AnsweredAssumed Answered

max performance / throughput of  site2site-VPN

Question asked by Wolfgang Becher on Feb 13, 2019
Latest reply on Feb 16, 2019 by Heiko Ankenbrand

Dear Checkmates,

I had a question regarding the throughput of one VPN site2site-tunnel.
We did some research with different appliances but did not get more then 900Mb/s for a single connection.

 

We tested 5600, 5800, 13800 and 15400, all with the same result.
SecureXL is on, all VPN trafic is fully accelerated.
Incoming and outgoing interface are on different SNDs.
We do not see more then 50% CPU utilization on both cores for the SNDs, looks like there are some credits before hitting 100%CPU.
Hardware encryption via AES-NI is on and we use the best IPSEC-parameter following sk73980.

 

The datasheet for an 5600 appliance shows 6,5GBbs and following sk73980 there should be 429% refer the datasheet possible.
I know this is a marketing value and only relevant if using multiple connections. But I hope there can be more possible.

Has anyone seen more then 1Gb/s throughput on a single VPN-tunnel and a single connection beetween devices behind two CheckPoint devices?

 

Any ideas are welcome.

 

regards
Wolfgang

Outcomes