1811 & 3825 Single IPSEC VPN with QoS throughput

Unanswered Question
Jun 4th, 2008


I have looked at the router performance PDF to try to discover max throughput with these two routers however, it only talks about raw throughput with no features enabled!

Can anyone point me in the right direction as what the actual values would be with both a single IPSEC VPN and MQC QoS policing on output interface.

Many Thanks,

Matt Smith

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Wed, 06/11/2008 - 18:17

With regard to VPN, you'll need to find the performance rating for the encryption algorithm you plan to use on the crypto engine you plan to use. (The newer ISRs usually have hardware crypto engine, but some router's performance can be further upgraded with additional crypto hardware.)

With regard to other services, performance impact varies, but assuming you remain with fast path processing, I would suggest to allow for up to about a 20% hit.

If your looking at the something like "Portable Product Sheet - Route Pref", also allow for duplex traffic (i.e. half the value). You can also often get 2x the performance of the @64 byte rating for "normal" sized traffic, but since you don't really want the box to hit 100%, you might half the rating for practical limits. (I.e. these two cancel each other.) Or use about 25% of the raw rating for a "within the ball park" rating.

You can also hunt for Cisco recommendation, such as Table 1 in: http://www.cisco.com/en/US/prod/collateral/routers/ps5854/prod_qas0900aecd80169bd6.html. These often allow sufficient performance for about every possible service to be active.


This Discussion