Page 1 of 1
Vpls over IPSEC
Posted: Wed Feb 29, 2012 3:48 pm
by Duduhandelman
Hi All,
I have two RB 1100X2 and I would like to create Layer 2 VPN.
While trying to do that with EOIP over IPSEC it looks like its working I can reach 400Mb.
While trying to do the same using VPLS I can get to 800+mb but I noticed that the traffic is not encrypted.( While Sniffing the WAN port).
Is it possible to encrypt VPLS traffic?
Many Thanks
Re: Vpls over IPSEC
Posted: Wed Feb 29, 2012 4:01 pm
by mrz
You can't encrypt VPLS because Ipsec can encrypt only Layer3 traffic.
Re: Vpls over IPSEC
Posted: Wed Feb 29, 2012 5:20 pm
by Duduhandelman
Thank You,
Can you please recommend what will be the best performance throughput setup in order to create layer 2 vpn?
How can I make sure I'm using the hardware encryption?
Many Thanks
Re: Vpls over IPSEC
Posted: Thu Mar 01, 2012 10:27 am
by mrz
Most secure method would be EoIP tunnel over IpSec.
You can't see in config if router is using hardware encryption, but if you have one of RB1200 RB1000 or RB1100AHx2 then hw encryption is always used for ipsec.
Re: Vpls over IPSEC
Posted: Thu Mar 01, 2012 10:39 am
by Duduhandelman
Thank you.
I will give it a try, sorry for asking but I would like to achieve the max performance.
What will be the fastest encryption algorithem?
I appriciate the help.
Thank you.
Re: Vpls over IPSEC
Posted: Thu Mar 01, 2012 10:42 am
by mrz
aes-128 should be fastest.
Re: Vpls over IPSEC
Posted: Thu Mar 01, 2012 12:46 pm
by Duduhandelman
Thank You,
Very strange things. While using EOIP testing with iperf tcp test. once Im able to get 300Mb and the second time 100Mb, its happening each time. once 300 once 100 once 300 once 100.
Also while copying file over ssh I'm not able to cross 6MB per second.
Any Idea?
Update
I have made some iperf test without IPSec and the bandwith is constant.
So the changes in throughput happens with IPSec only.
Also copying over SMB gets arround 16MBs while scp around 6MBs.
Thanks Again