VPN throughput is largely dependent on the CPU power required to encrypt and decrypt the traffic. The more CPU intensive the encryption the less throughput a particular model will be capable of. The following table shows the default encryption options in 12.1.0 and suggested settings when higher throughput is desired:
Option |
12.1.0 - Default |
12.1.0 - Performance |
---|---|---|
Phase 1 Encryption |
AES256 (CBC) |
AES128 |
Phase 1 Authentication |
ESP SHA2 256 |
ESP SHA2 256 |
IKE Group |
Group 14 |
Group 5 |
Phase 2 Encryption |
AES256 (CBC) |
AES128-GCM |
Phase 2 Authentication |
ESP SHA2 256 |
ESP SHA2 256 |
VPN Throughput* |
187 Mbps |
517 Mbps |
*Note: The throughput was tested on a reference platform to show the relative difference in throughputs. The actual throughput of an Ecessa device will depend on the model and its hardware capabilities.
0 Comments