Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Enabling dtls on 2821 sems to bypass hardware accel.

Question - DTLS seems to be bypassing the AIM module:

2821 ISR, ios adventerprisek9_ivs_li-mz.151-4.m5. AIM-VPN/SSL-2 module installed.

Using webvpn without DTLS - CPU spikes a little bit when copying files and speed is fairly slow. Crypto engine stats show traffic is being encrypt/decrypt on the hardware accelerator (either onboard or additional AIM module depending on whats enabled). So it all appears happy - aside from slow speed but that's understandable.

As soon as DTLS is enabled and used - throughput almost triples, encrypt_proc hammers the CPU and the hardware module stats are showing that nothing is being encrypted/decrypted by it. Appears to be solely software based as soon as DTLS is enabled.
 

This is testing with only 1 ssl vpn client(tunnel mode) connected.


Has anyone come across this? or is DTLS actually available but in reality not useable?

 

Thanks.

23
Views
0
Helpful
0
Replies
CreatePlease login to create content