Hot!VDOM performance impact

Author
mimetist
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 04:08:08
  • Status: offline
2019/05/20 04:33:56 (permalink)
0

VDOM performance impact

Hi,
 
I am trying to understand what will the performance impact of adding a new VDOM that will be used as site-to-site VPN concentrator. Total number of IPSec VPN tunnels will be about 100 with summary throughput up to 2Gbps. Quite possible the number of IPSec tunnels will grow in the future. Does Fortinet have any best practices for this kind of scenario? 
#1

3 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1538
    • Scores: 131
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: VDOM performance impact 2019/05/20 08:54:40 (permalink)
    0
    Although I don't know if such documentation is available, I wouldn't expect much difference. But if NP6 supported model, make sure to follow the doc below so use the same NPU from ingress to egress of VPN traffic. That definitely affects to VPN performance.
    https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e564ec10-1a20-11e9-9685-f8bc1258b856/fortigate-hardware-acceleration-60.pdf
     
    #2
    hklb
    Gold Member
    • Total Posts : 233
    • Scores: 29
    • Reward points: 0
    • Joined: 2014/06/10 15:00:59
    • Status: offline
    Re: VDOM performance impact 2019/05/20 12:42:53 (permalink)
    0
    toshiesumi
    Although I don't know if such documentation is available, I wouldn't expect much difference. But if NP6 supported model, make sure to follow the doc below so use the same NPU from ingress to egress of VPN traffic. That definitely affects to VPN performance.
    https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e564ec10-1a20-11e9-9685-f8bc1258b856/fortigate-hardware-acceleration-60.pdf
     


    Hi,
     
    Do you have an explaination ? I don't understand why it would cause an impact (most of FGT has an ISF)
     
    Lucas
    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 1538
    • Scores: 131
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: VDOM performance impact 2019/05/20 13:42:04 (permalink)
    0
    I don't know if NPU offloading can actually happen when the ingress belongs to npu0 and the vdom-link to hand out belongs to npu1 (maybe described at somewhere in the doc). But easily understand it needed to be pulled out from the NPU back to the CPU to put back in another NPU. Then same thing needs to happen on the egress vdom if npu mismatches there as well.
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5