Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
1
Helpful
2
Replies

Throughput on Cisco router

នឹម សំរឹទ្ធ
Level 1
Level 1

‎03-21-2024 07:36 PM

For me now, What I know with throughput is how much data can successfully transmit from inbound traffic to outbound through a system or device in a segment of time. However, I really confuse about VPN throughput. 

1). Could anybody help to explain the deference of these?
2). Could you also provide the OID to monitor the throughput?
3). And also, the IOD to monitor the VPN throughput? 

 

Thank you.

Labels:
0 Helpful
2 Replies 2

Ramblin Tech
Spotlight
Spotlight

‎03-22-2024 01:01 PM - edited ‎03-22-2024 02:38 PM

There are two aspects to "throughput" on a switch/router: (1) how many bits per second (bps) can the device forward from ingress interfaces to egress interfaces, and (2) how many packets per second can it forward from ingress to egress. Why two? Because switching bandwidth (bps) and forwarding lookup rate (pps) are related, but measure two different capabilities.

When a packet arrives at an ingress interface, a forwarding engine (implemented in either h/w or s/w) uses the packet's header to lookup the next-hop, egress interface, and egress encapsulation. Once the lookup is completed, the packet is rewritten with the egress encap and queued to the egress interface across a switching "fabric" for transmission. A fabric may consist of shared packet buffers as in the case of single-NPU systems or s/w-based forwarders, or the fabric might be quite complex h/w in cases where multiple NPUs are distributed across linecard modules. The bandwidth capacity of that fabric is measured in bps, while the lookup rate is measured in pps. For small packets, the overall router throughput is typically limited by the pps lookup rate (small packets = more lookups), while for large packets, router throughput is typically limited by fabric bandwidth (fewer lookups with more payload per lookup). It should be noted that not all header lookups necessarily take the same amount of time for all encaps. That is, some header encap lookups that are more complex than native IPv4 (eg, IPv6, label stacks, etc) might take additional time (eg, NPU recirculation cycles) on some routers, thus lowering the pps rate.

How does this relate to VPN throughput? For transit routers which are not involved with encap'ing/decap'ing VPN tunnel headers, VPN throughput is the same as the router's throughput for that header type. For the VPN endpoint routers that are encap'ing/decap'ing the VPN headers, the throughput will be the lower of that router's VPN header processing rate and its overall throughput.

Is there a "throughput" OID? Not that I am aware of. You can use if-mib to periodically poll and sum the octet and packet counts of all interfaces to arrive at overall bps and pps throughput numbers. This might also work for a VPN tunnel if you can correlate its ifIndex to the VPN tunnel interface ID.

 

Disclaimer: I am long in CSCO

balaji.bandi
Hall of Fame
Hall of Fame

‎03-23-2024 03:12 AM

Its all depends on the model of the Router you have opted.

check example of 4K Routers :

https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/data_sheet-c78-732542.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents