GRE/IPSec Performance

bjssccouser · ‎05-07-2009

Hi,

I currently have a GRE/IPSec tunnel setup between 2 2611XM routers with 4 Mbs bandwidth between the 2 sites. When transferring data between the 2 sites I get around 90Kbs over the GRE/IPSec tunnels and the CPU usage maxes out during the data transfer. Without IPsec I get usage of the full bandwidth.

I'm looking to replace these routers with a couple of Cisco 1812's or maybe even Cisco 871's, as this link is only a backup.

Does anyone know what the performance of these 2 routes is like with reagrds to GRE/IPSEC?

Thanks

lamav · ‎05-07-2009

Have you tried adjusting the MTU to accomodate the larger packets? With the added overhead of IPSec and GRE, your packets may be getting fragmented, causing delay and CPU overutilization.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

HTH

Victor

Joseph W. Doherty · ‎05-07-2009

Do you have an encryption module within your 2611XM? If not, could account for the high CPU and part of the low performance.

"Does anyone know what the performance of these 2 routes is like with reagrds to GRE/IPSEC? "

See attachment.

bjssccouser · ‎05-07-2009

Thanks for this. My 2611XM doesn't have an encryption module. According to the spec sheet the 3DES performance almost doubles between the 2600XM's and the 1800's, which is promising. Although if I get less than 1Mbs currently, what does this say about what I'm likely to get on the 1800!

For now, I've actually offloaded the IPSec tunnel onto a PIX which is sat infront of the router and just kept the GRE tunnel at the 2600XM, which works well. But I'd like have both on one device for simplicity's sake.