Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

VPN Performance

Because it uses the same chip as the Linksys BEFSX41, I expected to get at least 2Mbps throughput through an IPsec tunnel, and better through a PPTP tunnel, since it doesn't require as much number-crunching for its encryption. But, try as I might, the best I was able to do was around 760kbps, more like what I got from other VPN-endpoint routers that don't have an IPsec co-processor. I did find, however, that the Plus' firewall settings affected throughput, as you can see from Figures 6 and 7 below.

I used Chariot to set up a test that ran the TCP throughput script simultaneously through the VPN tunnel and through the Plus' normal non-VPN LAN-WAN direction. Four computers were used for the test - two for the VPN tunnel and two for the LAN-WAN connection. I set up the test so that the non-VPN test pair started first, then kicked in the VPN test pair for awhile, stopped it, then finally stopped the non-VPN test pair. This let me see how much the normal routing and VPN parts of the router interacted.

SMC7004FW: VPN comparison - DMZ disabled
Figure 6: VPN throughput comparison - DMZ disabled
(click on the image for a full-sized view)

Figure 6 compares the results for runs with IPsec and PPTP tunnels. You can see that the non-VPN pair takes a significant throughput hit when either flavor of VPN tunnel is kicked in. But which part of the router gets hit the most? By using the data from the tables at the bottom of the page that contain data taken with only the VPN tunnel running, we can find the answer.

The data shows that when an IPsec tunnel is running , there's about 80% throughput reduction for the non-VPN pair (17.8 to 3.5Mbps [interpolated]) and 22% reduction for the tunnel pair (0.77 to 0.60Mbps). The throughput hit is more evenly distributed when running a PPTP tunnel, with the non-VPN pair getting knocked down only 50% (20 to 10Mbps) and 56% (5.0 to 2.2Mbps) for the PPTP tunnel.

From my previous testing of SPI-based routers, I knew that enabling DMZ or port forwarding could cause routing throughput reduction, so I wanted to see if it would also affect VPN throughput. Figure 7 shows the same test run as in Figure 6, but this time with DMZ enabled on the router with the LAN-WAN traffic.

SMC7004FW: VPN comparison - DMZ enabled
Figure 7: VPN throughput comparison - DMZ enabled
(click on the image for a full-sized view)

As expected, enabling DMZ knocked down the non-VPN throughput about 50% for both PPTP and IPsec cases with no tunnel running. But this time when the IPsec tunnel is kicked in, throughput changed 75% (9.0 to 2.2Mbps - both interpolated from the graph) for the non-VPN pair and 29% (0.77 to 0.55Mbps) for the tunnel. Making the same comparison for a PPTP tunnel running finds the throughput reduction a little less evenly distributed this time, with the non-VPN pair taking a 45% (10 to 5.5Mbps - interpolated) hit, and the PPTP tunnel extracting a 62% (5.0 to 1.9Mbps) penalty.

So what the heck is the bottom line out of all of this? My take-away is that the router does a better job of balancing normal routing and PPTP tunneling than it does with IPsec tunnels. You also probably won't be happy with IPsec tunnel performance unless your data load is very light, and if you enable DMZ or have any ports forwarded, you may even see a noticeable speed reduction in your non-VPN traffic.

IPsec VPN Performance Test Results

Test Description Transfer Rate (Mbps)
[1 MByte data size]
Response Time (msec)
[10 iterations 100 Byte data size]
UDP stream
[10s @ 500kbps]
Actual throughput (kbps) Lost data (%)
Local to Remote 0.77 9 (avg)
11 (max)
293 36
Remote to Local 0.73 9 (avg)
10 (max)
279 35
Firmware Version 1.0 (Jun 14 2002 12:11:59
See details of how we test.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

So I have had the RBK23 for a few months now but just opened the box as we moved into our new house. I have had so many issues since installing it's d...
I want to setup a router for Dual Band-TeamingI'm thinking of buying a Asus RT-AC68U or a NETGEAR Nighthawk X4S AC2600 R7800Is one better for a Teamin...
I'm pulling my hear out with this one. Hope someone can point me in the right direction. Luckily, I isolated the issue really well (had to bring equip...
1. Primary Router must be Merlin latest release. Download from the website. After flashing, Enable SSH in administration>system. Enable WAN+LAN option...
Is there any documentation for the CLI? I just finished resolving a problem with accessing the web based interface but would prefer the CLI, bash, its...

Don't Miss These

  • 1
  • 2
  • 3