cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
357
Views
0
Helpful
1
Replies

Hardware Encryption Modules

padamjain
Level 1
Level 1

Hi,

I am planning to install a Gigabit point-to-point connection over Cisco 7206VXR_NPE-G2 and VSA to achieve IPSec 3DES encryption over the full service bandwidth.

According to product release notes for VSA the supported throughput is 950 MB for IPSec 3DES.

I want to understand whether the remaining 50Mb gets off-loaded to IOS based encryption (parent processor) or will the VSA be able to sustain the additional 50Mb as well?

In case the overload (above 950) gets off-loaded to main processor (NPEG2 processor) then what is the limit upto which the main processor can support IPSec encryption?

Reason I ask: I intend to configure the solution in future to deliver 2Gb towards WAN and corrospondingly I will add one PA-GE to deliver 2Gb towards LAN.

So, the existing VSA will support 950 and I want to understand how will it be possible to support remaining IPSec encryption and how scalable the solution can be?

Thanks in advance,

- PJ

1 Reply 1

a.kiprawih
Level 7
Level 7

The hardware encryption module will normally offload router cpu processing. The VPN Service Adapter's 950Mbps 3DES encryption throughput means more or less it will throttle down the normal cleartext speed to 50Mbps or less, but will not drop the queue packets. This is due to the encrypt/decrypt of 3DES process which basically takes longer time compared to DES.

Throughput:

DES/3DES/AES

- 950/960 Mbps for 1400 byte packets

- 920 Mbps for 300-byte packets

http://www.cisco.com/en/US/products/hw/routers/ps341/products_data_sheet0900aecd8047192f.html

http://www.cisco.com/en/US/products/hw/routers/ps341/products_qanda_item0900aecd80471935.shtml

HTH

AK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: