model and costs less than 400 euros. I think this is an unfair comparison since hardware technology evolves (when also boosted by wide audience sales) and the expensive coolest device of the present becomes the legacy thing of the future (that's why I don't have cool gadgets). Also, what kind of OS you put in an embedded device depends on many factors. We had VxWorks (or even no OS), then embedded Linux came. But then again, it all comes down back to price and not OS quality, and we wanted to avoid the price discussion.


By the way, why do you people still do NAT? In Networkers 2008 I've heard IPv6 is a necessity because we are running out of addresses. In 2009 they pushed it a little bit and said that if you want to stay within competition, offer new services, generate revenue, etc (always nice to hear this kind of stuff, very entertaining) in this financial situation, you must go with IPv6. I guess this year they will say that you either do IPv6 or die. I always love it when people are trying to sell stuff to me. They make me feel a real consumer and I was having some doubts about this aspect of my personality.

glennbronson Wed, 01/11/2012 - 14:49
User Badges:

Does anyone know how many simultaneous nat translations a low end device such as a Cisco RV016 supports?

I know this is a low end device but I see no reason that with a typical allocaiton of  220 bytes per entry and modern CPU's that this RV016 could not support 500 to 1000 easily.


http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/792_pp.htm#wp39411


Any reasonable device should support 500 to 1000. I believe a linux box would do it effortlessly up to 100Mbits/second but I would prefer a cisco router.


Am I way off on this?

paolo bevilacqua Wed, 01/11/2012 - 15:31
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

RV routers are not true Cisco routers, try asking in "small business - routers".

Actions

This Discussion