SRX

 View Only
last person joined: 14 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  the bandwidth can't reach the maximum when i go through a vpn on the srx 1500

    Posted 01-02-2023 09:05
    My lab is : Two srx 15000 which are linked by a 10 G cable(between these two srx there is a VPN). Each srx is linked to a switch Dell(cable 25 g), and finally, each switch is linked with a server (cable 25 g)by two cables that are aggregated on an active-passive mode (to well explain the 1 sw is linked to the 1 serv using 2 cables and same for the second). The two interfaces on the sw are in a trunk mode.
    The question is why when I pass by VPN I get 1G or 0,15G when I test iperf3 on my 2 servers while normally i should have minimum 10g ?
    And when I do my iperf test by passing directly by the two switches, the bandwidth is 7.60Gbits/sec

    ------------------------------
    sakura aiss
    ------------------------------


  • 2.  RE: the bandwidth can't reach the maximum when i go through a vpn on the srx 1500

    Posted 01-03-2023 09:59
    The SRX1500 is rated for 1.3Gbps of IPSec (IMIX Packets) and ~4Gbps at 1400byte packets.  This is per the data sheet (https://www.juniper.net/us/en/products/security/srx-series/srx1500-firewall-datasheet.html).

    Now, using a tool like perf you are really seeing single stream performance, so a single stream of 1-1.5Gbps of UDP seems reasonable.  

    For pure L4, stateful FW, the device is rated for ~9Gbps.  Again, we need to look at single stream performance while will be lower.  Again, in the 1-3Gbps range for a pinned stream seems about right.  You will see the FW will pass more aggregate bandwidth if you add more discrete session streams from varied source/destination pairs.


    ------------------------------
    David Divins
    ------------------------------



  • 3.  RE: the bandwidth can't reach the maximum when i go through a vpn on the srx 1500

    Posted 01-04-2023 10:34
    thank you for the info i saw that srx1500 cannot go up to 4 if passing with ipsec

    ------------------------------
    sakura aiss
    ------------------------------



  • 4.  RE: the bandwidth can't reach the maximum when i go through a vpn on the srx 1500

     
    Posted 01-03-2023 10:00
    1500 will never really pass 10G traffic (especially via IPSec); interfaces are oversubscribed.

    Your metered outputs depend on IPerf (and/or other tools) settings. I would suggest having a look at the datasheet.

    ------------------------------
    M Gi
    ------------------------------



  • 5.  RE: the bandwidth can't reach the maximum when i go through a vpn on the srx 1500

    Posted 01-04-2023 10:35
    yes i didn't know it, thank you !

    ------------------------------
    sakura aiss
    ------------------------------