Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3.11 in AWS - Max IPSEC Tunnels

Hello,

I'm trying to properly scale an AMI instance that will support the 400 IPSEC tunnel limit. There are multiple instance types available under the BYOL program, with varying price options. I can't find where in the documentation a specific instance type is required when scaling IPSEC. Any guidance or tips are much appreciated.

Thanks

5 REPLIES
New Member

Hello ,First limiation is

Hello ,

First limiation is license :

http://www.cisco.com/c/en/us/td/docs/routers/csr1000/release/notes/csr1000v_3Srn.html

Table 3 tells you how many tunnels you can run depending on licensing scheme.

Most important thing is that CSR will do crypto in software , which is not as efficient as hardware platforms.

Here are some test results for imix traffic ( imitation of real traffic ):

Throughput :

1 vCPU

1 Tunnel - 110 mbps

100 Tunnels - 95 mbps

2 vCPU

1 Tunnel - 169 mbps

100 Tunnels - 172 mbps

4 vCPU

1 Tunnel - 189 mbps

100 Tunnels - 177 mbps

 

As you can see number of tunnels is not as such important as throughput.
As for the RAM you can get little bit more that minimum required but RAM is mostly needed for BGP configurations, for IPSec it shouldnt be critical.

Best Regards
Dawid

New Member

Thank you Dawid for the

Thank you Dawid for the feedback.

 

Ive read the release notes document you reference, but it does not specifically address the 3.11 50Mbps Advanced package. Do you know where I might find this reference? I've searched for and read all the CSR product guides and release notes to which I have access.

 

Thank you

New Member

Hi,I have confirmed with

Hi,

I have confirmed with development,

"It's 150  (same as 50M perpetual license)"

Hope it helps.

Best Regards,

David

P.S.

We have just corrected the documentation to remove the confusion for 3.11:

http://www.cisco.com/c/en/us/td/docs/routers/csr1000/release/notes/csr1000v_3Srn.html

Hope it helps.

New Member

Thank you.Is the 150 figure a

Thank you.

Is the 150 figure a hard limit, imposed by some form of software/hardware limitation, or is 150 the expected maximum supported number of tunnels that can achieve the published throughput figures.

 

Can we scale past 150 tunnels if the per-tunnel throughput is very, very low.

 

Thanks,

Jese

New Member

Hi,I have confirmed with

150 is the hard limit imposed by software. It will not allow you to configure more.

259
Views
0
Helpful
5
Replies
CreatePlease login to create content