[c-nsp] 3640 and 3DES IPSec
barney gumbo
barney.gumbo at gmail.com
Mon Sep 19 14:59:28 EDT 2005
Can anyone provide info on realistic CPU utilization expectations for a 3640
running NAT overload, CBAC, IPSec 3DES for encryption, GRE over the IPSec,
with BGP as the routing protocol, with a single T1 to the internet for the
IPSec transport?
When there is approx 900 kbps in/out on the T1, CPU utilization on a 3640 I
have is between 99-100%. Show proc cpu has the encryption process using 75%
of the CPU consistently.
The BGP process has approx 100 routes, it is used for internal routing, not
peering with internet routers. There is nothing else interesting happening
on the router, the only traffic being NAT'd is the IPSec/GRE tunnel. CBAC
looks normal as well.
I don't recall ever seeing this type of CPU utilization for IPSec before. I
did some research and can't find any hard numbers. I know a basic VPN
accelerator module is supposed to be able to support approx 10 Mbps in/out
for 3DES IPSec, I hope a standard 3640 can support at least 1 Mbps.
Can anyone provide any real world experience with throughput on a 3640 with
the config and operations mentioned above?
More information about the cisco-nsp
mailing list