VPN IPsec accelerator module in CAT6500

Unanswered Question
Aug 12th, 2010

Hi,

We have a VPN accelerator module in a CAT 6500/Sup2. A tunnel is configured on this switch and use this module to accelerate IPsec encryption. Now, the CPU usage of this switch is a bit of high, once in a while. I suspect it is something to do with the encryption. I am just wondering, is there any way that I know it?

for instance, is there any tunnel related traffic or processing is directed to RP, in stead of staying in the accelerate module? how efficent the module is beng used? is the module overload?

thanks,

Han

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Fri, 08/13/2010 - 08:34

Han,

As far as I remember ISAKMP is still handled by the software even if VPNSM/VPN SPA is present.

VPN modules handle actual  encryption/decryption.

Can you please share your crypto configuration (IP addresses masked if need to) and "show module" outputs?

How regular is that high CPU every hour, every day?

Marcin

edit: Frogot to add link re performance:

http://www.cisco.com/en/US/prod/collateral/modules/ps8768/ps4221/product_data_sheet09186a00800c4fe2.html

Actions

This Discussion