How can a VPN link's speed be checked?

I have an ipsec vpn setup between 2 Cisco 1800 routers on reasonably fast broadband links. One has 15/100 mb speed,the other has 15/50 mb speed. Between them, everything works well but Outlook communicates rather slowly with the exchange server across the link. The server does not seem to be the issue.

I want to know what is the best way to ascertain the effective network speed across These links, preferably from a workstation to the exchange server but a general sense of speed would do as well.

Netflow gives an decent grade of health, showing that utilization is not high and that 2-5 mb seems to pass regularly.

What can I use to verify clearly, and what switches should I use and how are the results interpreted? I did iperf using defaults and it showed what I think translated to about 1mb but it was in bps and I think the defaults only send at 1mb. What does everyone else use?

I've been told that a gre tunnel would be faster and have less overhead as well, thoughts?
LVL 5
jkeegan123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DMTechGrooupCommented:
You could use something like iPerf.. run one side as a server and the other as a client and do TCP and UDP testing.

http://iperf.fr/
0
jkeegan123Author Commented:
What switches do you use, or do you just set generic server on one side, client on the other?
0
aleghartCommented:
I use iperf.  Set the server up at the HQ or faster end.  Leave it running as a service 24/7.  Set up logging.  Save a new log file every day.   That way anyone can test to it, and you can retrieve the results later.

On a 30/30 remote connection to a 1gig HQ, I can get 18-20 regularly, or even 25-26 when nothing else is using bandwidth at the remote location.  That's with a site-to-site on a wired connection.

VPN software client on a wireless connection might be slower...but it's nice to measure and document it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

surbabu140977Commented:
GRE would be definitely faster because of lesser overhead. You will see some performance improvement. If you make just a GRE tunnel it will be of not much security as compared to IPsec.....

Remember GRE is encapsulation method and IPsec is full encryption. Hence GRE has lesser overhead but lesser security.
0
jkeegan123Author Commented:
Re:gre, how much less security? Like mitm possible or... Captured traffic could be decrypted with a hijacked bitcoin miner if you had 1 year to do it?  Just wondering how much to mitigate the risk vs the performance.

@aleghart: EXACTLY what I was looking for, THANK YOU!
0
aleghartCommented:
GRE is without encryption.  If you grab the packets, you reassemble and have the data.

It's useful for non-confidential information, where bandwidth cannot be increased.  Think radio link or transmitting sensor data, where getting 10% boost is more important than keeping temperature data secret.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.