HPE Community
Operating System - HP-UX
1823119 Members
3324 Online
109646 Solutions
New Discussion юеВ

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

 
SOLVED
Go to solution
'chris'
Super Advisor

тАО11-19-2004 09:59 AM

тАО11-19-2004 09:59 AM

how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

hi

how many % of bandwidth performance will by lost by ipsec VPN Tunnel over Internet ?

kind regards
chris
0 Kudos
Reply
9 REPLIES 9
rick jones
Honored Contributor

тАО11-19-2004 04:24 PM

тАО11-19-2004 04:24 PM

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

in what sense? are you talking about running ipsec on the UX hosts, or is this some special VPN tunnel device you will be using?

ipsec will add some headers. "normally" one is talking about 20 bytes of IP header, and 20 bytes of TCP header on a packet. i do not recall the size of the added header(s) but figure say 60 bytes more header (hadwaving guess) the compare based on the MTU of the link.
there is no rest for the wicked yet the virtuous have no pillows
Reply
Gerhard Roets
Esteemed Contributor

тАО11-20-2004 05:53 AM

тАО11-20-2004 05:53 AM

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

Hi Chris

Just as a note ... depending if your "current" link is compressed ... you might actually gain some data depending on the payload if you enable compression on the ipsec tunnel.

Regards
Gerhard
Reply
'chris'
Super Advisor

тАО11-20-2004 06:22 AM

тАО11-20-2004 06:22 AM

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

thanks for the answers !

the problem is we have cisco vpn between
HQ 2 redundant PIX firewalls 2 x 1Gb/s
and ca. 22 branches (ADSL) 600Mb/s download and 100Mb/s upload.

in each branch work from 2-10 users.

The performance via VPN is quite bad.

we are using CITRIX over VPN but users complain
about the speed.

I don't know if compression is enabled or not,
because I don't have access at the moment.

0 Kudos
Reply
rick jones
Honored Contributor

тАО11-20-2004 09:35 AM

тАО11-20-2004 09:35 AM

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

It may not be an issue of bandwidth so much as latency. Very "request/response" like applications will not deal with WAN latencies very well, and the VPN is likely only to make that higher. Compression will add still more (at least a little to the latency.

Get onto the endpoints of the VPN and see what the link utilization is. Also, check the netstat statistics on the end systems and calculate the retransmission rates over say a five minute interval.
there is no rest for the wicked yet the virtuous have no pillows
Reply
'chris'
Super Advisor

тАО11-20-2004 09:58 AM

тАО11-20-2004 09:58 AM

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

you mean netstat statistics with mrtg, cacti etc. ?

I have cacti already installed and can see the traffic from the branch.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-20-2004 11:17 AM

тАО11-20-2004 11:17 AM

Solution

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

Simple test.

Your vpn connection probably has a little counter to tell how many byes have passed through. If not a counter is being kept somewhere.

Find it.

Then transfer a large file through the vpn taking down numbers from the counter before and after.

The number of bytes transferred on the counter include the file transfer and encryption. Subtract the size of the file and you'll get figures you can use to calculate how much is being used for encryption.

I did this with a Micrsoft 2003 Server VPN and the figures were staggering. More than half the bandwidth on a T1 was being burned on ecnryption.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
'chris'
Super Advisor

тАО11-20-2004 11:41 AM

тАО11-20-2004 11:41 AM

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

thanks !

I'll try.

I have other question:

Do I get better performance to use some remote applications (citrix etc.)
over VPN Tunnel using the VPN Compression ?

greetings
chris
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-20-2004 12:34 PM

тАО11-20-2004 12:34 PM

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

You can get substantially better performance from Citrix or using Microsoft's Remote Desktop Connection.

This runs most of the hard work and caculations on the remote machine. Memory and resources on that machine become an issue.

There is some encyption loss with these products but because the amount of data being pushed is substantially less, the impact is limited.

Citrix and Remote Desktop Connection essentially push only the screens through the connection, not the data. For data intensive applictions there is a benefit provided that sufficient processor and memory resources exist on the host.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Gerhard Roets
Esteemed Contributor

тАО11-20-2004 04:21 PM

тАО11-20-2004 04:21 PM

Re: how many % of bandwidth performance will by lost by ipsec VPN tunnel ?

Hi Chris

I have not worked with Citrix for a while ... but if I remember correctly citrix does compress the data by default. SO if citrix is going to be your primary data on these WAN links and it is compressed ... the vpn compression prolly will just add overhead.

Regards
Gerhard
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.