I haven't tested all the features that you are interested in, but have done the following:
1) IPSEC benchmarked the 7120, which should likewise aply for the 7140. In this process, we tested the 7120, with an ISM (encryption accelerator) with 1/4 meg RAM and IOS 12.1.11be. The 7120 was tested for IPSEC performance for packet sizes between 128 byte and 1408 bytes, with incremental packet size increments of 128 bytes. We also tested performance for each packet size at data rates between 10 and 100 mbs. We found that the lowest packet sizes (128 bytes) supported 20 mbs data rates, no errors and highest packet sizes (1408 bytes) supported 70 mbs, no errors. We found no-error data rates to increase fairly linearly with packet sizes. Data rate jitter had little effect on performance. The 7120 also supported BGP and IPCEF in a full hub-spoke VPN mesh. Be aware; we failed *many* IOS versions on the way to passing 12.1.11be for the 7120. The 7120 with 12.1.11be has proven to be a very reliable IPSEC platform, unlike many earlier deployed versions.
The 1720 with a hardware accelerator and IOS 12.1.2T was tested along the same lines as above, and we found the 1720 to support 768kbs for 128 byte packets and 1.4mbs for 1408 packet sizes. We did not test the 1720 in a dense VPN mesh as we had the 7120, but weren't convinced that it was necessary. Again, we failed numerous IOS versions, before passing 12.1.2T.
For both benchmarks, aggregate traffic throughput was the same, regardless of data uni or bidirectionality.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...