ActiveMesh Insane Mode Encryption Performance

This document publishes Aviatrix ActiveMesh Insane Mode encryption performance test benchmarks.

For more information on Aviatrix Insane Mode, check out this link.

Test Result Summary

Aviatrix High Performance Encryption (HPE), also known as ActiveMesh Insane Mode, achieves line rate performance with encryption in AWS when Jumbo frames are deployed (the default setting for AWS instances). The test benchmark baseline is the native AWS peering where no Aviatrix gateways are deployed in the VPCs. Adding 500 stateful firewall rules have little impact to the performance.

Insane Mode Performance Test Topologies

test_topologies

The test is conducted by iperf3 tool with TCP 128 streams. The two VPCs are in the same region.

ActiveMesh in AWS Performance Test Results

1. MTU = 9000 Bytes (AWS default setting)

jumbo

2. MTU = 1500 Bytes

1500

Single Gateway in AWS Performance Test Results

For MTU = 9000 Bytes, the result is shown in the diagram below.

single_gateway_jumbo

Azure Performance Test Results

Azure maximum MTU is 4000 Bytes.

Gateway VM Type Throughput with MTU 1500B Throughput with MTU 4000B
Standard_F32s_v2 8.9Gbps 13.3Gbps
Standard_F48s_v2 10.9Gbps 17.4Gbps
Standard_D64_v3 8.2Gbps 12.1Gbps
Standard_D32_v3 7.1Gbps 10.9Gbps
Standard_D5_v2 6.6Gbps 10.1Gbps

How to Tune Performance

1. Check MTU size

Use Trace Path. Go to Troubleshoot -> Diagnostics -> Network. Select a gateway and destination IP address, click Trace Path. It should display MTU of the devices along the path.

2. Tune TCP window size

For Linux machine, follow the instructions here to tune TCP window size.