When aggregating hundreds or thousands of mobile IPsec (remote workers) & site-to-site (Data Center to Cloud, Cloud to Cloud) VPNs to AWS, there has often been a trade-off of performance, cost, and manageability. There doesn’t need to be one.
The Netgate® TNSR High-Performance Routing & VPN Appliance for Amazon AWS is a powerful solution that connects thousands of mobile users, branch sites, and data centers. Customers are choosing the TNSR High-Performance Routing & VPN Appliance to get high performance, low TCO, and simple management, avoiding any trade-offs.
TNSR leverages vector packet processing (VPP) and acceleration technologies for high-speed routing and VPN performance. For more information on VPP, please peruse the link https://info.netgate.com/vpp.
AWS VPN tunnels are limited to 1.25 Gbps of throughput. There are other limits as well, such as maximum customer gateways, connection count, etc. Please see https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-limits.html. While customers may create multiple tunnels and leverage ECMP to overcome this limit, this can get complicated at scale and adds to the connection count. There is also no guarantee of equal distribution depending on the 5 tuple hash flows of customer traffic. TNSR software performance scales based on the underlying instance type and network, and Netgate has optimized the tunnel termination count to the optimal EC2 instances available. Right-sizing CPU core count allows the software to achieve higher performance.
Customers can use all standard BGP attributes to control traffic flows between their locations and the AWS edge. Customers may leverage route filtering, community strings, route maps, etc. The VPN connection may be IPsec or WireGuard®. Customers may also use OSPF between the branch and AWS TNSR Edge.
There are multiple ways to manage TNSR software, including Command Line Interface (CLI), RESTCONF API, and Graphical User Interface (GUI). TNSR software configuration through CLI and RESTCONF API enables the product to be managed by IT automation platforms like Ansible®, SaltStack®, Puppet®, or Chef™. TNSR software can export data to Prometheus, ERSPAN, and IPFIX, allowing customers to use their existing on-site & cloud-hosted monitoring solutions. Using the same configuration commands across platforms helps streamline operations. TNSR also supports SNMP.
Netgate has spent several decades curating, integrating, and improving open-source software. This ethos of efficiency and aggressive price performance is why pfSense software is the world’s most downloaded firewall. Netgate has replicated this model with the TNSR High-Performance Router & VPN Concentrator. When it comes to VPN performance and price, TNSR has the lowest TCO in the AWS Marketplace.
Netgate support engineers have garnered a global reputation for their technical abilities, customer focus, and willingness to go the extra mile.
https://www.netgate.com/support
There are two levels of Netgate support for instances on AWS.
Technical Support and software updates are included with all TNSR AWS software subscriptions.
The 25 and 50 VPN appliances include TAC Pro. If phone support or a faster response time is desired, Netgate offers an upgrade path to receive TAC Enterprise support for an additional $399/year.
The 100 and 250+ appliances include TAC Enterprise.
Base TNSR Router (Ideal for proof of concept testing and low usage VPN).
(t3.micro & t3.nano are intended for POC or test implementations, not production)
Production-ready TNSR instances support predefined numbers of tunnels. These TNSR instances are available on larger instances sized to fully support expected data flow within the AWS infrastructure and across the boundary, supporting your edge-to-cloud network designs to support mobile IPsec (remote workers) & site-to-site (Data Center to Cloud, Cloud to Cloud) VPNs.
AWS infrastructure costs can quickly bloat as the need to connect more sites and/or remote workers drives increased VPN count. Below are some cost-saving tips to reduce the impact of scope creep.
Netgate’s sales team, sales@netgate.com, and our value-added solution providers, https://www.netgate.com/partner-locator, are eager to assist you with proof of value, network design, and deployment of the TNSR AWS solution.
This blog reviewed how TNSR VPN appliances in AWS can dramatically reduce costs for customers wishing to connect mobile users, branches, and data centers to AWS workloads while delivering unparalleled performance and feature sets. Netgate TNSR VPN Concentrator has the capability and scale to support multi-100 Gbps connectivity to your remote/branch offices, remote workforce, and multi-cloud. Each TNSR VPN appliance option includes support, popular management options, and ease of use. There is no need for compromise.