Customer wants to know limitation of AR46 regarding IPSec tunnels with and without IPSec board.
-AR46 without IPSEC board, the limit is 512 tunnels( 256 users), if with IPSEC board, the limit is 2000(1000 users).
-Back to back connection: with 160 subinterface, 150K traffic for each tunnels, 10mins all the IPSEC tunnels can be up.
-Back to back connection: with 250 subinterface, 150 K traffic for each tunnels, 1hrs all the IKE SA can be established, only 40 IPSEC SA can not up on one side.
-The reason is CPU high cause the packets lost, in real network, the situation will be worst than in the lab, so, the solution is divide traffic into two or more routers.
AR46 has more 160 IPSec tunnels configured and when customer turns UP all tunnels,same time, CPU reach 100% and AR46 spend 1 hour to raise all tunnels.