Cisco Logo


Enterprise Networks

Next Gen Encryption w/ 3x Performance

Everyone has dirty secrets. One of mine is that I like Mazda Miatas, little sports cars that are cheap to buy, cheap to own, handle well, perform above expectations and require little care. Regardless of how you feel about handling and the sensation of dropping the top and having the wind blow through your hair, a little Miata can only do so much. Try to pass, uphill, on a warm day and god forbid, do so with the air conditioner on and a passenger on board, and that little Miata is going to be taxed out. That is one of the reasons I added a little bit of hardware acceleration in the form of a supercharger to mine. Suddenly, with that small upgrade, the little car that could but suffered under heavy load suddenly became the little car that did.

This reminds of me a new product for the ISR which I am pretty excited about, the Cisco® VPN Internal Service Module (VPN ISM). Think of it as a supercharger for your ISR – an easy way to add a bunch of scale and performance to your existing ISRs. Except in the case of a supercharger, getting 50% more power is good, but with the VPN ISM you get up to 300% better performance for encrypted site-to-site VPNs, a fairly big dose of bang for relatively few bucks.

In the world of Miatas, once you start adding speed, it is fairly common to want to add a bit of security and safety as well. You see a lot of these little cars with roll bars added on – just in case. In the case of the ISR and the VPN ISM, we have advanced next generation encryption, including Suite B. Government agencies as well as any organization seeking stronger security can use the set of Suite B algorithms for a range of government communications spanning from proprietary or personal data, to critical but unclassified, to secret and top secret.

This is important, not only for government and military applications, but for security in general. Advances in CPU design as well as techniques for using GPUs for decryption, not to mention the ready availability of cloud services such as AWS, bring the computing horsepower needed to crack weaker encryption within reasonable reach of many potential bad actors. Suite B, recommended by the National Security Agency (NSA), helps you futureproof the security infrastructure of your network, meaning that not only are your sensitive communications safe today, but also helping ensure that they will remain safe tomorrow and the day after.

The Mazda Miata is a wonderful little car that does a lot of things. It can kill giants on the race track, acquit itself well in the mountains and get you to work on Monday morning, cheaply, reliably and with little fuss or commotion. It reminds me of the ISR routers – they are not only great branch routers but also can do a lot of security related tasks very well – firewall, IPS, cloud-based web content security and VPN services. However, just like a supercharger can make a sports car more compelling, even a great little router can be enhanced by an extra 300% dose of performance, and that is where the VPN ISM hardware VPN acceleration module comes in.

Learn more about the VPN ISM here.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 90 days. Please visit the Cisco Blogs hub page for the latest content.

1 Comments.


  1. Its an interesting read and the details on good throughput stats for coping with Suite B encryption are there to see. My only concern is that I suspect the router CPU still has to do the initial work to decide what needs to be encrypted and still has to forward the traffic which has a direct impact on the throughput capability of the ISR2. To use the car analogy you can speed down the M6 Toll Road but getting on to it still slows down your journey :o)

       0 likes

  1. Return to Countries/Regions
  2. Return to Home
  1. All Enterprise Networks
  2. All Security
  3. Return to Home