Routing Performance
11. Routing Performance
If you liked the SL1000's VPN tunnel throughput, you're gonna love its routing performance. Figure 17 shows a first in my years of hammering on consumer grade routers - damn near wire-speed routing! I say this because the 81-84Mbps routing throughput is pretty much the maximum that I can squeeze out of the two >1 GHz WinXP test machines when they are directly connected via 100Mbps Ethernet.
The Routing Performance Test table shows that there is also no measurable latency and excellent UDP streaming performance. The missing LAN to WAN streaming results are due to a problem that Qcheck has with some SPI+NAT routers and not a fault in the SL1000 itself. I should also note that I ran the UDP streaming test at 1Mbps - Qcheck's maximum rate - and achieved results of 1Mbps throughput with no data loss. This again is a first among routers that I've tested.
Testing Notes:
• All tests were run with LAN endpoint in DMZ
Figure 17: SL1000 routing performance
(click on the image for a full-sized view)
I actually started out testing it with a mix of older and newer machines and got performance closer to 30Mbps - which is still more than most anyone would need. Since both the IPsec tunnel and NAT routing speeds were so ridiculously high, I thought I'd see what happened when both were run at the same time. Figures 18 - 20 show the results with different combinations of the computers that I had on hand.
Figure 18: Mixed NAT and VPN - Combination 1
(click on the image for a full-sized view)
Figure 18 is the most evenly matched combination (given my available computers), pairing a 1 GHz WinXP (running SSH Sentinel) and 266MHz WinXP notebooks for the IPsec pair and 2.4 GHz Pentium4 WinXP and 733MHz Pentium III Win98SE desktops for the LAN > WAN routing pair. The IPsec pair show performance comparable to what I got back in my standalone VPN testing, but the Win98SE machine really puts a crimp in the NAT routing results.
Note also that I delayed the start of one of the pairs by ten seconds to check for effects when it kicked in. Basically, I wasn't able to see any difference, no matter which pair started first.
Figure 19: Mixed NAT and VPN - Combination 2
(click on the image for a full-sized view)
Figure 19's matchup pairs the two slowest machines for IPsec and the two fastest for normal routing. Nothing holding back the NAT routing results this time! You can also see the effects from the poor little Pentium 266 having to crank 3DES encryption for the IPsec tunnel!
Figure 20: Mixed NAT and VPN - Combination 3
(click on the image for a full-sized view)
Finally, Figure 20 keeps the slowest and fastest pairings, but swaps them between IPsec and NAT duties. This time, the slower pair runs significantly faster through straight NAT routing, but doesn't even approach the SL1000's limit.
Bottom line, the SL1000's routing engine is extreme overkill for pretty much any consumer broadband connection in the U.S.. My brother-in-law who lives in Tokyo has a 40Mbps DSL connection that could probably keep it happy, though!
Routing Performance Test Results
| Test Description | Transfer Rate (Mbps) | Response Time (msec) | UDP stream | |
|---|---|---|---|---|
| Throughput (kbps) | Lost data (%) | |||
| WAN - LAN | 83.3 | 1 (avg)
2 (max) |
500 | 0 |
| LAN - WAN | 86.7 | 1 (avg)
2 (max) |
||
| Firmware Version | SL1000.1.1.08.410, Nov 5 2003, 11:15:04 | |||
