Looking for a push in the right direction with my VPN.... (fw d)

Stephen Hope shope at ENERGIS-EIS.CO.UK
Thu Aug 3 04:01:05 EDT 2000


I suggest more baseline to isolate the problem.

what performance do you get for just moving the traffic through
the firewall without VPN?

Actual numbers:

Raw transfer = 82 * 8 / 30 = 21 Mbps
VPN = 82 * 8 / 330 = 2 Mbps (a bit more than 28k!)

Performance will depend on overhead.

I think you may be seeing a slow down due to encryption
overhead on the VPN - this number doesnt seem too
unreasonable for standard software based systems.

you can fit an encryption adaptor into some VPN
platforms to off load encryption, but i which do you have?

Stephen

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4190 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Tina Bird [mailto:tbird at PRECISION-GUESSWORK.COM]
> Sent: Tuesday, August 01, 2000 7:16 PM
> To: VPN at SECURITYFOCUS.COM
> Subject: Looking for a push in the right direction with my
> VPN.... (fwd)
>
>
> Hi all -- Any help with Tobin's problem greatly
> appreciated...
>
> ---------- Forwarded message ----------
> Date: Tue, 1 Aug 2000 14:20:45 -0400
> From: Tobin Craig <tcraig at Swales.com>
> To: tbird at precision-guesswork.com
> Subject: Looking for a push in the right direction with my VPN....
>
> Hi Tina,
>
> I'm wrestling with a fledgling VPN configuration on my
> network, and I hope
> you can help.
>
> We are experiencing a performance drop every time we try to
> use our VPN.  To
> illustrate this, we moved an 82 MB file directly over our
> LAN, taking 30
> seconds.  By connecting to our VPN server, again over the
> LAN, and moving
> the same file, the process took 5 minutes 30 seconds.  Dialing into an
> independent ISP and then establishing the VPN connection took
> even longer.
>
> Our VPN server is running NT, SP6, and Microsoft PPTP
> protocol.  We are
> connecting to it via a Pentium 450 Laptop running NT, SP 6,
> using RAS.  We
> have checked the processor loads on both machines, neither
> one is breaking a
> sweat during the copy process.
>
> Our VPN server is on its own node on our Checkpoint firewall.
>  All traffic
> destined for it passes through the firewall, is sent to the
> VPN server, is
> passed back through the firewall, and then is sent to its
> destination again.
> We have determined that the firewall is not posing a problem,
> since the
> performance degradation is consistent if the traffic is generated from
> within or from outside the firewall.
>
> Do you have any suggestions about what I can do to improve
> the performance
> of this arrangement?  It is currently giving us the same level of
> performance as our 28.8 modems!
>
> Thanks for any help or advice you might have,
>
> Tobin Craig
>
> Network Security Administrator
> Swales Aerospace
> Beltsville, MD
> 20705
>
> http://www.swales.com
>

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list