Hi all,
Our HQ site is connected to our ISP via 6mb (four T1s) and our remote site
is also connected via 6mb to their ISP.
We established IPSEC tunnel between the two sites and we are not really
getting that much bandwidth between IPSEC tunnel.
I know that there are a lot of hops in between those two sites that could
cause the throttling of the bandwidth.
Is there a way to test the IPSEC throughput or to actually find out where
the bottlenecks are?
Thanks,
Al

In article <7935c.38357$iz2.11814@newssvr25.news.prodigy.com>,
allen@somplace.com says...
> Hi all,
> Our HQ site is connected to our ISP via 6mb (four T1s) and our remote site
> is also connected via 6mb to their ISP.
> We established IPSEC tunnel between the two sites and we are not really
> getting that much bandwidth between IPSEC tunnel.
> I know that there are a lot of hops in between those two sites that could
> cause the throttling of the bandwidth.
> Is there a way to test the IPSEC throughput or to actually find out where
> the bottlenecks are?

What model of routers are involved? Do you have hardware acceleration
cards? IPSec takes a lot of horsepower to run and for 6Mbps, you'll
need HW cards.

Also, how are you doing the IPSec? via GRE tunnel?
--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
********************************************************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************

On Sun, 14 Mar 2004 20:21:23 GMT, "al" <allen@somplace.com> wrote:

>Hi all,
>Our HQ site is connected to our ISP via 6mb (four T1s) and our remote site
>is also connected via 6mb to their ISP.
>We established IPSEC tunnel between the two sites and we are not really
>getting that much bandwidth between IPSEC tunnel.
>I know that there are a lot of hops in between those two sites that could
>cause the throttling of the bandwidth.
>Is there a way to test the IPSEC throughput or to actually find out where
>the bottlenecks are?

6Mbits is VPN Module territory, as Hansang mentioned. But IPSec
throughput can be tested just like standard throughput can be tested:
by using a bandwidth testing application such as TTCP between the two
sites.

-Terry

"Hansang Bae" <uonr@alp.ee.pbz> wrote in message
news:MPG.1abe990b929b5853989c51@news-server.nyc.rr.com...
> In article <7935c.38357$iz2.11814@newssvr25.news.prodigy.com>,
> allen@somplace.com says...
> > Hi all,
> > Our HQ site is connected to our ISP via 6mb (four T1s) and our remote
site
> > is also connected via 6mb to their ISP.
> > We established IPSEC tunnel between the two sites and we are not really
> > getting that much bandwidth between IPSEC tunnel.
> > I know that there are a lot of hops in between those two sites that
could
> > cause the throttling of the bandwidth.
> > Is there a way to test the IPSEC throughput or to actually find out
where
> > the bottlenecks are?
>
> What model of routers are involved? Do you have hardware acceleration
> cards? IPSec takes a lot of horsepower to run and for 6Mbps, you'll
> need HW cards.
>
> Also, how are you doing the IPSec? via GRE tunnel?
> --
>
> hsb
>
> "Somehow I imagined this experience would be more rewarding" Calvin
> *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
> ********************************************************************
> Due to the volume of email that I receive, I may not not be able to
> reply to emails sent to my account. Please post a followup instead.
> ********************************************************************

IPSec through PIX Firewalls
routers are 2600s with IMA

"al" <allen@somplace.com> wrote in message news:DOb5c.38643
> IPSec through PIX Firewalls
> routers are 2600s with IMA
>
Cisco claims 4Mbps on the PIX 501 and 10Mbps on the 515 and 506. But that's
under ideal conditions.
Just the right packet size.
No other traffic.
This includes all IPSec overhead.
And only one tunnel.

If you went low-end you're out of luck, there's no VPN board for the 501 or
506. If it's 515 or higher you can add the board. OR you can do the VPN on
the routers.


--
Randall Cohen
Sr. Systems Engineer
Alternative Communication Systems, Inc.
Email: rcohen_at_acsvoicedata_dot_com.no-spam

The only thing I guaranty about my free advice is that it's mine and it's
free.

Take the posted throughput specs listed for your cisco device, then
take 20% of it as the actual number.

This isn't a crack on Cisco, but most manufacturers only post ideal
conditions with 1400 byte packets.

If you have an AIM-VPN type of card in a Cisco router that reports,
lets say..... 18Mb encrypted throughput. I'd say reality is closer to
3-4Mb.



On Sun, 14 Mar 2004 20:21:23 GMT, "al" <allen@somplace.com> wrote:

>Hi all,
>Our HQ site is connected to our ISP via 6mb (four T1s) and our remote site
>is also connected via 6mb to their ISP.
>We established IPSEC tunnel between the two sites and we are not really
>getting that much bandwidth between IPSEC tunnel.
>I know that there are a lot of hops in between those two sites that could
>cause the throttling of the bandwidth.
>Is there a way to test the IPSEC throughput or to actually find out where
>the bottlenecks are?
>Thanks,
>Al
>