cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2329
Views
0
Helpful
5
Replies

3.11 in AWS - Max IPSEC Tunnels

jessedavis
Level 1
Level 1

Hello,

I'm trying to properly scale an AMI instance that will support the 400 IPSEC tunnel limit. There are multiple instance types available under the BYOL program, with varying price options. I can't find where in the documentation a specific instance type is required when scaling IPSEC. Any guidance or tips are much appreciated.

Thanks

5 Replies 5

dbednarc
Cisco Employee
Cisco Employee

Hello ,

First limiation is license :

http://www.cisco.com/c/en/us/td/docs/routers/csr1000/release/notes/csr1000v_3Srn.html

Table 3 tells you how many tunnels you can run depending on licensing scheme.

Most important thing is that CSR will do crypto in software , which is not as efficient as hardware platforms.

Here are some test results for imix traffic ( imitation of real traffic ):

Throughput :

1 vCPU

1 Tunnel - 110 mbps

100 Tunnels - 95 mbps

2 vCPU

1 Tunnel - 169 mbps

100 Tunnels - 172 mbps

4 vCPU

1 Tunnel - 189 mbps

100 Tunnels - 177 mbps

 

As you can see number of tunnels is not as such important as throughput.
As for the RAM you can get little bit more that minimum required but RAM is mostly needed for BGP configurations, for IPSec it shouldnt be critical.

Best Regards
Dawid