The “Basic” Azure VPN gateway sku has a rated bandwidth of 100mbps.
The VpnGw1 is rated at 650mbps, with more number of connections/tunnels supported.
I’m testing from a Gigabit fiber connection that pings 15ms to the gateway, using a capable Mikrotik CCR router over an IPSec site-to-site tunnel. At first, I deployed a basic VPN gateway, and was able to max out the connection at around 100mbps transferring files between an Azure VM and my local server.
I then deployed a VpnGw1, which is substantially more expensive than Basic. However, the transfer speed between the same Azure VM and my local server did not increase at all. As a matter of fact, it seems to be slightly slower.
So I’m wondering, is the higher bandwidth ratings of these higher tier VPN gateways merely a reflection of the increased aggregated speed that supports more number of tunnels? Is the per-tunnel/per-connection, “burst” speed not increased at all?
Of course, the limit I’m experiencing could still be a limitation of the WAN speed itself and my equipment. But from your experience/knowledge, are these higher tier VPN gateway SKUs supposed to be faster for each individual tunnel?
I’m guessing you’re hitting the limit of your own equipment or ISP. I have deployed a GW1 and hit around 625Mbps on my 1/1Gbps fiber line.
The other side would be if you’re copying files, you could be hitting limits at the read or write speed on one end or the other.
A better test of network throughout alone would be using something like iPerf.
Edit: that being said, the higher cost of the newer SKUs is the higher aggregate throughput and increased limits on connection counts. Plus the ability to use OpenVPN AND IKEv2 point to site tunnels on top of SSTP that’s available with Basic.
also MSFT says basic SKU should only be used for DEV/Test workloads ,so ideally we should almost never use it.
Good call. Since I’m on 1/1 Gbps fiber too and the CCR I’m using should do IPSec for at least 450Mbps, I suspected it’s the Azure VM, a B2MS with a 128GB “premium” SSD that’s rated at 100 MB/s. Just ran a disk speed test and it’s only getting 25MB/s, absolutely pathetic for a “SSD”. Just reminded me why I hate these public cloud VMs.
I will spin up a F series with a higher tier SSD later to run another test.
Yeah M$ would want everything in Azure to be for “dev/test” workloads except for the 32core256gbram SKUs hooked up to ExpressRoute gateways.
Your disk test may be trying to hit the IOPS max, which probably would be around 25MB/s. Not to mention if you don’t have any credits built up on the B series, your CPU isn’t going to max. Depending disk testing software you might be getting limited by CPU.
SSD IOPS and Throughput are based on the size of the provisioned disk. You can read the performance chart here: Select a disk type for Azure IaaS VMs - managed disks - Azure Virtual Machines | Microsoft Learn
Lol I know. I started using VPN a while back and I think only basic existed , and I had no issues . I think it’s more for SLA reasons more then anything now to use the new SKU.
Thing is , the price increase makes it almost worth it to go straight to ExpressRoute directly.
Found out the hard way, also limited by the VM itself like in this case. B2MS has a 2400 ips, and a 22.5MBps throughput limit. These low-end VMs are completely pathetic performance wise.
On Azure’s side yes, but isn’t ExpressRoute super expensive on the client side that costs thousands a month to start?
Understood, but the B-series is recommended for dev/test workloads. They are great machines for those purposes.
Not that bad. You need to get your ISP involved, and some don’t support it. I would say most do, ( in USA and Canada ).
Per month , for 50mb unlimited , it’s Around 375$. CSP pricing is likely 30% less. How much the ISP charges varies , but combined it wouldn’t be over a 1000$.
You can also do a lot of cool things with ExpressRoute. You use the private expressRoute tunnel for azure , and the Microsoft tunnel for office 365 services ( exchange, dynamics, SharePoint ).
You can fully turn off public IP on azure and really see your azure environnement as a private extension of your on premise environment.
Thanks. I did not know that most US ISPs now support it. I thought it’s only provided via a select few providers at select locations, and the last time I checked prices was a few years ago when it first rolled out. Do you know if AT&T business fiber (not their enterprise DIAs) supports it? I will ask around too.
50mbps for under $1000 is reasonable. That said, the client would want way more than 50, like at least 200, ideally a full gig. I suspect those will still be expensive.
So with ExpressRoute, exactly what kind of performance can we expect? I understand it’s like a L2 connection. So let’s say if I ping 15-20ms right now to the DC over public Internet, what kind of improvement will ExpressRoute produce? Also, because a major reason SMB over WAN/VPN sucks is due to latency and the chatty nature of SMB, will SMB over ExpressRoute be much much better, like close to LAN performance?
One of my customers in Dallas has it. They are AT&T, and their networking team is called Netbond I think .
They have 100mbs, and I believe pretty similar latency. The main advantage express Route has over VPN is :
- private, not over public internet. ( More safe / secure )
- because of 1, typically more stable / higher SLA
- can " shut off" your azure to the typical outside world, and access everything through expressRoute. For remote users, you can setup P2S VPN access .
- for your last point , I think expressRoute just bring always up and stable, should provide better results too. VPN tunnels by nature would close and reopen the tunnel based on traffic throughout, where that wouldn’t really happen with ExpressRoute.
Hope this info helps you !
With Express Route you have two charges. One is a port fee that varies based upon the size of the circuit. The other is data egress charges. Data egress charges over Express Route is significantly less than egress charges out the Internet which a VPN connection would use.
You can find some more info here: https://azure.microsoft.com/en-us/pricing/details/expressroute/