Re: VPN Overhead WoW !!! from Tom Kacprzynski on 2012-08-31 (Ccielab archives 08/2012)

From: Tom Kacprzynski <tom.kac_at_gmail.com>
Date: Fri, 31 Aug 2012 21:27:40 -0500

Speedtest is not a good way to measure throughput. Use iperf to fillup the
path. What's the round trip latency? If it is hight might have to increase
the window size on iperf to fill it up.

Tom

On Friday, August 31, 2012, David Prall wrote:

> Find an IPSec overhead calculator and determine what the issue is. As well
> if your PC is configured for a 1500 Byte MTU, and it isn't doing PMTUD,
> then
> your router could be having to fragment the packets. If they fragment
> before
> IPSec then you are sending 2 IPSec packets for every packet you send
> doubling the overhead. If you are fragmenting after the encryption, then
> the
> router on the other end has to do reassembly which is 100% process switched
> on a Cisco Router and is going to cause major issues. Simple test is to
> confirm your MTU, if it is larger than 1400, set it to 1400. Now test
> again.
>
>
> A 64-byte IP Packet is 20 Bytes of Overhead and very little data depending
> on the protocol used. Now add IPSec on top of that. AES-256 is going to
> double the size of the packet. This is why all the speed tests use 1400
> Byte
> packets.
>
> David
>
> --
> http://dcp.dcptech.com
>
> -----Original Message-----
> From: nobody_at_groupstudy.com <javascript:;> [mailto:nobody_at_groupstudy.com<javascript:;>]
> On Behalf Of
> Cisco Fanatic
> Sent: Friday, August 31, 2012 9:01 PM
> To: ccielab_at_groupstudy.com <javascript:;>
> Subject: VPN Overhead WoW !!!
>
> I have this 10 MB Internet connection and doing site-to-site VPN only
> getting
> 5 MB checking through speedtest.
> I am not sure how but i am told my by ISP that it is due to VPN overhead ..
> :(- how true not able to prove.
> -Yuri
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Aug 31 2012 - 21:27:40 ART

This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART