I know most online speed testing sites are not necessarily 100% accurate, however my results are fairly consistent. If I complete a speed test over my home ISP I usually get around 30 Mbps down and 10 Mbps up. Now if I connect to my corporate VPN, using network connect and then run a speed test I am consistently seeing roughly 20 Mbps down and 6 Mbps up. I have tried this across multiple ISP's from other employees and am noticing the same results. Oddly enough when I complete the same testing over my MAC the numbers are a lot closer to my non network connect speeds.
I even had one user who is on DSL with 1.5mb service getting fairly close to advertised speeds when doing a speedtest, and then when running a speedtest after making a VPN connection back to us was down around dial-up modem speeds. Most of our remote devices are 64-bit Windows 7 laptops.
Has anyone else experienced this? We are running MAG-4610's, code level 7.3R4.1 and ESP transport with AES256/SHA1.
I am working on debugging the same problem. External (No Juniper Tunnel) speeds are much faster that Internal (SSL/ESP Tunnel active) tests. My results are very similar to your results. Testing over a few different clients and different Internet connections shows Tunnel performance to be capped at near 15Mbps for Upload and Download.
SA-6000, 8.03R1. I will be testing this on a SA6500 also.
I'm also having problems with network connect.
With our prodution box (SA6500), I get this results, where the internal and external are the same machine, but one goes by the tunnel and the other doesn't.
In our lab box (SA2500), I get better results...
Both SA have the same version... 7.4R9.1... and they are in the same network.
Any ideas how to debug this problem?
Do you have Bandwidth Management for NC configured on the SA [SSL]?
- If yes, can you please disable the B/W Mgmt and test the speed once again?
- If you dont have B/W mgmt enabled on your SA and if you are experiencing this problem, I suggest you please open a JTAC ticket at the earliest possible.
Overhead will cause this must unencrypt the packets. What strength do you have set. Do you have compressin set. I have the lowest one set and we sometimes do better with compression.
not specifically with that hardware, no.
can confirm that your tunnel is staying up on ESP when the slowness is happening?
please disable the compression option on the VPN tunneling connection profile; on high bandwidth (non-dialup) connections, it can help increase slowness.
do you have a way to check with the latest 7.3?
I am having bad network performance with my Juniper SA as well. I already opened a case to JTAC but we did not found a root cause.
With ESP tunnel mode I do not notice any slowness. eg: Using a 18Mbps ADSL connection, I have a download speed through the tunnel reaching 17Mbps wich is pretty good.
With SSL tunnel mode, the bandwidth is poor. Using the same ADSL connection, I cannot reach more than 3Mbps downloading. And when using an ADSL connection of 100Mbps the results are worst.
I have made several test with JTAC. I installed an iPerf GNU/Linux server to get this results.
The tcpdump from the JunOS client, IVE and iPerf server show us that we can see packet loss into the tunnel resulting in retransmission and duplicate ACK from the server. This is explaining the poor bandwidth.
We do not have the same packet loss in ESP mode.
Hope this may help you.