11-12-2020 07:53 PM
I have a couple of cross-town WAN links which currently use an OpenVPN tunnel.
LAN <=> OpenVPN <==== 35ms ====> OpenVPN <=> R600
I get basically full wire speed from this setup (>200Mbps).
I'd like to replace the OpenVPN boxes with an LWAPP tunnel from the R600 to my ZD1100.
I did some testing locally...
LAN <=> ZD1100 <=> R600(Tunnel)
...and I get 39 Mbps. This is fine. I only need maybe 16Mbps.
But when I put the R600 at the remote sites...
LAN <=> ZD1100 <=> NAT <==== 35ms ====> NAT <=> R600(Tunnel)
...I get 7.5 Mbps.
Is there any setting I can tweak to improve throughput? I have ZD1200s and R610s I can swap in if that would help, but obviously don't want to go through the upgrade pain if the root cause is that LWAPP just doesn't like any latency. I don't want to subscribe to SmartZone - I'd rather just keep the OpenVPN boxes.
11-12-2020 11:56 PM
I believe the only thing you can tweek is MTU size (which may be or not be an issue), as lower bandwidth on WAN may be result of packet fragmentation if route MTU is low. If you use mobile connection, MTU is often an issue, if it is fixed connection - usually not. Otherwise you have to remember that ZD1100 is very old device with low CPU power, so it has not much resources for VPN encryption/decryption, so dedicated OpenVPN boxes will be always faster.
11-13-2020 01:32 AM
Thanks. I've reduced the MTU, and I'll check the impact tomorrow. Hopefully that's the fix.
I do know the ZD1100 is an old device, and I would've upgraded right away if I thought it would help...
...but my tunnel is unencrypted, and I remember reading a Ruckus document which said a ZD1100 should be able to handle ~300 Mbps of unencrypted tunnel traffic. And like I said, when testing locally I get nearly 40 Mbps down the tunnel between an R600 and ZD1100.
11-13-2020 12:20 PM
I think this is the article you are referring to.
Upgrading to ZD1200 will improve things for sure, but it is worth troubleshooting the current setup, before you decide to upgrade the hardware.
11-13-2020 12:18 PM
What Eizens suggested is right. However, I suggest testing the tunnel MTU capacity by connecting a wired client on one of the remote R600 APs and from that client, try to ping the controller's IP address with different loads. Start with 1500 and reduce the size by 20 or 30. Once you get he stable ping with optimum latency, minus it by 10 or 20 and set the MTU on ZD side accordingly.