Community discussions

MikroTik App
 
Duduhandelman
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 89
Joined: Wed Jan 04, 2012 5:30 pm

Vpls over IPSEC

Wed Feb 29, 2012 3:48 pm

Hi All,
I have two RB 1100X2 and I would like to create Layer 2 VPN.
While trying to do that with EOIP over IPSEC it looks like its working I can reach 400Mb.
While trying to do the same using VPLS I can get to 800+mb but I noticed that the traffic is not encrypted.( While Sniffing the WAN port).

Is it possible to encrypt VPLS traffic?

Many Thanks
Last edited by Duduhandelman on Wed Feb 29, 2012 10:44 pm, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Vpls over IPSEC

Wed Feb 29, 2012 4:01 pm

You can't encrypt VPLS because Ipsec can encrypt only Layer3 traffic.
 
Duduhandelman
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 89
Joined: Wed Jan 04, 2012 5:30 pm

Re: Vpls over IPSEC

Wed Feb 29, 2012 5:20 pm

Thank You,
Can you please recommend what will be the best performance throughput setup in order to create layer 2 vpn?
How can I make sure I'm using the hardware encryption?

Many Thanks
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Vpls over IPSEC

Thu Mar 01, 2012 10:27 am

Most secure method would be EoIP tunnel over IpSec.

You can't see in config if router is using hardware encryption, but if you have one of RB1200 RB1000 or RB1100AHx2 then hw encryption is always used for ipsec.
 
Duduhandelman
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 89
Joined: Wed Jan 04, 2012 5:30 pm

Re: Vpls over IPSEC

Thu Mar 01, 2012 10:39 am

Thank you.
I will give it a try, sorry for asking but I would like to achieve the max performance.
What will be the fastest encryption algorithem?
I appriciate the help.

Thank you.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Vpls over IPSEC

Thu Mar 01, 2012 10:42 am

aes-128 should be fastest.
 
Duduhandelman
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 89
Joined: Wed Jan 04, 2012 5:30 pm

Re: Vpls over IPSEC

Thu Mar 01, 2012 12:46 pm

Thank You,
Very strange things. While using EOIP testing with iperf tcp test. once Im able to get 300Mb and the second time 100Mb, its happening each time. once 300 once 100 once 300 once 100.

Also while copying file over ssh I'm not able to cross 6MB per second.

Any Idea?
Update
I have made some iperf test without IPSec and the bandwith is constant.
So the changes in throughput happens with IPSec only.
Also copying over SMB gets arround 16MBs while scp around 6MBs.
Thanks Again

Who is online

Users browsing this forum: Guntis, Josephny, svmk, synchro and 101 guests