We just finished up a proof of concept with the good ole boys in green. Yeah I said it… Cisco
Have I mentioned how proud Cisco is of their gear? I won’t mention any pricing here but WOW. Not exactly stuff you would find down at Shirley’s discount match and gasoline factory.
So the PoC went a little like this:
- Two distinct regions or availability zones
- Each region’s security devices were in an HA cluster
- Each HA cluster could completely fail and the other region could pick up the slack (ala BGP, wait… Cisco firewalls don’t support BGP)
- Load balancing was shared across both regions equally (thanks again BGP)
- Each region could easily scale to a more than reasonable size without the use of spanning tree or virtual chassis
- Each region’s kit could be upgraded with no noticeable downtime
- And entire region could fail without the services behind it taking a hit.
- Each region could support 160Gb throughput to the other region and out to the WAN if need be.
Hardware included in the Proof of Concept
- Cisco Nexus 6001
- Cisco Nexus 6004
- Cisco ASR 9001
- Cisco ASR 9006
- Cisco ASR 9010
- Cisco ASR 1000 (used as a “firewall” because Cisco does not have a firewall that can participate in BGP) Our Design Calls for a Juniper SRX.
- A10 TH5430
- Spirent test boxes with a ton of 10Gb interfaces
Anyone care for the results?