Introduction
You plan to purchase Cisco router but not sure how fast they are? Or you just need to know how fast your Cisco router you already have? Following official Cisco documentations should be a good start to find out.
Cisco Router Performance (pdf file)
Cisco Switch Performance (pdf file)
Cisco ASA 5500 Series Next Generation Firewalls
Some illustrations
Point 1:
The 1941 model is rated at a theoretical max of 299kpps with *no* services -- no nat, no firewall, no inspect, no anything. The router performance rating in mbps is given by 64-byte performance -- but if you assume standard imix distribution -- you're still only looking at ~223mbps bare services.
ISR/G2 is a software driven platform. Anything you turn on requires CPU cyles -- which takes away from the boxes ability to push packets.
It is the same scenario with the c720x/vxr (get the vxr models if you go this route) with an npe-g1 or npe-g2 -- the difference is that the 7206 is a bigger router with a better clock.
If you're looking for edge router with firewall and crypto - you'll get better performance from an ASA 5500 series for a lot better price. However -- if you need to speak bgp with the provider -- you're going to need a router or go with Juniper SRX models.
Point 2:
Lets compare apples to apples, here.
Please keep in mind that routed ports != switched ports.
A 3550 with two gbics could switch a gig/sec of packets. It is most likely that the switch could come close to that speed "routing" those packets. The issue is that you're not going to be able to run inspect, cbac, nat, etc. on a 3550 switch. For that, you need a 'router' that is capable of said features. The problem is that those features either need (a) a lot of cpu cycles to run or (b) specialized asics to perform those features at line rate (or in the case of the asr1k -- have enough virtualised cores on the box to be able to dedicate one to each function as needed). Another approach is to use Catalyst 6500 series switch with ASA firewall module to provide routing, switching, and firewall on the same box.
In reviewing the switch's counterpart - switchperformance.pdf - you see a much higher pps number. However this is just routing and switching, nothing fancy. The switch ports in a 887 router model should get you close to gig speeds with standard frame size. They are -- after all -- just hitting the switch and back out (although a closer look at the architecture again may be in order to see if you're hitting any weird anomalies or pitfalls). The "fabric" (whose term should not be misused) may not support more than one or two concurrent gig streams -- but you should be able to switch at a gig.
Long story short, you need to compare things correctly and in the right context. You also need to understand the fundamental difference between a 'router' and a 'switch' and how they each can be used for the greatest gain. You are not going to get an easy answer to your question. You are going to need to get a bigger router, one meant to handle a gig with services. If you were just doing nat, you may be able to squeeze out with a 6503e/sup720 and use hardware-assisted nat and use an ASA firewall module for filtering, etc -- but it is unclear whether such switch configuration that would run you in comparison to a 7206vxr/npe-g2.
Point 3:
Another example is the 1700 router line. One can install an additional 10M ether (WIC-1ENET) or a 4 port switch (WIC-4ESW). While one can get near 100Mbps between ports on the ESW as long as they are in the same VLAN. Any routed (eg. inter-vlan) packets have to go to the CPU. The CPU interface for both cards is the Motorola PQUICC high speed serial bus, which is also why those WICs ONLY work in the 1700's. That bus maxes out at 12Mbps(??), on paper. In practice, the WIC can never go over 8.
The 7200's have well documented PCI backplane bandwidth limits. (in Cisco-speak, a "credit" system) The backplane capacity of most cat switches is documented as well. This "credit" system is just Cisco's way of simplifying the bandwidth requirements. In this 7200 series router context, the credit system refers to the bandwidth requirements of the PA's.
What isn't well documented is the effects of services on throughput. And for good reason since one static NAT translation is way different from 10k dynamic translations. Further, Cisco doesn't want to publish actual PCI bus bit rates for their hardware.
Point 4:
The credit system on the c7200 (which Cisco may officially refer as bus points) is enjoyable document to keep. You know where you sit at all times and as long as you do the math, you're ok. All things considered, from a cisco perspective, its very clear cut. For this case the onboard ge ports would be enough for a 1 Gbps link throughput.
The 7200 chassis (or any vendor's chassis) has a finite point value. Each added PA takes its given value (though you must keep track of the math yourself). Exceed the points, then you risk contention. If you know your traffic flows -- you can do this -- but you have to be careful.
The Cat6k offers different perspective entirely. Look at any mailing list on the effects of mixing and matching cfc/dfc types in the chassis, how the cards attach to the backplane, how the internal movement of traffic actually happens as it pertains to the backplane -- not to even mention the limitations of each sup and how they affect the overall forwarding of the box. While the Cat6k performance is well documented, it is very hard to take in for all cards on that platform. While it still provides value and is still a swiss-army knife, it will be interesting when the Cat6k platform is finally EOL and is replaced with something of next generation platform.
Specification of other Cisco equipments
For other Cisco equipments, you can check the following link:
Cisco Product Quick Reference Guide
Additional Info: Nexus switch performaces
»Cisco Forum FAQ »Between Catalyst 6500, Catalyst 6500E, and Nexus platforms
Some Discussions
Check out the following discussions for real-live illustration
Reviews
»[HELP] Cisco 1811 is crashing
»[HELP] Cisco router vs 3Com router
»1921 vs 891 Throughput Testing
»Metro Ethernet: 2821 vs. 2921 router
»[H/W] Cisco 851 versus new gen cheap routers (ex:Dir-600)
»[Config] New ISP, same router (Cisco 1711)
»[H/W] 1711 - upgrade to 1811 or 881 or the new 891
»[H/W] Home Setup - 50MB Cable Connection
»[H/W] Router for 100Mbps/1000Mbps Encrypted
Performance Test
»1811 Load / Performance Testing Results
You plan to purchase Cisco router but not sure how fast they are? Or you just need to know how fast your Cisco router you already have? Following official Cisco documentations should be a good start to find out.
Cisco Router Performance (pdf file)
Cisco Switch Performance (pdf file)
Cisco ASA 5500 Series Next Generation Firewalls
Some illustrations
Point 1:
The 1941 model is rated at a theoretical max of 299kpps with *no* services -- no nat, no firewall, no inspect, no anything. The router performance rating in mbps is given by 64-byte performance -- but if you assume standard imix distribution -- you're still only looking at ~223mbps bare services.
ISR/G2 is a software driven platform. Anything you turn on requires CPU cyles -- which takes away from the boxes ability to push packets.
It is the same scenario with the c720x/vxr (get the vxr models if you go this route) with an npe-g1 or npe-g2 -- the difference is that the 7206 is a bigger router with a better clock.
If you're looking for edge router with firewall and crypto - you'll get better performance from an ASA 5500 series for a lot better price. However -- if you need to speak bgp with the provider -- you're going to need a router or go with Juniper SRX models.
Point 2:
Lets compare apples to apples, here.
Please keep in mind that routed ports != switched ports.
A 3550 with two gbics could switch a gig/sec of packets. It is most likely that the switch could come close to that speed "routing" those packets. The issue is that you're not going to be able to run inspect, cbac, nat, etc. on a 3550 switch. For that, you need a 'router' that is capable of said features. The problem is that those features either need (a) a lot of cpu cycles to run or (b) specialized asics to perform those features at line rate (or in the case of the asr1k -- have enough virtualised cores on the box to be able to dedicate one to each function as needed). Another approach is to use Catalyst 6500 series switch with ASA firewall module to provide routing, switching, and firewall on the same box.
In reviewing the switch's counterpart - switchperformance.pdf - you see a much higher pps number. However this is just routing and switching, nothing fancy. The switch ports in a 887 router model should get you close to gig speeds with standard frame size. They are -- after all -- just hitting the switch and back out (although a closer look at the architecture again may be in order to see if you're hitting any weird anomalies or pitfalls). The "fabric" (whose term should not be misused) may not support more than one or two concurrent gig streams -- but you should be able to switch at a gig.
Long story short, you need to compare things correctly and in the right context. You also need to understand the fundamental difference between a 'router' and a 'switch' and how they each can be used for the greatest gain. You are not going to get an easy answer to your question. You are going to need to get a bigger router, one meant to handle a gig with services. If you were just doing nat, you may be able to squeeze out with a 6503e/sup720 and use hardware-assisted nat and use an ASA firewall module for filtering, etc -- but it is unclear whether such switch configuration that would run you in comparison to a 7206vxr/npe-g2.
Point 3:
Another example is the 1700 router line. One can install an additional 10M ether (WIC-1ENET) or a 4 port switch (WIC-4ESW). While one can get near 100Mbps between ports on the ESW as long as they are in the same VLAN. Any routed (eg. inter-vlan) packets have to go to the CPU. The CPU interface for both cards is the Motorola PQUICC high speed serial bus, which is also why those WICs ONLY work in the 1700's. That bus maxes out at 12Mbps(??), on paper. In practice, the WIC can never go over 8.
The 7200's have well documented PCI backplane bandwidth limits. (in Cisco-speak, a "credit" system) The backplane capacity of most cat switches is documented as well. This "credit" system is just Cisco's way of simplifying the bandwidth requirements. In this 7200 series router context, the credit system refers to the bandwidth requirements of the PA's.
What isn't well documented is the effects of services on throughput. And for good reason since one static NAT translation is way different from 10k dynamic translations. Further, Cisco doesn't want to publish actual PCI bus bit rates for their hardware.
Point 4:
The credit system on the c7200 (which Cisco may officially refer as bus points) is enjoyable document to keep. You know where you sit at all times and as long as you do the math, you're ok. All things considered, from a cisco perspective, its very clear cut. For this case the onboard ge ports would be enough for a 1 Gbps link throughput.
The 7200 chassis (or any vendor's chassis) has a finite point value. Each added PA takes its given value (though you must keep track of the math yourself). Exceed the points, then you risk contention. If you know your traffic flows -- you can do this -- but you have to be careful.
The Cat6k offers different perspective entirely. Look at any mailing list on the effects of mixing and matching cfc/dfc types in the chassis, how the cards attach to the backplane, how the internal movement of traffic actually happens as it pertains to the backplane -- not to even mention the limitations of each sup and how they affect the overall forwarding of the box. While the Cat6k performance is well documented, it is very hard to take in for all cards on that platform. While it still provides value and is still a swiss-army knife, it will be interesting when the Cat6k platform is finally EOL and is replaced with something of next generation platform.
Specification of other Cisco equipments
For other Cisco equipments, you can check the following link:
Cisco Product Quick Reference Guide
Additional Info: Nexus switch performaces
»Cisco Forum FAQ »Between Catalyst 6500, Catalyst 6500E, and Nexus platforms
Some Discussions
Check out the following discussions for real-live illustration
Reviews
»[HELP] Cisco 1811 is crashing
»[HELP] Cisco router vs 3Com router
»1921 vs 891 Throughput Testing
»Metro Ethernet: 2821 vs. 2921 router
»[H/W] Cisco 851 versus new gen cheap routers (ex:Dir-600)
»[Config] New ISP, same router (Cisco 1711)
»[H/W] 1711 - upgrade to 1811 or 881 or the new 891
»[H/W] Home Setup - 50MB Cable Connection
»[H/W] Router for 100Mbps/1000Mbps Encrypted
Performance Test
»1811 Load / Performance Testing Results
