cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19310
Views
0
Helpful
5
Replies

3925/3945 IPSec Throughput

b.gamble
Level 1
Level 1

In a previous post I wanted to know about the throughput on a link between a 3825 and 2811 router over an IPSec tunnel. After some discussion it was decide that the IPSec AIMs would help. Before the AIMs I got about 30Mbps, after the AIMs I got about 32Mbps. Before IPSec was added to the link, the speeds were about 85Mbps.

https://supportforums.cisco.com/thread/257204         

The next option is to use the 3900 series ISR G2's. Does anyone have some performance metrics for IPSec tunnels? The datasheet only offers the following:

Embedded IP Security with Security Sockets Layer (IPSec/SSL) VPN hardware acceleration

• Embedded hardware encryption acceleration is enhanced to provide higher scalability, which, combined with an optional Cisco IOS Security license, enables WAN link security and VPN services (both IPSec and SSL acceleration).
• The onboard encryption hardware out-performs the advanced integration modules (AIMs) of previous generations.

ASRs offer better performance but are way over budget and I'd like something that I have the option to do UC with.

5 Replies 5

Edison Ortiz
Hall of Fame
Hall of Fame

We have an 'Ask the Expert' event on ISR G2 https://supportforums.cisco.com/thread/344391?tstart=0 ending on the 11th.

I suggest asking there.

Regards

Edison.

Awesome. Thanks.

Hi Edison,

Thanks for this information. This is really good information. https://supportforums.cisco.com/thread/344391?tstart=0

In this reply from James Ng says that "With IPSEC/AES we can do 848Mbps on a 3945 and 1400byte packets and the  2900s range from 150-280Mbps or so depending on which 2900."

But is there any Cisco document supporting this statement about 848Mbps IPSec throughput on Cisco 3945? Can you please provide the same to me ()?

Regards,

Dhananjay

Hello,


I also would like to know what linerate encryption can be achieved on the ISR G2 series 1900, 2900 and 3900. There is only the datasheets speaking of "speed with concurrent services enabled", but I would like to use these routers primarily for WAN encryption and therefore it would be good to know what speed is realistic.


I was also looking at the forum entry https://supportforums.cisco.com/message/1323809 but it doesn't mention specific details.


Best regards,

Olaf.

nvanhaute
Level 1
Level 1

hi all,

better in all cases is to test by yourself

all these values are only commercial informations and they don't reflect reality

I tried with Iperf/Netpipe 881/1841/3825 and the last 1941 (cpu usage always around 90%) without any other processes (qos, shaping, vlan..) and the tests were only between one computer (on one side) and an other (on the other side)... so very simple tests (using cef) :

between 2x 881 sec/k9 => ipsec (esp md5 tunnel mode aes256 psk) => around 30 Mbps

between 2x1841 hsec/k9 => ipsec (esp md5 tunnel mode aes256 psk) => around 23 Mbps

between 2x 3825 hsec/k9 => ipsec (esp md5 tunnel mode aes256 psk) => around 150 Mbps

between 2x 1941 => ipsec (esp md5 tunnel mode aes256 psk) => around 35 Mbps (so nothing exceptional)

I let you conclude

I'm interested by results with 3945(e)/3925.

regards

Nicolas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco