Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3956
Views
4
Helpful
8
Replies

What is power full router for GRE tunneling?

Go to solution
Ali Norouzi
Level 1
Level 1

‎07-11-2012 12:42 AM - edited ‎03-04-2019 04:56 PM

Hello

I want to get a Cisco router for central point of 100 GRE tunnels and total 10G traffic coming from those tunnels. I used 6500 but its CPU became high in less than 2 G traffic. Can you identify me a suitable router for this purpose. I think the router must process the GRE in hardware.

Thank you

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Ali Norouzi

‎07-11-2012 02:00 AM

Hello Ali,

you may need a bigger chassis like ASR 1006 but there is a 10 GE SPA for ASR 1000

see

Cisco 1-Port 10 Gigabit Ethernet Shared Port Adapter, Version 2

Single height

SPA-1X10GE-L-V2

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.html

You should also consider the use of 2VSPA+SSC600 in your existing C6500 chassis

Hope to help

Giuseppe

View solution in original post

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Ali Norouzi

‎07-11-2012 08:26 AM

Hello Ali,

it should be possible to deploy the ASR 1000 in this setup, however you may need a more powerful ESP (40 Gbps) to take in account also the metro ethernet traffic volume. This is to provide margin for the network to grow.

You should deploy a redundant configuration with two route processors and two ESPs if this router will be the only aggregation device of your network.

About the features there should be no problem with ASR 1000 it provides support for L3 VPN, and L2 VPN including VPLS ( last add in IOS XE)

Edit:

considering the cost of a redundant configuration I would again consider the 2VSPA+SSC600 in your existing C6500 chassis if you have already two supervisors and appropriate linecards ( like ES ES+). However, I can understand the desire to have a dedicated device for termination all the GRE tunnels.

You could also consider to terminate GRE traffic over the ASR 1000 and the metroethernet traffic over the C6500 to achieve node fault tolerance (if the design allows for this).

Hope to help

Giuseppe

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎07-11-2012 12:53 AM

Hi Ali,

we are using around 100 tunnels on router and it is C3845 router.

So may be you can use this, but again you have to see .

Regards

please rate if it helps.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-11-2012 01:13 AM

Hello Ali,

here the challenge is not the number of GRE tunnels but the required traffic performance,

for IPSec there are security bundles that can be installed on the C6500 like the following ( VPN SPA over SSC 600 up to 2 VPN SPA in one SSC 600 service module)

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/data_sheet_c78_492120.html

However, if you have GRE tunnels without IPSec protection

the VPN SPA VSPA provides also HW acceleration for GRE Traffic so it is a valid option

see in the same data sheet

>> The Cisco VSPA provides hardware acceleration for  both IPsec and GRE, comprehensive support of site-to-site IPsec,  remote-access IPsec, and >> certificate authority/public key infrastructure  (CA/PKI).

But you may need two VSPA installed in the SSC 600 to reach the required performance.

Another option is  ASR 1000 with appropriate ESP companion processor

see the security bundles list

ASR1004-20G-VPN/K9

Cisco ASR 1004 Router VPN Bundle with the 20 Gbps  ASR1000-ESP20 Embedded Services Processor, ASR1000-RP1 Route Processor,  ASR1000-SIP10 Carrier Card, SASR1R1-AESK9-22SR consolidated software  package, and FLASR1-IPSEC-RTU (IPsec VPN) feature license

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/product_data_sheet0900aecd8022e567_ps708_Products_Data_Sheet.html

see table 5 in the following ESP datasheet

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070.html

the  ESP-20 allows for up to 2,000 GRE tunnels and has 20 Gbps of throughput

Hope to help

Giuseppe

Go to solution
Ali Norouzi
Level 1
Level 1
In response to Giuseppe Larosa

‎07-11-2012 01:35 AM

Thank you all.

Hello Giuseppe,

ASR looks good for me but as I checked it doesn't support 10 GE. So it will be hard to aggregate these amount of traffic over 1GE. Do you know other models?

Regards,

Ali

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Ali Norouzi

‎07-11-2012 02:00 AM

Hello Ali,

you may need a bigger chassis like ASR 1006 but there is a 10 GE SPA for ASR 1000

see

Cisco 1-Port 10 Gigabit Ethernet Shared Port Adapter, Version 2

Single height

SPA-1X10GE-L-V2

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.html

You should also consider the use of 2VSPA+SSC600 in your existing C6500 chassis

Hope to help

Giuseppe

0 Helpful

Go to solution
Ali Norouzi
Level 1
Level 1
In response to Giuseppe Larosa

‎07-11-2012 03:40 AM

Hello Giuseppe,

Thank you for your offer. I have other question. I need to use this router in HQ and all the PoPSites will be connected by two link type. One L3 network and GRE and other over Metro Ethernet network. Soo this will be an aggregation router for all the popsites. IGP is OSPF and MPLS VPN (Layer 2 and 3) is used in the network. Whats your idea about using this platform in this location? Consider that it uses IOS XE versions.

Regards,

Ali

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Ali Norouzi

‎07-11-2012 08:26 AM

Hello Ali,

it should be possible to deploy the ASR 1000 in this setup, however you may need a more powerful ESP (40 Gbps) to take in account also the metro ethernet traffic volume. This is to provide margin for the network to grow.

You should deploy a redundant configuration with two route processors and two ESPs if this router will be the only aggregation device of your network.

About the features there should be no problem with ASR 1000 it provides support for L3 VPN, and L2 VPN including VPLS ( last add in IOS XE)

Edit:

considering the cost of a redundant configuration I would again consider the 2VSPA+SSC600 in your existing C6500 chassis if you have already two supervisors and appropriate linecards ( like ES ES+). However, I can understand the desire to have a dedicated device for termination all the GRE tunnels.

You could also consider to terminate GRE traffic over the ASR 1000 and the metroethernet traffic over the C6500 to achieve node fault tolerance (if the design allows for this).

Hope to help

Giuseppe

0 Helpful

Go to solution
Ali Norouzi
Level 1
Level 1
In response to Giuseppe Larosa

‎07-16-2012 10:10 PM

Hello Giuseppe,

I'm preparing LOM of ASR. I have another question. Are you familiar with Poilicy Managers and their intraction with RADIUS systems? I know CIsco policy manager and Procera. Have you worked with them? Do you know other models?

Thank you,

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Ali Norouzi

‎07-17-2012 12:49 AM

Hello Ali,

I'm not familiar with policy managers

Best Regards

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card