- Newest
- Most votes
- Most comments
Hi There
A minimum bandwidth of 10 Mbps is supported per user connection. The maximum bandwidth per user connection depends on the number of connections being made to the Client VPN endpoint. See https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is-best-practices.html
ClientVPN is a managed service and does not publish a maximum bandwidth as it is affected by multiple factors. For example, any VPN will introduce overhead to handle the encryption, so you should not expect the same bandwidth as you would an unencrypted connection (like connecting directly to a public IP in your example).
Another option might be to use a Site-to-site VPN which would provide you with up to 1.25Gbps
Documentation is inconsistent. This page says that the minimum bandwidth per connection is 10 Mbit/s: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is-best-practices.html
A minimum bandwidth of 10 Mbps is supported per user connection. The maximum bandwidth per user connection depends on the number of connections being made to the Client VPN endpoint.
Whereas another page in the same documentation, https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/troubleshooting.html#test-throughput, says the opposite:
The throughput depends on multiple factors, such as the capacity of your connection from your location, and the network latency between your Client VPN desktop application on your computer and the VPC endpoint. There is also a 10 Mbps bandwidth limit per user connection.
I would guess that there may very well be a maximum limit set. The general reasoning would be to avoid heavy variations in the perceived available capacity. For example, if one VM or container task that might serve as the platform for the VPN endpoint were capable of the same 1.25 Gbit/s of throughput as a site-to-site VPN in AWS, it could very well be nearly fully utilised by a single heavy user. When a few other heavy users also started their data transfers, the same capacity would be shared between them, causing throughput to plummet to a fraction of the level any one of them would get during quiet hours.
Imposing a hypothetical 100-Mbit/s limit, neatly just 10x the 10 Mbit/s (some of the) documentation says is the minimum, would deliver consistent throughput for up to a dozen users fully utilising the available bandwidth, and even going a bit above that number, the throughput would only be reduced incrementally, until the endpoint scaled out to provide another hypothetical 1.25 Gbit/s for the next dozen-or-so users.
In terms of architectural design principles, this is known as the "noisy neighbour" problem, and one strategy for mitigating it is to enforce bandwidth or throughput limits and/or guarantee minimums for each user needing the issue minimised.
If you have Enterprise support, I'd suggest raising a support ticket to get an official statement. I have no inside information, but I wouldn't be surprised if support or the service team might have the ability to adjust the limit, even if it isn't publicly documented, for customers needing throughput to be high more than for it to be stable and predictable. Most likely, there's a dedicated VM or container for each increment the service uses for scaling, separated from other customers.
Relevant content
- asked 3 years ago
- asked 8 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- How do I get notified when the certificate associated to the Client VPN endpoint is about to expire?AWS OFFICIALUpdated 10 months ago
Thanks for your response. Is there any other way to ask AWS to increase the speed besides an enterprise support plan?
You can raise a support ticket with a lower level support plan, but I only have experience making similar requests with Enterprise level support.