[131818] in North American Network Operators' Group
Re: BGP support on ASA5585-X
daemon@ATHENA.MIT.EDU (Tony Varriale)
Fri Nov 5 16:47:24 2010
From: "Tony Varriale" <tvarriale@comcast.net>
To: <nanog@nanog.org>
Date: Fri, 5 Nov 2010 15:47:07 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
From: "Dylan Ebner" <dylan.ebner@crlmed.com>
To: "srg" <srgqwerty@gmail.com>; <nanog@nanog.org>
Sent: Tuesday, November 02, 2010 12:42 PM
Subject: RE: BGP support on ASA5585-X
> IMHO, I don't think this is a marketing issue for cisco. It's a design
> issue. PIX/ASA is good at some things, and bad at others. They have >never
> been good as routers. You have to remember, EIGRP didn't even come to the
> security line until 8.0 code and they still do not support >traffic
> shaping. >These services use memory and cpu resources which can
> dramatically reduce your ability to get through very long access >lists.
What do you consider very long access lists? Are you aware of how ASAs
handle ACLs internally?
>I am not positive on the ASAs, but I seem to remember that the routing
features on the PIX was all done in software. If that is still true >today,
I can't imagine you could effectively perform stateful inspection, access
lists, maybe VPN services, and BGP for a 100Mb+ internet >connection on even
a 5585. They just aren't that powerful.
Although the ASAs do not support BGP, a ASA5505 will support a 100mbps
internet connection. The list price on that is around $700.
Stating a $100k+ firewall doesn't support a 100mbps internet connect today
is...1990.
tv
