Site-to-Site IPSec VPN's - Cisco 2911 vs. Linksys RV082
I carried out some performance tests between a Cisco 2911 router and a Linksys RV082. Specifically I tested the throughput of both devices in a Site-to-Site VPN context. What follows are the details of how I designed the tests. See the attached diagram for a visual representation. At site A I placed both the 2911 and the RV082 routers. Both devices routed their WAN traffic through the same Internet link (ISP A in the diagram). I also placed File Server A.
At Site B I placed another 2911 which was connected to the public Internet through its own leased line (ISP B). There was also File Server B. During the tests, all devices at both sites were not subjected to any other load than the load imposed by the tests. Likewise, links A and B were not subjected to any traffic except the traffic from the tests. The 2911's at both sites were running the same IOS version [15.1(4)M3].
So, I configured two IPSec Site-to-Site VPN's like so: i) Between the 2911 at site A and the 2911 at site B. ii) Between the RV082 at site A and the 2911 at site B.
The configuration of the 2911's consisted of the bare minimum for the VPN's to exist. The same goes to the RV082. There were no ACL's on the 2911's except those needed to underpin the VPN's. The IPSec parameters (Phases 1 and 2) were the same for both VPN's for the tests to be comparable.
Then I scheduled a script on File Server A to run automatically late at night and copy several binary files of different sizes (small/medium/large) from File Server A to B and then from File Server B to A, sequentially, in an alternating manner (never simultaneously). Half the copies were routed through the VPN on the 2911 at Site A whereas the other half were routed through the VPN on the RV082 at the same site A. At site B everything (switches, routers, file server and ISP link) remained invariant. The script ran four times on four different days, taking over 7 hours to complete each run. All times were measured and compared.
Frankly, I expected the 2911 at site A to outperform the RV082. But what I got was totally the opposite: The file transfers from File Server A to B and from File Server B to A were in average 12% faster when done through the VPN on the Linksys RV082 at site A than when done through the VPN on the Cisco 2911 at the same site A. The readings were consistent along four days of tests.
Question: Considering all hardware (except the 2911 and RV082 at Site A), software and internet pipes remained unchanged throughout the performance tests, how could the numbers have favored the low-end Linksys router? My guess is that the stability, reliability and resilience of Cisco's IOS in general and the encryption underpinnings in particular come at a price: more checks translates to less throughput. Maybe the IPSec implementation of the RV082 is less conservative and thus faster? Comments appreciated.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...