cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3111
Views
40
Helpful
14
Replies

Small Branch Equipment Question

Patrick McHenry
Level 3
Level 3

HI,

A small remote site is going to need a dedicated 10mb connection to our Main Campus. Probably an 10mb ELAN connection(not decided as of yet). The site will be small - no bigger than 2500 sq feet with small walls possibly. Only one VLAN will be needed and we won't need any voice applications or back-up WAN ports. The site will provide connectivity for approximately 15 people. I've been looking at the 800 series routers for a solution. Do you think the 860 with the built-in 802.11 AP will suffice? I have a couple of concerns:

Does the 860 have CLI management?

Will I be able to create a secure, encrypted tunnel between the 860 and a 2811 router on our Main Campus side? The 2811 has a 10mb ELAN secure tunnel on one interface already. I will purchase another interface card for this new, remote site VPN connection

Will the built-in AP give me coverage for the sq footage? I understand that there are extenuating circumstances to be concidered but, generally speaking?

From the video spec I viewed, the presenter said it had "basic security". What does that actually mean? This concerns me, as I want to built a secure WAN connection.

Finally, does the 800 series fit this application or are there other Cisco products I should consider?

Thanks, Pat.

1 Accepted Solution

Accepted Solutions

After looking at the doc you provided, I understand that if I get an 881, the max speed I can expect, according to this test, is 25.60 mbs, expressed in half - duplex. So, that means at full duplex I am looking at 12.30 mbs? Then, if I add encryption, I could be looking at 6 or 7 mbs. The doc says that these rate are based on a 64 byte packet size and

Joseph said that "real" traffic performance is usually higher as I assume normally packet size is bigger. The big question is, if I have a 881 router connected to a 50 mbs Internet connection, am I wasting my money paying this speed - meaning if I can only get 6 or 7 mbs (probably higher with "real" traffic), I'm only using 6 or 7 mbs of the 50 mbs pipe? I might as well have a 10 mbs pipe. Or bump up to a higher end router.

Hi Patrick,

You're getting the hang of this.

Yes, you are right with your understanding.

If you are using an 880 ISR G2 then purchasing a 50 Mbps pipe is a waste of your money because the 880 can't push beyond 7 Mbps.

Like any mobile phone plans, upgrading your pipe is easy.  The difficult bit is the appliance because you can't "change" it willy-nilly.

My opinion is to get a router that can support 50 Mbps pipe (or more). 

View solution in original post

14 Replies 14

Gautam Renjen
Cisco Employee
Cisco Employee

Hi Patrick,

Does the 860 have CLI management?

--> Yes

Will  I be able to create a secure, encrypted tunnel between the 860 and a  2811 router on our Main Campus side? The 2811 has a 10mb ELAN secure  tunnel on one interface already. I will purchase another interface card  for this new, remote site VPN connection

--> Yes it supports IPSEC tunnels and you'll not only be able to create a point-to-point tunnel, but can also configure Easy VPN tunnels for a few employees who would need access to corporate resources from home etc.

Will  the built-in AP give me coverage for the sq footage? I understand that  there are extenuating circumstances to be concidered but, generally  speaking?

---> If located at a high point and central, it should be able to manage, but i'm not wireless expert, so you should get this confirmed. Also, cisco APs have transmit power settings and i think you can boost up the power in dB.

From  the video spec I viewed, the presenter said it had "basic security".  What does that actually mean? This concerns me, as I want to built a  secure WAN connection.

--> You'll be able to build the tunnel. It would have many advanced level tunneling modes probably like GET VPN DMVPN etc.

Finally, does the 800 series fit this application or are there other Cisco products I should consider?

---> the 861W doesn't have detachable antennas. So incase you think the router will be located at one end of the office and won't be able to cover the area, then you might consider 881W or higher maybe 1800 / 1900 series, where they have detachable antennas with RP-BNC connectors. Other than that, i don't think you should expect much bandwidth capacity from 800 series routers specially when either the users are more or bandwidth goes up. IT will just about fit the requirement if you're not looking to expand / increase capacity of either workers or usage. Else, you might want to consider 1900s.

Leo Laohoo
Hall of Fame
Hall of Fame

A small remote site is going to need a dedicated 10mb connection to our Main Campus. Probably an 10mb ELAN connection(not decided as of yet).

Do you think the 860 with the built-in 802.11 AP will suffice?

860 on a 10 Mbps link?  No it won't.  With CEF enabled, the 860 is rated at 12.80 Mbps.  The value is expressed in HALF duplex and without any encryption.  So at full duplex, the 860 can support up to 6.4 Mbps.   Throw in encryption and the value drops to about 3.5 Mbps.

For 10 Mbps (full duplex and with encryption), and no plans of upgrading to a higher bandwidth, you should be looking at a minimum of the 890.

Next, WAP.  Depends WHERE the 860 will be sitting.  Most of the time, these routers sit in a far corner.  Worst case, these routers sit INSIDE a metal cage.  With this scenario, a metal cage and/or in a far corner renders your wireless USELESS.

Router Performance

Will I be able to create a secure, encrypted tunnel between the 860 and a 2811 router on our Main Campus side? The 2811 has a 10mb ELAN secure tunnel on one interface already. I will purchase another interface card for this new, remote site VPN connection

You can create a GRE tunnel.  Both the 2811 and 890 can support GRE if you have the correct IOS feature set installed.

Will the built-in AP give me coverage for the sq footage? I understand that there are extenuating circumstances to be concidered but, generally speaking?

Alot of factors affect the way the wireless signal propagates in a physical environment.  They are:

1.  Type of radio use (whether or not you are using 802.11a/b);

2.  Number and intensity of wireless interference from neighboring WAPs and other radio interferrers (like microwave ovens, bluetooth, radar, etc.);

3.  Location of the WAP;

4.  Obstacles between the WAP and the client; and

5.  Number of clients per WAP.

so Leo,

Is a difference between the fastethernet interfaces on an 860 and a 2811? I've created a 10mb, encrypted connection through the WAN with 2811s on either side. Or, are you just getting specific with the actually speeds that I will achieve between the two?

Thanks, Pat.

Hi Patrick,

You can create an encrypted connection with an 860.  There's no issue there.  The issue happens when you attempt to push >4 Mbps through as the 860 won't be able to push data beyond 3.5 Mbps speed.

Thanks for the response.

When you say  issue, do you mean I won't achieve the rates I want but, it will still work or are you saying it won't work at all?

Thanks, Pat.

What I'm saying is that if there's too much traffic then the router may not handle properly.  What the router can't push down the pipe due to high CPU the router will put unsent data into the buffer.  The buffer, unfortunately, is not unlimited.  Once this gets full, it starts dropping packets.

Next thing you'll know you'll be getting calls saying the network is slow.  And it's because the router can't handle too much traffic.

Leo,

Thanks for the info. Could you please provide me with a doc on the topic of specific models and the bandwidth capabilities. I'm wondering if any slow downs that we have at our remote sites could be related to this.

Are the 2811s suited for a true encrypted 10mb circuit? And if we upgrade our WAN circuits to 100mb, will they be able to support that?

The product data video is kind of misleading on the 861. Is this device intended more for a Internet WAN connection rather than a dedicated WAN connection?

Thanks, Pat.

Thanks for the info. Could you please provide me with a doc on the topic of specific models and the bandwidth capabilities. I'm wondering if any slow downs that we have at our remote sites could be related to this.

I already did.  One of my response is an HTML link to "Router Performance".  Click on that and you should find a PDF file.

Leo, I find the rates a little confusing. If the 860 FE interface is rated at 12.80 and is expressed as half duplex. wouldn't it be able to handle 25.6 mbs at full duplex?

Thanks, Pat.

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Actually the 860 is rated at 25 Kpps, and "Mbps calculated by pps * 64bytes * 8bits/byte", which is how 12.8 Mbps is derived.  Since this is the total forwarding performance for all traffic passing through the router, you may split this up as you desire.  For duplex, and equal volume in each direction, this would allow about 6.4 Mbps, but you could also have 10 Mbps in one direction and 2.8 Mbps in the reverse direction, etc.

Normally "real" traffic isn't all 64 bytes per packet, so "real" traffic performance is usually higher.  NB: you can't usually use the minimal packet size PPS rating for larger packets, as the device's PPS rating often decreases with larger packets.  The vendor needs to document PPS for various packets sizes or you need to test the platform yourself.

An example of (Cisco) vendor documentation for different packet sizes:

http://www.cisco.com/en/US/products/hw/modules/ps2643/products_white_paper09186a0080091db8.shtml

Leo, I find the rates a little confusing. If the 860 FE interface is rated at 12.80 and is expressed as half duplex. wouldn't it be able to handle 25.6 mbs at full duplex?

12.80 Mbps at half duplex.  This means if you want full dupex you have to HALVE the value.  So it's 6.40 Mbps.

Old question that I need to rehash.

After looking at the doc you provided, I understand that if I get an 881, the max speed I can expect, according to this test, is 25.60 mbs, expressed in half - duplex. So, that means at full duplex I am looking at 12.30 mbs? Then, if I add encryption, I could be looking at 6 or 7 mbs. The doc says that these rate are based on a 64 byte packet size and

Joseph said that "real" traffic performance is usually higher as I assume normally packet size is bigger. The big question is, if I have a 881 router connected to a 50 mbs Internet connection, am I wasting my money paying this speed - meaning if I can only get 6 or 7 mbs (probably higher with "real" traffic), I'm only using 6 or 7 mbs of the 50 mbs pipe? I might as well have a 10 mbs pipe. Or bump up to a higher end router.

Thanks, Pat.

After looking at the doc you provided, I understand that if I get an 881, the max speed I can expect, according to this test, is 25.60 mbs, expressed in half - duplex. So, that means at full duplex I am looking at 12.30 mbs? Then, if I add encryption, I could be looking at 6 or 7 mbs. The doc says that these rate are based on a 64 byte packet size and

Joseph said that "real" traffic performance is usually higher as I assume normally packet size is bigger. The big question is, if I have a 881 router connected to a 50 mbs Internet connection, am I wasting my money paying this speed - meaning if I can only get 6 or 7 mbs (probably higher with "real" traffic), I'm only using 6 or 7 mbs of the 50 mbs pipe? I might as well have a 10 mbs pipe. Or bump up to a higher end router.

Hi Patrick,

You're getting the hang of this.

Yes, you are right with your understanding.

If you are using an 880 ISR G2 then purchasing a 50 Mbps pipe is a waste of your money because the 880 can't push beyond 7 Mbps.

Like any mobile phone plans, upgrading your pipe is easy.  The difficult bit is the appliance because you can't "change" it willy-nilly.

My opinion is to get a router that can support 50 Mbps pipe (or more). 

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

I've attached a newer Cisco document that describes performance under different situations for the later ISRs.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco