Solved: VPN Throughput - Page 2

b.gamble · ‎09-29-2009

I just set up a point to point VPN tunnel between a central 3825 and two remote 2811's over a 100Mb link via Ethernet.

I'm using AES256 encryption for isakmp and ipsec. Speeds w/o the tunnel active between the remote and central site are 60-70Mb. Speeds WITH the tunnel are 28-32Mb.

Why such a large decrease in speed? And is this a good result or should I be able to increase speeds some how?

CPU utilization on the 2811's increases to around 75% when a large amount of traffic is being passed. I assume this has something to do with the speed decreases.

b.gamble · ‎10-02-2009

C:\>iperf -w 256k -c msdtech -t 120

------------------------------------------------------------

Client connecting to msdtech, TCP port 5001

TCP window size: 256 KByte

------------------------------------------------------------

[1872] local 10.4.1.11 port 1803 connected with 10.2.3.36 port 5001

[ ID] Interval Transfer Bandwidth

[1872] 0.0-120.0 sec 507 MBytes 35.4 Mbits/sec

A little better...

cisco24x7 · ‎10-02-2009

I can NOT comment on Windows platforms but I can definitely tell you that Iperf performance is so much faster on Linux platform. My Linux box, with optimize Linux kernel, can push about 990Mbps on a 1Gig NIC. Maybe you should use Linux to get better performance. Either that or tweak the -w parameter.

b.gamble · ‎10-02-2009

The network is all Windows, so I don't have any Linux clients to test with. It's also more indicative of what results they'll see, so I'm OK with testing on Windows boxes.

The link is only 100Mb across the link, not 1Gb. I'd be curious to test between a linux box and Windows box. Might try that at home.

I just started running Debian.