[c-nsp] IPsec throughput on Cat6800 Sup2T
Łukasz Bromirski
lukasz at bromirski.net
Mon Apr 30 16:14:15 EDT 2018
> On 30 Apr 2018, at 18:01, Hunter Fuller <hf0002 at uah.edu> wrote:
>
> Hi all,
>
> Does anyone know what throughput I can expect from IPsec terminated on a
> Supervisor 2T?
Zero. It’s not supported.
IPsec if it will be available and actually working (IOS code still contains full
IPsec stack, so it may actually work) will hit directly Your CPU. At
good times You may even get some serious Mbit/s but at the expense of
stability of your whole platform.
That’s why IPsec should be offloaded to dedicated SPA.
--
Łukasz Bromirski
CCIE R&S/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A
More information about the cisco-nsp
mailing list