Firewalls: 7200 v. 7500 access-lists

Firewalls
(November 1997)

Indexed By Thread: [Previous] [Next]

Subject:	7200 v. 7500 access-lists
From:	Peter Morissey <ppmorris @ syr . edu>
Date:	Tue, 18 Nov 1997 15:15:30 -0500
To:	firewalls @ greatcircle . com, firewalls-digest @ greatcircle . com

Does a 7500 provide any great advantages for doing
incoming access lists on a 45 mb internet connection?

The process switching for 7200 and RSP4 is rated at
10K PPS by Cisco. If you make the assumption that
everything will be processed switched due to the access
lists, then the 7500 cost can't be justified.

The assumption about acces lists and process switching
is questionable, since the stats our existing 7010 show
mostly route cache switching, even though we have access
lists.

The other factor is netflow switching. This can greatly
improve performance by more than a factor of 10, but
I'm wondering how much it helps when a lot of the traffic
is WWW, with lots of short duration connections.

It is very difficult getting information from Cisco regarding
these questions, so any other input would be greatly appreciated.

Pete M.

Follow-Ups:

Re: 7200 v. 7500 access-lists
From: Joe Loiacono <jloiacon @ csc . com>

Indexed By Date	Previous:	Re: tcp/udp port numbers - more From: Joe Loiacono <jloiacon @ csc . com>
Indexed By Date	Next:	Re: 7200 v. 7500 access-lists From: gary flynn <gary @ habanero . jmu . edu>
Indexed By Thread	Previous:	service/indirectly related From: research @ isr . net (R & D)
Indexed By Thread	Next:	Re: 7200 v. 7500 access-lists From: Joe Loiacono <jloiacon @ csc . com>