BGP support on ASA5585-X

Tony Varriale tvarriale at comcast.net
Sat Nov 6 08:54:00 CDT 2010


----- Original Message ----- 
From: "gordon b slater" <gordslater at ieee.org>
To: "Tony Varriale" <tvarriale at comcast.net>
Cc: <nanog at nanog.org>
Sent: Saturday, November 06, 2010 4:38 AM
Subject: Re: BGP support on ASA5585-X


> On Fri, 2010-11-05 at 21:50 -0500, Tony Varriale wrote:
>
>><somebody> said:
>> >They could make it out of the box but this is why Dylan made his 
>> >statement.
>>
>> His statement is far fetched at best.  Unless of course he's speaking of 
>> 100
>> million line ACLs.
>
> Can I just ask out of technical curiosity:
>

Well, let me preface this thread with: the previous poster was/is from a 
hosting company.  ASAs aren't ISP/Hosting level boxes.  They are SMB to 
enterprise boxes.

It's like saying yeah that 2501 doesn't meet our customer agg requirements 
at our ISP.  Of course it doesn't.  Wrong product wrong solution.

With that said, from what I see in the field 10s of thousands.  I've seen as 
high as 80k.

But, once you get into that many ACLs, IMO there's either an ACL or 
security/network design problem.

tv






More information about the NANOG mailing list