Cisco 2811 has inadequate VPN throughput when using compression. Interesting puzzle with my DMVPN link to a remote office. I was reasonably happy to see a 1MB/sec (10mbit) transfer going when my home outbound is only 6mbit. I popped into the router to look at the compression ratio and WTF. 8:1? I should be getting well over 10mbit realized if that’s true. I’m using a Cisco 3825 here at the house.
I bounced into the remote site which is a 2811 and wow, barely responsive. CPU at 99% and it can barely respond. I shut down the DMVPN tunnel which is using IPSEC w/ compression and it failed back to a straight GRE tunnel I had configured. CPU dropped immediately and of course without the compression, so did the transfer rate.
I double checked that it was CEF routing packets and yes, no process routed packets. I’m not sure if an AIM would help, but in any case a used 2821 is not that much more and I haven’t hit that limit on a 2821 or 3800. I suppose it’s not a huge surprise, but I thought I’d share it in case someone else was puzzling on their high CPU spikes on a 2811.