Hello,
maybe I did not it correctly but I firstly created EOIP tunnel between two public IPs. Then I tested the trouhgput and it corresponded to the expectations (hit the limit of the connection, it means 10/1Mbits) both UDP and TCP.

RB2011UAS on one side and Omnitik on the other side, both with ROS 6.12.

After successfull running of EOIP I made an IPSEC encryption. When running the both way test now, it uses approximatelly 15-20% of cpu at both sides when 10/1Mbit of UDP traffic is passed. But when testing TCP, it is a catastrophe. Even setting the btest limits to 500k/500k, both cpus are maxed out by btest on both sides (90-97% of cpu to btest on omnitiks side, but 50% to btest and 50% to sniffing on RB2011) when used 20 connections for testing purpose.

Does not matter what limits are set (above 500k/500k), both cpus are maxed the same even the limit 900k/9M is set. At this situation it shows the traffic at 500k/5-7M even the interfaces show around 1M/9M.

When no rx/tx limit is set to btest, it passes only 800k/1,5M. How to? (maybe it means that tx has priority and is on the limit so no reception is possible?)

Sometimes "unclassified" is written in profile instead "sniffing" of 50% on RB2011 side, unlike the omnitiks side still shows 90-97% of btest regardless to limits set (even unset). Why it does sniffing? And second side not?

I tried to get rid of btest to other machines (bridged to the tunneling routers). The other two routers (Groove and another Omnitik) were again maxed out regardless the rx/tx limits were set to btest.

So I guess that btest is somehow wrongly written, especially when it is able to consume 100% cpu when generating 50/50Mbits like 500k/500k of TCP traffic. Is this normal or should I send an e-mail to support? Maybe it is also profile bug as it shows sniffing on one side but not on the other side, and no sniffing when using other then tunneling routers to generate the traffic (and none of them do sniffing).

Thank you for your ideas and oppinions.