MPLS speed issue

Dashrender

Let me throw a monkey wrench into all of this, are you sure that the IPSec isn't going over the MPLS network?
Showden provided documentation that proved that the NSA was jacked in at the carrier level, so if you aren't encrypting your traffic when it travels over someone else's physical network, even a carriers, expect it to be snooped on. (stepping down).

Anyhow, so the IPSec might be running over the MPLS network.

scottalanmiller

@Dashrender said:

Let me throw a monkey wrench into all of this, are you sure that the IPSec isn't going over the MPLS network?
Showden provided documentation that proved that the NSA was jacked in at the carrier level, so if you aren't encrypting your traffic when it travels over someone else's physical network, even a carriers, expect it to be snooped on. (stepping down).

Anyhow, so the IPSec might be running over the MPLS network.

This isn't in the US.

Dashrender

@scottalanmiller said:

@Dashrender said:

Let me throw a monkey wrench into all of this, are you sure that the IPSec isn't going over the MPLS network?
Showden provided documentation that proved that the NSA was jacked in at the carrier level, so if you aren't encrypting your traffic when it travels over someone else's physical network, even a carriers, expect it to be snooped on. (stepping down).

Anyhow, so the IPSec might be running over the MPLS network.

This isn't in the US.

Like that matter.

Reid Cooper

Have you had a chance to test the individual legs of your connections to see if you can determine between which ones the latency is being introduced? Or perhaps it is coming a little bit from all of them?

scottalanmiller

Ping.

A Former User

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

Let me throw a monkey wrench into all of this, are you sure that the IPSec isn't going over the MPLS network?
Showden provided documentation that proved that the NSA was jacked in at the carrier level, so if you aren't encrypting your traffic when it travels over someone else's physical network, even a carriers, expect it to be snooped on. (stepping down).

Anyhow, so the IPSec might be running over the MPLS network.

This isn't in the US.

Like that matter.

Like they don't have some way to get through your encryption.

We lease a lot of fiber here (all 10Gb) but even with that I still using a VPN over it to encrypt it. Makes me sleep better
But I'm using all Pfsense now here (due to cisco's new costs when I replaced the cisco routers.) And because I'm lazy and hub/spoke for the VPN doesn't work for us I used TINC VPN http://www.tinc-vpn.org/

A Former User

Just a though if you can't upgrade your connection, have you consider DFS?

Also What router are using using the Encryption of the VPN on some routers can slow them down a heck of a lot.

JaredBusch

@thecreativeone91 said:

Also What router are using using the Encryption of the VPN on some routers can slow them down a heck of a lot.

Very true.

OpenVPN is a very poor VPN choice if you want high throughput. IPSEC is pretty much the best choice for that as long as you have some hardware offload for the encryption. Without hardware offload, pretty much everything is going to be the same. The max bandwidth will be directly tied to how much CPU power is available.

scottalanmiller

OpenVPN is about flexibility. Definitely slow. IPSec for speed.

JaredBusch

@scottalanmiller said:

OpenVPN is about flexibility. Definitely slow. IPSec for speed.

Well slow is a relative term in this situation. OpenVPN is slow compared to IPSEC. But an example of OpenVPN on an Ubiquiti EdgeMax LITE router can push ~14mbps. Very little site to site traffic will approach this limit since the general upload bandwidth that SMB in the US have access to is not that high anyway.

scottalanmiller

@JaredBusch VPN speeds are in latency terms. OpenSSL produces a bit more latency than IPsec does.