In a previous post I wanted to know about the throughput on a link between a 3825 and 2811 router over an IPSec tunnel. After some discussion it was decide that the IPSec AIMs would help. Before the AIMs I got about 30Mbps, after the AIMs I got about 32Mbps. Before IPSec was added to the link, the speeds were about 85Mbps.
The next option is to use the 3900 series ISR G2's. Does anyone have some performance metrics for IPSec tunnels? The datasheet only offers the following:
Embedded IP Security with Security Sockets Layer (IPSec/SSL) VPN hardware acceleration
• Embedded hardware encryption acceleration is enhanced to provide higher scalability, which, combined with an optional Cisco IOS Security license, enables WAN link security and VPN services (both IPSec and SSL acceleration).
• The onboard encryption hardware out-performs the advanced integration modules (AIMs) of previous generations.
ASRs offer better performance but are way over budget and I'd like something that I have the option to do UC with.
Thanks for this information. This is really good information. https://supportforums.cisco.com/thread/344391?tstart=0
In this reply from James Ng says that "With IPSEC/AES we can do 848Mbps on a 3945 and 1400byte packets and the 2900s range from 150-280Mbps or so depending on which 2900."
But is there any Cisco document supporting this statement about 848Mbps IPSec throughput on Cisco 3945? Can you please provide the same to me (email@example.com)?
I also would like to know what linerate encryption can be achieved on the ISR G2 series 1900, 2900 and 3900. There is only the datasheets speaking of "speed with concurrent services enabled", but I would like to use these routers primarily for WAN encryption and therefore it would be good to know what speed is realistic.
I was also looking at the forum entry https://supportforums.cisco.com/message/1323809 but it doesn't mention specific details.
better in all cases is to test by yourself
all these values are only commercial informations and they don't reflect reality
I tried with Iperf/Netpipe 881/1841/3825 and the last 1941 (cpu usage always around 90%) without any other processes (qos, shaping, vlan..) and the tests were only between one computer (on one side) and an other (on the other side)... so very simple tests (using cef) :
between 2x 881 sec/k9 => ipsec (esp md5 tunnel mode aes256 psk) => around 30 Mbps
between 2x1841 hsec/k9 => ipsec (esp md5 tunnel mode aes256 psk) => around 23 Mbps
between 2x 3825 hsec/k9 => ipsec (esp md5 tunnel mode aes256 psk) => around 150 Mbps
between 2x 1941 => ipsec (esp md5 tunnel mode aes256 psk) => around 35 Mbps (so nothing exceptional)
I let you conclude
I'm interested by results with 3945(e)/3925.