Core Router Solution

Hey guys,

I'm seeking a core router solution that will work with a Dell N-Series network with a working core/distro to a access layer topology. Been looking around and I'm curious if anyone has working knowledge of a Cisco ISR 4331. Want to move toward a more capable core router vs a ISP CSU router.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

DPG

What are you using now?

Deathmage

a next generation firewall behind a consumer ISP-grade cable modem/router.

TWX

What are your throughput requirements, and do you need features like network address translation?

Deathmage

Our throughput would need to be 100 Mbit (but gigabit will suffice) and yes NAT would be nice, moreso PAT since our block is used by multiple WAN assets so PAT is essential. Our IP pipe is 75 by 25.

TWX

I guess the only thing that I can really suggest is that you weigh the service-life of the device against the desire to go to more bandwidth during that service-life. Just as an example from my realm, if I'm currently using gigabit links betwen my telecom closets I can either buy switches that have 1G SFP sockets or I can but switches with 10G SFP+ sockets that are backward-compatible with 1G SFPs. If I buy the former I am maxed-out on capability and will have to replace chassis upon chassis to go faster than 4G (4x1G actually) assuming that I have the fiber plant to support it. If I go the latter route I can use inexpensive 1G optics now, and replace those optics with 10G SFP+ optics when the need to go 10G exists.

From a core L3 perspective, I can buy Catalyst 4500-X L3 switches for $48,000 that are SFP+ and can do 10G max, or I can buy Catalyst 3850 L3 switches for $58,000 that have 40G QSFP uplinks, so I can do 10G campus distribution and 40G or fraction-of-40G uplinks to the WAN, even if for the moment I only do 10G to the WAN.

Consider the stated bandwidth through the switch and if that will be limiting to you five years from now. You might want to step-up a device if that's a concern.

Deathmage

Recently in our next big upgrade last week we ordered two Dell N-Series 4000's with dual 10G EC's between them both (on top of another +1 to the VMware cluster), they can sustain 4 SFP's with a max of 10G per SPF port with a 1.2 TBps backplane. The ones we have on order have 4 GB's of RAM and a Quad core CPU. They cost $5600 dollars each and support a large number of the Cisco features like they work great with CDP just like the other in the N-series. Hence why I love them the CLI flows between Cisco to Dell command line.

Right now our Core/Distro layer is two N-Series 3000's with Dual 10G's to the access layers (with triple 10GB's from the distro's to the new core), those have 260 GBps backplanes. Some may be asking why we need all this network brawn and that's our 2017 goals, so I'd really like to devote 2016 to design considering I need to learn vCloud Director in 2016, lol!!!!

Our Access layer is N-Series 2000's which have a 228 GBps backplane with 4 GB's of RAM and Dual Cores, and they are using Cat5e EC's to IDF's inside of the STP tree but all of them have 4 SPF's that support 10G SFP's.

Basically I'm going to start needing to do MLPS over VPN by the end of 2016 for 1500+ mile remote locations so I can't really see myself investing into a 50k router per site so the Cisco ISR 4331 felt feature rich while affordable, as for the WAN pipe 1G will suffice for a while since we use Terminal Services and the compression ratio on the session packets are much smaller than normal traffic over the wire. It's really the internal traffic that needs the speed, since the WAN is just mouse clicks and screen refreshes. However I do need to consider 2017 since were moving towards a vCloud Director cluster.

But without a doubt before the 3Q of 2016 our consumer router will no longer be up to the task, it just doesn't manage traffic very well.

Priston

Compare Models - Cisco
If you need 1G then maybe look at the 4431 or 4451

pevangel

Have you looked at the Juniper SRX? The flexibility and performance is great and it's inexpensive. You can run two as a cluster for high-availability.

Deathmage

pevangel wrote: »

Have you looked at the Juniper SRX? The flexibility and performance is great and it's inexpensive. You can run two as a cluster for high-availability.

My brain is already running in numerous directions with VMware, Microsoft Servers, and Dell Networking by day, and now the prospect of Cisco. While by play I do VMware, Microsoft, Cisco, HP, Netgear, Dell, QNAP, Sonicwall, Linux, and Pen Testing so sure why not add on Juniper.

Sleep is overrated....

Deathmage

Whelp I got approval for the remote site's network upgrades!!!!!

1 x Sonicwall NSA 250 M Firewall
1 x Cisco 1921 (core) - ISP CSU replacement
2 x Cisco 3750X with Dual 10G fiber (core)
2 x Cisco 3750E's with Dual 10G fiber (distro)
4 x Cisco 2960G's (access [stack])

kind of excited to implement it all, in a production environment, hope all this labbing at home pays off!!!!

TWX

Cool stuff. You got a map of how you're going to lay it out?

I'm so used to what Cisco would call a branch office with a single L3 switch distributing to numerous closets for access that I'd like to see how it's approached for other installations.

Deathmage

3 of the 2960G's are IDF's and one is with the core/Distro.

However the 2960's all have bonded quad cat5e connections to the distro. They are all mostly 195 ft from the main closet.