Actual MX80 VPN throughput

Sprocket
Here to help

Actual MX80 VPN throughput

Hey

 

I struggle to get more than 40 Mbps site-2-site VPN throughput over non-meraki VPN using this policy:

 

phase1:

AES-128

SHA1

DH5

28800

 

phase2:

AES-128

SHA1

PFS 5

28800

 

I recently downgraded from AES-256 with no significant change in throughput.

Does anyone know what VPN policy gives the best throughput/security combo?

 

Cheers

8 REPLIES 8
NolanHerring
Kind of a big deal

MX80 is a little old, so it looks like it can only handle 125Mbps VPN throughput maximum. What speed is your circuit on both ends (upload and download for both).

Also what version firmware is the MX80 running?
What is the non-Meraki VPN peer equipment?
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Circuit is 100/100 fiber.

Firmware 13.36.

VPN peer is Sonicwall NSA 5600 VPN concentrator with 1gig uplink.

Upgrade to 14.39 firmware and test again. Its the stable release version now, and fixes some VPN throughput issues.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Also after or before doing that, double check your SD-WAN & Traffic Shaping config to make sure the uplink throughput slider isn't limiting anything as well.
 
Otherwise hopefully the firmware is the fix for you.
 
I just recently tested a throughput test on an MX64 with iPerfv3 (100Mbps VPN limit according to documentation) to an MX250 at my data center, 1Gbps symmetrical circuits on both ends, and got these results which isn't too shabby 😃
 
Running 14.39
 
IMG-20190408-WA0015.jpg
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Is this AutoVPN or 3rd party?

I suspect AutoVPN is slightly more optimized. It is after all one of their main selling points.

Will try 14.39 tonight.

 

My test was AutoVPN testing between MX64 to MX250.
Nolan Herring | nolanwifi.com
TwitterLinkedIn


@NolanHerring wrote:
Upgrade to 14.39 firmware and test again. Its the stable release version now, and fixes some VPN throughput issues.

Our testing found that the MX80 took a pretty big performance hit when moving to 14 😞


@jdsilva wrote:

@NolanHerring wrote:
Upgrade to 14.39 firmware and test again. Its the stable release version now, and fixes some VPN throughput issues.

Our testing found that the MX80 took a pretty big performance hit when moving to 14 😞


Oh really?


Hmm...well....idk then lol. Didn't realize that the older MX models would have issues on 14.x train

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels