Capacity Planning / Right Sizing

Unanswered Question
Jun 10th, 2010

Perimeter Router Capacity Planning:

i have some difficulty in capacity planning, or right sizing a perimeter router and a firewall,  yes we do have the recommendations from cisco, that a 1841 or a 2801 are  designed for 1 T1/E1 link, the fact is these are expensive(from a third  world country's prospect) routers and in this age of broadband we do  have circuits in the multiples of E1/T1 how far can we push these  routers in terms of bandwidth, i can understand that this depends  heavily on the feature set enabled on the device but could never get a  clear picture, kindly shed some light on the topic.

Perimeter Firewall:
The Firewall is a mystical device the smallest of them like ASA 5505  have 150Mbps of throughput but does that mean i can use it for a 30+  Mbps circuit i guess no, but why??, that is what i don't know.

Last One:
One last question which might sound stupid, but again to much  networking would never be enough, i can never understand the case for a 1  Gbps access ports for an average enterprise user, Gigabit switches at  access layer are quite expensive when compared to their Fast Ethernet  counterparts, when is it must to have a Gigabit switch in your access  layer.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Thu, 06/10/2010 - 06:43

Hello Ashar,

1)  common in the forums there is a datasheet about router performance I've attached it (it may not be the last version)

2) you should be fine with ASA 5505

3) it is clearly a marketing question as you have understood since PC NICs can negotiate at 1000 Mbps giving them a GE port make happy users and PC support people that otherwise will blame the network (there is people that says they see the difference in opening a remote desktop session between having an FE or GE speed let them with their ideas)

Hope to help


asharkhalid Thu, 06/10/2010 - 22:21


(1) I have seen the performance sheet earlier, this is my concern if you can see that 2801 is a 48.0 Mbps Router, then why cisco recommends to not exceed 1 T1/E1 Bandwidth, ISR series comprises of a complex data plane may be in a worst case scenario when you have lots of ACL's and NAT sessions or a statefull firewall enabled in that case may be a circuit greater than 2 Mbps might over utilize the control plane, but im still confused.

You guys have seen these routers in production environments, what is the maximum bandwidth you have seen terminated on a 1841 or 2801 ISR router.

(2) Are you sure a 30+ Mbps internet circuit will not over subscribe ASA 5505, if thats the case then about 75 % of SMB market in a third world country can survive on a 5505.

bgandhi Fri, 06/11/2010 - 00:07


The perfomance captured is on pure IP traffic processed by the router without any QoS, Encryption or VoIP deployed. Once you enable those services the router performance would be restricted to the mentioned capacity by Cisco. If it is normal trafic without any of the above services, the only deciding factor is packet size. larger the packet size better is the performance privided router does not get involved into fragmentation. Best way to decide on the router capacity is to analyze traffic it is going to handle.

Hope it would give some clarity.



Giuseppe Larosa Sun, 06/13/2010 - 05:08

Hello Ashar,


the ASA 5505 declared performance is reported in table1 of the following link and it should be able to handle 30 Mbps of traffic

the real question is that ASA has not WAN interface option

1) it depends on what you configure in your device if all the hard stuff is done on ASA and you just use ACLs to protect the router itself you can go above a T1 speed.

As you noted it all depends on what features are enabled

Hope to help


Mohamed Sobair Sun, 06/13/2010 - 05:29


1- To choose the right router depends on the following:

a) the right CPU and memory required.

b) feature set

c) total throughput.

d) Type of interfaces and if its modular or Not

all of the above will be based on the  Fetures need to be set on the routers and the configuration required.

2- To choose the right firewall, there are multiple factors needs to be considered as bellow:

a- Total throughput.

b- Total number of Site to Site VPNs.

c- Total VPN throghput.

d- Maximum Interfaces.

e- High Availability support.

f- Total number of concurrent VPN connections (Easy VPN).

... etc , please check thebellow link for ASA model comparison:

3- Depends on type of interfaces for the Server farm Zone at the access layer (If you have), it also depends on the Switch fabric . and I think its must if you have Gig speed servers (Application servers) with high speed that users will be accessed , this increases performance , average throughput.




This Discussion