High Performance Encryption Performance Benchmarks
Aviatrix High Performance Encryption is available on AWS, Azure, GCP, and OCI.
AWS Performance Test Results
Aviatrix ActiveMesh HPE achieves line rate performance with encryption in AWS when Jumbo Frames are deployed (the default setting for AWS instances). The test benchmark baseline is the native AWS peering where no Aviatrix Gateways are deployed in the VPCs. Adding 500 stateful firewall rules have little impact to the performance.
The test topologies are shown below.
The test is conducted by using iperf3 tool with TCP 128 streams. The two VPCs are in the same region.
Single Gateway in AWS Performance Test Results
This test is done without HA enabled in either Spoke or Transit Gateways. The traffic is end-to-end from user instance > Spoke Gateway > Multi-Cloud Transit Gateway > Spoke Gateway> Instance.
For MTU = 9000 Bytes, the result is shown in the diagram below.
For MTU = 350 Bytes, the result is shown in the diagram below.
Azure Performance Test Results
The performance results below are from tests conducted with the topology of Test VMs > Spoke > Transit > Spoke > Test VMs in the same region with active-mesh deployment.
Test VMs' route tables are load balanced to point to either primary Spoke Gateways or HA Spoke Gateways to take advantage of the active-mesh deployment.
The test topology is shown below.
Transit Gateway | Throughput with MTU 1500B |
---|---|
Standard_F48s_v2 |
24.52Gbps |
Standard_F32s_v2 |
21.56Gbps |
Standard_D32_v3 |
20.47Gbps |
Standard_D5_v2 |
20.56Gbps |
GCP Performance Test Results
The test topology is shown below with the following conditions:
-
VM <→ Spoke <→ Transit <→ Spoke <→ VM
-
HA enabled
-
HPE mode enabled
N1 Series Performance
Transit Gateway | Throughput Gbps (MTU 1500B) |
---|---|
n1-highcpu-4 |
3.12 |
n1-highcpu-8 |
6.54 |
n1-highcpu-16 |
11.58 |
n1-highcpu-32 |
19.97 |
N2 Series Performance
Transit Gateway | Throughput Gbps (MTU 1500B) |
---|---|
n2-highcpu-4 |
5.063 |
n2-highcpu-8 |
10.2 |
n2-highcpu-16 |
14.98 |
n2-highcpu-32 |
25.549 |
C2 Series Performance
Transit Gateway | Throughput Gbps (MTU 1500B) |
---|---|
c2-standard-4 |
5.792 |
c2-standard-8 |
9.44 |
c2-standard-16 |
18.48 |
c2-standard-30 |
25.52 |
c2-standard-60 |
32 |
To deploy Aviatrix Gateways with N2 or C2 series successfully, you need to apply CPU Quota Increase request to GCP support first. |
OCI Performance Test Results
The performance results below are from tests conducted with the topology of Test VMs > Spoke > Transit > Spoke > Test VMs in the same region with active-mesh deployment.
Test VMs' route tables are load balanced to point to either primary Spoke Gateways or HA Spoke Gateways to take advantage of the active-mesh deployment.
Transit Gateway | Throughput with MTU 1500B |
---|---|
VM.Standard2.2 |
0.5092Gbps |
VM.Standard2.4 |
1.057Gbps |
VM.Standard2.8 |
2.471Gbps |
VM.Standard2.16 |
4.99Gbps |
VM.Standard2.24 |
6.039Gbps |
Transit Gateway | Throughput with MTU 9000 |
---|---|
VM.Standard2.2 |
2.584Gbps |
VM.Standard2.4 |
4.878Gbps |
VM.Standard2.8 |
10.75Gbps |
VM.Standard2.16 |
20.1199bps |
VM.Standard2.24 |
24.65Gbps |
How to Tune Performance
Check MTU size
To check MTU size, use Trace Path.
-
In Aviatrix Controller, go to Troubleshoot > Diagnostics > Network.
-
In Gateway Utility, select a gateway and specify a destination host name or IP address.
-
Click Trace Path. The MTU of the devices along the path is shown.
Tune TCP window size
For Linux machine, follow the instructions here to tune TCP window size.