VPN Bandwidth Requirements

Ryan Russell ryan at SECURITYFOCUS.COM
Tue Mar 6 18:34:00 EST 2001


On Tue, 6 Mar 2001, Geoffrey Dacosta wrote:

> I'm a Strategy Consultant performing some work in the telecommunications
> industry (read: I am not a telecom *expert*).  I am currently working with
> an equipment manufacturer, and as part of my work I am trying to determine a
> typical bandwidth requirement of a VPN.  I have had difficulty in finding
> the answer to this, possibly because it might be like asking "what's the
> average cost of a car?"

Actually, it's more like asking how much money employees spend doing their
jobs.  Answer: as much as possible.

>But, if anybody has any, even a vague sense,
> regarding this, I am hoping you can help me.  If you can, you could you
> email me at geoff.dacosta at excite.com.  Any help is greatly appreciated.

I have a vague sense.

I don't know exactly which question you're asking, though. Is it "how much
bandwidth is needed at the home-office end of a VPN to support the
end-users?" implying that you're talking about roaming remote-access
users?  Or do you mean something more like what is an adequte amount of
bandwidth between two company offices to support applications x, y, and z?
Or is it how much is needed the the users' homes to use x,y and z over a
personal VPN connection?

For the head-end question, it's obviously number of simultaneous users
times the average bandwidth utilization of each.  Each end-user will use
as much bandwidth as the pipes will allow, unless the protocols limit
that, or something is CPU bound and can't crypt fast enough.  For example,
at a previous job, I had about 2000 roaming users capable of using the
VPN.  I had usually about 100 simultaneous users.  About 20-30% of them
were stuck at modem speed (<56K), while the rest had something faster,
like ISDN, Cable, DSL, or a Customer T1, T3, etc..  I maintained about 2
Mbps to the VPN box at the head end, over a T3.  I have no idea how
typical that is.

Between two offices.... Well, about the slowest I could get away with my
users was a 128K frame link.  There's a little overhead for VPN, but it's
pretty negligable.  My experience was that performance problems came from
the problem of using the Internet, and the fact that paths change at will,
pipes fill, etc... more so than the raw bandwidth number.  Frame providers
typically keep decent watch on their service levels, and you're on one
network the whole time.

As for how much bandwidth is needed at the user end...  Well, modem speed
sucks no matter what.

				Ryan

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list