Multiple tunnels to Azure to increase throughput
We have a requirement for on prem hosts to pump out >3Gbps of traffic to a private endpoint in Azure via an IPSEC VPN, R81.10 on prem to a Virtual Network Gateway in Azure. The max throughput per connection on a virtual network gateway is 1.25Gbps so I need to know the best way to split this traffic in to multiple tunnels if anyone has done this?
Internal traffic will be coming from 4 x different subnets so I can use that as the internal encryption domain and create 4 x connections, but not sure if this will work? Would I need to use 4 x different public IP addresses on the Checkpoint side so that the Azure gateway thinks it is 4 x separate sites or do I need 4 x vpn gateways in azure?
Anybody done this kind of thing before?
The limitation is at the cloud side yes, you can get a VPN gateway that will support up to 5Gbps but that is an aggregate, you can only have up to 1Gbps per tunnel. So we either need multiple tunnels on a suitable gateway or multiple gateways.
On a physical gateway, we use spi distribution mechanism which allows us to run each tunnel (source/destination) on a different core.
On Azure, we can't activate this feature so all the tunnels will process on the same core which will limit the throughput.
Besides that, you should take into consideration the throughput limitation on cloud deployment, would be a combination of latency, jitter, Internet traffic conditions, and your application behavior.
For your throughput requirement, I would consider Azure ExpressRoute instead of VPN.