Question on how much VPN traffic a current N100 cpu can handle
-
Have a box with the latest N100 cpu with (6) 2.5 gig NICs, 8 GB of RAM and am getting an upgrade from 50 meg DSL to 500 meg fiber. Currently using 2.8.1, a WAN, a LAN, a port for VoIP and several VLANs on the 4th port. Also using pfBlocker. Once I have fiber, I want to create a split tunnel on the WAN where VoIP, and perhaps Zoom and Webex go out unencrypted, everything else on the VPN. Not currently using VPN at all.
Given PPPoE overhead on the fixed IP WAN, I would guess about 450 - 470 megs actual thru put. I'm wondering if the N100 will have enough power to run this configuration or whether I'll need to get a more powerful box?
-
When it comes to throughput estimates, there's no such thing as "VPN". Different VPN systems work differently and want different things from a processor.
Specifically,
- OpenVPN runs single-threaded and relies on AES encryption, so the throughput is determined by processor speed and availability of AES-NI support on the processor. With an N100, I would surmise you can get Gigabit OpenVPN. Note, however, that OpenVPN is transitioning to multi-threaded operation, and when that happens, old limitations will no longer stand in the way.
- Wireguard runs multi-threaded and can live without AES-NI support (it uses ChaCha20 by default). So the throughput is determined solely by available processor bandwidth, with an adjustment for possible cooling issues. My personal quick-and-dirty (I repeat, quick-and-dirty) guesstimation (I repeat, guesstimation) rule is, 6 GHz of processor bandwidth per Gbps of throughput, to be adjusted upward if there are cooling issues.
- IPsec, as a first approximation, has computational requirements similar to Wireguard.
