|WAN to LAN||29 Mbps|
|LAN to WAN||33 Mbps|
|Total Simultaneous||32 Mbps|
|Maximum Simultaneous Sessions||180|
Table 2: Routing test results
Figure 17 is a screenshot of the Router Chart WAN to LAN throughput rankings at the time of this review, filtered to show only routers with built-in VPN endpoint features. The 3120 falls right in the middle of the pack with just shy of 30 Mbps throughput. Although it's not the fastest IPsec router available, 30 Mbps should be fine for most business Internet connections.
Figure 17: WAN to LAN throughput comparison - Tested VPN routers
I did some real world testing to evaluate the 3120's IPSec VPN performance. The router was connected to a cable ISP (TimeWarner) with measured download/upload speeds of 6838 / 493 Kbps and the Netgear was connected to a fiber ISP (Verizon FIOS) with measured download/upload speeds of 18809 / 4309 Kbps. I used speakeasy.net to measure the ISP speeds.
The ADTRAN was located near Chicago and the Netgear back in my lab in New England, for a total distance of over 1000 miles. I used Jperf to run default TCP throughput tests over the tunnel between the ADTRAN and the Netgear configured with 3DES encryption (For more details on testing using Jperf , check out this article.)
Running a Jperf test from a PC behind one router to the other is going to limited to the ISP's upload speed on the side of the PC acting as the client/transmitter in the Jperf test. So a good result would be throughput equal to or just under the measured upload speed of that ISP connection.
Based on the speakeasy.net measurements, good results would be throughput from ADTRAN to Netgear of up to 493 Kbps and from Netgear to ADTRAN of up to 4309 Kbps. Table 2 summarizes my test results.
|ADTRAN-Netgear||493 Kbps||459 Kbps|
|Netgear-ADTRAN||4309 Kbps||2397 Kbps|
Table 2: VPN test summary
I ran the test multiple times in both directions and saw throughput from the ADTRAN to the Netgear between 458-460 Kbps, while throughput from the Netgear to the ADTRAN between 2369-2421 Kbps. The 458-460 Kbps throughput from the ADTRAN to Netgear is good, since the ISP connected to the ADTRAN peaks at 493 Kbps upload.
But I expected the 2369-2421 Kbps measured throughput from the Netgear to the ADTRAN to be higher with an ISP connection that peaked at 4309 Kbps upload. However, it appears that the 3120 is the limiting factor with around 2.4 Mbps tunnel throughput using 3DES encryption. On the other hand, because the test was not done on a private LAN, the lower speed could be due to ISP/Internet congestion or rate limiting unrelated to the 3120.
Figure 18 shows Jperf output from a test using the PC on the faster ISP connection.
Figure 18: Jperf Ipsec test screen
A more serious problem that I encountered during testing was that the tunnels from the ADTRAN to both the Netgear and SonicWall did not remain continuously connected. I had to restart the VPN connections several times during my evaluation to restore connectivity.
Unfortunately, the 3120's web GUI doesn't have an effective means to stop and start a VPN tunnel, so I restarted the connections from the Netgear and SonicWall, or rebooted the 3120. Rebooting the 3120 was an effective means of restoring the tunnels, but obviously not practical in production.
The ADTRAN 3120's reboot menu option indicates a reboot takes about 60 seconds. But my experience was that reboot and full restoration of Internet and VPN connectivity was closer to 120 seconds. The end result of my testing is that Site-to-Site VPN with other IPsec capable routers works. But settings may be limited with some brands, such as I experienced with the ADTRAN-SonicWall connection.
I put together Table 3 to try to compare the 3120 with other small-business routers with IPsec capability. The closest product in terms of features (and price) would be the SonicWall TZ190/W.
|Product||WAN Ports||LAN Ports||WAN-LAN
|LAN-WAN (Mbps)||Total Thruput (Mbps)||Max Connects||Price|
|Netgear FVS336G||2||4 (GbE)||59||58||56||200||$255|
Table 3: VPN router comparison
But the 3120 beats all the other routers in the table with its routing feature set that includes multiple routing protocols and VLAN capability. With the ability to run a wide array of Layer 2 and Layer 3 protocols from VLANs to OSPF, as well as its integrated access point management and numerous other features, it easily has the most network functionality of any of the routers in the table.
Of course, I would prefer to see a gigabit switch and the dual WAN ports available on less expensive routers. And for a VPN-capable router, it would also be nice to have at least one IPsec client software license included, or better yet, support for SSL VPN connectivity that simplifies tunnel setup.
But the main thing that might hold off potential buyers looking to upgrade from consumer-grade VPN routers is the 3120's reliance on its CLI command set to get the most out of the product. Although the GUI will get you going, you’ll need to learn the AOS to get the most out of your 3120. On the other hand, experienced network jockeys accustomed to CLI-based management will feel right at home and probably be glad to be rid of a web-based interface.
Nevertheless, the ADTRAN NetVanta 3120 is the most full-featured network device I've had the pleasure of testing, and I didn't cover anywhere near all this router’s features. Put a 3120 at the hub of your network and it will be a long time before you exhaust all its capability.