A network consultant is designing an enterprise network that includes an IPsec headend termination device.
Which two capabilities are the most important to consider when assessing the headend device’s scalability? (Choose two.)
A . bandwidth capabilities
B . packets per second processing capability
C . CPU capabilities
D . number of tunnels that can be aggregated
E . memory capabilities
Answer: BC
Explanation:
Reference From Cisco “Scalability considerations guide the order is Packets, Tunnel quantity, Gre encapsulation and then only Routing protocols affecting the CPU. sound like asking for enterprise IPsec, so like anyconnect Remote-Access = no routing affected on VPN headend Look what IPSEC VPN WAN Design guide says: Number of Tunnels May be a Factor Each time a crypto engine encrypts or decrypts a packet, it performs mathematical computations on the IP packet payload using the unique crypto key for the trustpoint, agreed upon by the sender and receiver. If more than one IPsec tunnel is terminated on a router, the router has multiple trust points and therefore multiple crypto keys. When packets are to be sent or received to a different tunnel than the last packet sent or received, the crypto engine must swap keys to use the right key matched with the trustpoint. This key swapping can degrade the performance of a crypto engine, depending on its architecture, and increase the router CPU utilization.
Leave a Reply