Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8776
Views
5
Helpful
4
Replies

SSL-VPN Bandwidth calculation for WAN link

manmp
Cisco Employee
Cisco Employee

‎05-28-2010 01:14 AM

I am trying to find out the bandwidth of the WAN link required at a datacenter WAN gateway where PCs at 60 remote sites establish SSL-VPN tunnel to this gateway. Each user will have 512kbps bandwidth to the internet.

Assuming, all the 60 sites will be accessing datacenter at once, if ‘x’ bandwidth is reserved at the WAN gateway (including all sites considering application requirement), what is the extra bandwidth to be provisioned to deploy SSL-VPN?

Any leads is much appreciated..

Thanks in advance,

Manjunath

Labels:
0 Helpful
4 Replies 4

Calin C.
Level 5
Level 5

‎06-02-2010 03:53 AM

I see it like this 60 client x 512kbps / client is aprox 30Mbits. If you are using Qos to guarantee 512kbps / client, you might think to include in this 512kbps also the extra overhead generated by the VPN encapsulation.

Did this answer your question, or I understood it wrong?

Calin

0 Helpful

manmp
Cisco Employee
Cisco Employee
In response to Calin C.

‎06-02-2010 03:59 AM

Thanks for the Reply Calin.

Actually, the application we will be running is a video+data application out of which, 384kbps is video and 64kbps is data. So i did some calculations and got around 64kbps SSL VPN overhead for that traffic. And hence assumed 512kbps/ client is sufficient. At the hub end, thought of giving some buffer along with 60 * 512kbps.

I read somewhere that, SSL VPN header size is around 25bytes/packet. So with some assumptions came to 64kbps overhead for SSLVPN. Any ideas on that?

0 Helpful

Calin C.
Level 5
Level 5
In response to manmp

‎06-02-2010 04:24 AM

From what I've read the overhead of IPSec on a packet is between 50  and 57 octets (including the new IP header, the ESP header and the  trailers), representing a 10% increase on an average packet (500 byte).  In contrast to this, SSL VPNs add only 5 octets of data to each packet,  just a 1% increase on the average packet. Of course, setup operations  cannot be ignored totally, but these are roughly similar in size for  IPSec and SSL connections. Also, because SSL VPNs work at a much higher  layer, they suffer much less from the packet fragmentation issues  normally associated with IPSec VPNs. Finally, SSL has built in  compression mechanisms (with AIM-VPN modules).

Overall, I think that if you have 512kbps / user you're on the safe side. This is my opinion.

Calin

------------------------------------------------

If this advice is useful please rate!

manmp
Cisco Employee
Cisco Employee
In response to Calin C.

‎06-02-2010 10:17 AM

Thanks Calin, it was very useful...

Cheers,
Manju

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents