GET VPN and required equipment

Unanswered Question

I am implementing GET VPN over an MPLS network.  I understand I will need a distinct router for a key server.  I currently have a 7206  NPE/G2 in my  data center  that serves as a central site aggregation router for the MPLS network.  Can this 7206 also serve as the GET VPN group member or should the GM  be a separate router?  I plan to install a VAM2+ in the 7206 if it serves as both WAN aggregration router and GM.  At my remote offices 2811 routers  terminate MPLS links.  Do I need to install AIM encryption cards in the 2811 routers to achieve acceptable encryption performance or do the native routers have enough capacity?  Thank you for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Todd Pula Fri, 06/04/2010 - 11:35
User Badges:
  • Silver, 250 points or more

I would start by reviewing Chapter 3 of the GETVPN design guide below.  The recommended deployment model will include separate routers at the data center for the KS(s), GM(s), and WAN edge.  Whether or not you require AIM modules will come down to the clear LAN throughput you will require.  This chapter includes a chart for GM throughput with onboard and AIM for three classes of packet types.


This Discussion