Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

IOS version

Hi,

Could anyone advise of the most stable IOS version to do IPsec/FW and IDS on 1710,1720 and 7140 routers ?

Thanks,

Guy

1 REPLY
Community Member

Re: IOS version

Hello Guy;

I haven't tested all the features that you are interested in, but have done the following:

1) IPSEC benchmarked the 7120, which should likewise aply for the 7140. In this process, we tested the 7120, with an ISM (encryption accelerator) with 1/4 meg RAM and IOS 12.1.11be. The 7120 was tested for IPSEC performance for packet sizes between 128 byte and 1408 bytes, with incremental packet size increments of 128 bytes. We also tested performance for each packet size at data rates between 10 and 100 mbs. We found that the lowest packet sizes (128 bytes) supported 20 mbs data rates, no errors and highest packet sizes (1408 bytes) supported 70 mbs, no errors. We found no-error data rates to increase fairly linearly with packet sizes. Data rate jitter had little effect on performance. The 7120 also supported BGP and IPCEF in a full hub-spoke VPN mesh. Be aware; we failed *many* IOS versions on the way to passing 12.1.11be for the 7120. The 7120 with 12.1.11be has proven to be a very reliable IPSEC platform, unlike many earlier deployed versions.

The 1720 with a hardware accelerator and IOS 12.1.2T was tested along the same lines as above, and we found the 1720 to support 768kbs for 128 byte packets and 1.4mbs for 1408 packet sizes. We did not test the 1720 in a dense VPN mesh as we had the 7120, but weren't convinced that it was necessary. Again, we failed numerous IOS versions, before passing 12.1.2T.

For both benchmarks, aggregate traffic throughput was the same, regardless of data uni or bidirectionality.

85
Views
0
Helpful
1
Replies
CreatePlease to create content