[c-nsp] IPsec Throughput on Cisco 800 series routers

Pete S. pshuleski at gmail.com
Tue Jul 29 22:43:21 EDT 2008


During our ipsec testing (best case scenario, back to back encrypted
tunnel, adjusted mss of 1436bytes) we were pushing about 20Mbps with
ftp traffic.  Adjusting MTU down to 64bytes, I believe we were,
understandably so, only reaching about 6-8Mbps.  Still more than
enough to saturate most DSL, and some cable connections.   The router
CPU was of course at or near maxed out during both tests.  CBWFQ also
held out extremely well in the tests, although i cannot remember
specifics, just that the call did not drop or get choppy.  I think the
throughput speeds were similar.

The 871 is our standard remote client hardware VPN solution, and we
haven't had any issues yet.  If you aren't maxing out the CPU, you're
probably not having a throughput issue.



On Tue, Jul 29, 2008 at 2:46 PM, Bryan Welch <Bryan.Welch at digeo.com> wrote:
> Greetings, anyone have any 800 series routers deployed to remote sites
> to terminate vpn tunnels?  We have an 871 deployed to a remote
> location/country that we are experiencing some throughput issues with.
>
>
>
> Router seems to handle the traffic just fine, no errors what so ever.
>
>
>
>
>
>
>
> TIA,
>
>
>
>
>
> Bryan
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list