Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick IPsec Throughput: Difference between revisions

← Older edit
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
mNo edit summary
Reedy (talk | contribs)
editor
706 edits
m clean up, typos fixed: 15Mb/s → 15Mbit/s (4), eg → e.g. (2)
 
Line 1: Line 1:
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick_IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>


On a FB 2700, throughput should be around 10 - 15Mb/s.
On a FB 2700, throughput should be around 10 - 15Mbit/s.


Here is a speedtest from a Road Warrior on a good internet connection connected to a FB2700 on a single 60Mb/s down and 20Mb/s up FTTC, using HMAC-SHA1
Here is a speedtest from a Road Warrior on a good internet connection connected to a FB2700 on a single 60Mbit/s down and 20Mbit/s up FTTC, using HMAC-SHA1


[[File:FB2700 IPSec Speedtest.png|none|thumbnail|Speedtest over a FB2700 IPsec tunnel]]
[[File:FB2700 IPSec Speedtest.png|none|thumbnail|Speedtest over a FB2700 IPsec tunnel]]
Line 11: Line 11:
[[File:2700 IPsec 100M download.png|none|thumbnail|Download over a FB2700 IPsec tunnel]]
[[File:2700 IPsec 100M download.png|none|thumbnail|Download over a FB2700 IPsec tunnel]]


A FB6000 can do nearer 50Mb/s, whilst newer generation of FireBrick hardware should be even better.
A FB6000 can do nearer 50Mbit/s, whilst newer generation of FireBrick hardware should be even better.




==Other notes on throughput==
==Other notes on throughput==
If an IPsec connection is slow, it is useful check a few other things. Latency can have large impact on eg a TCP connection so it's good to:
If an IPsec connection is slow, it is useful check a few other things. Latency can have large impact on e.g. a TCP connection so it's good to:
*Try a ping with a large payload (eg 1400 bytes)
*Try a ping with a large payload (e.g. 1400 bytes)
*The window buffer size needs to be larger the larger the latency, as it needs to be able to support holding data for the whole round-trip-time. see below
*The window buffer size needs to be larger the larger the latency, as it needs to be able to support holding data for the whole round-trip-time. see below


Line 30: Line 30:




[[Category:FireBrick_IPsec|Throughput/Speed]]
[[Category:FireBrick IPsec|Throughput Speed]]
Retrieved from "http://support.aa.net.uk/FireBrick_IPsec_Throughput"