[nsp] IPSEC throughput impact?
Streiner, Justin
streiner at stargate.net
Tue Jul 6 15:51:11 EDT 2004
On Tue, 6 Jul 2004, Raymond, Steven wrote:
> What hardware platforms are you using? Have seen a 2620XM hit 99% CPU with
> a single PTP ipsec VPN with ~250 packets per second at about 350,000 bits
> per second. This is using two T1s in an MLPPP bundle with GRE and NAT, plus
> CBAC. Removing only the crypto map from the MLPPP interfaces droped CPU to
> 17%. Apparently there is a hardware crypto accelerator available.
There are crypto accelerator modules available for many Cisco platforms.
The implementation is a little more complex. The routers that terminate
the T1s (a 7204 on our side and a 2651 on the customer's side) are just
passing the traffic once it's already encrypted. The tunnel endpoints are
a 7140 on the customer's side and a VPN 5002 (don't ask, long story ;-) )
on ours.
jms
More information about the cisco-nsp
mailing list