here is the "show version" on the 7201:

c7201>sh ver

Cisco IOS Software, 7200 Software (C7200P-ADVIPSERVICESK9-M), Version 12.4(15)T11, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Thu 29-Oct-09 04:02 by prod_rel_team

ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)

BOOTLDR: Cisco IOS Software, 7200 Software (C7200P-BOOT-M), Version 12.4(15)T10, RELEASE SOFTWARE (fc3)

KWANKTLRT72001 uptime is 26 weeks, 4 days, 5 hours, 43 minutes

System returned to ROM by power-on

System image file is "bootflash:c7200p-advipservicesk9-mz.124-15.T11.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 7201 (c7201) processor (revision B) with 1966080K/65536K bytes of memory.

Processor board ID 78010180

MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2

1 slot midplane, Version 2.1

Last reset from power-on

1 FastEthernet interface

4 Gigabit Ethernet interfaces

1 Serial interface

2045K bytes of NVRAM.

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

c7201>

Can you tell me the IPSec throughput on the 7201?

thanks in advance

I'm out of my depth here, David.  Can you post the output to the command "sh inventory"?

c7201>show inventory

NAME: "Chassis", DESCR: "Cisco 7201, 1-slot chassis"

PID: CISCO7201         , VID:    , SN: 78010180  

NAME: "module 1", DESCR: "Serial T3+"

PID: PA-T3+=           , VID:    , SN: 36986175  

NAME: "Power Supply 1", DESCR: "Cisco 7201 AC Power Supply"

PID: PWR-7201-AC       , VID:    , SN:           

NAME: "Power Supply 2", DESCR: "Cisco 7201 AC Power Supply"

PID: PWR-7201-AC       , VID:    , SN:           

NAME: "c7201", DESCR: "Cisco 7201 Network Processing Engine"

PID: CISCO7201           , VID: V02 , SN: JAE1345NGXF

c7201>

Cisco IOS Software images dedicated for the Cisco 7201 will have the file names starting with "c7200p", the same as those for the Cisco 7200 NPE-G2 Network Processing Engine.

The above bit was taken from the 7201 Data Sheet.  So I guess you are looking at an NPE-G2 line card, which is rated at 1,024 Mbps without any form or encryption.  So I would surmiss that your 7201 can push around 600 Mbps of encrypted traffic (one-way only).

The above bit was taken from the 7201 Data Sheet.  So I guess you are looking at an NPE-G2 line card, which is rated at 1,024 Mbps without any form or encryption.  So I would surmiss that your 7201 can push around 600 Mbps of encrypted traffic (one-way only).

Hi Leo,

I am not interested in throughput for "unencrypted" traffics.  I am only intersted in throughtput for "encrypted" traffics.

Are you saying that the 7201 can push 600Mbps of "encrypted" AES-256/SHA/DH-5 with PFS group5, based on what you see on my "show inventory" WITHOUT any encryption acceleration card?

My question is a very simple one.  with the 7201 that I currently have, how much IPSEC througput can it process for AES-256/SHA/DH-5 with PFS group5?

WITHOUT any encryption acceleration card?

Can you post the output to the command "sh crypto eng brief"?

c7201>show crypto engine brief

        crypto engine name:  Cisco VPN Software Implementation

        crypto engine type:  software

             serial number:  04A65744

       crypto engine state:  installed

     crypto engine in slot:  N/A

c7201>

so WITHOUT hardware VPN acceleration card, how much IPSec AES-256/SHA/DH group5 with PFS group5 can my 7201 push?

so WITHOUT hardware VPN acceleration card, how much IPSec AES-256/SHA/DH group5 with PFS group5 can my 7201 push?

I'm really out of my depth here, David.  First time I've seen a router this big without an encryption card.

But if you permit me to make a guess, I'd say 600 Mbps, however, with encryption being done on software and how it affects the CPU of your hardware, I'd say 450 Mbps in a single direction.

Best bet is to raise a TAC Case.  Maybe someone like Paolo can chime in. 

Here is what I've found after some testing:

- Cisco 7201 without encryption card can handle about 95Mbps IPSec with CPU at 99% utilization.  @95Mpbs IPSec, the router becomes extremely sluggish,

- Cisco 3845 with AIM card can handle about 146Mbps of IPSec traffics with CPU at 99% utilization.  @146Mbps, the router becomes sluggish but not as much as the cisco 7201,

- Cisco 3945 with VPN card will push only 85Mbps without the advanced license. 

- ASR 1002 can easily push well above 900Mbps IPSec traffics and the router is extremely fast