IPSec preformance
-
Hello,
I currently have two Netgate 6100 setup in the lab connected to each other via 2.5gb/s and then running a IPSec VTI tunnel over this connection.
On each end I also have two pc's with 2.5gb/s running Iperf3 for testing.
About the best speed I can get is around 1.01 Gbits/sec though the Netgate spec says it should be around 1.8 Gbits/sec for the 6100
I have tried the recommended settings from this page:
https://docs.netgate.com/pfsense/en/latest/vpn/performance.html#optimal-encryption-settings
And a bunch of lesser secure with QAT | AES-NI enabled/disabled without much change.
Is it realistic to be getting 1.8 Gbits/sec in a lab setup and does anyone have recomendations on which encryption cipher to use to get raw speed though the VPN ?
Thanks
-
IPsec MB option override IQAT and can result in lower performance.
-
@stbellcom said in IPSec preformance:
Hello,
I currently have two Netgate 6100 setup in the lab connected to each other via 2.5gb/s and then running a IPSec VTI tunnel over this connection.
On each end I also have two pc's with 2.5gb/s running Iperf3 for testing.
About the best speed I can get is around 1.01 Gbits/sec though the Netgate spec says it should be around 1.8 Gbits/sec for the 6100
I have tried the recommended settings from this page:
https://docs.netgate.com/pfsense/en/latest/vpn/performance.html#optimal-encryption-settings
And a bunch of lesser secure with QAT | AES-NI enabled/disabled without much change.
Is it realistic to be getting 1.8 Gbits/sec in a lab setup and does anyone have recomendations on which encryption cipher to use to get raw speed though the VPN ?
Thanks
Can you get the 1.8 Gbps with just NAT?
i.e. get rid of the IPSEC tunnel, port forward iperf ports and just santiy check that the bandwidth is good for that?
Would be a good step to test to ensure the path is setup correctly for over gigabit speeds.