Speedfusion tunnel drastically slower than WAN connection

I am having a strange issue at 2 of 8 locations where the Speedfusion tunnel is MUCH slower than the WAN connection.
All locations are running a Pepwave MAX BR1 or MAX BR1 Mini.
All locations connect to a Fusionhub VM appliance at HQ.

The local networks are configured as (example):
untagged VLAN 10.10.11.1/24
Guest VLAN 64 172.16.11.1/24

Speedfusion connection to HQ
Outbound traffic policies:

  • LAN to HQ - network 10.10.11.0/24 to any, send to VPN: HQ
  • Guest - Network 172.16.11.0/24 to any, send to WAN

What happens is that doing a WAN Analysis (speed test) from location to HQ using fusionhub as server, WAN gets ~100M down, 20M up.

speed test from a device on guest network (going directly out the WAN) gets ~100M down, 20M up.

Speed test from a device on the LAN (10.10.11.0/24, going through the pepvpn HQ) network gets ~16M down, ~1.6M up consistently.

Any ideas?

I can’t find the specification for that device, but It sounds about right. Those BR1 devices seem to have a routing throughput of about 100Mbps, so when you add an encrypted tunnel you will get far less. Here’s some devices that have the spec listed…

Max Transit - 400Mbps routed throughtput, 100Mbps Speedfusion Unencrypted, 60Mbps Encrypted
Balance One - 600Mbps routed throughtput, 60Mbps Speedfusion Unencrypted, 30Mbps Encrypted

BR1 Encrypted VPN throughput is rated at 20Mbps. The fact that you are getting less than this on download and less than 10% of that throughput on upload suggests the cellular connection has something else going on. Either high point to point latency between the BR1 and the hub location or packet loss.

What do the PepVPN/SpeedFusion charts show when you run a VPN speedtest?

1 Like

This happens even with the Cellular connection completely disabled. The main WAN connection is a cable internet circuit. Here is the charts when performing first an upload speedtest and then a download.

Look at how much packet loss you have on the uplink - that’s the first place to start.
image.png

Why is it so bad? What type of Wired WAN is this?

Turn on DSL cable optimisation in the mean time. That will duplicate the sent ACK packets which will mitigate for the upload packet loss a little.

I wish I knew why it was so bad. The frustrating thing is that uploading from the WAN interface but NOT through the speedfusion tunnel I see no packet loss and ~20M up. The DSL/Cable optimization is already turned on.