Increasing data transfer on a firewall to firewall vpn connection
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by on June 14, 2005, 5:33 pm
Please log in for more thread options I'm a newbie when it comes to networking equipment, but I have a question. How can the data transfer rate in a secure connection between one firewall and another firewall be increased? I believe we have establish some sort of vpn connection between the two. I assume the parameters in this case might be 1) The internet data lines connecting the sites 2) The processing power of the devices doing some sort of encoding/decoding on both sides of the link. I'm just clueless as to where the bottle neck resides. Thanks for your help | ||||||||||||||||
|
Posted by Walter Roberson on June 14, 2005, 6:20 pm
Please log in for more thread options :question. How can the data transfer rate in a secure connection between :one firewall and another firewall be increased? I believe we have :establish some sort of vpn connection between the two. :I assume the parameters in this case might be :1) The internet data lines connecting the sites :2) The processing power of the devices doing some sort of :encoding/decoding on both sides of the link. :I'm just clueless as to where the bottle neck resides. If you are seeing 1/2 to 2/3 of the maximum performance, then you might be fragmenting packets, and your MTUs may need to be adjusted (or Path MTU Discovery turned on.) If you are seeing -very- poor performance, especially in one direction, then there is likely a duplex mismatch. The kind of encryption you choose can make a difference, especially if the encryption you choose does not happen to be one of the ones that is hardware-accelarated. And hardware accelaration can be funny -- they might have optimized a particularily common type of encryption more than a less-common but less complex encryption. If you have AH (authentication header) turned on, or are using NAT-T (Nat Traversal) then there are additional processing overheads for the IPSec encapsulation. Latency can be a real bug-bear. On a particular 1000-mile long link that we have, when we measure the throughput we find that it is close to the maximum expected, but the latency is high enough that doing interactive X Windows graphics work is painful. For larger transfers, latency effects can be reduced by using larger windows, including possibly by using the tcp window-size extensions. -- 'ignorandus (Latin): "deserving not to be known"' -- Journal of Self-Referentialism | ||||||||||||||||
| Similar Threads | Posted |
| Increasing data transfer on a firewall to firewall vpn connection | June 14, 2005, 5:33 pm |
| PIX506E and Internet data transfer rate | March 19, 2007, 4:33 pm |
| Periodic MIB Data Transfer: Timestamp "bulk statistics file" with Tcl | December 20, 2007, 3:14 pm |
| Is Cisco PIX Application level firewall or Packet level firewall? | October 14, 2005, 2:15 pm |
| VPN connection issue; no data passing after connection | August 22, 2007, 11:37 am |
| Call transfer full consult is not working properly, blind transfer is working instead | October 8, 2008, 8:04 pm |
| Pix Firewall | June 7, 2006, 11:53 pm |
| PIX firewall or dns? | August 16, 2006, 9:39 am |
| ACL and Firewall | August 17, 2006, 9:33 am |
| PIX Firewall pop 3 | September 15, 2006, 8:09 am |
| ASA, PIX, and IOS Firewall ? | May 2, 2007, 11:43 am |
| which firewall | November 12, 2007, 8:54 pm |
| Firewall settings for 837. | February 7, 2005, 8:56 pm |
| Moving a Firewall | August 11, 2005, 7:19 am |
| OT: FrontPage and firewall | September 18, 2005, 1:38 pm |