The 2821 is positioned as a WAN edge router capable of handling about 4 T1 worth of sustained throughput with services such as stateful inspection and IDS turned on. It is hard to find performance numbers without services, and the number will kind of be an it depends, average packet size, type of traffic and other variables will come into play, but it definately is not wire speed with it's gig interfaces
Having some trouble posting a file that I got off these forums with that information.
These numbers assume 64byte packets.
The 3640 is between 25.6-36 mbps the 2821 is 87.04
This assume just simple port to port file transfer no extra feature. I would not take these numbers to mean anything about true rates but they do to a point let you compare routers.
You really shouldn't be using a router for ethernet to ethernet traffic. Almost all layer 3 switches are wire speed for almost all functions. The only time I would use a router is if I needed feature like NAT that are not supported on a switch. The main reason to use a router is when you need to hook up some form of circuit.
A layer3 switch (3560 or 3550) tends to be cheaper than a router also.
I would investigate what traffic is hitting this thing , that seems high for only 2 interfaces . What is the process driving the cpu ? Do a show proc cpu sort and post here maybe we can get a better idea . Must be a lot of traffic is not being fast or cef switched . Here is a good page to troubleshoot high cpu . Also look for any code bugs in the version you are running .Also check to make sure fast or cef switching is turned on , by doing a show ip interface command. It could be something someone with a virus or something like that in which case you might use netflow to trace it down.
This router is the last hop before our internet layer with holds out firewalls and VPN concentrators - it is our gateway of last resort. Once traffic gets to this router we use static routes to direct VPN traffic to the concentrator and the rest of the traffic default routes to the firewall. The IOS version is 12.2(26) c3640-ik9s-mz.122-26.bin
I've attached a text file that shows the output of 'sh proc cpu sort'.
Here is the output of 'sh int stats':
ROC-INET-3640#sh int stats
Switching path Pkts In Chars In Pkts Out Chars Out
Is that the full output. I dont see anything worng with the CPU processes.It shows that router is not having any process which is behaving unusual.
If that is not the full output, Please try to paste it.
Check the output of the show interfaces and see if you see something unusual there, like a lots of broadcast. This is interesting. If I were you i would try to use a sniffer and sniff the router port connected to the network, just to see if it is processing some unknown virus or worms traffic. Enable " Ip accounting " on the interfaces and check if you some unusual traffic is being sent by some user.
I opened up a TAC case and was told that we are pushing this router to its limits. They sent me a Router Performance sheet which rates the 3640, doing Fast/CEF switching, at 50 - 70,000 packets per second, or 25 - 36Mbps at 64byte size. And the throughput is less if ACLs, WCCP, QOS etc is applied which all three are in our case. We're trying to push much more than 36 Mbps throught the fastether interfaces and hence the CPU is being pegged.
I agree with the above post - try enabling IP Accounting and NBAR to make sure you don't have "junk" traffic consuming all your bandwidth, then worry about buying new hardware.
The PDF file you mention has been fairly accurate, among the devices I've actually tested. I know for encryption, the CPU load will increase but the 2800 maintains close to wire speeds, whereis the 3600 starts degrading throughput at an incredibly high rate.
I also agree a layer 3 switch would make more sense for Ethernet-Ethernet traffic.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...