Performance Degradation for VPN 3005 Concentrator

aonibala · ‎12-03-2002

I am getting 60% slower file transfer performance with 3005 compare to 15% with 3030 in peer-to-peer environment.

Any advise to optimize 3005 is appreciated.

thanks,

Audie

jfrahim · ‎12-03-2002

Hi Audie,

3030 has an encryption module (SEP) and hence has more encryption throughput.

Do you know how much data you are encrypting/decrypting in the concentrator

Are you terminating other tunnels like PPTP, Client IPSEC etc.

Thanks

aonibala · ‎12-04-2002

Hi JFrahim,

I am running using IPSec only. The test was based on two peer-to-peer clients in Aironet 1200/350 WLAN.

In WLAN-to-WLAN file transfer between two IPSec clients, the performance hit was 60% comparing without VPN. in WLAN-to-wired LAN, the performace hit was 47% since there was half RF transfer in this setup.

Thanks,

Audie

ddelchev · ‎12-05-2002

How many IPSec sessions you have? What is the used bandwith? VPN3005 does not have crypto accelerate card as VPN3030. You can improve the performance in many ways. You can modify the IPSec authentication algorythm to be more simple for the CPU (like to change from SHA (preffered) to MD5) and many other. Changing the SHA1 to MD5 will decrease the CPU usage in 10% if it is overloaded with crypting and hashing. More for SHA1 you can find at http://www.secure-hash-algorithm-md5-sha-1.co.uk

There are also few other things you can do. Chech if yoh have LZS compression turned on at VPN configuration. If so, you can turn it off.

Also there are performance problems because of bugs. If the statistics of your VPN clients says that there are many dropped packets, you should upgrade both VPN client and VPN concentrator ASAP.