|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: FW: your mail
> > > I have listened to their seminar about this... As the simple L5 firewall
> > > it's not bad, through it realise the fixed set of ruls and defends your
> > > from the simple SMTP attacks only. But anyway, IOS FW is just what 90% of
> > > the customers need...
> >
> > How would IOS FW perform on Cisco 7x00-class equipment with 100M-to-Gigabit
> > traffic ?
>
> Umm... Very poorly.
At the low end it's acceptable. Gigabit traffic sucks on 7500 series
routers even without any kind of filtering.
The 7000-series routers, if they have an SSE, will do standard and
extended access lists in the switch engine. Now, given the
limitations of CX-FEIP-2TX boards (the only faste boards that will
work in a non-RSP 7000), you are lucky to get 70 mbit/sec through
that. If you have fddi, you can get most of the way to 100 mbit/sec
one way (the CX-FIP cards, which are the only FDDIs that work in a
7000, won't do full-duplex).
The 7500-series routers, you really want to get a VIP2-50 rather than
a 2-40 or lower if you're going to be doing filtering on the linecard.
You can load the fast ethernets up just fine there.
400 mbit/sec seems to be the upper limit of the currently shipping
generation of gigE cards for the 7500 series.
Hope this helps (and standing by for corrections from the #cisco IRC mafia...)
---Rob
|