05-28-2010 01:14 AM
I am trying to find out the bandwidth of the WAN link required at a datacenter WAN gateway where PCs at 60 remote sites establish SSL-VPN tunnel to this gateway. Each user will have 512kbps bandwidth to the internet.
Assuming, all the 60 sites will be accessing datacenter at once, if ‘x’ bandwidth is reserved at the WAN gateway (including all sites considering application requirement), what is the extra bandwidth to be provisioned to deploy SSL-VPN?
Any leads is much appreciated..
Thanks in advance,
Manjunath
06-02-2010 03:53 AM
I see it like this 60 client x 512kbps / client is aprox 30Mbits. If you are using Qos to guarantee 512kbps / client, you might think to include in this 512kbps also the extra overhead generated by the VPN encapsulation.
Did this answer your question, or I understood it wrong?
Calin
06-02-2010 03:59 AM
Thanks for the Reply Calin.
Actually, the application we will be running is a video+data application out of which, 384kbps is video and 64kbps is data. So i did some calculations and got around 64kbps SSL VPN overhead for that traffic. And hence assumed 512kbps/ client is sufficient. At the hub end, thought of giving some buffer along with 60 * 512kbps.
I read somewhere that, SSL VPN header size is around 25bytes/packet. So with some assumptions came to 64kbps overhead for SSLVPN. Any ideas on that?
06-02-2010 04:24 AM
From what I've read the overhead of IPSec on a packet is between 50 and 57 octets (including the new IP header, the ESP header and the trailers), representing a 10% increase on an average packet (500 byte). In contrast to this, SSL VPNs add only 5 octets of data to each packet, just a 1% increase on the average packet. Of course, setup operations cannot be ignored totally, but these are roughly similar in size for IPSec and SSL connections. Also, because SSL VPNs work at a much higher layer, they suffer much less from the packet fragmentation issues normally associated with IPSec VPNs. Finally, SSL has built in compression mechanisms (with AIM-VPN modules).
Overall, I think that if you have 512kbps / user you're on the safe side. This is my opinion.
Calin
------------------------------------------------
If this advice is useful please rate!
06-02-2010 10:17 AM
Thanks Calin, it was very useful...
Cheers,
Manju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide