cancel
Showing results for 
Search instead for 
Did you mean: 

Throughput Using VPN

Conversationalist

Throughput Using VPN

I have searched with no luck so forgive me if this has been answered before.

 

I know that the MX device throughput ratings are dependent on what is turn on/off.  My question is, when using VPN does the VPN throughput limitation only impact the VPN throughput or the entire bandwidth of the device regardless of whether traffic is being tunneled through VPN?  In other words, does turning on VPN in the device for one client effect the traffic device-wide or only the specific VPN traffic?

6 REPLIES 6
Here to help

Re: Throughput Using VPN

VPN throughput limitation only affects traffic traveling though VPN.

Kind of a big deal

Re: Throughput Using VPN

It's more of an aggregate really.

 

Let's say we have an MX that is rated for 2Gbps unencrypted traffic, and 1Gbps encrypted. If you were to, say, drive 500Mbps of encrypted traffic through it you would then only be able to get about 1Gbps of unencrypted traffic through it at the same time (not 1.5Gbps). 

 

In our testing we've found that you can use the general rule of thumb of encrypted traffic counting 2x towards the total throughput of the box. 

 

 

Conversationalist

Re: Throughput Using VPN

In my situation we would be running a MX64W in a branch and a MX100 at the main location and would VPN from one server at the main location to one client at the branch.  The MX64 states that maximum VPN throughput is 100Mbps while firewall throughput is 250Mbps.  It sounds like clients connected to the MX device not using VPN would have the full 250Mbps available while the one client connected via VPN would be limited to 100Mbps if I understand this correctly???

Kind of a big deal

Re: Throughput Using VPN

It's shared, not dedicated. It's not 100+250. The 100 counts as part of the 250 (at double the hit, so 100Mbps of VPN traffic counts as 200Mbps of non-VPN).

 

So if you have 1 VPN client that is conducting a 100Mbps file transfer you will nearly max out the MX and leave almost nothing left for anyone else. 

 

 

Conversationalist

Re: Throughput Using VPN

OK that helps.  The VPN data should be very small and very intermittent.  Basically just hitting a database now and then and some light web traffic.  I'm mainly concerned with getting my other (non VPN) clients the fastest speed available.

Meraki Employee

Re: Throughput Using VPN

Hey @Butters

 

I would recommend using traffic shaping and quality of service as much as possible. That way you can have granularity over what traffic is going to receive what portion of bandwidth. 

 

Regarding the impact, I agree with the guys above and would normally expect encrypted traffic to chew up double the bandwidth normally used. The overhead for VPN is not that much, but the process of encrypting and decrypting traffic can be quite time consuming. 

 

Thanks!


Giacomo

Please keep in mind that what I post here is my personal knowledge and opinion. Don't take anything I say for the Holy Grail, but try and see!
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.