Hello Gilles,

thanks for your quick reply.

i think, you dit not understand what i mean.

The SSL Part i know.

But routing IPSEC protocoll over the css occurs in Software not in Hardware like IP traffic.

My question is, will there be a new generation of css, which changes this. So that IPSEC will be routet in hardware as IP traffic.

My other question was, how much traffic can be handeld via software. I have no idea if this is in the range of kbit/s or mbit/s or if the limit is the numer of sessions which can be establishd.

The CSM is not the coice for me, because it is not as config friendly as the CSS, also i need the Cat6500 as plattform.

Best Regards

Sven

Sven,

ok - I misunderstood.

IPSEC is routed because this is an unsupported protocol.

So we can't create a flow.

Flow is what we use to switch traffic in hardware.

The recommendation is to send this traffic around the CSS with policy routing.

It's difficult to say how much packet we can support.

The problem is the CPU and what it is doing.

If you have lot of keepalives, or L7 rules, or ... your number of packet/sec will be very limited.

If you really want to know how much we can do in software check the white paper for Layer7 performance [this is also done in hardware]

If this is a new design, you should really try to not send ipsec traffic through the CSS.

As I said before, we do not plan to support ipsec on the CSS.

Gilles.