XG-7100 AES-NI + IPsec performance

  • I deployed an XG-7100 today and am having quite a bit of trouble exceeding 50Mbps in either direction over IPsec.

    I have 1 VM running pfSense in Azure @ 100Mbps, 1 at home @ 300Mbps, XG-7100 here at office @ 300Mbps.

    While I can saturate 100Mbps both ways on the Azure VM <-IPsec-> Home pfSense

    I cannot get over 50Mbps on Azure VM <-IPsec-> XG-7100.
    I cannot get over 50Mbps on Home <- IPsec -> XG-7100.

    I have confirmed that without IPsec I can hit 100Mbps easily.

    Currently I have the following configuration for all IPsec links:

    P1 and P2
    AES128-GCM 128Bit

    AES-NI enabled in System Settings

    Am I missing something crucial here for trying to get ~100Mbps IPsec?

Log in to reply