It's not terribly often that hardware vendors are so forward-thinking that they can retrofit a whole new class of hardware into an existing chassis. Cisco Systems, however, seems to be able to do this with ease. The new Cisco 7200 router is a perfect example.
The 7000-series core routers have been the mainstays of ISP and large MAN/WAN deployments for decades. The now-deceased Cisco 7010 could be found at the core of nearly every ISP in the mid-'90s, boasting 10Mb Ethernet ports and the ability to handle HSSI (high-speed serial interface) and traditional T1/T3 services in a modular fashion. The later models in the same series, such as the 7500 and 7600, built on that base to deliver more horsepower and more high-speed connectivity options within a large-footprint modular chassis.
The 7200, first introduced several years ago, was the middle of the road. With high-speed modules dropping in size, it became possible to fit much more into a much smaller space. The 7202, 7204, and 7206 represented three variations on a common theme: A modular workhorse router that could grow with the needs of the infrastructure.
The "new" 7200-series is the latest example of that capability, taking the 7200 to places it's never been before. Rather than introducing a completely new router series, Cisco has simply released new core modules for the existing 7200 routers, resulting in the ability to do wholesale upgrades to existing routers without unracking anything.
This collection of new gear for the 7200 series is aimed at companies looking to leverage their existing hardware in new ways, such as high-bandwidth VPN aggregation. The new 7200VXR NPE-G2 (Network Processing Engine) promises twice the performance of the existing NPE, and the VSA (VPN Services Adapter) provides encryption offloading to kick those VPN tunnels into high gear. Not only are these modules now available, but with the new Port Adapter Jacket Card, some new features can be implemented without reducing the available slot count on existing 7200 routers.
Starting at the top, the new NPE-G2 offers some serious horsepower. Leveraging 1GB of SDRAM and 256MB of onboard flash, it has three built-in gigabit Ethernet ports, one fast Ethernet port, and two USB ports. The gigabit Ethernet ports are all dual-personality, and can be ordered as either copper/GBIC or copper/SFP, which lets admins leverage existing hardware in the upgrade, or at least defer the cost of GBICs with lower-cost SFP optics. With the new NPE, Cisco has the ability to offer much more than just simple routing capabilities in the 7200. Their services matrix for this router runs from firewalling and IPS duties to VPN end point termination, to voice, video, QoS, and multicast routing tasks, all within the same box. In short, they're trying to fit the 7200 into nearly every corner of the network, either all-in-one, or a la carte, and with notable success.
I had two Cisco 7206 routers in the lab, equipped with the new NPE-G2 as well as the VSA module. The testing I conducted was based around high-speed VPN configurations, basically AES and 3DES VPNs running at gigabit speeds between the routers. To drive all the testing, I relied on a Spirent SmartBits chassis with a few gigabit interfaces to generate traffic through the VPN constructed between the two 7206 routers. Cisco's VPN performance claims were well founded, with my results showing just under wire-speed gigabit IPSec VPN operation between the two routers. Even without the VPN in place, I was able to achieve just under wire-rate throughout the testing, with a max of 960Mb throughput.
As with nearly every mid- to high-end Cisco device, proper configuration and maintenance can be a challenge for the uninitiated. It's certainly not something to be done casually, nor without the proper training and experience. Cisco IOS has long been the bane as well as the savior of networking. Hideously complex in places, and obscenely powerful and configurable in others, it's the stuff of legend. Just trying to navigate through the Cisco Web site's software support matrix to determine the proper IOS version and sub-version for a specific piece of hardware can be trying, not to mention the half-dozen or so authentication requests as you navigate through the process. High-end internetworking has never been, nor is ever likely to be simple, but sometimes it seems that Cisco's being purposefully obtuse in order to separate the wheat from the chaff.