Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11949
Views
0
Helpful
2
Replies

Performance, Boost and HSEC Licensing on ISR4000 Series

Go to solution
User404
Level 1
Level 1

‎07-05-2019 06:20 AM

Hello,

can an expert confirm the following steps to raise the throughput of a ISR4000 machine?

For example, we have a ISR4331/K9.

The default throughput is 100Mbps but it's limited due to export restrictions to 85Mbps, right?

So to increase the throughput we should to take the following steps:

Step 1:  install L-4330-SEC-K9                  IP Base + Advanced Security: Zone Based Firewall, IPSec VPN, EZVPN, DMVPN, FlexVPN

Step 2: install FL-4330-HSEC-K9              U.S. Export Compliance Security PAK for Cisco 4331

Step 3: install FL-4330-PERF-K9              Increases the performance from base performance 100 Mbps to 300 Mbps

OR

Step 4: FL-4330-BOOST-K9          Booster Performance License for 4330 Series Router (2Gbps+)

How many IPSec throughput and VPN tunnels does the platform have after Step 3?

Thank you!
Andre

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
User404
Level 1
Level 1
In response to Joseph W. Doherty

‎07-08-2019 12:07 AM

Hello!

I've got some official answers I don't want to withhold from you. 

You are right in that IOS version 16.8.x and higher has been adapted to the new export restrictions in terms of throughput and number of connections. In addition, the restriction only applies to crypto traffic.

Here the release notes: https://www.cisco.com/c/en/us/td/docs/routers/access/4400/release/xe-16-8/isr4k-rel-notes-xe-16-8.html

"HSECK9 License Enhancement—Limits for number of tunnels and crypto throughput are enhanced in this release. New throughput limit is 250 Mbps each direction and number of tunnels is 1000."

The HSEC license only makes sense from model ISR4331 onwards.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-05-2019 10:02 AM

"The default throughput is 100Mbps but it's limited due to export restrictions to 85Mbps, right?"

The 85 Mbps should only apply to IPSec (and it might be counted against either in or out where the device limit, I understand, is an aggregate for all).

Once the IPSec limit is licensed away, your IPSec performance should approach whatever the device is licensed for except perhaps when using the boost limit as then capacity is limited by the traffic mix and capacity capability of the hardware.

BTW, I understand the later IOSs might now limit IPSec to a higher Mbps (due to a US government revision increase?).
0 Helpful

Go to solution
User404
Level 1
Level 1
In response to Joseph W. Doherty

‎07-08-2019 12:07 AM

Hello!

I've got some official answers I don't want to withhold from you. 

You are right in that IOS version 16.8.x and higher has been adapted to the new export restrictions in terms of throughput and number of connections. In addition, the restriction only applies to crypto traffic.

Here the release notes: https://www.cisco.com/c/en/us/td/docs/routers/access/4400/release/xe-16-8/isr4k-rel-notes-xe-16-8.html

"HSECK9 License Enhancement—Limits for number of tunnels and crypto throughput are enhanced in this release. New throughput limit is 250 Mbps each direction and number of tunnels is 1000."

The HSEC license only makes sense from model ISR4331 onwards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card