03-30-2014 11:15 PM - edited 03-12-2019 07:18 AM
Hello,
I'm trying to properly scale an AMI instance that will support the 400 IPSEC tunnel limit. There are multiple instance types available under the BYOL program, with varying price options. I can't find where in the documentation a specific instance type is required when scaling IPSEC. Any guidance or tips are much appreciated.
Thanks
04-07-2014 11:26 PM
Hello ,
First limiation is license :
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/release/notes/csr1000v_3Srn.html
Table 3 tells you how many tunnels you can run depending on licensing scheme.
Most important thing is that CSR will do crypto in software , which is not as efficient as hardware platforms.
Here are some test results for imix traffic ( imitation of real traffic ):
Throughput :
1 vCPU
1 Tunnel - 110 mbps
100 Tunnels - 95 mbps
2 vCPU
1 Tunnel - 169 mbps
100 Tunnels - 172 mbps
4 vCPU
1 Tunnel - 189 mbps
100 Tunnels - 177 mbps
As you can see number of tunnels is not as such important as throughput.
As for the RAM you can get little bit more that minimum required but RAM is mostly needed for BGP configurations, for IPSec it shouldnt be critical.
Best Regards
Dawid
04-08-2014 06:12 PM
Thank you Dawid for the feedback.
Ive read the release notes document you reference, but it does not specifically address the 3.11 50Mbps Advanced package. Do you know where I might find this reference? I've searched for and read all the CSR product guides and release notes to which I have access.
Thank you
04-19-2014 12:21 AM
Hi,
I have confirmed with development,
"It's 150 (same as 50M perpetual license)"
Hope it helps.
Best Regards,
David
P.S.
We have just corrected the documentation to remove the confusion for 3.11:
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/release/notes/csr1000v_3Srn.html
Hope it helps.
04-18-2014 12:51 PM
Thank you.
Is the 150 figure a hard limit, imposed by some form of software/hardware limitation, or is 150 the expected maximum supported number of tunnels that can achieve the published throughput figures.
Can we scale past 150 tunnels if the per-tunnel throughput is very, very low.
Thanks,
Jese
04-19-2014 12:20 AM
150 is the hard limit imposed by software. It will not allow you to configure more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide