I've been talking with a co-worker about a IPsec tunnel performance issue we've been seeing. VPN on x86 hardware appears to be limited to about 1Gbps of performance regardless of the network available. This looks to be due to the fact that IPsec has to be processed by a single CPU thread and is limited by that even though we have many more cores available. Now hes saying this is an inherent limit of IPsec VPNs and any system would have that type of limit. I was thinking hardware firewalls would use their IPsec ASICs to overcome that issue but while looking into it I found that Fortinet at least is still pinning multiple IPsec processes to different CPUs. So I don't know if their advertised 40+gbps of IPsec bandwidth would be possible on a single stream or if thats an aggregate max for all tunnels on a device.
What is the maximum throughput you have seen on VPNs and on what hardware?
No comments:
Post a Comment