Wireless VPN Performance Tests

A series of tests were run to determine the effects of a VPN connection on wireless network performance. In particular, we were interested in the performance "hit" one might take when accessing a VPN via a wireless connection (we tested a wired connection for comparison). All tests were performed using Iperf-1.1.1. The original test was done using a PPTP VPN connection. The second, more recent test was done using the Cisco IPSec client for Windows 2000 (beta "release 2.6 beta 2").

Cisco IPSec Client Test [data for wireless unencrypted and wireless encrypted only]

Here is a summary of the results (see below for more details and the conclusion):

Test#
Protocol

MBytes transferred
Bandwidth (Mbps)
TCP
6.4
4.9
(non-encrypted wireless)
UDP
1.3
1.1
TCP
4.8
3.6
(encrypted wireless)
UDP
1.2
1.0

Here are the details about the setup used for these tests:

Testing setup for test #1 and test #2:

Test #1

Without Cisco IPSec client connection to VPN (i.e., just the regular wireless connection):

TCP

UDP

Test #2

With Cisco IPSec connection to VPN (i.e., the same wireless connection as above but going through an IPSec tunnel using the Cisco IPSec W2K beta client software; and the same Iperf settings as above for both TCP and UDP):

TCP

UDP

PPTP test

Here is a summary of the results (see below for more details and the conclusion):

Test#
Protocol

MBytes transferred
Bandwidth (Mbps)
TCP
11.3
8.8
(non-encrypted wired)
UDP
10.2
8.2
TCP
10.8
8.4
(encrypted wired)
UDP
9.4
7.5
TCP
5.3
4.1
(non-encrypted wireless)
UDP
6.1
4.8
TCP
5.0
3.8
(encrypted wireless)
UDP
4.7
3.8

Here are the details about the setup used for these tests:

Testing setup for test #1 and test #2:

Test #1

Wired throughput test without PPTP connection to VPN (i.e., just the regular wired connection):

TCP

UDP

Test #2

Wired throughput test with PPTP connection to VPN (i.e., the same wired connection as above but going through a PPTP tunnel using MPPE 128-bit encryption and no compression; and the same Iperf settings as above for both TCP and UDP):

TCP

UDP
transferred 9.4MBytes
bandwidth=7.5Mbps

Testing setup for test #3 and test #4:

Test #3

Without PPTP connection to VPN (i.e., just the regular wireless connection):

TCP

UDP

Test #4

With PPTP connection to VPN (i.e., the same wireless connection as above but going through a PPTP tunnel using MPPE 128-bit encryption and no compression; and the same Iperf settings as above for both TCP and UDP):

TCP

UDP

Conclusions

PPTP Test Conclusions

The "wired tests" (tests #1 and #2) would seem to indicate that you take about a 4.5% hit via TCP and an 8.5% hit via UDP for going through the VPN. The "wireless tests" (tests #3 and #4) seem to indicate that you take about a 7% hit via TCP and a 20% hit via UDP for going through the VPN. These tests were done for comparison only. We wanted to determine if any differences in network throughput existed between wired and wireless VPN and non-VPN connections. The above numbers show our results. It should be noted that PPTP was used as an example VPN protocol only--it is NOT the VPN access method UCAR will be implementing. Please visit the UCAR VPN testing page for more information.

Cisco IPSec Client Test Conclusions

These wireless tests (tests #1 and #2) with the Cisco IPSec client over a wireless connection seem to indicate that you take about a 25% performance hit via TCP and an 8% hit via UDP for using this type of VPN connection. Please visit the UCAR VPN testing page for more information.

Address comments or questions about this Web page to the Network Engineering & Technology Section at nets-www@ncar.ucar.edu. The NETS is part of the Scientific Computing Division of the National Center for Atmospheric Research, which is part of the University Corporation for Atmospheric Research. NETS uses multiple HTML editing tools--the most recent "last modified" date is the correct one.
Last modified by Jeff Custard on Monday, 29-Jan-2001 12:16 AM or Last modified: Mon Sep 18 15:57:17 MDT 2000