Are there site-to-site VPN performance adjustments that can be made on the Edgerouter X?
Hi,
I have two locations joined with a VPN using a Ubiquiti Edgerouter X both running the latest firmware v1.10.9. Both locations have fast Internet running at 180 Mbps / 20 Mbps and I verified it using Speedtest. I used a DOS utility called Netcps to test the speed between site A and site B and the transfer rate was 0.36 Mbps. This is really slow and I'm wondering if there are any adjustments that I can make to the Edgerouter X or if this is normal performance on a site-to-site VPN. I used the Site-to-site VPN tab in the GUI to configure it so I didn't use the CLI. Have you had any experience with this and is there any adjustments that I can make or is this the expected speed from this device? Thanks for your help.
I have two locations joined with a VPN using a Ubiquiti Edgerouter X both running the latest firmware v1.10.9. Both locations have fast Internet running at 180 Mbps / 20 Mbps and I verified it using Speedtest. I used a DOS utility called Netcps to test the speed between site A and site B and the transfer rate was 0.36 Mbps. This is really slow and I'm wondering if there are any adjustments that I can make to the Edgerouter X or if this is normal performance on a site-to-site VPN. I used the Site-to-site VPN tab in the GUI to configure it so I didn't use the CLI. Have you had any experience with this and is there any adjustments that I can make or is this the expected speed from this device? Thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the problem was solved when I changed the MTU to 1492. Is this MTU setting different than the MTU setting you're talking about?
No - same thing. That is what I was suggesting above. Same setting. Both ends.
No - same thing. That is what I was suggesting above. Same setting. Both ends.
DSL had this limit because of the encapsulation involved in a DSL connection.
I think DSL in many places has been displaced by other technologies not suseptible to this encapsulation ..
You could use qos on the external router to prioritize VPN traffic over other. But this mainly deals with avoiding wan saturation and VPN drops.
I think DSL in many places has been displaced by other technologies not suseptible to this encapsulation ..
You could use qos on the external router to prioritize VPN traffic over other. But this mainly deals with avoiding wan saturation and VPN drops.
When you ran netcps, was it the only thing that was communicating over the VPN or were other devices going across? netcps is going to give you a single scope point of visibility of performance between two hosts over a shared network link. It will measure what the maximum "available" path speed is. In other words, if you have other hosts consuming bandwidth or performance resources on your router(s), then you will see a decrease in the reported path bandwidth.
What you can do is try tuning your MTU down a little further. VPN packets will be flagged "do not fragment" and this can lead to performance issues if you are already running your edge MTU at the path maximum. You can also check performance counters for mem and proc on the intermediary devices. Elevated utilization here can impact performance as well. Ubiquiti is a low cost solution. This generally equates to end user profile of low sensitivity to performance. They get you the prices by installing lower cost components. If performance sensitivity is an issue, then look at getting equipment that is built to provide the performance you are looking for - and yes, that means you are going to need to be ready to pay the higher price as well.
What you can do is try tuning your MTU down a little further. VPN packets will be flagged "do not fragment" and this can lead to performance issues if you are already running your edge MTU at the path maximum. You can also check performance counters for mem and proc on the intermediary devices. Elevated utilization here can impact performance as well. Ubiquiti is a low cost solution. This generally equates to end user profile of low sensitivity to performance. They get you the prices by installing lower cost components. If performance sensitivity is an issue, then look at getting equipment that is built to provide the performance you are looking for - and yes, that means you are going to need to be ready to pay the higher price as well.
ASKER
Thanks for your assistance! We increased the bandwidth with the ISP on the remote end and the speed problem went away.
Thank you for the update
ASKER
Sorry for the delayed update John! I always appreciate your valuable input! Have a great day!
Thanks !
ASKER