SRX Services Gateway
SRX Services Gateway

How to troubleshoot VPN performance?

‎07-16-2019 02:38 AM

We have the following scenario:-


SiteA ---- Hub (1Gb) ---- SiteB


Data transfer rates are tested between sites using iperf, and also Windows file transfer as a secondary check.


SiteA's results are as expected i.e. the upload and download speeds track the underlying connection. Also, raw internet speed tests are as expected.


SiteB's results are not as expected. The upload is about right, in this instance ~70Mb; however. the download speeds crawl along at 3Mb. Raw internet speed tests are as expected i.e. 90Mb synchronous.


The Hub is a reliable 1Gb connection on a SRX340. There is no rate-limiting.

The sites use SRX320 devices, and the configs are essentially identical. 


How can I start to troubleshoot where the issue might lie?

SRX Services Gateway

Re: How to troubleshoot VPN performance?

‎07-16-2019 02:53 AM

Hope you are testing TCP traffic.

1. Find out MSS value for each site using ping command from the end system and compare whether they are same.

2. Take packet capture from Site A and B test PC and compare the capture. Look for MSS value, TCP re-transmission, fragmentation, delay between request and response etc




JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!