[c-nsp] 3640 and 3DES IPSec
FXCM - Brandon Palmer
bpalmer at fxcm.com
Mon Sep 19 23:02:10 EDT 2005
>>> barney gumbo <barney.gumbo at gmail.com> 2005.09.19 14:59:28 >>>
Can anyone provide info on realistic CPU utilization expectations for a 3640
running NAT overload, CBAC, IPSec 3DES for encryption, GRE over the IPSec,
with BGP as the routing protocol, with a single T1 to the internet for the
IPSec transport?
3640s are a dog for IPsec. For T1s, use 2811-k9 or for T3s use 2821s.
IPSec without the AIM modules (part of the 2800s by default, but not on the 3640s) kills the router CPU.
On our 2821s, we see full speed crypro on the T3. The 2811s don't even break a sweat with 4 T1s. A 3725 started crying at about 4mb/s unless we added an AIM module.
- Brandon
More information about the cisco-nsp
mailing list