Vpls over IPSEC
RouterOS general discussion

7 posts   •   Page 1 of 1
Duduhandelman
Frequent Visitor
Frequent Visitor
 
Posts: 66
Joined: Wed Jan 04, 2012 6:30 pm

Vpls over IPSEC

by Duduhandelman » Wed Feb 29, 2012 4:48 pm

Hi All,
I have two RB 1100X2 and I would like to create Layer 2 VPN.
While trying to do that with EOIP over IPSEC it looks like its working I can reach 400Mb.
While trying to do the same using VPLS I can get to 800+mb but I noticed that the traffic is not encrypted.( While Sniffing the WAN port).

Is it possible to encrypt VPLS traffic?

Many Thanks
Last edited by Duduhandelman on Wed Feb 29, 2012 11:44 pm, edited 1 time in total.

User avatar
mrz
MikroTik Support
MikroTik Support
 
Posts: 4079
Joined: Wed Feb 07, 2007 1:45 pm
Location: Latvia

Re: Vpls over IPSEC

by mrz » Wed Feb 29, 2012 5:01 pm

You can't encrypt VPLS because Ipsec can encrypt only Layer3 traffic.

Duduhandelman
Frequent Visitor
Frequent Visitor
 
Posts: 66
Joined: Wed Jan 04, 2012 6:30 pm

Re: Vpls over IPSEC

by Duduhandelman » Wed Feb 29, 2012 6:20 pm

Thank You,
Can you please recommend what will be the best performance throughput setup in order to create layer 2 vpn?
How can I make sure I'm using the hardware encryption?

Many Thanks

User avatar
mrz
MikroTik Support
MikroTik Support
 
Posts: 4079
Joined: Wed Feb 07, 2007 1:45 pm
Location: Latvia

Re: Vpls over IPSEC

by mrz » Thu Mar 01, 2012 11:27 am

Most secure method would be EoIP tunnel over IpSec.

You can't see in config if router is using hardware encryption, but if you have one of RB1200 RB1000 or RB1100AHx2 then hw encryption is always used for ipsec.

Duduhandelman
Frequent Visitor
Frequent Visitor
 
Posts: 66
Joined: Wed Jan 04, 2012 6:30 pm

Re: Vpls over IPSEC

by Duduhandelman » Thu Mar 01, 2012 11:39 am

Thank you.
I will give it a try, sorry for asking but I would like to achieve the max performance.
What will be the fastest encryption algorithem?
I appriciate the help.

Thank you.

User avatar
mrz
MikroTik Support
MikroTik Support
 
Posts: 4079
Joined: Wed Feb 07, 2007 1:45 pm
Location: Latvia

Re: Vpls over IPSEC

by mrz » Thu Mar 01, 2012 11:42 am

aes-128 should be fastest.

Duduhandelman
Frequent Visitor
Frequent Visitor
 
Posts: 66
Joined: Wed Jan 04, 2012 6:30 pm

Re: Vpls over IPSEC

by Duduhandelman » Thu Mar 01, 2012 1:46 pm

Thank You,
Very strange things. While using EOIP testing with iperf tcp test. once Im able to get 300Mb and the second time 100Mb, its happening each time. once 300 once 100 once 300 once 100.

Also while copying file over ssh I'm not able to cross 6MB per second.

Any Idea?
Update
I have made some iperf test without IPSec and the bandwith is constant.
So the changes in throughput happens with IPSec only.
Also copying over SMB gets arround 16MBs while scp around 6MBs.
Thanks Again

7 posts   •   Page 1 of 1

Who is online

Users browsing this forum: blackmesawireless, Google [Bot], icschad, vstman and 36 guests

It is currently Tue Nov 25, 2014 4:27 am