Firewall Wizards mailing list archives

Re: Cisco 2621 opinions

From: Brian Ford <brford () cisco com>
Date: Tue, 16 Jul 2002 13:29:15 -0400

Patrick,

I would disagree with your assessment of an "extensive rule set". The IOSFirewall is completely Stateful for TCP; builds state for UDP connections;offers all the IOS ACLs (Standard, Extended, Reflexive, Dynamic and Time ofDay); as well as ICMP filtering. You have extensive IOS Syslogcapabilities. You have access to all the IOS QOS mechanisms. If you arereasonable in your use of the state mechanisms you can usually achieve (atleast a little) better performance. So you balance the use of traditionalACLs and IP audit capability.

I've found that 3 Mbps throughput is usually fine considering that's usinga router between a T-1 line and an Ethernet network. No?

If you had multiple serial connections coming in or if this were anEthernet to Ethernet connection you could look at the 2651 or the 3600s.


Liberty for All,

Brian

At 12:00 PM 7/16/2002 -0400, you wrote:

Date: Mon, 15 Jul 2002 11:12:47 -0400 (EDT)
From: Patrick Darden <darden () armc org>
To: firewall-wizards () nfr net
Subject: Re: [fw-wiz] Cisco 2621 opinions

Joe,

The 2621 series can handle, in fast-switching mode, 25kpps.  If simple
packet filtering is in place, half that.  If you are using IPFW IOS then
half that.  If you are using extensive rule sets, then half that.

Let's say you get about 6kpps.  A standard packet is 64 bytes, so
6000X64==384KBps.  This is equivalent to 3mbps.  Not even ethernet speed.
And this is without an extensive rule set.

Even with no filtering, max routing in fast-switching mode is about
12mbps.  With CBAC and extensive lists, this could go down to 1.5mpbs.

ymmv.

--
--Patrick Darden                Internetworking Manager
--                              706.475.3312    darden () armc org
--                              Athens Regional Medical Center


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Cisco 2621 opinions, (continued)
- Re: Cisco 2621 opinions John Adams (Jul 13)
  - Re: Cisco 2621 opinions Nick Drage (Jul 15)
    - Re: Cisco 2621 opinions Charles W. Swiger (Jul 15)
    - Re: Cisco 2621 opinions Patrick M. Hausen (Jul 16)
- Re: Cisco 2621 opinions Patrick Darden (Jul 15)
- RE: Cisco 2621 opinions Henry Sieff (Jul 13)
- RE: Cisco 2621 opinions Kent, Ashley (Jul 15)
- RE: Cisco 2621 opinions Brian Ford (Jul 15)
- RE: Cisco 2621 opinions Iannaccone, Al (Jul 15)
- Re: Cisco 2621 opinions Patrick Darden (Jul 15)
- Re: Cisco 2621 opinions Brian Ford (Jul 16)
  - Re: Cisco 2621 opinions Patrick Darden (Jul 16)
  - Re: Cisco 2621 opinions Carson Gaspar (Jul 16)