Router Performance

Unanswered Question
Oct 7th, 2008

Hi,

I currently have a 2611XM and a 1720 router setup with a GRE tunnel between them running over Ipsec.

When I run 'show processes cpu', the 'Encrypt Proc' process is always consuming a high percentage of the cpu resources. This affects the throughput I'm getting as well as the general responsiveness of the routers. The overall CPU usage hovers around 96% when there is high data throughput. This is on both routers.

I am likely to want to setup additional VPN tunnels that terminate at these routers. Do I need to look at replacing these routers, with 1800 series routers for example?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Joseph W. Doherty Tue, 10/07/2008 - 07:26

I believe both the 2600 and 1700 series supported some AIM encryption modules, but also believe the original modules have gone end-of-sale and don't know whether either of the older router series are supported by the newer encryption modules. An encyption module should bring CPU usage down.

As to your question of needing newer routers for additional VPN tunnels, if the overall traffic load wasn't being increased, I would think additional tunnels, alone, might not have a dramatic impact on CPU load but with your CPU load already about 96%, likely you would benefit from having hardware encryption that should be available in a newer series routers (some of which now provide basic hardware encyption as part of the standard platform).

is66rlhntadm Tue, 10/07/2008 - 08:16

for the 2600 you should be able to get a

AIM-vpn/(bp, ep, hp) or maybe even a

AIM-vpn/(bp, ep, hp)II

I'm not sure if the Aim-vpn/xxII plus would work in it

as for the 1700 I don't think it supports one

if you upgrade to a 2800 then you could go to the current aim-vpn/ssl-1 or -2

Actions

This Discussion