[nsp] 2621 VPN mb/s w/wo AIM

jdennis at factset.com jdennis at factset.com
Fri Nov 28 18:03:14 EST 2003


We have been doing some tests in our lab and have found that we can get a
2621XM at 100% cpu to 900kb/sec doing gre over 3des ipsec using a pix 515e
as a peer.  This throughput is the result of doing encryption and
encapsulation purely in processor without an encryption AIM.   Once the AIM
was added, we have found the % cpu for the encryp/decryption process drops
to below 1%.   For 1.5mb/sec we are finding about 30% cpu consumption due
to ip/gre handling.   If GRE were removed from the equation, then we would
suspect a fairly high throughput rate as the packets could be fast or cef
switched.   We intend to do more testing next week to find the max
throughput of ip > gre > ipsec tunnels using the 2621xm.


             "Tim D."                                                      
             <zsolutions at cogec                                             
             o.ca>                                                      To 
             Sent by:                  <cisco-nsp at puck.nether.net>         
             cisco-nsp-bounces                                          cc 
                                       [nsp] 2621 VPN mb/s w/wo AIM        
             11/28/2003 06:35                                              
             Please respond to                                             
                 "Tim D."                                                  
             <zsolutions at cogec                                             


I was wondering what kind of mb/s speeds I could expect using 3DES in both
software mode, and with the AIM VPN accelerator card installed, on a 2621.
So far I have found I can only get .5mb/s using software.  Does this sound
off to anyone?

Here is the situation:  I have a 10M internet link, which I would like to
a VPN over and get as much throughput as I can (8M +- would be ideal) using
2621's.  I can put a VPN accelerator card in both routers if I need to, but
so far using software I am getting very piss poor results (.5mb/s as I
said).  My configuration looks fine (pretty basic VPN configuration), I'm
using IOS12.2(5)d on both routers.

So my question is, what kind of throughput can I expect using 3des software
encryption on a 2621?  Hardware 3des?



cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list