How can a VPN link's speed be checked?
I have an ipsec vpn setup between 2 Cisco 1800 routers on reasonably fast broadband links. One has 15/100 mb speed,the other has 15/50 mb speed. Between them, everything works well but Outlook communicates rather slowly with the exchange server across the link. The server does not seem to be the issue.
I want to know what is the best way to ascertain the effective network speed across These links, preferably from a workstation to the exchange server but a general sense of speed would do as well.
Netflow gives an decent grade of health, showing that utilization is not high and that 2-5 mb seems to pass regularly.
What can I use to verify clearly, and what switches should I use and how are the results interpreted? I did iperf using defaults and it showed what I think translated to about 1mb but it was in bps and I think the defaults only send at 1mb. What does everyone else use?
I've been told that a gre tunnel would be faster and have less overhead as well, thoughts?
I want to know what is the best way to ascertain the effective network speed across These links, preferably from a workstation to the exchange server but a general sense of speed would do as well.
Netflow gives an decent grade of health, showing that utilization is not high and that 2-5 mb seems to pass regularly.
What can I use to verify clearly, and what switches should I use and how are the results interpreted? I did iperf using defaults and it showed what I think translated to about 1mb but it was in bps and I think the defaults only send at 1mb. What does everyone else use?
I've been told that a gre tunnel would be faster and have less overhead as well, thoughts?
ASKER
What switches do you use, or do you just set generic server on one side, client on the other?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
GRE would be definitely faster because of lesser overhead. You will see some performance improvement. If you make just a GRE tunnel it will be of not much security as compared to IPsec.....
Remember GRE is encapsulation method and IPsec is full encryption. Hence GRE has lesser overhead but lesser security.
Remember GRE is encapsulation method and IPsec is full encryption. Hence GRE has lesser overhead but lesser security.
ASKER
Re:gre, how much less security? Like mitm possible or... Captured traffic could be decrypted with a hijacked bitcoin miner if you had 1 year to do it? Just wondering how much to mitigate the risk vs the performance.
@aleghart: EXACTLY what I was looking for, THANK YOU!
@aleghart: EXACTLY what I was looking for, THANK YOU!
GRE is without encryption. If you grab the packets, you reassemble and have the data.
It's useful for non-confidential information, where bandwidth cannot be increased. Think radio link or transmitting sensor data, where getting 10% boost is more important than keeping temperature data secret.
It's useful for non-confidential information, where bandwidth cannot be increased. Think radio link or transmitting sensor data, where getting 10% boost is more important than keeping temperature data secret.
http://iperf.fr/