VPN100 - ATP500 ipsec test speed

Cyrille
Cyrille Posts: 8
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Hi

I try to optimize my VPN between VPN100 (Company) ans ATP500 (Datacenter)

HTTP/HTTPS + Windows networking (Windows 2012/2016 File sharing, RDP...)  will be used on this VPN

Datacenter-Internet Link is 1G/1G
Datacenter network is 2x10G
Company-Internet is 1G/500Mbs

Actually  :
Ping is 4ms  (10ms when iperf test full)
iperf give me 150Mbs/125Mbs
iperf (-P 8) give me 350Mbs/145Mbs
Windows File transfer is 20MB/s (Mo/s)

What setting I must look ? (mtu ? window size ?, other ?) and how ?


Thanks

Best Answers

  • Cyrille
    Cyrille Posts: 8
    First Anniversary Friend Collector First Comment
    Answer ✓
    As I tested locally with your configuration, the throughput of VPN is around 170 Mb/s.(j-perf, TCP session).
    Ok, Accepted solution. VPN100 VPN real throughput is less than 200Mb/s

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited January 2019

    @Cyrille

    Regarding to VPN throughput case,

    the VPN throughput of VPN 100 is around 500Mbps.(VPN100---VPN----Specific test Machine).

    Moreover, we also have run a similar lab test internally between two VPN 100 using Windows File transfer.

    Download Transfer speed is around 25-32.5Mbps.

    We suggest you replace AES256 with 3DES  to get better throughput.


    Test: PC doing Windows File transfer to another PC directly.

    As our lab, there is only one vpn tunnel, however, there are more than one VPN tunnel are working on customer site, therefore, the throughput may be lower than our result.

    Charlie

  • Thanks for your answer

    Only one VPN is active when i do test.

    Settings are :
    Phase 1 - IKE v2, PSK, Life time 86000, AES256, SHA1, DH5
    Phase 2 - 28000, AES256, SHA1, DH5

    MTU is 1500 by default

    Robocopy /MT:8 is 110 Mb/s / 145 Mb/s  ( < 20MB/s)


    Maybe it's MTU.  Do you have kb to find/setup best MTU ?


    Thanks




  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @Cyrille
    Regarding to this case,

    You can try to change the AES256 to 3DES and see if the throughput is getting better.

    Also, the Maximum MTU size of USG Series is 1500 which is better value for throughput.
    Charlie
  • Changing phase 2 AES256 to 3DES don't change speed. 110Mb/s - 140Mb/s
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @Cyrille
    Regarding to this case,
    since the throughput of Windows File transfer on my local test is better than yours(5Mbps-10Mbps), therefore, can you private message your configuration for testing?
    Charlie
  • @Zyxel_Charlie
    Have you test my config ?
    Do you get more than 200Mb/s with VPN 100 ? Specifications tells 500 Mb/s but maybe VPN 100 specifications are wrong and 500 Mb/s  -> 1/3 -> 166Mb/s  maximum ?



  • Cyrille
    Cyrille Posts: 8
    First Anniversary Friend Collector First Comment
    Answer ✓
    As I tested locally with your configuration, the throughput of VPN is around 170 Mb/s.(j-perf, TCP session).
    Ok, Accepted solution. VPN100 VPN real throughput is less than 200Mb/s

Security Highlight