cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18497
Views
15
Helpful
6
Replies

Cisco 4331 IPsec Throughput

dm2020
Level 1
Level 1

 

Hi All,

 

I cant seem to find a consistent answer to this.

 

I have a Cisco 4331 router with the performance license installed to support 300Mbps throughput. I also have the HSEC license installed to allow greater than 85Mbps crypto throughput. What I cant seem to confirm is if the HSEC license, coupled with the performance license, allows up to 300Mbps crypto throughput? Can anyone confirm if this?

 

 

6 Replies 6

Ben Samayoa
Level 1
Level 1

Hi there, I am attaching a  PDF doc for you and hopefully will help you with your question. Please rate it if helpful.

Leo Laohoo
Hall of Fame
Hall of Fame
Rule of thumb is to take half the value of the bandwidth licensed.

Joseph W. Doherty
Hall of Fame
Hall of Fame
Logically, yes, physically, likely not. For the latter, review the reference bensen_22 provided.

Oh, also keep in mind the throughput rating is aggregate, so if you had just one duplex, you would split the maximum across both directions.

Hi Josept,

I read from your post and someone else about ISR4331. I'm not sure i get the correct understanding or not? If it's wrong , could you please correct for me too?

1. With normal , ISR4331 aggregate throughput is 100 Mpbs.

2. If we use "Performance license" , aggregate throughput is up to 300 Mpbs.

3. But if we use IPsec with Perf Lic but no HSEC license , such IPsec site-to-site, the IPsec aggregate throughput will be not exceed 85 Mbps. And IPsec tunnel will not be exceeded 225 tunnels too.

4. If we use IPsec with Perf Lic and HSEC license, such IPsec site-to-site, the IPsec aggregate throughput will can be exceeded 85 Mpbs. But will can't exceed maximum of aggregate throughput too, such ISR4331 if we use Perf lic then max aggregate throughtput will be 300 Mbps. But with additional HSEC lic , the IPsec aggregate throughput will can't exceed 300 Mbps. And if we consider per direction, it still can't exceed  85 Mbps too.

Hi Joseph, i'm not sure something above that i understand , they are correct or not? If they are wrong ,could you please correct for me and anyone that are confusing about ISR4K license throughput too.

Thanks a lot ,

Amnad

#1 I believe that's the case.

#2 Ditto.

#3 I think (?) the 65 Mbps is limited to what's generated/encrupted by router. I.e. Decryption might not be limited. Also, If the device is licencse for higher performance, that could still be applied to non-crypto traffic. (BTW, I recall reading later IOS versions have increased the default cap of 85 to 250 Mbps.)

# 4 I believe all true again except decryption might not be part of the crypto limit and also again later IOS versions may have increased the default crypto limit.

Cisco pre-sales (?) should be able to explain their licensing.

NBRK_Cisco
Level 1
Level 1

do you really need high throughput ipsec? 1Gb?

there are another solutions 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: