[c-nsp] RE: VPN max throughput
Luan Nguyen
luan.nguyen at mci.com
Mon Oct 3 12:19:49 EDT 2005
Sorry. I was saying I guess your throughput for no accelerate card to be
~15M
For vam2 with npeg1, you could get to 70M bidirectional...which is very
good.
Usually you take 260M /2 for bidirectional then /2 which is about right :)
sorry Cisco.
-luan
-----Original Message-----
From: Grant Moerschel [mailto:gm at wavegard.com]
Sent: Monday, October 03, 2005 11:55 AM
To: Luan Nguyen
Cc: cisco-nsp at puck.nether.net
Subject: VPN max throughput
According to Cisco marketing proganda a 7206vxr with a vam2 can do 260Mbps
but you say ~15Mbps. What am I missing here? That's a big difference!
-Grant
Luan Nguyen wrote:
> You are dreaming :)
> I would buy a vam2 accelerator card and put in npeg1 so you could use
> the 3 gig/faste port on there without affecting the backplane...then
> we are talking about you might get to your dream with oh..say 90% cpu
utilization.
> If I remember correctly, the package of npeg1/vam2 cost about 7000 US
> 1) 7206 with npeg1 probably won't get near 100Mbps for clear ip trafic.
> Capacity of the 7206VXR will exceed your
> no-accl-card-3des-vpn
> 3&4) ipsec overhead = yes. Avoid fragmentation if possible. Packet size
> around 1200 seems to get better thruput.
>
> So I would suggest...use des, 1200 packetsize, no keepalive, short
> preshared key, longer ipsec/ike timeout Estimate max you might get ~
> 15M
>
> -luan
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Grant
> Moerschel
> Sent: Monday, October 03, 2005 10:45 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] VPN max throughput
>
> We terminate 3DES VPN connections on a 7206 without an accelerator.
> The Internet connection is a burstable OC3 (155 Mbps). I am looking
> for a list of things to consider that will affect max throughput for
> the VPN connection. Things I can think of are:
>
> 1) capacity of 7206 for vpn
> 2) latency between the headends which is about 20ms
> 3) IPsec overhead
> 4) Packet size
> 5) The Internet paths through which data flows.
>
> What is a good method to estimate the max I might be able to realize
> and what knobs might I be able to change to get more throughput? We'd
> like to get 70 Mbps for quick bursts. Am I dreaming?
>
> Thanks, Grant Moerschel * gm -at- wavegard.com
> ____________________________________________
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list