[c-nsp] 7600 vs. 7200 vs. ASR1000 for multi-gigabit encryptedtraffic?
Lasher, Donn
DLasher at newedgenetworks.com
Tue May 27 17:17:02 EDT 2008
>A 7206VXR even with a NPE-G2 will in no way be able to handle the
>traffic demands you're looking at. I can't speak for the ASR, but if
>you're looking for multi-gigabit encrypted links I'd look at the 7600
>with the IPSEC offload SIP/SPAs.
At least on paper, the SA-VAM2, and C7200 VSA modules, in a 7200/NPE-G2
could at least make a good showing at what you're talking about here.
The C7200 module, goes into the "IO" slot in the front, and is on its'
own 600m bus, not shared with the slots. Stats look like this:
(http://www.cisco.com/en/US/partner/docs/ios/12_4t/12_4t11/ft_vsa1.html)
------------------
The VSA provides hardware-accelerated support for multiple encryption
functions:
*128/192/256-bit AES in hardware
*DES standard mode with 56-bit key: Cipher Block Chaining (CBC)
*Performance to 900 Mbps encrypted throughput with 300-byte packets and
1000 tunnels
*5000 tunnels for DES/3DES/AES
*Secure Hash Algorithm1 (SHA-1) and Message Digest 5 (MD5) hash
algorithms
*Rivest, Shamir, Adelman (RSA) public-key algorithm
*Diffie-Hellman Groups 1, 2 and 5
-----------------
I agree, a 6500/7600 chassis would scale better, but the 7200 could take
a decent shot.
More information about the cisco-nsp
mailing list