BGP support on ASA5585-X

• Previous message (by thread): BGP support on ASA5585-X
• Next message (by thread): datacenter traffic distribution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message ----- 
From: "Dylan Ebner" <dylan.ebner at crlmed.com>
To: "srg" <srgqwerty at gmail.com>; <nanog at nanog.org>
Sent: Tuesday, November 02, 2010 12:42 PM
Subject: RE: BGP support on ASA5585-X


> IMHO, I don't think this is a marketing issue for cisco. It's a design 
> issue. PIX/ASA is good at some things, and bad at others. They have >never 
> been good as routers. You have to remember, EIGRP didn't even come to the 
> security line until 8.0 code and they still do not support >traffic 
> shaping. >These services use memory and cpu resources which can 
> dramatically reduce your ability to get through very long access >lists.

What do you consider very long access lists?  Are you aware of how ASAs 
handle ACLs internally?

 >I am not positive on the ASAs, but I seem to remember that the routing 
features on the PIX was all done in software. If that is still true >today, 
I can't imagine you could effectively perform stateful inspection, access 
lists, maybe VPN services, and BGP for a 100Mb+ internet >connection on even 
a 5585. They just aren't that powerful.

Although the ASAs do not support BGP, a ASA5505 will support a 100mbps 
internet connection.  The list price on that is around $700.

Stating a $100k+ firewall doesn't support a 100mbps internet connect today 
is...1990.

tv 

• Previous message (by thread): BGP support on ASA5585-X
• Next message (by thread): datacenter traffic distribution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]