[c-nsp] VPN max throughput

Grant Moerschel gm at wavegard.com
Mon Oct 3 11:54:45 EDT 2005 

According to Cisco marketing proganda a 7206vxr with a vam2 can do 
260Mbps but you say ~15Mbps.  What am I missing here?  That's a big 
difference!

-Grant


Luan Nguyen wrote:
> You are dreaming :)
> I would buy a vam2 accelerator card and put in npeg1 so you could use the 3
> gig/faste port on there without affecting the backplane...then we are
> talking about you might get to your dream with oh..say 90% cpu utilization.
> If I remember correctly, the package of npeg1/vam2 cost about 7000 US
> 1)	7206 with npeg1 probably won't get near 100Mbps for clear ip trafic.
> Capacity of the 7206VXR 		will exceed your
> no-accl-card-3des-vpn
> 3&4)	ipsec overhead = yes.  Avoid fragmentation if possible.  Packet size
> around 1200 seems to get	better thruput.
> 
> So I would suggest...use des, 1200 packetsize, no keepalive, short preshared
> key, longer ipsec/ike timeout
> Estimate max you might get ~ 15M
> 
> -luan
> 
>  
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Grant Moerschel
> Sent: Monday, October 03, 2005 10:45 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] VPN max throughput
> 
> We terminate 3DES VPN connections on a 7206 without an accelerator. The
> Internet connection is a burstable OC3 (155 Mbps).  I am looking for a list
> of things to consider that will affect max throughput for the VPN
> connection.  Things I can think of are:
> 
> 1) capacity of 7206 for vpn
> 2) latency between the headends which is about 20ms
> 3) IPsec overhead
> 4) Packet size
> 5) The Internet paths through which data flows.
> 
> What is a good method to estimate the max I might be able to realize and
> what knobs might I be able to change to get more throughput?  We'd like to
> get 70 Mbps for quick bursts. Am I dreaming?
> 
> Thanks, Grant Moerschel * gm -at- wavegard.com
> ____________________________________________
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list