Phase 6: Heavy Topologies

Phase 6: Heavy Topologies (kvm-01)

Topology 4: Security Stack (~50GB)

FTDv + FMCv (IPS/IDS, URL filtering, malware policies)
ASAv (NAT, ACLs, site-to-site IPsec, AnyConnect VPN)
ISE 3.x (802.1X, MAB, posture assessment, pxGrid)
2x IOSv-L2 (NAC-enabled switches)
2x Linux endpoints (802.1X supplicant testing)
All API-enabled: FMC REST, ISE ERS/OpenAPI, ASA REST, pxGrid WebSocket

Topology 5: VXLAN/EVPN Data Center Fabric (~48GB)

4x NX-OSv 9000 leaf + 2x NX-OSv 9000 spine
BGP EVPN control plane, VXLAN data plane
Multi-tenancy with VRFs
NX-API (REST) enabled on all switches

Topology 6: MPLS Core (~24GB)

4x IOS-XE (CSR1000v) + 2x IOS-XRv 9000
LDP, RSVP-TE
L3VPN (VRF with MP-BGP), L2VPN (VPLS, pseudowire)
Traffic engineering
IOS-XR NETCONF/gNMI for automation

Topology 7: Wireless (~22GB)

9800-CL WLC + ISE + IOSv-L2 + Linux RADIUS client
FlexConnect and Local mode
802.1X with EAP-TLS (cert from Vault PKI)
Guest portal
WLC RESTCONF API for monitoring and config

RAM Budget Summary

Topology

RAM

Notes

Security Stack

~50GB

FMC (28GB) is the heavy hitter

VXLAN/EVPN

~48GB

NX-OSv 9000 x6 at 8GB each

MPLS Core

~24GB

IOS-XRv at 8GB each

Wireless

~22GB

ISE (16GB) dominates