Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec Maximum throughput enquiry

Hi All

I would like to know what would happen to traffic exceeding supported maximum encrypted traffic?

With the current ASR1001 2.5G ESP module, Cisco supports upto 1Gbps of IPSec encrypted traffic.

-     My question is what would happen to excess traffic (above 1Gbps) that must be encrypted, will the router drop the excess traffic or pass it through as clear text?

-     If it will send it through as clear text, is there a way i.e show command that I can use to view/check if there was packets that were not encrypted?

I would also appreciate links/url that can provide such information.

Thanks and regards

Mpho

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

IPSec Maximum throughput enquiry

What we quote as max throughput is not a software limitation (with a few notable exceptions of license on ISR G2 and CSR).

What you will find typically is that the packets will be dropped because of taildrop in multiple queues (depending on platform it's to be monitored differently).

VPN is route- or policy-based, routing or policy does not change because of load of device/link (not directly anyway, one might argue PfR would accomplish just that).

M.

2 REPLIES
Cisco Employee

IPSec Maximum throughput enquiry

What we quote as max throughput is not a software limitation (with a few notable exceptions of license on ISR G2 and CSR).

What you will find typically is that the packets will be dropped because of taildrop in multiple queues (depending on platform it's to be monitored differently).

VPN is route- or policy-based, routing or policy does not change because of load of device/link (not directly anyway, one might argue PfR would accomplish just that).

M.

New Member

IPSec Maximum throughput enquiry

Thanks.

247
Views
0
Helpful
2
Replies
CreatePlease to create content