We're trying to decide on our next departmental router/switch and we'd like it to have good ACL performance (our current HP 6308M bogs down when using ACL lists to "firewall" ourself from the ugly world "out there" :-)
Anyway, our requirements:
IPv4, IPv6 (in the future), OSPF, PIM, 2-8 Gigabit Ethernet interfaces, possibility for 10GE, many VLANs, many ACLs/ACEs - supporting TCP "keep state" or "established" rules and both IPv4 and IPv6.
Some of the candidates we're looking at are:
HP ProCurve 6200yl / 3500yl Extreme Summit X450a Cisco 3750G-12S
Any other boxes we should be looking at?
However, what seems to be unclear when reading the product specifications is how well they handle ACLs - ie, is it done in hardware and at full wirespeed - or will it go the "slow path"? Please note that this is ACLs for the routing interfaces (between VLANs) - not port ACLs...
(I'm also aware that the 6200yl/3500yl doesn't support IPv6 today - anyone know when they are going to introduce that feature?)
- Peter