Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Best pre-built for IPSEC tunnel speed?

    Hardware
    4
    7
    1167
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bobkoure last edited by

      I've been looking at the Netgate SG-2440 (atom C2358) as well as the Qotom Q33G4 (i3 4005U) and the Qotom Q355G4 (i5 5250u)
      All 3 processors have the AES instructions.

      I'm looking to keep IPSEC tunnels up between 2 offices (backups from main office copied to branch and vice versa). Each office has 2 ISPs, min speed of any 25 Gb/s. I'd like to get max utilization. We probably won't upgrade any of these beyond 50 Gb/s through the life of this gear.

      First off, does AES-NI being present even matter for IPSEC-AES using PFSense at both ends?

      I looked for AES benchmarks for the atom C2358, found none.
      i3-4005u 2,180,000 MB/s (noted 'single-core')
      i5 5250u 3,470,000 MB/s (also noted 'single-core')
      benchmarks at cpuboss - guess I can't post links yet…

      I've been running GRE tunnels over IPSEC tunnels with fail-over, but have been looking at GRE over IPSEC transport; not even sure I can do this on PFSense.

      Any suggestions, hardware or software?
      Thanks!
      [edit]
      forgot to mention: I'm looking at 4-lan boxes (wan1, wan2, lan, dmz)
      [/edit]

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        Hmm, your numbers look a little suspect. You really have 25 Gigabit per second WAN connections at branch offices? Seems very unlikely. Do you mean 25Mbps?

        Those benchmark values look odd too. What are they actually testing there? 2,180,000 MB/s = ~16Tbps… Ludicrous speed!  ;)

        AES-NI does matter for maximum IPSec throughput in pfSense.

        Steve

        1 Reply Last reply Reply Quote 0
        • B
          bobkoure last edited by

          Whoops - yeah, sorry, those are Mb/s not Gb/s.

          I cut/pasted the bench numbers from cpuboss directly. Dunno exactly how they got them. There was a "thanks to PrimateLabs" notation - but that's a company that provides benchmarking software. It was pretty definitely MB/s not Mb/s.

          1 Reply Last reply Reply Quote 0
          • S
            s_mason16 last edited by

            Hey bobkoure, unrelated to your post, but to help you show your sources in the future, you can post links by using the html code to insert them. there is a button in the editing tools that will do it for you, it's called "insert hyperlink" and looks like a page in front of the world. then just paste your webaddress between the newly made url boxes.

            hope this helps

            1 Reply Last reply Reply Quote 0
            • ivor
              ivor last edited by

              @bobkoure:

              I've been looking at the Netgate SG-2440

              I looked for AES benchmarks for the atom C2358, found none.

              SG-2440 can do up to 325 Mbps over IPsec, AES128-GCM IKEv2

              1 Reply Last reply Reply Quote 0
              • B
                bobkoure last edited by

                That's exactly the information I was looking for. We'll probably go with a couple of these, just didn't want to get gear that couldn't do what we needed (embarrassing! - nearly as bad as confusing Mb/s and Gb/s, but with more consequences).

                1 Reply Last reply Reply Quote 0
                • ivor
                  ivor last edited by

                  @bobkoure:

                  That's exactly the information I was looking for. We'll probably go with a couple of these, just didn't want to get gear that couldn't do what we needed (embarrassing! - nearly as bad as confusing Mb/s and Gb/s, but with more consequences).

                  Glad I could help :)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy