Showing results for 
Search instead for 
Did you mean: 

3.11 in AWS - Max IPSEC Tunnels

Level 1
Level 1


I'm trying to properly scale an AMI instance that will support the 400 IPSEC tunnel limit. There are multiple instance types available under the BYOL program, with varying price options. I can't find where in the documentation a specific instance type is required when scaling IPSEC. Any guidance or tips are much appreciated.


5 Replies 5

Cisco Employee
Cisco Employee

Hello ,

First limiation is license :

Table 3 tells you how many tunnels you can run depending on licensing scheme.

Most important thing is that CSR will do crypto in software , which is not as efficient as hardware platforms.

Here are some test results for imix traffic ( imitation of real traffic ):

Throughput :

1 vCPU

1 Tunnel - 110 mbps

100 Tunnels - 95 mbps

2 vCPU

1 Tunnel - 169 mbps

100 Tunnels - 172 mbps

4 vCPU

1 Tunnel - 189 mbps

100 Tunnels - 177 mbps


As you can see number of tunnels is not as such important as throughput.
As for the RAM you can get little bit more that minimum required but RAM is mostly needed for BGP configurations, for IPSec it shouldnt be critical.

Best Regards

Thank you Dawid for the feedback.


Ive read the release notes document you reference, but it does not specifically address the 3.11 50Mbps Advanced package. Do you know where I might find this reference? I've searched for and read all the CSR product guides and release notes to which I have access.


Thank you


I have confirmed with development,

"It's 150  (same as 50M perpetual license)"

Hope it helps.

Best Regards,



We have just corrected the documentation to remove the confusion for 3.11:

Hope it helps.

Level 1
Level 1

Thank you.

Is the 150 figure a hard limit, imposed by some form of software/hardware limitation, or is 150 the expected maximum supported number of tunnels that can achieve the published throughput figures.


Can we scale past 150 tunnels if the per-tunnel throughput is very, very low.




Cisco Employee
Cisco Employee

150 is the hard limit imposed by software. It will not allow you to configure more.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: