[c-nsp] Max number of IPSEC Tunnels on 7513

Rodney Dunn rodunn at cisco.com
Mon Apr 25 12:53:01 EDT 2005


I don't recommend doing IPSEC on a 75xx. 

You would be much better with a 18xx/28xx/38xx/7301/72xx
type box with hardware acceleration for IPSEC.


The 75xx has none of that. 
Looking back I wish we would have blocked the CLI entirely on that
platform but some folks use it for management purposes and not
IPSEC aggregation.


On Mon, Apr 25, 2005 at 10:31:55AM -0600, John Neiberger wrote:
> We may be forced to implement encryption for a particular application
> and one of the ways we could do this would be to use IPSEC tunnels from
> a number of routers back to a single 7513. What would be a reasonable
> maximum number of IPSEC tunnels that could be terminated on a 7513/RSP4?
> Or, better yet, what sort of information would you need to begin to
> answer a question like that? :)
>

# of tunnels
data rates (throughput/pps/etc..)

If it's only a few tunnels with low data rates it might would work.

But if it were me I'd get a box and terminate the tunnels that has
some hardware acceleration for the encryption. Software encryption
is hardly ever tested and that's what you would be doing on a 75xx.

Rodney
 

 
> Thanks,
> John
> --
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list