Options
Router Performance
mikem2te
Member Posts: 407
in CCNA & CCENT
Hi guys,
I have been benchmarking one of my routers when using various security features. Might be of interest to some of you.
I have put the results here-
A brief history of...: 2801 Router Performance
I have been benchmarking one of my routers when using various security features. Might be of interest to some of you.
I have put the results here-
A brief history of...: 2801 Router Performance
Blog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route
Comments
-
Optionstiersten Member Posts: 4,505Interesting to see it all laid out like that. Thanks for sharing!
I guess the moral of the story is that you should buy an IPS box or NM and an ASA if you want firewall -
OptionsAPA Member Posts: 959Nice work
Tiersten...I believe you hit the nail smack bang on the head...
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
Optionsmikem2te Member Posts: 407Interesting to see it all laid out like that. Thanks for sharing!
I guess the moral of the story is that you should buy an IPS box or NM and an ASA if you want firewall
I'm happy with the router though as it'll support any internet connection I could possibly afford with a CBAC or Zone based firewall. No IPS thoughBlog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route -
OptionsForsaken_GA Member Posts: 4,024Interesting to see it all laid out like that. Thanks for sharing!
I guess the moral of the story is that you should buy an IPS box or NM and an ASA if you want firewall
Or deploy an OpenBSD box in the role -
OptionsMet44 Member Posts: 194Good study. It would be interesting if you extended this into similar comparisons of some of the suggestions here, factoring in cost vs benefit. Wouldn't be too difficult to set up an OpenBSD/Debian box with similar rules.
-
OptionsGT-Rob Member Posts: 1,090Very cool! Ive been wanting to do a couple of tests to prove a couple of 'theories' I have. Very interesting to see the NAT drop on TCP connections, I would have never guessed that kind of drop.
Id like to see the impact of a 50 line ACL as well in a couple of different scenarios. Maybe the impact of policy routing too. Either way, cool stuff! -
Optionsmikem2te Member Posts: 407Very cool! Ive been wanting to do a couple of tests to prove a couple of 'theories' I have. Very interesting to see the NAT drop on TCP connections, I would have never guessed that kind of drop.
Id like to see the impact of a 50 line ACL as well in a couple of different scenarios. Maybe the impact of policy routing too. Either way, cool stuff!Blog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route -
Optionsmikem2te Member Posts: 407Good study. It would be interesting if you extended this into similar comparisons of some of the suggestions here, factoring in cost vs benefit. Wouldn't be too difficult to set up an OpenBSD/Debian box with similar rules.
No, don't suggest that . I'm supposed to be studying Sharepoint at the moment, not messing around with Cisco.
One good possibility would be a mini-itx atom board combined with a small SSD / Compact flash for the OS with Untangle installed. Any donations, purely in the interest of research of courseBlog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route -
Optionstiersten Member Posts: 4,505Ideally Cisco should publish these kinds of numbers but there would be many variables. The installed IOS feature set, version, configuration, amount of RAM etc...
It'd make my life easier anyway when deciding what to buy if I could just look at the table and go oh okay. a 2801 isn't enough since I want 5MB/s throughput with ZBF but a 2811 would be okay since it can do <blah>. At the moment I look at the router performance datasheet with some rough rule of thumbs like halve listed performance for each enabled feature and then harrass my Cisco rep -
Optionstiersten Member Posts: 4,505One good possibility would be a mini-itx atom board combined with a small SSD / Compact flash for the OS with Untangle installed. Any donations, purely in the interest of research of course
-
Optionsveritas_libertas Member Posts: 5,746 ■■■■■■■■■■Forsaken_GA wrote: »Or deploy an OpenBSD box in the role
Nice...
I like my Astaro ASG that I just built recently. Works like a charm and is free for home users. -
Optionsmikem2te Member Posts: 407Hi guys,
I have been benchmarking one of my routers when using various security features. Might be of interest to some of you.
I have put the results here-
A brief history of...: 2801 Router Performance
I'm going to do a bit more perf testing over the next couple of weeks. I have an 877 & 2651XM to test next. I did 8 separate tests on the 2801 but I'm not going to do that many on the other routers so I'm trying to come up with a list of about 4 tests. At the moment I have the following-
• No Security - just routing.
• NAT - Typical overloaded PAT implementation.
• NAT & Zone Based Firewall as configured by the ‘Cisco Configuration Professional’ tool.
• NAT & Zone Based Firewall with HTTP Inspection disabled.
There are so many combinations (cbac, zbf, acl, nat, no nat etc).
So anyone got any thoughts on what tests to include or exclude from typical configurations in your experience?
Thanks all.Blog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route