Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
if my download is 30Mbps, upload is 8Mbps, and I also want to vpn , so (30+8) * 2 * 2 = 152Mbps.
For bandwidth, you only need to count the it once as it transits the device. Your aggregate bandwidth being forwarded would just be 38 Mbps, not 152 Mbps.
For sizing a router, VPN imposes some overhead too. How much depends on exactly what the VPN is doing. Fragmentation can add much overhead (much of which can be avoided based on configuration and nature of traffic) and actual encryption can add very much overhead, unless the device has encryption hardware (many newer VPN capable routers do).
Router performance is provided as packets-per-second, which is applied to the aggregate of all packets passing through the router. Why "duplex" is important, when we say we have a 10 Mbps circuit, most can pass 10 Mbps in both directions, so maximum aggregate is 20 Mbps. However, if there are two such links connecting to a router, assuming the one link's ingress traffic is the other link's egress traffic, you only need to count it once, not twice for forwarding performance.
