[c-nsp] 3640 and 3DES IPSec
Ted Mittelstaedt
tedm at toybox.placo.com
Wed Sep 21 12:08:40 EDT 2005
what about switching to single DES not triple DES?
Ted
>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of barney gumbo
>Sent: Monday, September 19, 2005 11:59 AM
>To: cisco-nsp at puck.nether.net
>Subject: [c-nsp] 3640 and 3DES IPSec
>
>
>Can anyone provide info on realistic CPU utilization
>expectations for a 3640
>running NAT overload, CBAC, IPSec 3DES for encryption, GRE over
>the IPSec,
>with BGP as the routing protocol, with a single T1 to the
>internet for the
>IPSec transport?
>
>When there is approx 900 kbps in/out on the T1, CPU utilization
>on a 3640 I
>have is between 99-100%. Show proc cpu has the encryption
>process using 75%
>of the CPU consistently.
>
>The BGP process has approx 100 routes, it is used for internal
>routing, not
>peering with internet routers. There is nothing else
>interesting happening
>on the router, the only traffic being NAT'd is the IPSec/GRE
>tunnel. CBAC
>looks normal as well.
>
>I don't recall ever seeing this type of CPU utilization for
>IPSec before. I
>did some research and can't find any hard numbers. I know a basic VPN
>accelerator module is supposed to be able to support approx 10
>Mbps in/out
>for 3DES IPSec, I hope a standard 3640 can support at least 1 Mbps.
>
>Can anyone provide any real world experience with throughput on
>a 3640 with
>the config and operations mentioned above?
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>--
>Internal Virus Database is out-of-date.
>Checked by AVG Anti-Virus.
>Version: 7.0.344 / Virus Database: 267.10.18/86 - Release Date:
>8/31/2005
>
More information about the cisco-nsp
mailing list