Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
938
Views
5
Helpful
4
Replies

VPN throuput on a 2651XM router

Go to solution
ph0enix
Level 1
Level 1

‎06-23-2006 01:03 PM

Where can I find that info?

Also, I got the router used (for close to nothing $) but I know it's worth some $$$. Where can I find out which model it is exactly? "show version" doesn't show much.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to ph0enix

‎06-26-2006 04:59 PM

Oh sorry, pasted the partner link. That link doesn't seem to be available on a non-partner link unfortunately, so here's a cut/paste of the relevant bits from it:

--------------------------------------

AIM-VPN/BPII, is supported only in the Cisco 2600XMs. It has support for DES/3DES and AES (optimized for AES128 only) along with Layer 3 (IPPCP) Compression. This module requires Cisco IOS Release 12.2(15)ZJ and later.

AIM-VPN/BPII -PLUS is supported only in the Cisco 2600XMs. AIM-VPN/EPII-PLUS is supported in the 2691 and 3725 only. The BPII-PLUS and EPII-PLUS has support for DES/3DES and is optimized for all AES keys (AES128, AES192 and AES256) along with Layer 3 (IPPCP) Compression. These modules are supported in 12.3(5c), 12.3(6) and later for mainline releases and 12.3(7)T and later for T releases.

Q. What function does the VPN Module perform?

A. The Cisco 1700, 2600, 3600, and 3700 Series VPN Module optimizes the platform for IPSec VPNs. The module not only accelerates the triple data encryption standard (3DES) and data encryption standard (DES), advanced encryption standard (AES) algorithms used in IPSec, but it handles a variety of other IPSec-related tasks: hashing, key exchange, and storage of security associations. By doing so, the VPN module frees the Cisco 1700, 2600, 3600 and 3700 Series CPU to perform other router, voice, and firewall functions.

Q. What is the maximum DES/3DES/AES-128 IPSec performance with 1400 byte packets for the Cisco 1700, 2600, 3600, and 3700 Series utilizing the VPN Module?

A. Cisco 2650/51XM with AIM-VPN/BPII or AIM-VPN/BPII-PLUS will give 10 Mbps throughput with IMIX traffic, 22 Mbpsthroughput with packet size of 1400bytes, and support 800 tunnels.

Q. What is the maximum AES-192/256 IPSec performance with IMIX packets for the Cisco 1700, 2600, 3600, and 3700 Series utilizing the VPN Module?

A. Cisco 2650/51XM with AIM-VPN/BPII will give 8.5 Mbps throughput with IMIX traffic for both AES-192 and 256. The BPII-PLUS will give around 10Mbps performance.

-----------------------------------------

Also, be aware that that card has been EOL'd as per:

http://www.cisco.com/en/US/products/hw/routers/ps274/prod_eol_notice0900aecd802d3d0b.html

It's still supported till 2010 and will work fine for you, it's just not quite as fast with AES-192 or AES-256 as the PLUS version of the same card, which has been hardware-optimizied specifically for those larger key sizes. If you're using 3DES or AES-128 then there's no performance difference.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-25-2006 09:53 PM

Depends on whether you have a HW encryption card in it. There's a bunch of rate information here:

http://www.cisco.com/en/US/partner/products/hw/routers/ps274/products_qanda_item09186a00800918fc.shtml

If you're going to be doing VPN's on it then you really wouldn't run it without a HW card in it.

"sho diag" should give you some info on what modules are in what slots, but the "sho ver" output should tell you what model it is.

Router# sho ver

Cisco IOS Software, C2600 Software (C2600-ADVIPSERVICESK9-M), Version 12.3(14)T2, RELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2005 by Cisco Systems, Inc.

Compiled Wed 11-May-05 16:02 by hqluong

ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)

sv3-14 uptime is 2 weeks, 5 days, 7 hours, 58 minutes

System returned to ROM by power-on

System image file is "flash:c2600-advipservicesk9-mz.123-14.T2.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 2651XM (MPC860P) processor (revision 0x300) with 105472K/25600K bytes of memory.

Processor board ID JAE0817EK4U (2189666667)

M860 processor: part number 5, mask 2

2 FastEthernet interfaces

1 ISDN Basic Rate interface

32K bytes of NVRAM.

49152K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Router#

Go to solution
ph0enix
Level 1
Level 1
In response to gfullage

‎06-26-2006 03:31 PM

Thanks for the info. I can't access the link you posted though.

show diag displays:

C2651XM-2FE

AIM-VPN/BPII

0 Helpful

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to ph0enix

‎06-26-2006 04:59 PM

Oh sorry, pasted the partner link. That link doesn't seem to be available on a non-partner link unfortunately, so here's a cut/paste of the relevant bits from it:

--------------------------------------

AIM-VPN/BPII, is supported only in the Cisco 2600XMs. It has support for DES/3DES and AES (optimized for AES128 only) along with Layer 3 (IPPCP) Compression. This module requires Cisco IOS Release 12.2(15)ZJ and later.

AIM-VPN/BPII -PLUS is supported only in the Cisco 2600XMs. AIM-VPN/EPII-PLUS is supported in the 2691 and 3725 only. The BPII-PLUS and EPII-PLUS has support for DES/3DES and is optimized for all AES keys (AES128, AES192 and AES256) along with Layer 3 (IPPCP) Compression. These modules are supported in 12.3(5c), 12.3(6) and later for mainline releases and 12.3(7)T and later for T releases.

Q. What function does the VPN Module perform?

A. The Cisco 1700, 2600, 3600, and 3700 Series VPN Module optimizes the platform for IPSec VPNs. The module not only accelerates the triple data encryption standard (3DES) and data encryption standard (DES), advanced encryption standard (AES) algorithms used in IPSec, but it handles a variety of other IPSec-related tasks: hashing, key exchange, and storage of security associations. By doing so, the VPN module frees the Cisco 1700, 2600, 3600 and 3700 Series CPU to perform other router, voice, and firewall functions.

Q. What is the maximum DES/3DES/AES-128 IPSec performance with 1400 byte packets for the Cisco 1700, 2600, 3600, and 3700 Series utilizing the VPN Module?

A. Cisco 2650/51XM with AIM-VPN/BPII or AIM-VPN/BPII-PLUS will give 10 Mbps throughput with IMIX traffic, 22 Mbpsthroughput with packet size of 1400bytes, and support 800 tunnels.

Q. What is the maximum AES-192/256 IPSec performance with IMIX packets for the Cisco 1700, 2600, 3600, and 3700 Series utilizing the VPN Module?

A. Cisco 2650/51XM with AIM-VPN/BPII will give 8.5 Mbps throughput with IMIX traffic for both AES-192 and 256. The BPII-PLUS will give around 10Mbps performance.

-----------------------------------------

Also, be aware that that card has been EOL'd as per:

http://www.cisco.com/en/US/products/hw/routers/ps274/prod_eol_notice0900aecd802d3d0b.html

It's still supported till 2010 and will work fine for you, it's just not quite as fast with AES-192 or AES-256 as the PLUS version of the same card, which has been hardware-optimizied specifically for those larger key sizes. If you're using 3DES or AES-128 then there's no performance difference.

0 Helpful

Go to solution
ph0enix
Level 1
Level 1
In response to gfullage

‎06-26-2006 06:32 PM

Excellent! That's exactly what I needed. This router is currently an overkill anyway. I'm using it as a home fw/ips/vpn solution for my home network and my DSL line doesn't reach rates that are anywhere close to 8.5 or 10Mbps so it should last me a while.

Thank you!

0 Helpful
Customers Also Viewed These Support Documents