What does VPN throughput mean?

From: Jon (nospamj_at_i0ta.com)
Date: 12/18/03

  • Next message: Lars M. Hansen: "Re: What does VPN throughput mean?"
    Date: 18 Dec 2003 09:25:38 -0800
    
    

    Greetings:

    We are having a struggle at work determining which firewall appliance
    to purchase. The office has approximately 30 people with about 50
    more working in the field and is attached to the Internet via a T1. I
    am the Network Administrator, so naturally I would like something that
    is easy to administer, secure, has some IDS, and other features. So,
    I picked out a nice, feature rich Fortigate 100. According to it's
    literature it has these performance characteristics:
    ------------------------------------
    FG100:
    Concurrent Sessions = 200K
    New Sessions/second = 4K
    Firewall Throughput (Mbps) = 95
    168-bit Triple-DES Throughput (Mbps) = 25
    Concurrent Users = 10/Unlim
    ------------------------------------

    The struggle comes in over concern for the VPN throughput for this
    office, since most of the employees are remote users. In addition to
    using the MAPI Outlook and a web browser over the tunnels, they are
    also considering using IP Softphones from Avaya over the VPN tunnels
    in the near future. Another part of the struggle is that the chief of
    this office is a die-hard Cisco fan. He would like to purchase a
    Cisco PiX 515E with these performance characteristics according to
    Cisco's website:
    ------------------------------------
    Cleartext throughput: 188 Mbps
    Concurrent connections: 130,000
    168-bit 3DES IPsec VPN throughput: Up to 140 Mbps with VAC+ or 63 Mbps
    with VAC
    128-bit AES IPsec VPN throughput: Up to 135 Mbps with VAC+
    256-bit AES IPsec VPN throughput: Up to 140 Mbps with VAC+
    Simultaneous VPN tunnels: 2000
    ------------------------------------

    My question is whether it would make a difference given the limit of
    bandwidth supplied by a T1 whether we went with a box that had 25Mbps
    3DES throughput or 140Mbps 3DES throughput? Doesn't the lowest common
    denominator (the 1.544Mbps T1) rule in this case? Wouldn't we be
    limited to 1.544Mbps of throughput no matter which solution we chose?
    If not, then please explain what "VPN throughput" actually means and
    how they come up with that figure.

    Thanks for reading. I appreciate any response given. :-)


  • Next message: Lars M. Hansen: "Re: What does VPN throughput mean?"