Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
5
Helpful
6
Replies

Query on VAM2+

Go to solution
vaibhav-g
Level 1
Level 1

‎11-25-2008 09:57 PM - edited ‎03-04-2019 12:30 AM

Hi Team

In the output of "show crypto engine accelerator statistic" command, what is the significance of "ppq full errors" and "replay errors" and how can we reduce them?

Regards

Vaibhav

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
6 Replies 6

Go to solution
vaibhav-g
Level 1
Level 1
In response to Giuseppe Larosa

‎11-26-2008 12:56 AM

Hi

one last query

Thanks for the info. My orginal query still remains unanswered. According to the datasheet sent by you earlier, Cisco 7206 can support 5000 tunnels with 280 Mbps of encrypted data (with NPE-G1 processor) But, the the particular device in question is currently working with 600 approx. tunnels and 100Mbps of encrypted data, that too with a NPE-G2 processor. Can this device support the tunnels and encrypted data as given in the datasheet with the present memory and config (show tech sent earlier) Then, why is the device showing ppq full errors with 1Gb of RAM? What is the solution to ppq errors and replay errors?

Kindly treat this on priority.

Regards

Vaibhav

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to vaibhav-g

‎11-26-2008 04:13 AM

Hello Vaibhav,

ppq errors means protected packets queues and refers to queues on the VAM2+

Number of packets dropped because of a lack of space in the packet processing queues for the VAM. This usually means that input traffic has reached VAM maximum throughput possible.

So the 1GB RAM of NPE-G2 plays no role here.

data sheet notes:

Throughput-Single VAM2+*

Up to 280 Mbps using 3DES or AES

As measured with IPSec 3DES HMAC-SHA1 on 1400 byte packets.

1400 bytes packets means:

280 Mbps / ((1400+100)*8) means 23,350 pps

So if your packets are smaller for example you are carrying VoIP packets inside the tunnels you can have an higher packet rate with 99 Mbps.

How to avoid errors:

I would consider in the mid long term to use two C7206VXR with VAM2+ and/or also to perform a design review.

Take in account also an upgrade of IOS, because in my case was needed.

Hope to help

Giuseppe

Go to solution
vaibhav-g
Level 1
Level 1
In response to Giuseppe Larosa

‎11-26-2008 04:30 AM

Hi Guseppe

Thanks a lot for such kind support.

Thank you so much

Regards

Vaibhav

0 Helpful

Go to solution
vaibhav-g
Level 1
Level 1
In response to vaibhav-g

‎11-26-2008 09:15 PM

Hi,

Thanks a lot for the valuable info.

Any word on the maximum packets per second supported by VAM2+

Also, any suggestion for the IOS?

Regards

Vaibhav

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to vaibhav-g

‎11-26-2008 11:23 PM

Hello Vaibhav,

we moved successfully to 12.4(20)T same feature set with your current release that was suggested by TAC we could never make stateful IPsec to work.

About the VAM2+ capabilities in pps: I think there is more more work in encryption of decryption of packets: part of the workload is dependent on the number of IP headers to be modified so my guess is that at least the queues are more used with many packets waiting to be encrypted or decrypted and so increasing the probability of some tail queue drops when the queues are full. ans this is exactly the description of pps errors.

What is this number of max pps I'm afraid it is not declared in the datasheet.

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card