Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2341
Views
0
Helpful
5
Replies

3.11 in AWS - Max IPSEC Tunnels

jessedavis
Level 1
Level 1

‎03-30-2014 11:15 PM - edited ‎03-12-2019 07:18 AM

Hello,

I'm trying to properly scale an AMI instance that will support the 400 IPSEC tunnel limit. There are multiple instance types available under the BYOL program, with varying price options. I can't find where in the documentation a specific instance type is required when scaling IPSEC. Any guidance or tips are much appreciated.

Thanks

Labels:
0 Helpful
5 Replies 5

dbednarc
Cisco Employee
Cisco Employee

‎04-07-2014 11:26 PM

Hello ,

First limiation is license :

http://www.cisco.com/c/en/us/td/docs/routers/csr1000/release/notes/csr1000v_3Srn.html

Table 3 tells you how many tunnels you can run depending on licensing scheme.

Most important thing is that CSR will do crypto in software , which is not as efficient as hardware platforms.

Here are some test results for imix traffic ( imitation of real traffic ):

Throughput :

1 vCPU

1 Tunnel - 110 mbps

100 Tunnels - 95 mbps

2 vCPU

1 Tunnel - 169 mbps

100 Tunnels - 172 mbps

4 vCPU

1 Tunnel - 189 mbps

100 Tunnels - 177 mbps

 

As you can see number of tunnels is not as such important as throughput.
As for the RAM you can get little bit more that minimum required but RAM is mostly needed for BGP configurations, for IPSec it shouldnt be critical.

Best Regards
Dawid

0 Helpful

jessedavis
Level 1
Level 1
In response to dbednarc

‎04-08-2014 06:12 PM

Thank you Dawid for the feedback.

 

Ive read the release notes document you reference, but it does not specifically address the 3.11 50Mbps Advanced package. Do you know where I might find this reference? I've searched for and read all the CSR product guides and release notes to which I have access.

 

Thank you

0 Helpful

dbednarc
Cisco Employee
Cisco Employee
In response to jessedavis

‎04-19-2014 12:21 AM

Hi,

I have confirmed with development,

"It's 150  (same as 50M perpetual license)"

Hope it helps.

Best Regards,

David

P.S.

We have just corrected the documentation to remove the confusion for 3.11:

http://www.cisco.com/c/en/us/td/docs/routers/csr1000/release/notes/csr1000v_3Srn.html

Hope it helps.

0 Helpful

jessedavis
Level 1
Level 1

‎04-18-2014 12:51 PM

Thank you.

Is the 150 figure a hard limit, imposed by some form of software/hardware limitation, or is 150 the expected maximum supported number of tunnels that can achieve the published throughput figures.

 

Can we scale past 150 tunnels if the per-tunnel throughput is very, very low.

 

Thanks,

Jese

0 Helpful

dbednarc
Cisco Employee
Cisco Employee

‎04-19-2014 12:20 AM

150 is the hard limit imposed by software. It will not allow you to configure more.

0 Helpful
Customers Also Viewed These Support Documents