Create a Post
HighBandwidth
Explorer

Multiple tunnels to Azure to increase throughput

We have a requirement for on prem hosts to pump out >3Gbps of traffic to a private endpoint in Azure via an IPSEC VPN, R81.10 on prem to a Virtual Network Gateway in Azure.  The max throughput per connection on a virtual network gateway is 1.25Gbps so I need to know the best way to split this traffic in to multiple tunnels if anyone has done this?

Internal traffic will be coming from 4 x different subnets so I can use that as the internal encryption domain and create 4 x connections, but not sure if this will work?  Would I need to use 4 x different public IP addresses on the Checkpoint side so that the Azure gateway thinks it is 4 x separate sites or do I need 4 x vpn gateways in azure?

 

Anybody done this kind of thing before?

 

 

0 Kudos
3 Replies
_Val_
Admin
Admin

Moved to Cloud section.

 

Now, where is your bottleneck, do you know? I would assume it is on the cloud side, so having four cloud GWs is probably the best approach.

0 Kudos
HighBandwidth
Explorer

The limitation is at the cloud side yes, you can get a VPN gateway that will support up to 5Gbps but that is an aggregate, you can only have up to 1Gbps per tunnel.  So we either need multiple tunnels on a suitable gateway or multiple gateways.

0 Kudos
Shay_Levin
Admin
Admin

On a physical gateway, we use spi distribution mechanism which allows us to run each tunnel (source/destination) on a different core.

On Azure, we can't activate this feature so all the tunnels will process on the same core which will limit the throughput.

Besides that, you should take into consideration the throughput limitation on cloud deployment, would be a combination of latency, jitter, Internet traffic conditions, and your application behavior.

For your throughput requirement, I would consider Azure ExpressRoute instead of VPN.

0 Kudos