Hello there,
the backbone of our AS is currently at 10Gbps, we got aroud 8-9Gbps in download/upload with 5Gbps guaranteed.
We connected a server to the backbone and this server is currently connected in 10Gigabit Ehernet Full Duplex. But we encounter a small problem.
We want to connect several data centers on the same IP block (yes, IPv4 is expensive, we only have a /24 IPv4 and a /29 IPv6 as LIR at RIPE, so we need to use all of our datacenters servers on the same IP block), and for that, we have chosen to configure an OpenVPN in layer 2. It's efficient, it works perfectly, the only problem is that... the routed speed does not exceed 1Gbps.
We tested everything: changing the encryption used, ciphers, OpenVPN versions on the client/server side, checking the hardware (we mainly use 10-Gigabit Ethernet, and more rarely SFP+), there is really nothing abnormal. Moreover, if I do an iperf between two sites, I exceed 5Gbps without any problem.
Conclusion, I think of a software limitation on the side of OpenVPN. Our configuration is totally classic, there is nothing exceptional about it, but we would like to know if anyone has already encountered this problem.
On the other hand, if it turns out that OpenVPN is limited to layer 2 transfers of 1Gbps maximum, which VPN software would you recommend? I was told about Wireguard but it seems to be layer 3, so it doesn't suit us. And we would preferably like it to be encrypted.
So, if anyone has anything to add...
the backbone of our AS is currently at 10Gbps, we got aroud 8-9Gbps in download/upload with 5Gbps guaranteed.
We connected a server to the backbone and this server is currently connected in 10Gigabit Ehernet Full Duplex. But we encounter a small problem.
We want to connect several data centers on the same IP block (yes, IPv4 is expensive, we only have a /24 IPv4 and a /29 IPv6 as LIR at RIPE, so we need to use all of our datacenters servers on the same IP block), and for that, we have chosen to configure an OpenVPN in layer 2. It's efficient, it works perfectly, the only problem is that... the routed speed does not exceed 1Gbps.
We tested everything: changing the encryption used, ciphers, OpenVPN versions on the client/server side, checking the hardware (we mainly use 10-Gigabit Ethernet, and more rarely SFP+), there is really nothing abnormal. Moreover, if I do an iperf between two sites, I exceed 5Gbps without any problem.
Conclusion, I think of a software limitation on the side of OpenVPN. Our configuration is totally classic, there is nothing exceptional about it, but we would like to know if anyone has already encountered this problem.
On the other hand, if it turns out that OpenVPN is limited to layer 2 transfers of 1Gbps maximum, which VPN software would you recommend? I was told about Wireguard but it seems to be layer 3, so it doesn't suit us. And we would preferably like it to be encrypted.
So, if anyone has anything to add...