I have a site with 150/20 service from comcast business. When setup initially, IPSEC throughput over this link was ~120/~15. Performance loss for IPSEC was minimal, and acceptable. Recently, this slowed to ~3-5Mbps over IPSEC. Turn off IPSEC and NAT out the gateway resulted in full 150/20. Then came time for experiments. Multiple time, switching between IPSEC, OpenVPN, and just plain NAT, the results are ESP/IPSEC is 3-5Mbps, OpenVPN over UDP1194 is 130-145Mbps, and plain NAT is 140-150Mbps.
Has anyone else found Comcast throttling ESP/IPSEC traffic? I mean, this is comcast business, we pay specifically for unmolested traffic.
edit: The other side of this link has 1G/1G service in a DC, and other IPSEC connections that remain fast.
No comments:
Post a Comment