How much router do I need?

[mikew111802]

Hello, I'm trying to determine how much router I need for a project. Routers are not my specialty and any recommendations are greatly appreciated.

My question is what Cisco router would easily handle a 6Mbps Internet connection, plus a single T1 backup connection (~7.5Mbps total) using BGP with a dedicated AES256 encrypted tunnel to a remote office that also has a 6Mbps connection. It would also need to support up to 50 simultaneous VPN clients. My desire is that we have the ability to achieve wirespeed performance on the dedicated tunnel when the bandwidth is not otherwise being used by VPN clients and Internet users. Basically I don't want the router to be a bottleneck at any given point. A little bit of room for expansion would be nice too, support for a slightly faster pipe, more concurrent VPN clients, etc.

Current candidates are all between the 3660 and 3800 series routers, with the 3660 being considered as a minimum requirement. Is this reasonable or should I be looking at something else?

Thanks!
--Michael

 

[KiscoKid]

I'd consider the 2800 or 3800 for what you are trying to do. The 2801 (the lesser of the bunch) supports up to 800 VPN tunnels apparently whilst the 3800 supports up to 2500 tunnels. Both are modular for future expansion. Ultimately it may be worth running your requirements through your Cisco reseller for their thoughts.

http://www.cisco.com/en/US/products/ps6018/index.html

http://www.cisco.com/en/US/products/ps5855/index.html

 

[amorielljr]

I would probably look at a 2800 series router (handles multiple T1's). The 3800 series would probably be an over kill (can handle multiple T3's). Make sure to get an ISR router (either 2800 or 3800 series) because you can get all kinds of extra features like IPS, firewall, VOIP, etc (depending on the IOS version and/or software that you purchase with the router). Since you want to run BGP, you would probably need to get atleast the Advanced IP Services IOS (you will have to check on that because I'm not 100% sure). I would also look at getting the VPN AIM with the router too (that's a hardware card that fits on the motherboard of the router). That will allow the router to handle the VPN encryption/decryption in hardware instead of in the IOS. The routers now come with a GUI call SDM where you can make most of your configurations through wizards (including the firewall, routing, IPS and VPN configs), if you don't know how to do it through the CLI. Hope this can be of some help.

 

[mikew111802]

We currently have a couple of 2610 routers supporting an AES256 tunnel running over a full T1 connection and they can't even give us wirespeed before the CPU gets maxed out. We very rarely see 80 Kbps from it on a good day. Heavy tunnel usage added to several VPN clients results in dropped VPN clients and unsatisfactory network performance.

It is my understanding that the 2800 series is just a successor to the 2600 series, granted it's probably somewhat more powerful. Isn't the target market still the same for the 2800's as the 2600's? We want to quadruple our connection speed and at the same time achieve wirespeed performance. I guess my question is whether or not the 2800 has 4 times the CPU of the 2600? AES256 encryption really eats CPU! We probably should get a VPN card for whatever we end up purchasing anyway.

 

[JOAMON]

The 2800 has a far more substantial processor than the 2800. It also comes std with Onboard VPN Hardware Encryption. Our poor old 2600 was maxxed out with two full time VPN connections and firewalling. Tried to put QOS and IPS on it and drove the CPU to 100%. Upgraded to 2811 and at peak usage with all features enabled only driving CPU to at most 40%.

 

[JOAMON]

The 2800 has a far more substantial processor than the 2600.

Typo...sorry