Compression/Encryption

Compression/Encryption

Compression/Encryption Guidelines

How to use this information

The following figures are guidelines only. They assume that no other processor-intensive features are enabled (e.g., queuing, accounting, filtering).

The compression guidelines are for payload encryption using the STAC algorithm. The Predictor algorithm should have lower performance guidelines, but I'm not sure how much lower.

The encryption guidelines are valid for CET (Cisco Encryption Technology) both 56 and 40 bit keys. There apparently is little performance difference between the two key sizes.

The IPSec guidelines are valid for DES, DES/AH and AH. The is no significant difference between these techniques. 3DES numbers provided by Kip Sides 6/1/99.

Some of this information was taken from the white paper Network Layer Encryption (July 1997).

Design guidelines

Under normal conditions, CPU utilization should remain under 65%.

When possible, on an RSP2 or higher system (RSP7000, RSP2, RSP4), use the VIP2-40 distributed services for compression/encryption. This frees the RSP to perform other processing tasks.

Distributed encryption is available as of 11.2(1) for HDLC and PPP; 11.2(7a)P for Frame Relay.

Distributed compression is available as of xx.x(x).

For highest performance compression and encryption, use the compression and encryption port adapters.

Encryption and compression should not be enabled at the same time. Encrypted data cannot be effectively compressed. Therefore, it is a waste of processor cycles to try to compress encrypted data.

Router	Compression Maximum	Encryption Maximum	IPSec DES -56 (kbps)	IPSec 3DES-168 (kbps)
1000 series	128 kbps (full duplex)	64-128 Kbps (full duplex)
1600 series	128 kbps (full duplex)	64 Kbps (full duplex)	64 kbps
1720	256 kbps		512 kbps	256 kbps
2500 series	128 kbps (full duplex)	64-128 Kbps (30-65% CPU, half-duplex)	256 kbps	128 kbps
261x series	256 kbps (full duplex)	512 kbps (full duplex)	512 kbps	256 kbps
262x series	384 kbps		768 kbps	384 kbps
AS5200		n/a
AS5300
3620	512 kbps (full duplex)	512 Kbps (full duplex)	1.024 Mbps	512 kbps
3640	1.024 Mbps (full duplex)	T1 (full duplex; 64 byte pkts) 3.5 Mbps (half duplex; 1518 byte pkts)	2.048 Mbps	1.024 Mbps
3600 HCM	4 Mbps (full duplex) (e.g., 2 E1s, full duplex) PPP only; FR in fall 97	n/a	n/a	n/a
4000-M	384 Kbps (full duplex)	160 Kbps (full duplex)	n/a	n/a
4500-M	700-800 Kbps (full duplex) Requires 16M DRAM	T1 (full duplex)	3.088 Mbps	1.544 Mbps
4700-M	1.544 Mbps (full duplex) (60% CPU)	T1 (full duplex)	3.088 Mbps	1.544 Mbps
7200 NPE-100		3.5 Mbps (half duplex)
7200 NPE-150		3.5 Mbps (half duplex)	2.5 Mbps
7200 NPE-200
7000 RP/(S)SP		Not supported
RSP7000		3 - 9 Mbps (half duplex)
RSP2	2 Mbps (full duplex)	3 - 9 Mbps (half duplex)
RSP4			6.0 Mbps
RSM
VIP2-40	2 Mbps (full duplex)	3 - 9 Mbps (half duplex)
VIP2-50
Compression PA	Up to 30 Mbps (half duplex)	n/a	n/a
Encryption PA	n/a	5 to 30 Mbps (half duplex) (64 byte to 1500 byte packets)	n/a
Private Link (original)	n/a	2 - 3 Mbps (? duplex)	n/a
Private Link (PEP)	n/a	Product not yet announced 20 - 75 Mbps (? duplex)	n/a
PL2/PL3	n/a	n/s	30 Mbps

Cisco Systems, Inc. Internal Use Only

Last Modified on June 08, 1999