First of all I have to say that I think the RED tunnel is really good, but unfortunately the performance is not the best. Wouldn't it be better to use faster protocols like IPSec or WireGuard?
First of all I have to say that I think the RED tunnel is really good, but unfortunately the performance is not the best. Wouldn't it be better to use faster protocols like IPSec or WireGuard?
Hello SteppenWolf,
RED is a proprietary closed source L2 tunneling method that Sophos keeps to a high standard, moving to an alternative would be a step back, personally.
Frankly, the Sophos RED is dime for dime better than IPSEC in all ways except for standing start connection speeds. I have done migrations from IPSEC to RED and we generally saw an increase in performance in the 10s of percent better.
Where are you seeing performance problems, on RED box to XG or XG to XG RED?
Emile
We use XG-to-XG RED connections and in relation to IPSec we have found that the RED tunnel reaches only about a fifth of the performance of IPSec. In my opinion, IPSec is more efficient here.
With best regards,
Steppenwolf
IPSEC is definitely more efficient, on a site to site RED you can have around 4-8 tunnels of IPSEC versus 1 tunnel of RED due to CPU requirements.
However, if you are having less than a tenth of the performance, something else must be going on there. I'd be interested in seeing a comparative performance metric when you switch between the two.
Emile
IPSEC is definitely more efficient, on a site to site RED you can have around 4-8 tunnels of IPSEC versus 1 tunnel of RED due to CPU requirements.
However, if you are having less than a tenth of the performance, something else must be going on there. I'd be interested in seeing a comparative performance metric when you switch between the two.
Emile
I'll test this again here and give you more accurate data.
With best regards,
Steppenwolf
Much appreciated, looking forward to it. There may be an issue that needs investigating.
Emile
Can someone tell me the current encryption parameters of RED? Would like to compare as plausibly as possible.
With best regards,
Steppenwolf