10 gig fiber tranceivers

Similar Messages

• 100 Mbps MPLS but service provider handing of gig fiber?

  Our service provider is providing 100 Mbps MPLS service to one of our remote sites that will accept the handoff via a gig fiber connection into our 3845 router using a GLC-SX-MM SMF tranciever. I'm assuming that I will have to shape the ingress traffic to 100 Mbps. Can anybody send me a link on CCO that explains how to do this? And am I correct that I will have to shape the ingress traffic? Thanks, John

  Hi,
  Even though you have a fiber coming into your remote location your service provider would have rate limited it appropriately in and out from his perspective to 100MB as per the BW sold to you.
  So from your question there should be no need to implement any policing in or out on your router towards the service provider.
  HTH-Cheers,
  Swaroop

• Path Selection between 10 gig fiber and microwave

  Hello everyone,
  my network is running OSPF as an IGP, i have a 10 gig Ethernet  fiber connected between two sites and a microwave link as a redundant connection.
  since ospf metric is cost ( or bandwidth ), the 10 gig ethernet connection is always preferred. however, sometimes the 10 gig link is flapping or the bit error rate is bad, is there anyway to change the path selection to go through the microwave when the bit error rate in the 10 gig link is bad or the link flaps ?
  basically can we make the path selection based on anything than the speed or cost ?

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Bandwidth can be a metric to OER/PfR.  Much else can be used by OER/PfR.
  The intent of this technology is sort of described by the names, Optimized Edge Routing (v1) and Performance Routing (v2).
  Both can account for path bandwidth and/or analyze performance.
  Understand typical dynamic routing protocols keep track of paths between source and destination and some have a way to "weight" paths  (for example, OSPF link cost [which by RFC, hasn't nothing to do with bandwidth, but is often based on that]).
  OER/PfR, for example, can run their own SLA tests.
  Years ago, I set up OER in large dual MPLS/VPN environment.  Our initial "problem", after activation, our WAN performance monitoring tools (and our users!) no longer "saw" any WAN performance issues.  They were still happening, but OER "saw" them first, and worked around them before the monitoring tools saw them.

• ASR 9006 to 6509 1 gig fiber connection

  I have an ASR 9006 with a SFP-GE-L connecting to a Cisco 6500.  The link shows up on the ASR side but not on the 6500 side.  If I move the SFP from the ASR to a
  different 6500 chassis the connection works so I know the SFP is working. 
  Any ideas on making this link work?

  The issue ended up being a negotiation issue.  Apparently IOS-XR is set for nonegotiate disabled by default and IOS is enabled by default. 
  The fix being to put "speed nonegotiate" on the IOS side interfaces and it came up

• Upgrade IOS on 3550 w/ Gig ports

  Good morning,
  I am in the middle of IOS upgrades and kind of stuck! I have a 3550 that has 12 gig interfaces, 10 of which are fiber and 2 of which are copper interfaces. I want to try to minimize the amount of downtime as much as possible. Obviously it's going to come down when I have to reload.
  Here is my question. Is there a way for me to upgrade the IOS from one of the 10 Gig fiber interfaces? I tried using a media converter (fiber to copper) to connect my laptop to the switch, but I couldn't get the interface to come up. The media converter is 10/100Mbps and I couldn't find a way to change the speed on the interface of the switch to match that. Both copper interfaces are currently being used. The device is unmanaged so I cannot upgrade it remotely.
  Thanks!
  Colin

  hi
  I dont think you can make use of a media converter which is different in speed when compared to the port speed of the switch.
  If you have 10/100Mbps port connecting to the Gig port on the switch whichs again 1000Mbps the port wont come up at all and you wont be to get them synced...
  We did try something inline with this quite sometime back and failed with that.
  what i can suggest is to logon to the console port of the switch and configure a vlan ip.
  hook up your pc on any of the ethernet ports and configure on the same subnet to which the vlan belongs too.
  Check the ip reachability to the switch from the local pc and upload the ios using TFTP..
  regds

• Five Story Building Fiber Link Speeds

  I am designing a new model and am really grappling with the fiber uplink speeds.  I am trying to build a network resilent enough to support data for the next ten years.  I am trying to decide if I need a 10 gig fiber uplink to my data center on the third floor of the building from each of the adjacent floors.  I am planning on running a 48 port gigabit switch on each floor, and at the moment without VOIP.  But I'm trying to peer into my crystal ball for years down the road to see what my requirements will be.  Currently we are a 10/100 based LAN with all the normal windows domain things, file shares, exchange, internet, etc.  I could also concatenante some 1 gig fiber links, say 4 per floor, to get to almost half the bandwidth but with multiple fiber strands.
  Either way I was just hoping for some feedback.  There are advantages to each, I'm just worried as my switches begin to max out the ports, and the computers and network start utilizing the gigabit bandwidth more that my uplinks will begin to be the bottleneck, not today or tomorow, but a few years down the road.  Am I crazy?  Any help would be greatly appreciated, or a link to a thread that has already addressed this issue.
  Thanks,
  Jason
  Network Admin
  The Blood Center

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  It’s not easy to comment on how your technology strategy for the next 10 years should be since I do not know anything about what the organization is doing or which applications we can expect on the network.
  The easy answer will be to use the highest bandwidths and best switches you can get but this comes with a price that might give you a bad ROI the next 5 years. So what you can do is to look in to the future and predict if video, cloud computing, or any other high bandwidth applications will be present in this infrastructure. And the answer to that should be yes – sure… etc. But when is also a key question. So for your design you should plan ahead and see what you need now and if there is better to upgrade later. Do you then want to do a forklift upgrade and replace everything, or do you want to replace some components / interfaces to get higher bandwidth? You can address now that you have a technology strategy that points out the direction for the next 10 years, and you have a plan on how to build this new network now according to this strategy. You should address that i.e. after 5 years you need to do the next step and invest to upgrade the network according to the strategy to gain higher bandwidth, better SLA or any other upgrade that is critical for the business.
  Even if you go for 10Gbps now it might not be what you need in the future. And even if you have a 10 year scope for your strategy you should occasionally do a sanity check and patch up your strategy to meet the requirements from the organization you are going to support, and to be aligned with the technology development.
  /André

• Fiber POE

  Is anyone aware of a Gig fiber to copper POE injector for a AP1252 that meets the 18 watt requirement? Our infrastructure is all 62.5 fiber, and the APs will be over 100 meters from the switches, so I need a media convertor, and injector to make the conversion. Thanks.

  Check the data sheet and ordering guide of the 1250 AP. It should hold the information about the device.
  http://www.cisco.com/en/US/products/ps6973/products_data_sheet0900aecd806b7c6d.html
  http://www.cisco.com/en/US/products/ps6973/products_data_sheet0900aecd806b7c5c.html

• Home Network and Multiple Switches

  Hi, I am upgrading my small office network as I have run out of ports on my Cisco SG100-24 unmanaged switch. I have purchased another SG100-24 which will give me the ports required. My question is how best to connect them.
  I am currently using my ISP`s modem to a Cisco RV320 router to the first SG100-24. I see two obvious options here one being just daisy chain them or just connect them each to the router as more of a tree approach. I also have a 8 port switch (SG200-08) but not sure I need it any longer with the new 24 port switch though it is a "Smart-Switch".  I guess I am curious if there is any benefit of using the mini-GBIC combo ports (with or without buying the modules) or just to run both switches through the RV320.  I also use a 4410 WAP so my current pan is as follows:
  Port 1 of RV320 -> SG100-24#1
  Port 2 of RV320 -> SG100-24#2
  Port 3 of RV320 -> WAP4410N
  Port 4 of RV320 -> Server
  I would appreciate thoughts and suggestions especially as it pertains to the Mini GBIC combo ports.

  Jason,
  The only advantage you would get from using SFPs (fiber tranceivers) in the GBIC slots would be if you needed to make a run of over 100m between the switches.  Unless you have a very large property with switches at either end you are just as well to use the copper ports in the setup you described.  There is also nothing wrong with chaining the SG100s together if necessary to free up a port on the RV320.  The only other thing to consider is if you are using VLANs.  Each unmanaged SG100 will only pass a single VLAN so if you need segregated distribution coming from the RV320 you would need to put each SG100 on its own port.  Or, you could run a trunk from a port on the RV320 to your SG200 and then split off your untagged VLANs from there.  Hope this answers your question and have a nice day.
  Regards,
  Mike.V

• Cisco SG300 - IGMP and multiple switches

  Hi all,
  I have read through various Cisco documents and tried various configurations and i have been unsuccessful
  Here is the network layout
  Cisco SG300-10 in Layer 3 mode, managing all VLANS created and inter-vlan traffic is working fine
  Ports 1-4 are in LAG 1 with LACP enabled, Ports 5-8 are in LAG 2 again with LACP enabled, port 9 is connected to the ASA 5505 (Trunk port, all VLANS) and port 10, again a trunk port I use for management
  LAG 1 and 2 are connected to Cisco SG300-52 switches
  again traffic between the switches is working ok, what we would like to do is the following
  on VLAN 7, we have multiple devices streaming using UDP multicast, what we would like to do is allow PC's on VLAN 5 to be able to pick up these streams as and when they need to, the devices broadcast on their own unique UDP ranges
  Could someone please explain to me what I need to configure on the Layer 3 switch and the other two Layer 2 switches in order for this to work?
  If i put a port into VLAN 7 and can view the stream without a problem, also if there is any fine tuning to be done once this is working
  Thanks
  Andy

  Jason,
  The only advantage you would get from using SFPs (fiber tranceivers) in the GBIC slots would be if you needed to make a run of over 100m between the switches.  Unless you have a very large property with switches at either end you are just as well to use the copper ports in the setup you described.  There is also nothing wrong with chaining the SG100s together if necessary to free up a port on the RV320.  The only other thing to consider is if you are using VLANs.  Each unmanaged SG100 will only pass a single VLAN so if you need segregated distribution coming from the RV320 you would need to put each SG100 on its own port.  Or, you could run a trunk from a port on the RV320 to your SG200 and then split off your untagged VLANs from there.  Hope this answers your question and have a nice day.
  Regards,
  Mike.V

• Help needed regarding Closest srever roles 11.3

  We are running 11.3 in an organization that supports 2100 pc's using zenworks. We have 3 primary servers, a sql server and an audit server. Lately we have been running into issues with our sql process hitting 100% cpu usage on our zen databse server and eventually crashing. During this time frame our primary servers go from 5/100 connection to the database up to 100/100 connections.
  We have not configured the closest server default rule too much, all default server rules point to server 1, 2 and 3. I am thinking we need to set one server as the default for content, another for the default for collection, and a third to be the default for authentication and configuration. Or would it be more efficient to have a location rule that pointed one building to server 1 to handle content, collection, authentication and configuration, the other building to server 2 to handle content, collection, authentication and configuration etc. Any thoughts?
  I find our current environment is somewhat unstable and I am sure it is due to a lack of configuration.
  Any help would be greatly appreciated.

  Hi
  I have 29 buildings and 7 primaries all blades connected to a SAN. 9200
  pc's. We set it up exactly as your are proposing to spread the load. I
  currently don't have any SAT's in place and I have gig fiber to all of the
  buildings with 2012sql that is a virtual. CPU load on servers is negligible
  and the SQL goes up and down in the 20% range. But you might be having
  something else going on. I'm not an SQL guy but you may need to have some
  maintenance done and get a very knowledgeable person take a look at the
  database.
  "jorton" wrote in message news:[email protected]..
  We are running 11.3 in an organization that supports 2100 pc's using
  zenworks. We have 3 primary servers, a sql server and an audit server.
  Lately we have been running into issues with our sql process hitting
  100% cpu usage on our zen databse server and eventually crashing. During
  this time frame our primary servers go from 5/100 connection to the
  database up to 100/100 connections.
  We have not configured the closest server default rule too much, all
  default server rules point to server 1, 2 and 3. I am thinking we need
  to set one server as the default for content, another for the default
  for collection, and a third to be the default for authentication and
  configuration. Or would it be more efficient to have a location rule
  that pointed one building to server 1 to handle content, collection,
  authentication and configuration, the other building to server 2 to
  handle content, collection, authentication and configuration etc. Any
  thoughts?
  I find our current environment is somewhat unstable and I am sure it is
  due to a lack of configuration.
  Any help would be greatly appreciated.
  jorton
  jorton's Profile: https://forums.novell.com/member.php?userid=157965
  View this thread: https://forums.novell.com/showthread.php?t=481984

• H.323 video QOS over LAN to LAN

  I need to configure QOS for video over gig fiber LAN(4506 catalyst switch) to LAN(3500 switch)

  Many IP video conference applications use the H.323 suite of protocols. The International Telecommunications Union (ITU) H.323 defines an international standard for multimedia over IP. Refer URL
  http://www.cisco.com/warp/customer/105/video-qos.html#h323

• Small DC Switch Design

  Hello,
  I'm working on options for a small DC switch design.  This DC has 5
  virtual hosts with 10-20 guest vm's each.  Each server has two quad
  port gig nics with 6 of the 8 gig ports connected (3 for iSCSI and 3
  for data or management.  It also has two 3 node sans each with 2 gig
  ports per node, a host of other small servers including voice servers,
  management servers, asa firewall, and a few routers.  Total of 50-60
  ports as of right now.
  Connected to the DC is 7 other buildings each with there own 1 gig
  fiber connection serving about 3000 devices in total including
  desktops, laptops, ip phones, wireless ap's, building automation,
  alarm panels, etc....
  Right now in each of the 7 buildings has a 3560G as an aggregation
  switch connected back to the DC.  The DC also has a few 3560G's and
  3750G's for the sans and servers.  The system seems to work ok for the
  most part aside from micro bursts overwhelming the buffers on these
  switches and the etherchannel trunks between them dropping a minor
  amount of packets.  QOS is configured for the voice network and there
  are little to no complaints.
  What I would like to know (costs being the biggest factor) is what
  would be a better switch design for the current and future traffic in
  this network.  Some options I was thinking about are as follows:
  I would needs at least 96 ports.
  So option A is to go with a 4506-E bundle with 2 48 port line cards,
  sup 6l-e and a WS-X4712-SFP+E or something of the sorts.   And then
  upgrade to the enterprise services license and do all of the routing
  and switching for the DC on this one switch.  Means little redundancy
  and no failover.
  Option B was to go with the same 4506-E bundle, without the extra
  license and without the SFP line card and put in some sort of layer
  three aggregation switch, possibly an me3600x.
  Option C Is to go with the 4503-E, the SFP line card and the IP
  Enterprise services license.  And two top of rack switches, either
  2360's or 4948's.
  I would like to do some PBR on the aggregation switch, but I am unsure if the me3600x is capable of doing that.
  I have no experience in this matter so any other thoughts or
  suggestions would be appreciated.
  Thanks,
  Dan.

  Disclaimer
  The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.
  Posting
  If cost is the biggest factor, and the only notable issue now is occasional packet drops due to insufficient buffers, perhaps some buffer tuning would be something to consider.
  A really important question to answer is how important redundancy. At lower port densities (3 to 4 stack members), the switch stack is less expensive than a chassis that supports redundancy.  At very low port densities (2 to 3 stack members) the stack might be less expensive than even a non-redundant chassis.
  BTW, the 3750-E/X offers much more performance than the original 3750 series.  If offers wire-speed PPS and fabric per switch, twice the ring bandwidth and uses the ring, for unicast, much "smarter".
  Perhaps a dual WS-C3750X-12S or WS-C3750X-24S for your core with dual MEC fiber etherchannl links to your aggregation switches?  In the DC itself, you might also use 2960s to provide DC edge ports.  For growth, a dual 3750-X stack would support four 10 gig ports which could be used with 10 gig servers or 10 gig SAN or as a 10gig link to other DC switches, such as the 2960S (which support their own stacking technology).

• How to communicate between UNI ports?

  Hi
  I have a new  ME3400 series switch with IOS (me340x-metrobase-mz.122-37.SE1), it has 24 fastethernet and 2 gig fiber uplinks
  Now all the ports except fiber uplinks are uni ports by default.
  So can't communicate with each other. Now i wishes to make them communicate while remaining in uni port-type.
  On forums the solution is to declare them as member of community vlan.
  My questions are
  1) can i no shut the secondry vlan interface?
  2) From which pool i have to give ip to my system either from primary vlan pool or secondry vlan pool?
  3) In both cases i can't communicate with the default gateway i.e: the ip of vlan even the port is member of community vlan. so how to communicate them while being in uni ports?
  The sh run of switch is below
  Switch#sh run
  Building configuration...
  Current configuration : 2088 bytes
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname Switch
  no aaa new-model
  system mtu routing 1500
  ip subnet-zero
  no file verify auto
  spanning-tree mode rapid-pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  vlan 100
    private-vlan primary
    private-vlan association 101-102
  vlan 101
    private-vlan isolated
  vlan 102
    private-vlan community
  interface FastEthernet0/1
  switchport private-vlan host-association 100 101
  switchport mode private-vlan host
  interface FastEthernet0/2
  switchport access vlan 102
  switchport private-vlan host-association 100 102
  switchport mode private-vlan host
  interface FastEthernet0/3
  switchport private-vlan host-association 100 102
  switchport mode private-vlan host
  interface FastEthernet0/4
  shutdown
  interface FastEthernet0/5
  interface FastEthernet0/6
  shutdown
  interface FastEthernet0/7
  shutdown
  interface FastEthernet0/8
  shutdown
  interface FastEthernet0/9
  shutdown
  interface FastEthernet0/10
  shutdown
  interface FastEthernet0/11
  shutdown
  interface FastEthernet0/12
  shutdown
  interface FastEthernet0/13
  shutdown
  interface FastEthernet0/14
  shutdown
  interface FastEthernet0/15
  shutdown
  interface FastEthernet0/16
  shutdown
  interface FastEthernet0/17
  shutdown
  interface FastEthernet0/18
  shutdown
  interface FastEthernet0/19
  shutdown
  interface FastEthernet0/20
  shutdown
  interface FastEthernet0/21
  shutdown
  interface FastEthernet0/22
  shutdown
  interface FastEthernet0/23
  shutdown
  interface FastEthernet0/24
  shutdown
  interface GigabitEthernet0/1
  port-type nni
  interface GigabitEthernet0/2
  port-type nni
  interface Vlan1
  ip address 192.168.0.1 255.255.255.0
  no ip route-cache
  interface Vlan100
  ip address 10.10.100.1 255.255.255.0
  no ip route-cache
  interface Vlan101
  no ip address
  no ip route-cache
  shutdown
  interface Vlan102
  no ip address
  no ip route-cache
  shutdown
  no ip http server
  control-plane
  line con 0
  line vty 5 15
  end
  Any help will be apritiated and thanks in advance

  njb7ty wrote:
  Create two separate connection pools. Each one has its own url/userID/password to its own database. Example: If both are Oracle databases, you need the JDBC driver jar file in your classpath. You'll have to research how to create a connection pool.That is a pretty specific answer. Certainly inappropriate, for example, if the OP is attempting to just move records. Or compare records.
  Probably ony useful if the OP wants to present to a client data from two databases. But since the OP said "communicate" that seems unlikely.

• Site to site between 892s, video streaming, fragments and dropped traffic

  Customer network consists of two LANs, each routed from an 892.  The 892s are connected by a Gig fiber path, and there's an IPSec VPN between the 892s.  All traffic from one LAN to the other traverses the VPN.  Site 1 has a Lenel video server with a bunch of cameras streaming video to it.  Site 1 and Site 2 each have a Win7 PC with some Lenel software that receives video streams retransmitted from the video server at Site 1.  The video server streams the video as UDP.   The client PC at Site1 receives all the video streams from the server just fine.  The client PC at Site 2 does not reliably receive the video streams from the server at Site 1.  Streams from *some* cameras are received fine, but not others.  Looking at Wireshark captures taken at Site 1, it looks like most of the UDP traffic is fragmented.
  Anyone else out there have anything remotely like this setup, and any notions of where to go looking for why Site 2's got such issues?
  I'm afraid I'm somewhat constrained by all sorts of legal and bureaucratic restrictions on exactly what configuration and sample data I can include in this discussion, which would make me laugh if it wasn't so frustrating (this is a network of security cameras around a sensitive research facility).

  Hi Julio,
  Everything seems to be ok in this access list. I think this is a routing issue. It is just does not know where to send the packet back or where to reply.
  Crypto map tag: XXXX_map, seq num: 7, local addr: x.x.x.x
     access-list XXXX_7_cryptomap permit ip x.x.x.x x.x.x.x x.x.
  x.x x.x.x.x
     local ident (addr/mask/prot/port): (local network and subnet)
     remote ident (addr/mask/prot/port): (Remote network and subnet)
     current_peer: x.x.x.x
     #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
     #pkts decaps: 9122, #pkts decrypt: 9122, #pkts verify: 9122
     #pkts compressed: 0, #pkts decompressed: 0
     #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
     #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
     #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
     #send errors: 0, #recv errors: 0
     local crypto endpt.: x.x.x.x, remote crypto endpt.: x.x.x.x
     path mtu 1500, ipsec overhead 58, media mtu 1500
     current outbound spi:
  inbound esp sas:
     spi:
         transform: esp-des esp-md5-hmac none
         in use settings ={L2L, Tunnel, }
         slot: 0, conn_id: .., crypto-map: xxxx_map
         sa timing: remaining key lifetime (sec): 18731
         IV size: 8 bytes
         replay detection support: Y
  outbound esp sas:
     spi:
         transform: esp-des esp-md5-hmac none
         in use settings ={L2L, Tunnel, }
         slot: 0, conn_id: 8849, crypto-map: xxxx_map
         sa timing: remaining key lifetime (sec): 18673
         IV size: 8 bytes
         replay detection support: Y

• Cisco 3850 Macsec encryption

  Customer just bought four WS-C3850-T with IPServices. I upgraded them to IOS-XEE 3.3.5 straight away. Working fine except when trying to do manual CTS I don't have the gcm-encrypt option on these switches?
  I have MACSec "configured" on two fiber ports between two switches but it's not actually encrypting anything. Do I need a separate license just for this?
  Literally, if I go into interface mode, do cts manual, and then sap pmk mode I only have the no-encap option?
  These are covered by Smartnet but I need to get associated with the contract to open a case.
  Any thoughts?
  Thanks all.

  OK, this is working as of the 3.7.0 code however with MACSec enabled using "sap pmk <key> mode-list gcm-encrypt" across a 1 gig fiber the performance hit is so great that the link is unusable?
  This is a small shop with less than 10 users behind this 3850. With "no-encap" specified performance is great. Using gcm-encrypt makes even remote admin activity (RDP, VNC) all but impossible.
  This has been tested multiple times with the customer - enable encryption, test performance. disable it, and reboot. Performance is great. Re-enable encryption, performance tanks....
  Thoughts anyone?
  Thanks.