VPN Throughput - CVG VA BR200-WP

  • 1
  • Question
  • Updated 1 year ago
Hi all,

we are using the BR200-WP and BR100 to connect our sales representatives and branch offices with our internal services.
The HQ is connected to our ISP with 155Mbps up/down. The branch offices are connected with approx. 7.5Mbps up/100Mbps down. The latency of those connections towards the HQ is about 20-40ms.

In the meantime there are a bunch of users that complain about the throughput of their VPN connection (e.g. file services etc.). Therefore, I've made a few iPerf measurements on those systems.

iPerf Host (Upload) -> iPerf Server (Download) | approx. Throughput

CVG VA (DMZ_LAN - 1Gbps) -> internal Host HQ (LAN - 1Gbps) | approx. 750Mbps
CVG VA (DMZ_WAN - 155Mbps) -> BR200WP (WAN - 100Mbps down) | approx. 14Mbps Internal Host HQ -> BR200WP | approx. 8Mbps
I'm confused about these measurements because the technical datasheet of the BR200-WP indicates 100Mbps VPN traffic. Our WAN bandwidth isn't occupied and those connections are no high latency links.

I know that the VPN encapsulation and TCP session is degrading the throughput. But this are only about 10% of the possible bandwidth.

 Am I missing something? What is your experience about the remote connection through the CVG VA? Is there any space for optimization or misconfigurations to look for?

Thanks in advance,
Photo of Kai Helli

Kai Helli

  • 4 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 345 Posts
  • 115 Reply Likes
My own experience with IPsec throughput for different products is roughly this:

- BR100: around 8 Mbps
- AP170: around 12 Mbps
- AP330: around 40-50 Mbps

There is a statement that AP330 and BR200 should be similar:

My colleague says that for his BR200 the bottleneck is his Internet connection, which is 50Mbps, so the real experienced throughput might be higher.

If the datasheet says 100Mbps, you should expect something between 60 and 70 in your measurements.

See also this thread: