[X-post] Better AES software or 3DES hardware?

Discussion in 'Cisco' started by AM, May 8, 2005.

  1. AM

    AM Guest

    On a 837 doing only one VPN to headquarter is better using AES via software or 3DES via hardware
    accelerator? I heard AES is quite faster rather then 3DES.

    Thanks,

    Alex.
     
    AM, May 8, 2005
    #1
    1. Advertisements

  2. Walter Roberson, May 8, 2005
    #2
    1. Advertisements

  3. AM

    anybody43 Guest

    I have some concerns regarding 837 crypto
    performance however I have not proved the
    issue by any means.

    In summary I seem to see consistent drops at the rate of about
    1 in 1000 over the VPN. One end is 837 and the other end
    is firewall 1.

    There are some numbers reported by the 837

    router#sh cry eng acc stat
    .....
    3061179 packets in 3061179 packets out
    tx_lo_count 2833

    router#sh proc cpu | inc cry
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    140 575164 2720 211457 0.00% 0.05% 1.09% 0 crypto
    sw pk pro
    router#


    This process runs for 211457 micro seconds at each invocation
    which is an eterntiy in CPU terms.

    More details in thread "IOS Crypto drops" March 15 2005 in this group.
     
    anybody43, May 9, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.