cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1098
Views
0
Helpful
3
Replies

Need some recommandations about material for GETVPN

AK59
Level 1
Level 1

Hi everyone,

 

I'm actually working in a project regarding the upgrade of a GETVPN (GDOI) architecture. 

 

I actually have Cisco 2921 routers with VPN ISM module enhancing crypto performance + HSEC-K9 license to lift the 85 MBPS encryption traffic limit.

 

We are experiencing some limits with these routers as we reach sometimes 200/300 Mbps peak with a nearly 100% of CPU. 

 

As I'm looking for new routers, I have several model proposed (ASR-920-4SZ-A oo ASR 1001-X).

 

I would like to have guarantees regarding rate-limite for encrypted traffic and be sure that the router could handle at leat 500Mbps of encrypted traffic without reaching too much CPU. 

 

What would you recommend me ? 

 

Thanks in advance, 

 

 

3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Ak59,

short answer ASR 1000 series so ASR 1001-X is fine.

ASR 920 is thought for Carrier ethernet / metro ethernet services I don't think it is a good choice when looking for high IPSec throughput. (500 Mbps)

ASR 1000 have built in or stand alone ESP module and this provides you what you are looking for.

 

Hope to help

Giuseppe

 

Dear Giuseppe,

Thanks for your answer,

As a matter of fact, I now have choice between ASR1001-X and ISR 4451-X/K9...Regarding my needs, it seems that the 4451 fulfill the needs especially the crypto ones....if you have any advices, i'm taking !

Hello AK59,

ASR 1001-X provides you a long term solution with capability to grow

 

ISR 4451-X/K9 may be enough for your current and mid term needs, however you need to consider that for full usage of ISR 4000 devices you need to buy additional licenses that can make the ISR 4451-X/K9 final price not so cheap.

And this is valid also for IPSec performance. (HSEC license ....).

 

Hope to help

Giuseppe

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco