This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED Performance over WAN / IPSec performance over WAN

I did some performance tests with a RED 15W device between US (West Coast) and Germany. The latency was 180ms. The Internet connection in Germany is 250 MBit/s symmetric and the line in the US is 100 MBit/s symmetric (AT &T). The sophos RED15W was connected to a SG135 in the US. In germany it uses the same line as the IPSec connection between the two sites. We have a Fortigate 100D in Germany.

For the tests I used iperf3. There seems to be a limit on the connection up/down of 10 MBit/s on the RED15w. I tested with number off connections between 1-20 (-P x) and Windows Sizes between default an 5 MByte (-w 5M) in both directions (-R).

I did a similar test with an IPSec connection which reached nearly 80 MBit/s in direction Germany -> US and 50 MBit/s in the other direction (setting -P 20 -w 5M). The latency of the IPSec connection was 165ms.

Three Questions:

1) Is the any limitation on the RED 15w that limits the connection speed to approx. 10 MBit/s? I did not find anything in the Spec and Confiig screens.

2) In the case of a single connection the usable bandwith seems to be only 3 MBit/s (IPSec between the fortigate 100D (Germany) and SG135 (US)) and 2,7 MBit/s (RED layer 2 tunnel to the SG135 in the US) in both directions. In order to increase the throughput I needed to make more parallel connections and/or increase the default window size. I also noticed very bad performance when transferring files from the fileserver from Germany to US or vice versa (which was the cause for my investigations). Is this a technical limitation (e.g. based on latency,bandwidth, the hardware, ...)? Can it be tuned?

 

Cheers
Bernd



This thread was automatically locked due to age.
Parents
  • Hallo Bernd,

    What, if anything, do you learn if you do #1 in Rulz?  Have you made appropriate Exceptions for Intrusion Prevention (Snort)?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Bernd,

    What, if anything, do you learn if you do #1 in Rulz?  Have you made appropriate Exceptions for Intrusion Prevention (Snort)?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data