I'm using 2 MX64 security devices for a site to site VPN and I'm getting sub 1 Mb/s speeds.
the internet connections both have 50-20 Mb/s internet connections.
They are running version 14.39
How can I improve this speed?
Depends on where/how you use it.
If you are based in Europe or the US for example and this site is in Asia, this is quite normal...
Have you got further details?
Both of these devices are located in Perth, Western Australia
And VPN Remote peer?
Sorry I'm not sure what you are asking. I'm using the site to site VPN between the 2 devices. It's set to use Meraki cloud to set up the connection
your latency is very high. this also affects tcp performance
OK, thought you have both MX´s on one site and connect to your HQ for example 😉
So did this start yesterday, or is it like this all the time?
How many users are there? (even asking while seeing, that its low in the night, metining this because of the MX64 hardware))
Maybe the ISP is causing a problem regarding to any settings on their side?
I only set this up recently but it has been this way since then.
ok, maybe it is just normal for this sites?
Can you provide any other informations I asked before?
Maybe also show what you have build there in draw or your VPN settigns?
You might try disconnecting the VPN. Then check the usage at both sites over a day or so. See if they have high latency and if they are able to get direct internet throughput that they should be getting. This could help you narrow it down to an ISP and or a specific site. Just to check is the ISP the same on both MXs?
I would capture the traffic from the Inside Interface to see the latency.
At the beginning of the 3-way TCP handshake, you will see the latency of SYN-ACK packet.
You can calculate the real world throughput by
TCP-Windows-Size/Latency = Throughput
Also, if you have 0.4% of packet loss, you will lose 50% of your throughput.
Are the connections symmetrical or are they shared use lines (xDSL, cable etc.) that can have 50Mb download but only 1Mb upload speed?
@jcolley As mentioned your latenacy its extremely high between two local devices. I know that internet over the ditch isn't that great. What type of internet connection do you have, is it fibre or ADSL/VDSL?
Here are some screenshots of the setup/status
Does this mean I need to talk to the ISP?
@jcolley The fact your latency is around 200ms when your are pinging a device in the same city shows there is a serious issue somewhere.
What I would do is ping 188.8.131.52 from each connection and see if either of them has a much higher response time than the other. Pinging 184.108.40.206 from New Zealand I get an avg response time of 43ms
Site1 looks to be overloaded. As you have some significant packet loss this will stop you getting near the full throughput. Do you have up/down stats for site 1
The easiest way to get up/down statistics is from the switch port that the MX is connected to, if you have an MS simply click on the port and you will see traffic sent/received under the status heading half way down the page.
You add your own Site public IP address to measure the health.
Wait an hour or so, you can toggle between the IP addresses.
So I got it added and here are the results this is Site 2 pinging Site 1
At this point, I strongly recommend you to use "iPerf3" to measure the WAN performance.
download it from here
You will need to install the app on both ends.
a) Hub : run iperf3 -s
b) Spoke: iperf3 -c 220.127.116.11 -f M -P 4 (your Server IP on Hub Site,format of Mbits, 4 concurrent connections)
You want to change the windows size to improve the throughput.