As a Softlayer solution designer, you need to know the capacity of physical Vyatta gateway when you develop Softlayer network and security architecture. Recently, I built a small lab on Softlayer Sydney DC to test Softlayer Physical Vyatta Gateway with 10G real-world Performance. In this blog, I will show you the output of my testing. I hope this will give you some reasonable assumption at leastindicative point of view what kind of performance (mainly on traffic throught) you can achieve.

Below is the topology of my lab.

Lab Setting:

Iperf version: 2.0.5-11.el6
Iperf client and Server: Softlayer Public CCI
OS: Centos 6.7
CPU: 2 vCPU
MEM: 2G

Vyatta Gateway Configuration:
OS: Brocade Vyatta 5415 vRouter 6.7 R9
CPU: 2xDual Intel Xeon E5-2650 v3 (10 Cores, 2.30 GHz)
MEM: 8x8GB Micron 8GB DDR4 1Rx4
Network Card: SuperMicro AOC-2UR6-i4XT
Network Setting:10 Gbps Redundant Public & Private Network Uplinks

My first test is around the GRE throughput on my lab Vyatta gateway. I have 2 IPerf clients and 2 IPerf servers.

Below is what i have achieved. I have nearly 5.2Gbps in average and 6.3Gbps at peak. Not bad performance! In addition, you can expect even better throughput for native IP traffic as there is no overhead of GRE encapsulation.

My Second test is around IPsec performance.

(1) With encryption “3DES” and hash “MD5”

Here is the performance: you can see around 130Mbps throughput for IPsec.

(2) With encryption “AES256” and hash “SHA1”

We see big jump of IPSec throughput. We can see over 700Mbps throughput. The reason for this throughput big jump is: As the successor of DES as standard symmetric encryption algorithm for US federal organizations, AES provides better security and  is much faster compared to 3DES. So we should always use AES as much as possible.

Note: In my lab, I use the default setting of IPerf on Centos and the Iperf traffic is TCP packet.