Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Soekris net6501 IPSec Tunnel Performance

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 904 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      interush
      last edited by

      We recently brought up a soekris net6501 (1.6GHz Atom) tunneled into a VM, both sides running pfSense 2.1.5. I noticed I was unable to saturate the 100Mbps link to our office, even when I bumped the encryption algorithm down to blowfish 128bit (though bumping it down to this also gained throughput). The tunnel end-point in our data center is a VM, but does not suffer from any noticeable load during this time, unlike the soekris. During this time, I notice 60-70% interrupt so I decided to enable device polling. With device polling I was able to get much closer to link speed (continually comparing speeds over the WAN interface) near 80Mbps, but without device polling, I notice speeds in the neighborhood of 50Mbps, even though there are still CPU cycles available. My question is two-fold, as I understand device polling is not recommended, my first question is as it's clearly giving me an advantage in terms of throughput, in this case is it warranted? Second question is, should it be a requirement to have a VPN accelerator on these devices? I had anticipated these devices would be able to handle 100Mbps each over IPSec, based on the 1.6GHz Atom core and what I read at https://www.pfsense.org/hardware/ but it would seem that might have been a stretch?

      Thanks,
      -Matt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.