[c-nsp] RE: VPN max throughput

Luan Nguyen luan.nguyen at mci.com
Mon Oct 3 12:19:49 EDT 2005


Sorry.  I was saying I guess your throughput for no accelerate card to be
~15M
For vam2 with npeg1, you could get to 70M bidirectional...which is very
good.
Usually you take 260M /2 for bidirectional then /2 which is about right :)
sorry Cisco.

-luan

-----Original Message-----
From: Grant Moerschel [mailto:gm at wavegard.com] 
Sent: Monday, October 03, 2005 11:55 AM
To: Luan Nguyen
Cc: cisco-nsp at puck.nether.net
Subject: VPN max throughput

According to Cisco marketing proganda a 7206vxr with a vam2 can do 260Mbps
but you say ~15Mbps.  What am I missing here?  That's a big difference!

-Grant


Luan Nguyen wrote:
> You are dreaming :)
> I would buy a vam2 accelerator card and put in npeg1 so you could use 
> the 3 gig/faste port on there without affecting the backplane...then 
> we are talking about you might get to your dream with oh..say 90% cpu
utilization.
> If I remember correctly, the package of npeg1/vam2 cost about 7000 US
> 1)	7206 with npeg1 probably won't get near 100Mbps for clear ip trafic.
> Capacity of the 7206VXR 		will exceed your
> no-accl-card-3des-vpn
> 3&4)	ipsec overhead = yes.  Avoid fragmentation if possible.  Packet size
> around 1200 seems to get	better thruput.
> 
> So I would suggest...use des, 1200 packetsize, no keepalive, short 
> preshared key, longer ipsec/ike timeout Estimate max you might get ~ 
> 15M
> 
> -luan
> 
>  
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Grant 
> Moerschel
> Sent: Monday, October 03, 2005 10:45 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] VPN max throughput
> 
> We terminate 3DES VPN connections on a 7206 without an accelerator. 
> The Internet connection is a burstable OC3 (155 Mbps).  I am looking 
> for a list of things to consider that will affect max throughput for 
> the VPN connection.  Things I can think of are:
> 
> 1) capacity of 7206 for vpn
> 2) latency between the headends which is about 20ms
> 3) IPsec overhead
> 4) Packet size
> 5) The Internet paths through which data flows.
> 
> What is a good method to estimate the max I might be able to realize 
> and what knobs might I be able to change to get more throughput?  We'd 
> like to get 70 Mbps for quick bursts. Am I dreaming?
> 
> Thanks, Grant Moerschel * gm -at- wavegard.com 
> ____________________________________________
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list