In ZLD5.10, we do some enhancements to increase IPSec TCP single session throughput
- Distribute the single VPN session to multiple CPUs instead of a single CPU
- Reorder the packet order
This enhancement is disabled by default.
The reason we disable by default: We need more time to clarify whether the VPN session distribution over multiple cores causes any effects to other our critical process running or not. If not, we may enable it on the next FW version.
As the enhancement is still under evaluation, we don't make official testing yet.
How to enable/disable the enhancement:
To enable the enhancement by CLI command, use:
Router(config)# crypto boost-tcp
To disable the enhancement by CLI command use:
Router(config)#no crypto boost-tcp
Here you find how you can make the local test to verify:
PC1 -- (LAN) ATP800-A (WAN) ----- IPSec VPN ----- (WAN) ATP800-B (LAN) -- PC2
Test Software: Iperf3
Test Client/Server OS: Windows
Here you will see the differences of IPsec TCP single session throughput:
What to do if this does not work?
Please note, that on some occasions the default crypto-boost option may not work.
In this case, please reach out to our Support Team and request a Datecode of the revised Version.