Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC - Will creating more phase two tunnels slow down the VPN

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 756 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      daboomer
      last edited by

      I am in the process of further segmenting my networks for security purposes. This increases the amount of child sa's I will need on my site to site vpn. Will increasing the number of phase 2 tunnels slow down my site to site vpn?

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @daboomer
        last edited by

        @daboomer If they're constantly transmitting data they will increase the load on the system.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        D 1 Reply Last reply Reply Quote 1
        • D
          daboomer @rcoleman-netgate
          last edited by

          @rcoleman-netgate no it will be exactly the same amount of data, just moving some of the machines to a different subnet that will still need to cross the vpn to the same machines they connect to now, only they to will be moved in to a subnet by themselves. Same amount of data just extra tunnels!

          R 1 Reply Last reply Reply Quote 0
          • R
            rcoleman-netgate Netgate @daboomer
            last edited by

            @daboomer without knowing how much data, the type of CPU, internet connection, other side CPU, internet connection, consistency of data, etc...

            The only thing we can say is it will increase CPU load.

            I consistently push 25Mbps to a datacenter over fiber about 6 miles away... but adding more P2s doesn't change my throughput at all on my 5100 on 1GbE

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.