[j-nsp] SRX IPSEC performance

ashish verma ashish.scit at gmail.com
Sat Sep 15 23:10:41 EDT 2012


Hi Mike, Devin

Thanks for your replies.

Mike, Do you have the CP running in dedicated mode ? What packet size did
you use for testing?

kmd is quite useful in identifying which SPC will be used for the specific
tunnel. Is there a way we can force an IPSEC to terminate on a required SPC
to load balance better?

Thanks again.


On Sun, Sep 16, 2012 at 12:49 PM, Mike Devlin <gossamer at meeksnet.ca> wrote:

> So i have personally achieved 1.6G throughput per SPC on and SRX3600 on
> 10.4R9.2 code line.
>
> I was required to push 3.5G from a single source, which required the use
> of a hidden command in what i remember being the gateway config.
>
> i also had to pop out to the shell, and use "kmd -T ip1:ip2"
>
> The ips required here are those of the IKE association.  We in the end,
> needed 2 IPs on both sides to split the traffic across 3 SPCs, and it
> required substantial planning to get these numbers.
>
> Going to 12 code, which i never got to test, i had an elaborate plan to
> attempt equal cost load balancing across multiple IPSEC VPNs on 5800s, but
> was unfortunately laid off before i got to work out the finer details of it.
>
>
>
>
> On Fri, Sep 14, 2012 at 8:49 AM, Devin Kennedy <
> devinkennedy415 at hotmail.com> wrote:
>
>> Hi Ashish:
>>
>> I recently tested the SRX3400 for IPsec tunnel setup rates and was able to
>> setup 3600 tunnels using IxVPN testing tool.  I only sent traffic across
>> the
>> tunnels for 1 minute but the testing was successful.  We were running 4x
>> SPC
>> and 2xNPC in our configuration.  We were using one GE WAN interface as
>> well.
>> Our primary purpose was just to test that number of IPsec tunnels that we
>> needed for a future implementation.
>>
>>
>> Devin
>>
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net
>> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of ashish verma
>> Sent: Thursday, September 13, 2012 5:35 PM
>> To: juniper-nsp
>> Subject: [j-nsp] SRX IPSEC performance
>>
>> Hi All,
>>
>> Has anyone here done IPSEC performance tests for SRX3k and share your
>> results?
>> Juniper claims that with 1400bytes of packet with 2SPC and 1NPC VPN
>> throughput is 3Gbps. How much have you achieved?
>>
>> Ashish
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>


More information about the juniper-nsp mailing list