[nsp] 2621 VPN mb/s w/wo AIM
atticus at satanic.org
atticus at satanic.org
Sun Nov 30 21:14:39 EST 2003
> I was wondering what kind of mb/s speeds I could expect using 3DES in both
> software mode, and with the AIM VPN accelerator card installed, on a 2621.
> So far I have found I can only get .5mb/s using software. Does this sound
> off to anyone?
Definately low, but not outrageously so. One place you can easily loose
alot of capacity is fragmentation (not paying attention to this made the
difference between ~12mb/s and ~20mb/s between two 3660's w/ AIM-VPN/HP).
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Covers this nicely, though I could've sworn there was a similar doc
specific to ipsec, but I can't find it now.
> Here is the situation: I have a 10M internet link, which I would like to do
> a VPN over and get as much throughput as I can (8M +- would be ideal) using
> 2621's.
> I can put a VPN accelerator card in both routers if I need to, but so
> far using software I am getting very piss poor results
> I'm using IOS12.2(5)d on both routers.
Try taking them up to 12.3 -- 12.2T had lots of IPSec work and general
performance improvements that should help you along. Also be sure to check
for high levels of process switching (software-side should be heavy on
'Encrypt Proc', but not ip input .. side w/ aim-vpn/bp should be almost
all cef/interrupt switched).
More information about the cisco-nsp
mailing list