Scalability and Performance
The infrastructure of the service provider must be capable of supporting the services the enterprise customer or Internet service provider (ISP) wants to offer its subscribers. It must also be able to scale to an expanding subscriber base. You can configure the Cisco 10000 series router for high scalability.
Limitations and Restrictions
The Cisco 10000 series router has the following limitations and restrictions for the SSG:
•Users can connect to a maximum of seven different services, plus the Open Garden and default networks (a total of 9) at any one time.
•The Cisco 10000 series router supports mini-ACLs and turbo ACLs. Mini-ACLs are limited to eight or less access control entries (ACEs); turbo ACLs have more than eight ACEs. ACLs can be standard or extended ACLs. Non-SSG interfaces support both mini-ACLs and turbo ACLs. ACLs defined through SSG configuration (RADIUS) are restricted to mini-ACLs only. You can apply the same ACL to multiple hosts and connections.
•The Cisco 10000 series router only supports one subscriber per Service Selection Gateway (SSG) downlink interface.
•The SSG QoS features are limited to hierarchical policing and are not based on the modular QoS CLI (MQC).
•You cannot configure routing protocols in SSG VRFs. Therefore, RA-MPLS features are not supported for SSG hosts.
•The Cisco 10000 series router does not support load balancing on SSG uplink interfaces or redundant uplink interfaces to the same set of services.
•The Cisco 10000 series router does not support SSG services on tag interfaces.
•If you use the CLI to configure a VRF on an interface and you simultaneously configure the interface as an SSG uplink interface, the Cisco 10000 series router accepts the configuration but the SSG uplink configuration takes precedence and the router ignores the VRF configuration.
•You cannot configure overlapping IP addresses in the same VRF and you can associate a single interface with a single VRF. The router makes routing decisions based on the longest match.
•The services applied on an IP network or networks must not have conflicting features. For example, consider the following service definitions for the Best, Good, and Standard services. These service definitions are in conflict because network A is not policed while network B is policed and also restricted for some hosts.
Best—Access to network A and access to network B at rate 2
Good—Access to network A and access to network B at rate 1
Standard—Access to network A but no access to network B
Now, consider the following revised service definitions in which two different services are defined. These service definitions allow all users to connect to the Standard service and allow some users to connect simultaneously to Good or Best services.
Best—Access to network B at rate 2
Good—Access to network B at rate 1
Standard—Access to network A