i have some difficulty in capacity planning, or right sizing a perimeter router and a firewall, yes we do have the recommendations from cisco, that a 1841 or a 2801 are designed for 1 T1/E1 link, the fact is these are expensive(from a third world country's prospect) routers and in this age of broadband we do have circuits in the multiples of E1/T1 how far can we push these routers in terms of bandwidth, i can understand that this depends heavily on the feature set enabled on the device but could never get a clear picture, kindly shed some light on the topic.
Perimeter Firewall: The Firewall is a mystical device the smallest of them like ASA 5505 have 150Mbps of throughput but does that mean i can use it for a 30+ Mbps circuit i guess no, but why??, that is what i don't know.
Last One: One last question which might sound stupid, but again to much networking would never be enough, i can never understand the case for a 1 Gbps access ports for an average enterprise user, Gigabit switches at access layer are quite expensive when compared to their Fast Ethernet counterparts, when is it must to have a Gigabit switch in your access layer.
1) common in the forums there is a datasheet about router performance I've attached it (it may not be the last version)
2) you should be fine with ASA 5505
3) it is clearly a marketing question as you have understood since PC NICs can negotiate at 1000 Mbps giving them a GE port make happy users and PC support people that otherwise will blame the network (there is people that says they see the difference in opening a remote desktop session between having an FE or GE speed let them with their ideas)
(1) I have seen the performance sheet earlier, this is my concern if you can see that 2801 is a 48.0 Mbps Router, then why cisco recommends to not exceed 1 T1/E1 Bandwidth, ISR series comprises of a complex data plane may be in a worst case scenario when you have lots of ACL's and NAT sessions or a statefull firewall enabled in that case may be a circuit greater than 2 Mbps might over utilize the control plane, but im still confused.
You guys have seen these routers in production environments, what is the maximum bandwidth you have seen terminated on a 1841 or 2801 ISR router.
(2) Are you sure a 30+ Mbps internet circuit will not over subscribe ASA 5505, if thats the case then about 75 % of SMB market in a third world country can survive on a 5505.
The perfomance captured is on pure IP traffic processed by the router without any QoS, Encryption or VoIP deployed. Once you enable those services the router performance would be restricted to the mentioned capacity by Cisco. If it is normal trafic without any of the above services, the only deciding factor is packet size. larger the packet size better is the performance privided router does not get involved into fragmentation. Best way to decide on the router capacity is to analyze traffic it is going to handle.
3- Depends on type of interfaces for the Server farm Zone at the access layer (If you have), it also depends on the Switch fabric . and I think its must if you have Gig speed servers (Application servers) with high speed that users will be accessed , this increases performance , average throughput.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...