[c-nsp] Router recommndation 200 Mbps encryption traffic ( 7200 NPEG2 with C7200-VSA Card)
Geyer, Nick
nick.geyer at eds.com
Tue Oct 9 18:55:27 EDT 2007
It's a G2, early morning typo :)
Nikolas Geyer | Network Delivery - ACT | Implementation Team | EDS
Australia
Level 9, 14 Moore Street, Canberra ACT 2601
t 02 6223 6416 | f 02 6223 6344 | e nick.geyer at eds.com
-----Original Message-----
From: Kevin Graham [mailto:kgraham at industrial-marshmallow.com]
Sent: Tuesday, 9 October 2007 11:52 PM
To: Geyer, Nick; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Router recommndation 200 Mbps encryption traffic (
7200 NPEG2 with C7200-VSA Card)
> We use a 7206 with NPE-G1 and VSA
I believe you mean VAM2/2+ -- VSA is only supported on the NPE-G2.
> supporting ~10-15 tunnels running 150Mbps of throughput (with 1400
> byte packets).
That's capping out the VAM2, you're not going to push it a whole lot
further. (This is frustrating though, as there's no controllable
congestion management to the crypto-engine psuedointerface, nor is there
a good way to gauge its utilization. This gets uglier w/ VAM given the
non-linear performance scaling as SA DB entries increase).
> I don't honestly think you will have any problems at all.
NPE-G1/VAM2+ will get you close, but to do it with any kind of headroom,
really need to bump up to NPE-G2/VSA. The IPSec WAN design guides are
very good (though based on my experience, the performance estimates are
very conservative) and certainly worth a read:
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmig
ration_09186a008074f22f.pdf
(There's a few references to dual-VAM configs, which seem interesting,
but I've never found documentation on that setup, namely how traffic is
balanced out across them).
More information about the cisco-nsp
mailing list