I have a small retail customer with a main retail store and 5 branch retail stores. The main site has a 200 mbps symmetrical fiber internet service (1 gbps fiber with a 200 mbps shaper configured on the premise ISP internet router and ISP edge routers) installed in June 2018. Also at this time, Meraki MX65W firewalls were connected to the main site and the remote stores. All MX65Ws have the Enterprise License, no Advanced Features enabled.
The remote sites have fiber internet connections through the same internet carrier and are in the same geographic region (with 100 miles range). Remote stores have 20 to 50 mbps symmetric speeds. Remote stores have site to site vpn tunnels back to the main store, to carry Point of Sales Terminal info and Security camera DVR backup video feeds to DVRs located at the main store. The HD Security Camera Feeds from the remotes to the Main Site baselines about 70 mpbs of traffic 24x7 over the 5 vpn tunnels into the Main Site MX65W.
This has been working well for about 8 months, but last month the customer started noticing their dowloads seemed slower, and ran speed tests through the Meraki. Downloads performed from PCs on the LAN switch or plugged directly into the MX65W switchports are running 25-50 mbps while the VPN tunnels are running the Video Cam traffic (70mbps in the background) for a total throughput of about 120-130 mpbs through the MX65W during the PC speed test.
With the same laptop (having a Public IP) directly connected to the ISP Internet router onsite and the MX65W disconnected, Up/Down speeds are 197 mbps. I did ping tests with do not fragment flag enabled, and MTU size appears to be 1280 over the ISP link to different locations. I have verified good ethernet cables and no speed/duplex mismatches between devices. I upgrade the firmware to the latest 14.x code a week ago with no improvement.
Wondered if it may be a MTU issue between the Meraki MX65W and the Adtran 5660 Internet router from the ISP.
I opened a support case with Meraki about that possibility, and they have not replied to the question.
The MX65W was rated at 250 mbps throughput and 100 mbps VPN tunnel. I assumed that meant that only the VPN tunnel traffic throughput was limited to a max of 100mbps. There are only about 5 office personnel that work at the main site, and a few retail floor employees at the main store. 95 percent of the bandwidth used is for the Security camera feeds.
7 h
Should the customer look to go to a larger model MX at the main site. I see that the MX67 is rated at 200 mbps VPN versus the MX65's 100. The MX84 price is much higher with only about a 25 percent performance rating versus a MX67.