[c-nsp] 3640 and 3DES IPSec
barney gumbo
barney.gumbo at gmail.com
Thu Sep 22 11:42:41 EDT 2005
In case anyone is interested, disabling IP CEF did not help, it made the
problem slightly worse. In fact, traffic which was generated during the test
(icmp echo-req / echo-reply) was all 1000 bytes long and enough was sent to
generate > 500kbps. With IP CEF disabled, CPU went to 99% before the
throughput reached 450kbps. The pings were through the router, not to/from
any router interface. If anything, I would think packets of the same size
would have been easier to handle. The router is running recent
12.2non-T-train code, I forget the exact dot version.
The comment about "someone provide past experience" was a conversation, not
an off-list reply. Nothing important or interesting has been missed.
On 9/22/05, Kevin Graham <mahargk at gmail.com> wrote:
>
> On 9/21/05, barney gumbo <barney.gumbo at gmail.com> wrote:
> > CEF is currently on, someone provided some past experience where
> > disabling CEF actually helped CPU utilization on a simple two interface
> > router with IPSec/GRE.
>
> Assuming this was true and they were running a reasonably recent
> release, this would be bug behavior. Its a shame they didn't share
> their tuning experiences with the rest of the list.
>
More information about the cisco-nsp
mailing list