Azure VPN Gateway Performance
Understand, measure, and optimize the performance of your Azure VPN Gateway connections.
This article provides essential information on understanding the performance characteristics of Azure VPN Gateway. We'll cover factors that influence performance, how to monitor your gateway, and best practices for optimization.
Key Performance Factors
Several factors can impact the throughput and latency of your VPN Gateway connections:
- Gateway SKU: Different SKUs offer varying levels of performance and features. Higher SKUs generally provide higher throughput.
- Number of Tunnels: Each tunnel adds overhead. A large number of tunnels can saturate the gateway's processing capacity.
- Encryption and Authentication Protocols: Stronger encryption (e.g., AES256) can consume more CPU resources, potentially impacting throughput.
- Network Latency: The physical distance and network path between your on-premises network and Azure will affect latency.
- Traffic Patterns: Bursty traffic, small packet sizes, or protocol overhead can lead to lower effective throughput.
- MTU (Maximum Transmission Unit): Incorrect MTU settings can cause fragmentation and reduce performance.
Understanding Throughput and Latency
Throughput is the amount of data that can be transferred over a period, typically measured in Mbps or Gbps. For VPN Gateway, this is often measured as the aggregate throughput of all tunnels.
Latency is the time it takes for a data packet to travel from source to destination and back (Round Trip Time - RTT). Lower latency is crucial for real-time applications.
| Metric | Description | Impacted By |
|---|---|---|
| Throughput (Aggregate) | Total data transfer rate across all tunnels. | Gateway SKU, number of tunnels, encryption. |
| Latency (RTT) | Time for a packet to travel and return. | Network distance, congestion, gateway processing. |
| Packet Loss | Percentage of packets that do not reach their destination. | Network congestion, device issues. |
Monitoring VPN Gateway Performance
Azure Monitor is your primary tool for tracking VPN Gateway performance. Key metrics to watch include:
- Gateway P2S/S2S Bandwidth: Monitors the aggregate bandwidth used by point-to-site and site-to-site connections.
- Gateway Tunnel Bandwidth: Provides bandwidth usage per tunnel.
- Gateway Performance: Offers insights into CPU utilization and health.
- Network In/Out: General network traffic to/from the gateway.
Tip:
Set up alerts in Azure Monitor for critical metrics like high bandwidth utilization or increased latency to proactively identify potential issues.
Optimizing VPN Gateway Performance
To achieve optimal performance, consider the following strategies:
1. Choose the Right Gateway SKU
Select a SKU that aligns with your expected throughput requirements. Refer to the Azure VPN Gateway SKUs documentation for details on available options.
2. Optimize Tunnel Configuration
- Protocol Selection: While IKEv2 is generally preferred for its efficiency, ensure your on-premises devices support it.
- Encryption Strength: Balance security needs with performance. If possible, use algorithms like AES256 with SHA256.
3. Manage MTU Settings
Ensure consistent MTU settings across your network to prevent fragmentation. VPN Gateway typically uses a default MTU, but it's crucial to verify and adjust if necessary. For detailed guidance, see Optimizing MTU for VPN Gateway.
4. Load Balancing and Redundancy
For high availability and increased throughput, consider using multiple VPN Gateways or Azure Virtual WAN, which offers a global transit network.
5. Network Path Optimization
Minimize hops and congestion on the network path between your on-premises network and Azure. If you experience high latency, investigate your ISP's routing and your on-premises network infrastructure.
Troubleshooting Common Performance Issues
Important:
Before making significant configuration changes, document your current settings and perform changes during off-peak hours.
Low Throughput
- Check your Gateway SKU and compare it against your current bandwidth usage.
- Verify the number of active tunnels and their individual bandwidth consumption.
- Ensure your on-premises VPN device is not a bottleneck.
- Monitor for packet loss, which can drastically reduce effective throughput.
High Latency
- Measure latency from various points in your network.
- Confirm the geographic location of your VPN Gateway relative to your on-premises sites.
- Investigate potential network congestion on your internal or external network segments.
- Consider using Azure ExpressRoute for predictable, low-latency connectivity if your requirements justify it.
Best Practices Summary
- Plan Ahead: Estimate your bandwidth needs based on application requirements and user count.
- Monitor Continuously: Use Azure Monitor to keep an eye on key performance metrics.
- Test Thoroughly: After making any changes, test performance to confirm improvements.
- Stay Updated: Keep your VPN gateway and on-premises VPN devices updated with the latest firmware and security patches.
By understanding these factors and utilizing Azure's monitoring and optimization tools, you can ensure your Azure VPN Gateway provides reliable and performant connectivity for your organization.