Site-to-Site VPN connection - high latency


Hi all, we have a Site-to-Site VPN configured between out VPC on AWS (the private subnet in the VPC hosts a RDS instance) and our on premise application servers. The VPN is policy-based and for the moment only one tunnel works. The problem is that we have a big latency problem when the traffic leave the last on premise network segment and go to the VPN (sometimes it happens that through the VPN the VPC is not reachable even if the tunnel is active). We are talking about 1250 ms latency. Does anyone have any suggestions on what can be checked and/or modified? Thanks.

3 Answers

You might found this knowledge center article usefull: You can also take pcap on source and destination and review,

answered a year ago

What is Bandwidth Bytes per second and PPS at the time of the issue? You can check Cloudwatch metrics for VPN tunnel and verify if you are not exceeding limit of VPN service on AWS side?

Maximum bandwidth per VPN tunnel Up to 1.25 Gbps No Maximum packets per second (PPS) per VPN tunnel Up to 140,000 No

Its also possible that a lot of packet fragmentation is happening that is causing CPU issues on either AWS VPN device or your device. So try to use TCP MSS Clamping to avoid fragmentation.

See section Best practices for your customer gateway device

answered a year ago

As DataIn we have some 13,3 MB peaks (once a day), so I think we are ok on this side (the tunnel state is always 1, so available). Anyway we are talking about a very small amount of data. Regarding TCP MSS Clamping it has to be checked on cgw side right? Thanks.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions