nanog mailing list archives

RE: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2

From: "Rettke, Brian" <Brian.Rettke () cableone biz>
Date: Thu, 18 Nov 2010 15:55:50 -0700

Do you have the VPN/SSL AIM module? That would offload the crypto work. Supposedly capable of full 100Mbps line rate, I 
have them in 2811s.

Sincerely,

Brian A . Rettke
RHCT, CCDP, CCNP, CCIP
Network Engineer, CableONE Internet Services


-----Original Message-----
From: Seth Mattinen [mailto:sethm () rollernet us]
Sent: Thursday, November 18, 2010 3:48 PM
To: nanog () nanog org
Subject: Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2

On 11/18/2010 14:39, Pete Lumbis wrote:

This is probably more appropriate for the cisco-nsp list, but what
process is taking up the CPU or is it due to interrupts?
To the best of my knowledge the crypto should be hardware accelerated,
while everything else is going to be done in software on the 3800.



The ISR series do have onboard hardware crypto, but I don't know offhand
if it can handle a full DS3 worth.

My first guess is fragment reassembly would probably kill it fast.

~Seth

Current thread:

Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Christopher J. Pilkington (Nov 18)
- Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Pete Lumbis (Nov 18)
  - Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Seth Mattinen (Nov 18)
    - RE: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Rettke, Brian (Nov 18)
    - RE: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Sam Chesluk (Nov 18)
    - Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Christopher J. Pilkington (Nov 19)
    - Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Michael Ulitskiy (Nov 19)
    - Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Pete Lumbis (Nov 19)
    - Re: Cisco GRE/IPSec performance, 3845 ISR/3945 ISR G2 Christopher J. Pilkington (Nov 19)