Justin W. Newton writes:
>>
>>FWIW, even with a thousand very busy modems, I'm pretty sure that even a
>>small cisco is up to the job. They just don't generate all that much
traffic.
>
>Could be, although I'd want to see this before I bet the farm on it.
>I'm not sure how efficient crisco's filtering algorithm is...
I have found that 2500's do not have the processor for even basic filtering
when sitting in front of several hundred modems. 4700's on the other hand
(and 7200's) have the ability to handle the job with little difficulty.
Really? Is there something special about 2500s as compared to AGSes? Alec
pointed out to me that my numbers were a bit off, but they're not off by
that much. How much traffic was there on the 2500 that you were trying to
use for filtering? And how many ports were in use?
FWIW, in terms of low-cost solutions, 4000s and 4500s may still be available,
and I think the 4000 has the same CPU as an AGS (25MHz 68040) though I might
be misremembering. I'm sure the 4500 is plenty- it's got a 100MHz MIPS chip
(from IDT, I think).
/a
> I have found that 2500's do not have the processor for even basic filtering
> when sitting in front of several hundred modems. 4700's on the other hand
> (and 7200's) have the ability to handle the job with little difficulty.
Really? Is there something special about 2500s as compared to AGSes? Alec
pointed out to me that my numbers were a bit off, but they're not off by
that much. How much traffic was there on the 2500 that you were trying to
use for filtering? And how many ports were in use?
I'm a small enough site to provide some numbers on 2500s. My border
router is a 2514; it checks every incoming packet to be sure the
packet doesn't claim to be from my address space, and to be sure they
_are_ from my address space, it checks every outgoing packet twice[*],
once coming into the router and again on the way out. Awhile ago
the 5-minute average input data rate was sitting at 230 Kbps and the
5-minute cpu utilization at 25%.
This router also filters all the incoming packets again as they leave
out an enet port or the second serial (T1) port. Some packets go
through a lot of other filter steps before hitting a rule allowing
them into or out of the router. Adding all this filtering doesn't
seem to have affected the cpu utilization a whole lot, although it's
been a long time since I had all filtering turned off.
[*] Filtering twice lets me delete and rewrite one filter while still
being shielded by the other. Ok, so I waste a lot of cpu - that's
part of the point: it's a mere 2500, but I have all this cpu to spare.
230 Kbps isn't much, but it's enough to ssuggest I'm going to run out
of T1 before I run out of cpu.