Can someone clarify how throughput works on the MXs? Using an MX67 for example. Firewall throughput is 600Mbps, VPN throughput is 300Mbps and Security throughput is 300Mbps. If you simply enable Auto-VPN and no security, does that mean you have capped the device at 300Mbps for ALL traffic weather it traverses a VPN tunnel or not?
When all security features are enabled the maximum data rate is 300 Mbps for the MX67, Otherwise consider 600 Mbps if it is disabled.
The maximum data rate for traffic that is sent through a VPN tunnel is 300 Mbps for the MX67.
Unfortunately that's not what supports says. Are they wrong?
"Thank you for contacting Cisco Meraki Technical Support. My name is Joe and I'll be happy to assist you with this!
After checking your network it looks like you have your VPNs enabled, and our data sheet here indicates that speeds will cap at 300 when testing through VPN enabled devices."
Take a look at my last answer.
"The maximum data rate for traffic that is sent through a VPN tunnel is 300 Mbps for the MX67."
Thanks but I'm not sending traffic through the VPN tunnel. A simple speed test not traversing the VPN caps out at 300Mbps on a 500Mbps fiber circuit. I can replicate this in two locations. That's why I asked in the original post if it caps all traffic. And support simply says "VPN enabled device".
Ips and amp are disabled?
No default route in the tunnel?
You have set uplink config to max?
Yes
Correct
Set uplink to 500Mbps to match circuit.
What firmware version are you running?
Did you try speed test with autovpn disabled?
The speedtest is run from a lan client?
Firmware is 18.107.2
I did not try with autovpn disabled as I was not in a maintenance window where I could take it down.
Ran speed test from a lan client and used the dashboard test. Same results both places.
I'm bringing another site online tomorrow morning with the exact same config. I can try a speed test without the MX to verify the circuit.
Be aware of this note on the throughput tool in dashboard https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Throughput_test_to...
I'm on a 1.2 Gbps connection. The throughput tool never shows more than 700 Mbps for my MX95. Whereas if I use the Insight speed test tool or test directly from a client I can hit the 1.2 Gbps limit (or at least 1 Gbps from a 1 Gbps connected wired client).
Without being able to see your config and dashboard/MX it's hard to give anymore direct feedback on what you're experiencing.
its not capped if you stay under the max wan limit configured at the Uplink configuration
Its more like the utilization would be on 100%
For example when using 150Mb vpn you could have like 300Mb local routed traffic
I don't know the answer.
If you enable AutoVPN and no other security, I believe your AutoVPN throughput would still be 300Mb/s. I believe this is related to the crypto throughput of the platform. Hardware instructions are used to do the AES. Content filtering, IPS and AMP use general CPU capacity. The crypto functions use dedicated but separate silicon on the CPU. It is more like a built-in co-processor.
I also believe this is based on maximum 1500 byte packets (probably a little smaller like 1480, not sure). If you do minimum sized 64 byte packets the VPN throughput would be a lot less.
If you are really bored:
https://en.wikipedia.org/wiki/AES_instruction_set#ARM_architecture
I could be completely wrong.
On an MX65 that I used as a spoke on the corporate SD-WAN with split tunnelling, I got 100Mb/s throughput to the datacentre, but 250Mb/s to the internet. Therefore I'd expect you'd get 300Mb/s over the VPN and 500Mb/s to the internet... I can't test now as I have moved and only have an 80Mb/s connection... 🙄