I've a query on analyzing throughput on Cisco routers. Verified the throughput over the Cisco documentation, but the document says overall throughput on the devices.
My query is, if I'm using plain traffic the throughput will be the same as mentioned in the document but if I'm encrypting the traffic using GET VPN or any VPN technology on my router I'll have extra encapsulated packet over my payload which will increase my packet size ideally.
I'll take 2801 router which has a on-board VPN accelerator & throughput of 48Mbps with CEF enabled. I'm doing GET VPN through MPLS which oversubscribe my bandwidth & puts choke on my CPU.
Since there is a CPU can see that GET VPN is causing my problem, but here I want to know how my hardware reacts for the encrypted traffic.
So will the throughput on the device remains the same!!!!
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Actual performance depends on the actual device, it's actual configuration and the actual traffic. Throughput documentation, for what there is, just tries to get you somewhere close to guessstimating actual performance.
I've attached a nice Cisco whitepaper that discusses some ISR measured performance under different tests. If you really study the document, you should notice it's difficult to predict performance.
Encryption shouldn't add much CPU load, just for packet size expansion, assuming you avoid fragmentation. If you've not already seen it, this paper is worth reading: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html
Thanks for the document attached Joseph, I've gone through the same. But the query I hold here is which table to go through for performance with encryption.. as all the table explains on different scenario with different set of packets.
When I do fragmentation, yes its obvious that I will have a hit on my CPU for processing.