Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick IPsec Throughput: Difference between revisions

FireBrick IPsec Throughput (view source)

Revision as of 23:59, 14 March 2017

12 bytes added ,  14 March 2017
m
clean up, typos fixed: 15Mb/s → 15Mbit/s (4), eg → e.g. (2)
mNo edit summary
m (clean up, typos fixed: 15Mb/s → 15Mbit/s (4), eg → e.g. (2))
 
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick_IPsecFireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>
 
On a FB 2700, throughput should be around 10 - 15Mb15Mbit/s.
 
Here is a speedtest from a Road Warrior on a good internet connection connected to a FB2700 on a single 60Mb60Mbit/s down and 20Mb20Mbit/s up FTTC, using HMAC-SHA1
 
[[File:FB2700 IPSec Speedtest.png|none|thumbnail|Speedtest over a FB2700 IPsec tunnel]]
[[File:2700 IPsec 100M download.png|none|thumbnail|Download over a FB2700 IPsec tunnel]]
 
A FB6000 can do nearer 50Mb50Mbit/s, whilst newer generation of FireBrick hardware should be even better.
 
 
==Other notes on throughput==
If an IPsec connection is slow, it is useful check a few other things. Latency can have large impact on ege.g. a TCP connection so it's good to:
*Try a ping with a large payload (ege.g. 1400 bytes)
*The window buffer size needs to be larger the larger the latency, as it needs to be able to support holding data for the whole round-trip-time. see below
 
 
 
[[Category:FireBrick_IPsecFireBrick IPsec|Throughput/ Speed]]
Reedy
editor
698

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/11968