In response to COVID-19, many CenturyLink customers have had large increases in the number of client VPNs, and this new demand has pushed the limits of some installed firewall models.
Client VPN usage has been historically small (50 to 100 users per site, per customer) because of how the service is normally deployed. Often just a handful of administrators will connect remotely to firewalls via a VPN. That has changed drastically, with some customers requiring 1,000s of remote users as their employees started working from home.
Engineering has seen escalations for real-time usage tracking. In instances where usage was reaching platform limits, customers have wanted to upgrade to larger platforms or direct some users to other installed sites.
In less than a week, engineering implemented three new monitoring points — client VPN connection count, IPSec VPN tunnel count, and IPSec VPN traffic count — to the devices. We were able to also rapidly deploy the graphed data into the customer’s portal.
The graph below shows client VPN connections. The red line indicates the platform’s VPN connection maximum. The firewall in this example is a Cisco ASA 5525 with a platform maximum of 750 remote users. From this graph, it’s easy to see they quickly hit the platform max within a couple of hours during the morning.
This next graph shows the IPSec tunnel count. It’s important for VPN gateways to be able to assess the combined tunnel and client VPN traffic as it will likely have an impact on CPU and memory utilization.
Below is IPSec tunnel traffic volume.
These new graphs when combined with existing graphs for CPU, memory and network utilization graphs have allowed customers to properly adjust to increased client VPN demand.