recently we had some performance issues with C2811 which caused us to do some lab testing. For testing we used also C1812. The results were quite surprising for us, as the C1812 appeared to be more efficient than C2811. Below you can see the lab scenario and results.
I'd appreciate very much an answer or any suggestions for 2 questions:
1. Why C2811 is performing worse than C1812?
2. Is there any official Cisco reference stating what are the max VPN throughputs of certain platforms/models? (we consider migration to C2900 platform and would like to choose the right model)
All routers had enabled onboard hw VPN modules and SEC/K9 IOS ver. Configuration was very simple and beside encryption there were also GRE tunnels configured and EIGRP process for routing between "remote LANs". Part of conf responsible for encryption:
I have the same setup in my lab environment as you and I have an GRE/IPSec tunnel between 2811 and 1841. I am not running dynamic routing protocol between the two and I am able to push 50Mbps between the two without any issues.
I also test with Iperf as well. In my situation, it is the 1841 that is the limitation factor. On the 2811, I enabled the on-board AIM encryption card. On the 2811 at 50Mbps, CPU is running around 50% and that I am running version 12.4(T)24 on the 2811
Many thanks to Olivier for these valuable data and resources. It's a big support for people who need to decide which router to choose. I placed this whitepaper on this thread as it can also help others and normal access to it is restricted.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :