[c-nsp] VPN max throughput
Luan Nguyen
luan.nguyen at mci.com
Mon Oct 3 11:25:32 EDT 2005
You are dreaming :)
I would buy a vam2 accelerator card and put in npeg1 so you could use the 3
gig/faste port on there without affecting the backplane...then we are
talking about you might get to your dream with oh..say 90% cpu utilization.
If I remember correctly, the package of npeg1/vam2 cost about 7000 US
1) 7206 with npeg1 probably won't get near 100Mbps for clear ip trafic.
Capacity of the 7206VXR will exceed your
no-accl-card-3des-vpn
3&4) ipsec overhead = yes. Avoid fragmentation if possible. Packet size
around 1200 seems to get better thruput.
So I would suggest...use des, 1200 packetsize, no keepalive, short preshared
key, longer ipsec/ike timeout
Estimate max you might get ~ 15M
-luan
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Grant Moerschel
Sent: Monday, October 03, 2005 10:45 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] VPN max throughput
We terminate 3DES VPN connections on a 7206 without an accelerator. The
Internet connection is a burstable OC3 (155 Mbps). I am looking for a list
of things to consider that will affect max throughput for the VPN
connection. Things I can think of are:
1) capacity of 7206 for vpn
2) latency between the headends which is about 20ms
3) IPsec overhead
4) Packet size
5) The Internet paths through which data flows.
What is a good method to estimate the max I might be able to realize and
what knobs might I be able to change to get more throughput? We'd like to
get 70 Mbps for quick bursts. Am I dreaming?
Thanks, Grant Moerschel * gm -at- wavegard.com
____________________________________________
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list