Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Tasman Networks, Inc.

advertisement 
T
H
E
TO L LY
G R O U P
No. 205139
December 2005
Tasman Networks, Inc.
Test
Summary
1002 and 1004 Routers
Competitive Performance Evaluation versus Cisco
1841, 2811 and 2821 Integrated Service Routers
Premise: Wide-area network routers
that provide T1/E1 access for branch
offices and others to enterprise and
service provider networks must be
able to deliver high throughput, even
with Quality of Service, IPSec VPN
Security Services, Network Address
Translation or other services active
and vying for processor cycles.
Test Highlights
Tasman 1004 Router operated at or near wire-speed throughput and
outperformed Cisco 2811 and 2821 routers, delivering 6X and 2X more
throughput respectively, while simultaneously supporting active Quality
of Service, Access Control List filters and Network Address Translation
over four T1 lines
Tasman 1002 and 1004 Routers demonstrated wire-speed performance
for most packet sizes tested while simultaneously supporting active
QoS, IPSec VPN and stateful firewall services over two or four T1 lines
T
Tasman 1004 consistently outperformed the Cisco 2811 for all the
packet sizes tested, especially at smaller packet sizes, when tested
across four T1s with QoS, IPSec VPN and stateful firewall services,
delivering 3X more throughput than its counterpart
asman Networks, Inc. commissioned The Tolly Group to evaluate its Tasman 1004 and Tasman
1002 wide-area network routers with
integrated network services such as
Quality of Service (QoS), IPSec VPN
with on-board hardware acceleration,
stateful firewall, Network Address
Translation (NAT) and Access Control
Lists (ACLs) for enterprises and service providers.
To test IPSec VPN throughput over a
single 3DES/SHA1 tunnel with QoS
and stateful firewall enabled, engineers tested the Tasman 1002 against
the Cisco 1841 and the Cisco 2811 for
Layer 3 throughput with multilink
PPP traffic riding over two T1s. The
© 2005 The Tolly Group
4xT1 Multilink PPP (MLPPP) Aggregate WAN
Layer 3 Throughput Zero-Loss Performance
with QoS/ACL/NAT Enabled
Throughput (Mbps)
Tolly Group engineers measured the
multilink Point-to-Point Protocol
(MLPPP) zero-loss throughput of the
Tasman 1004 router against Cisco
2811 and Cisco 2821 routers, with
QoS, NAT and ACL features enabled
in a scenario with multilink PPP traffic riding over four T1s.
Tasman 1002 achieved wire-speed throughput at all packet sizes,
while performance of Cisco 2811 and 1841 weaken when handling 64128- and 256-byte packets tested across two T1s with QoS, IPSec
VPN and stateful firewall services
6
5.0
5
6.2
6.2
4.8
3.8
4
3
6.2
6.1
5.9
5.8
4.8
3.6
4.7
3.6
3.0
2.5
2
1.8
1.4
0.9
1
0
64
128
256
512
1024
1400
Packet Sizes (Bytes)
Tasman 1004
Source: The Tolly Group, September 2005
Cisco 2821
Cisco 2811
Figure 1
Page 1
The Tolly Group
Tasman Networks
1002 and 1004 Routers
4xT1 Multilink PPP (MLPPP) Aggregate WAN Layer 3
Throughput Zero-Loss Performance with
QoS/VPN/Firewall Enabled
Throughput (Mbps)
6.2
6.0
5.8
6
5
4
4.1
3.9
3
2.2
1.9
2
1.1
1
0
64
128
256
512
Packet Sizes (Bytes)
Tasman 1004
Cisco 2811
Source: The Tolly Group, September 2005
Tolly Group also tested the Layer
3 IPSec VPN throughput of the
Tasman 1004 versus Cisco 2811
in a scenario with multilink PPP
traffic riding over four T1s. All
tests were performed in
September/October 2005. The
Cisco 2811 and Cisco 2821
routers were installed with an
optional IPSec VPN hardware
acceleration module, while the
Cisco 1841 router and Tasman
1002/1004 routers had on-board
hardware acceleration support.
Test results show that the Tasman
1004 and 1002 routers deliver
superior throughput for the
majority of packet sizes tested,
especially with regards to smaller
packet sizes (64 bytes to 256
bytes), delivering up to 6.4X
greater throughput than the Cisco
devices tested.
© 2005 The Tolly Group
Figure 2
Results
Zero-Loss Throughput
over Four T1s
Tolly Group engineers tested the
Tasman 1004 router against
Cisco 2811 and Cisco 2821
routers to measure the fullduplex, zero-loss aggregate WAN
throughput across a point-topoint router connection equivalent to a group of four T1 circuits
combined using MLPPP under
two scenarios:
with QoS/Network Address
Translation(NAT)/ACL enabled
on the devices.
with QoS/IPSec VPN/stateful
firewall enabled on the devices
With QoS, NAT and ACLs
enabled, the Tasman 1004 router
delivered wire-speed throughput
for packet sizes greater than 256
bytes, and delivered more than
95% of wire-speed throughput
for the more taxing 64- and 128byte packet sizes. On the other
hand, the Cisco 2811 router
delivered significantly poorer
throughput compared to Tasman
1004 router at all packet sizes
tested. The Tasman 1004 router
outperformed the Cisco 2811
router by achieving 1.7X to 6.4X
greater throughput at all the
packet sizes tested, most notably
at the taxing smaller packet sizes
of 64 to 512 bytes (See Figure 1).
Moreover, the Tasman 1004
delivered anywhere from 32% to
more than 130% greater throughput than the Cisco 2821.
With QoS, IPSec VPN and stateful firewall enabled, the Tasman
1004 router was tested against
the Cisco 2811 router. Results
show the Tasman 1004 router
achieving either wire-speed or
near wire-speed throughput,
Page 2
The Tolly Group
depending upon the packet sizes
tested. In comparison, the Cisco
2811 router could only achieve
near wire-speed throughput for
the large packet sizes of 1,024
and 1,400 bytes. For the remaining packet sizes, the Tasman
1004 router outperformed the
Cisco 2811 router by achieving
1.5X to 3.5X more throughput,
particularly at the 64- and 128byte packet sizes, where the
Tasman 1004 router demonstrated more than 3X the throughput
of the Cisco 2811 router (See
Figure 2).
Zero-Loss Throughput
over Two T1s
Tolly Group engineers tested the
Tasman 1002 router against the
Cisco 2811 and the Cisco 1841
routers to measure the fullduplex, zero-loss aggregate WAN
throughput across a point-topoint router connection equivalent to a group of two T1 circuits
combined using MLPPP with
QoS, IPSec VPN and stateful
firewall services enabled on the
devices.
With QoS/IPSec VPN/stateful
firewall enabled, the Tasman
1002 router achieved wire-speed
throughput in all six packet scenarios with full-duplex traffic traversing a pair of T1 links supporting MLPPP. In contrast, the
Cisco 1841 router offered near
wire-speed performance only for
the two largest packet sizes tested
- 1,024 and 1,400 bytes, while at
other packet sizes the Tasman
1002 router outperformed the
Cisco 1841 by achieving 1.3X
(with 512-byte packets) to as
much as 4.4X (with 128-byte
packets) greater throughput (See
Figure 3). Similarly, the Cisco
2811 router achieved wire-speed
© 2005 The Tolly Group
Tasman Networks
throughput only for 512, 1,024
and 1,400-byte packet sizes,
while the Tasman 1002 router
consistently outperformed the
Cisco 2811 router at packet sizes
of 64 to 256 bytes with 1.2X to
3.4X greater throughput (See
Figure 3).
Analysis
Testing shows that the Tasman
Networks 1004 and 1002 routers
possess an abundance of processing headroom to accommodate
network services while simultaneously offering wire-speed
throughput.
Tests show that the Tasman
1004/1002 router can deliver
wire-speed throughput at most
packet sizes tested, while simultaneously processing a combination of QoS, NAT, ACL filters,
IPSec VPN and firewall services.
By contrast, tests show that the
performance of the Cisco
1841/2811/2821 routers sag
under the processing load, especially when smaller, more taxing
packet sizes come into play.
In head-to-head testing, the
Tasman 1004/1002 routers consistently deliver better performance than the Cisco
1841/2811/2821 routers under
almost all tested scenarios - at
times delivering up to 6.4X the
throughput of the Cisco devices
tested (See Figure 1).
Test Configuration
and Methodology
For the performance tests, The
Tolly Group engineers measured
the maximum zero-loss ( 0.001%
acceptable frame loss) Layer 3
throughput using Spirent
SmartBits and SmartFlow. For
1002 and 1004 Routers
Tasman
Networks, Inc.
Tasman 1004,
Tasman 1002
Zero-Loss,
Layer 3 Throughput
Tasman Networks
1004 and 1002 Routers
Product Specifications*
1004/1002 Router hardware features
Half rack-width 1U chassis (rack mount
option available), Two 10/100 Ethernet
ports, 256MB RAM, console and AUX
ports
4 T1/E1 ports (1004) and 2 T1/E1 ports
(1002)
T1/E1s can be remotely enabled using
software license keys
On-board VPN encryption acceleration
chip
Wire-speed hardware platform with
services enabled
TiOS advanced software features
Routing (RIP, OSPF, BGP4, PIMSM/SSM, IGMP)
Layer 2 features (VLAN tag/forward, Qin-Q, GRE)
Services such as sophisticated Multi-class
QoS, QoS on Layer 2 traffic
Stateful firewall (60+ DDoS protection,
30+ ALG including SIP/H323)
IPSec VPN (site-to-site, remote access,
DES/3DES/AES, MD5/SHA1)
Industry standard CLI and intuitive GUI
for ease of management
For more information contact:
Tasman Networks, Inc.
5400 Hellyer Ave,
San Jose, CA 95138 USA
Phone: (408) 216-4700
Fax: (408) 216-4701
URL: http://www.tasmannetworks.com
*Vendor-supplied information not verified by
The Tolly Group
Page 3
The Tolly Group
Tasman Networks
1002 and 1004 Routers
2xT1 Multilink PPP (MLPPP) Aggregate WAN Layer 3
Throughput Zero-Loss Performance with
QoS/FW/VPN Enabled
3
3.1
3.1
3.1
3.1
3.0
Throughput (Mbps)
2.6
2.4
2.5
2
1.5
1.5
1
1.1
0.9
0.8
0.7
0.5
0
64
128
256
Packet Size (Bytes)
Tasman 1002
Cisco 2811
512
Cisco 1841
Note: Cisco ISR 1841 & 2811: IOS 12.4.2, 1841 with on-board VPN chip, 2811 with AIM-VPN/EPII-PLUS VPN module
Source: The Tolly Group, September 2005
the 4XT1 Multilink PPP IPSec
VPN throughput tests, engineers
tested a Tasman 1004 outfitted
with two 10/100 Base-T Fast
Ethernet ports and up to four T1
ports. The Tasman 1004 was running OS Ver 8.2.1/ BootROM
Ver. T1k031605. Engineers tested
the Tasman 1004 against a Cisco
2811 Integrated Service Router
configured with an AIMVPN/EPII-PLUS VPN module
for VPN acceleration, and two
dual T1 WIC modules and dual
auto-sensing 10/100Base-T Fast
Ethernet interfaces. The device
was running OS Ver 12.4.2T1/
BootROM Ver. 12.3(8r)T7.
The Tasman 1004 also was pitted
against the Cisco 2811 Integrated
Service Router described earlier,
along with a Cisco 2821
Integrated Services Router in
tests with QoS/ACL/NAT
© 2005 The Tolly Group
Figure 3
enabled on the devices. The
Cisco 2821 Integrated Services
Router was running OS Ver
12.4.2T1/ BootROM Ver.
12.3(8r)T7, with AIM-VPN/EPIIPLUS VPN module, two dual T1
WIC modules and was configured with two integrated
10/100/1000 Ethernet ports.
For the 2XT1 Multilink PPP
IPSec VPN throughput tests, the
engineers tested a Tasman 1002
Router running OS Ver 8.2.1/
BootROM Ver. T1k031605
against the Cisco 2811 Integrated
Services Router (configured as
mentioned earlier) and a Cisco
1841 Integrated Services Router
configured with two Integrated
10/100 Fast Ethernet ports, and
running OS Ver 12.4.2T1/
BootROM Ver. 12.3(8r)T8. The
Cisco 1841 Integrated Services
Router had an on-board chip for
IPSec VPN acceleration while
the Cisco 2811 was configured
with AIM-VPN/EPII-PLUS VPN
module. The Cisco routers
utilized a dual T1 WIC module.
Each router was tested for its
Layer 3 throughput while connected back-to-back with an
identical router using either four
or two T1 WAN connectors. The
WAN protocol used on the WAN
link was Multilink Point-to-Point
Protocol (MLPPP) over multiple
T1 links. The throughput was
measured using 64-, 128-, 256-,
512-, 1,024- and 1,400-byte
packet sizes under two scenarios:
with QoS/IPSec VPN/stateful
firewall enabled on the devices
for the 4xT1 tests
with QoS/Network Address
Translation(NAT)/ACL enabled
Page 4
The Tolly Group
Tasman Networks
1002 and 1004 Routers
Test Bed
Test Scenarios :
- QoS + ACL + NAT
- QoS + Firewall + VPN
WAN:
2xT1 or 4xT1
Multilink PPP
Device Under Test
Traffic generated
by SmartBits 600
- 64, 128, 256, 512,
1024, and 1400-byte
packets
Device Under Test
Spirent SmartBits 600
Source: The Tolly Group, September 2005
Figure 4
on the devices for the 2xT1 tests.
HTTP (port 80) traffic for DSCP 00.
For both scenarios, the QoS configuration consisted of four traffic classes (DSCP 56, DSCP 44,
DSCP 32 and DSCP 00) on each
DUT. Spirent SmartBits 600 test
traffic generator was used to generate 100 UDP packet flows with
QoS priority bits configured as
follow: 25 flows with Telnet (port
23) traffic for DSCP 56 (highest
priority), 25 flows with FTP (port
21) traffic for DSCP 44, 25 flows
with FTP-DATA (port 20) traffic
for DSCP 32 and 25 flows with
For the QoS/NAT/ACL tests, in
addition to the QoS configuration
as described above, the engineers
configured 100 static IP addresses translation (NAT) on each
DUT, along with 100 ACLs (first
99 blocks and last filter accepting
any IP traffic) based on source
and destination IP addressing
scheme.
© 2005 The Tolly Group
Traffic generated
by SmartBits 600
- 64, 128, 256, 512,
1024, and 1400-byte
packets
For the QoS/IPSec VPN/Stateful
firewall tests, in addition to the
QoS configuration as described
earlier, engineers configured a
single site-to-site IPSec VPN tunnel with 3DES encryption and
SHA1 authentication enabled and
10 stateful firewall rules (first 9
blocks and last rule accepting any
IP traffic).
Each DUT was connected backto-back with an identical router
using either two or four T1 WAN
links, as appropriate for the test
case. The LAN ports on the DUT
at each end were connected to the
appropriate number of 10/100/1000
Ethernet ports on the SmartBits.
Page 5
The Tolly Group
See Figure 4 for the test bed illustration. Spirent SmartFlow (ver.
4.60) was used to configure the
tests. In the SmartFlow setup, the
test duration was set as 60 seconds, acceptable frame loss percentage as less than or equal to
0.001%. Binary search algorithm
was used. Using these settings in
SmartFlow and the DUT configured as required for the desired
WAN scenario, each test was run
three times, and the results averaged to obtain the final throughput.
Tasman Networks
1002 and 1004 Routers
Equipment
Acquisition and
Support
The Cisco Integrated Service
Routers with latest hardware versions (Models: 1841, 2811 and
2821) were acquired through normal product distribution channels. The Tolly Group contacted
executives at Cisco Systems and
invited them to provide a higher
level of support than available
through normal channels. Cisco
never responded to the offer.
The Tolly Group gratefully acknowledges the providers of test equipment used in this project.
Vendor
Spirent Communications
Spirent Communications
Product
SmartBits 600
SmartFlow ver 4.60
Web address
http://www.spirentcom.com
http://www.spirentcom.com
Terms of Usage
USE THIS DOCUMENT ONLY IF YOU AGREE TO THE TERMS LISTED HEREIN.
This document is provided, free-of-charge, to help you understand
whether a given product, technology or service merits additional investigation for your particular needs. Any decision to purchase must be based
on your own assessment of suitability.
This evaluation was focused on illustrating specific features and/or performance of the product(s) and was conducted under controlled, laboratory conditions and certain tests may have been tailored to reflect performance under ideal conditions; performance may vary under real-world
conditions. Users should run tests based on their own real-world scenarios to validate performance for their own networks. Commercially reasonable efforts were made to ensure the accuracy of the data contained
herein but errors and/or oversights can occur.
The test/audit documented herein may also rely on various test tools the
accuracy of which is beyond our control. Furthermore, the document
relies on certain representations by the sponsor that are beyond our control to verify. Among these is that the software/hardware tested is production or production track and is, or will be, available in equivalent or
better form to commercial customers.
The Tolly Group provides a fee-based service to assist users in understanding the applicability of a given test scenario to their specific needs.
Contact us for information.
When foreign translations exist, the English document is considered
authoritative. To assure accuracy, only use documents downloaded
directly from The Tolly Group's Web site.
Project Profile
Sponsor: Tasman Networks, Inc.
Document number: 205139
Product Class: WAN router
Products under test:
Tasman Networks 1004 OS Ver 8.2.1/ BootROM
Ver. T1k031605
Tasman Networks 1002 OS Ver 8.2.1/ BootROM
Ver. T1k031605
Cisco 1841 Integrated Services Router OS Ver
12.4.2T1/ BootROM Ver. 12.3(8r)T8
Cisco 2811 Integrated Services Router OS Ver
12.4.2T1/ BootROM Ver. 12.3(8r)T7
Cisco 2821 Integrated Services Router OS Ver
12.4.2T1/ BootROM Ver. 12.3(8r)T7
Testing window: September 2005
Software status:
Generally available
For more information on this document, or other services
offered by The Tolly Group, visit our World Wide Web site at
http://www.tolly.com, send E-mail to sales@tolly.com, call
(561) 391-5610.
Information technology is an area of rapid growth and constant change. The Tolly Group conducts engineering-caliber testing in an effort to provide
the internetworking industry with valuable information on current products and technology. While great care is taken to assure utmost accuracy, mistakes can occur. In no event shall The Tolly Group be liable for damages of any kind including direct, indirect, special, incidental, and consequential
damages which may result from the use of information contained in this document. All trademarks are the property of their respective owners.
The Tolly Group doc. 205139 rev. dmk 05 Dec 05
© 2005 The Tolly Group
Page 6
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Linksys BEFSX41 Broadband Firewall Router with 4
Linksys BEFSX41 Broadband Firewall Router with 4
Cisco 2611 Router
Cisco 2611 Router
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
Rebecca Gilliland Deemer - Public Relations Institute of Australia
Rebecca Gilliland Deemer - Public Relations Institute of Australia
Click here to Seed Transplants flyer.
Click here to Seed Transplants flyer.
Unit 1: Network Security Introduction End of Unit Tutorial Questions
Unit 1: Network Security Introduction End of Unit Tutorial Questions
Download
advertisement