New Graphs Help Customers Adjust to Higher VPN Demand

In response to COVID-19, many CenturyLink customers have had large increases in the number of client VPNs, and this new demand has pushed the limits of some installed firewall models.

Client VPN usage has been historically small (50 to 100 users per site, per customer) because of how the service is normally deployed. Often just a handful of administrators will connect remotely to firewalls via a VPN. That has changed drastically, with some customers requiring 1,000s of remote users as their employees started working from home.

Engineering has seen escalations for real-time usage tracking. In instances where usage was reaching platform limits, customers have wanted to upgrade to larger platforms or direct some users to other installed sites.

In less than a week, engineering implemented three new monitoring points — client VPN connection count, IPSec VPN tunnel count, and IPSec VPN traffic count — to the devices. We were able to also rapidly deploy the graphed data into the customer’s portal.

The graph below shows client VPN connections. The red line indicates the platform’s VPN connection maximum. The firewall in this example is a Cisco ASA 5525 with a platform maximum of 750 remote users. From this graph, it’s easy to see they quickly hit the platform max within a couple of hours during the morning.

This next graph shows the IPSec tunnel count. It’s important for VPN gateways to be able to assess the combined tunnel and client VPN traffic as it will likely have an impact on CPU and memory utilization.

Below is IPSec tunnel traffic volume.

These new graphs when combined with existing graphs for CPU, memory and network utilization graphs have allowed customers to properly adjust to increased client VPN demand.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. CenturyLink does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents CenturyLink’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. CenturyLink may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2020 CenturyLink. All Rights Reserved.