Q: What's the speed of the new performance site-to-site gateway for Azure?
A: The standard site-to-site (S2S) VPN has a maximum potential speed of 100Mbps that connects an on-premises location to an Azure virtual network. Most environments see only around 80Mbps. Behind the scenes, Azure creates a pair of small virtual machines, single core, that run in an active/passive configuration. The single core is the bottleneck because the S2S VPN uses IPSEC, which heavily utilizes the CPU; this means that at around 80Mbps, the processor core is at 100 percent and no more data can flow.
The new premium S2S VPN has a maximum potential speed of 200Mbps; however, the actual speed is likely to vary. In addition, the premium offering supports 30 tunnels whereas the standard offering supports only 10. Currently, the premium gateway is priced at 49 cents per gateway hour, which contrasts to .036 cents per gateway hour for the standard gateway. This is obviously a big price difference for the improved speed. Organizations will likely want to evaluate ExpressRoute, which starts to become comparable in price at lower speeds and offers advantages over S2S VPN, such as low latencies and not running over the public Internet.