I carried out some performance tests between a Cisco 2911 router and a Linksys RV082. Specifically I tested the throughput of both devices in a Site-to-Site VPN context. What follows are the details of how I designed the tests. See the attached diagram for a visual representation.
At site A I placed both the 2911 and the RV082 routers. Both devices routed their WAN traffic through the same Internet link (ISP A in the diagram). I also placed File Server A.
At Site B I placed another 2911 which was connected to the public Internet through its own leased line (ISP B). There was also File Server B. During the tests, all devices at both sites were not subjected to any other load than the load imposed by the tests. Likewise, links A and B were not subjected to any traffic except the traffic from the tests. The 2911's at both sites were running the same IOS version [15.1(4)M3].
So, I configured two IPSec Site-to-Site VPN's like so:
i) Between the 2911 at site A and the 2911 at site B.
ii) Between the RV082 at site A and the 2911 at site B.
The configuration of the 2911's consisted of the bare minimum for the VPN's to exist. The same goes to the RV082. There were no ACL's on the 2911's except those needed to underpin the VPN's. The IPSec parameters (Phases 1 and 2) were the same for both VPN's for the tests to be comparable.
Then I scheduled a script on File Server A to run automatically late at night and copy several binary files of different sizes (small/medium/large) from File Server A to B and then from File Server B to A, sequentially, in an alternating manner (never simultaneously). Half the copies were routed through the VPN on the 2911 at Site A whereas the other half were routed through the VPN on the RV082 at the same site A. At site B everything (switches, routers, file server and ISP link) remained invariant. The script ran four times on four different days, taking over 7 hours to complete each run. All times were measured and compared.
Frankly, I expected the 2911 at site A to outperform the RV082. But what I got was totally the opposite: The file transfers from File Server A to B and from File Server B to A were in average 12% faster when done through the VPN on the Linksys RV082 at site A than when done through the VPN on the Cisco 2911 at the same site A. The readings were consistent along four days of tests.
Considering all hardware (except the 2911 and RV082 at Site A), software and internet pipes remained unchanged throughout the performance tests, how could the numbers have favored the low-end Linksys router? My guess is that the stability, reliability and resilience of Cisco's IOS in general and the encryption underpinnings in particular come at a price: more checks translates to less throughput. Maybe the IPSec implementation of the RV082 is less conservative and thus faster?