Is there a speed and performance difference between VPNs (L2TP, etc.) vs. port forwarding?

Let's say you wanted to transfer a 1 GB file from a machine at site 1 to a machine at site 2. You can either connect the two machines via a VPN (L2TP) or basic port forwarding. Which connection method would move the file faster (or would it be a tie?), and why?

Solution 1:

Port forwarding would be quicker, but it would be less secure, in the sense that there is no confidentiality, or integrity. If you don't care then it is not a problem. Any VPN or tunnelling will add overhead, both in terms of the Packet header, and processing on the gateway that is encrypting and encapsulating your data. Different VPN technologies can use varying levels of encryption and hashing, and often that is also supported in the hardware of devices.

The actual speed and throughput you receive will be dependent on quite a few variables. You also need to consider the protocol you use for the transfer, and the latency of the end to end connection. Protocols like CIFS are very bad over a WAN circuit as they do not have effective TCP window scaling, so your total throughput is constrained by your round trip latency. sftp is much better of a WAN link and it would also provide encryption. SCP not as fast, but still pretty effective.

Solution 2:

I don't think you'd have a relevant performance gain for this specific example. Nonetheless, bear in mind a layer 2 to VPN would handle more traffic, like broadcasts, ARP packets, and NetBIOS packets.

If your need is just forwarding a specific service/port, I'd rather go with port forwarding and denying incoming packets to anything else that doesn't need to be exposed.

Bear in mind that, enabling a L2 VPN you're somehow exposing all your nodes to both networks. If you trust both networks and it sounds OK, well, no problem. If it doesn't, expose only what need to be exposed.