Hi!
Im trying to make gre over ipsec connections on 4011 and get poor and unstable performance for on download. I have 100mbps internet link, two mikrotiks: 750gr3 and RB4011iGS, juniper mx80.
There are some test results and router config.
On 4011 i have 6 mbps download on speedtest, sometimes it goes to 84, but practicaly it is same 6mbit.
750gr3 looks way better.
4011
4011:
[admin@4011if] > system/routerboard/print
routerboard: yes
model: RB4011iGS+5HacQ2HnD
revision: r2
serial-number: HJC0A8KWJEY
firmware-type: al2
factory-firmware: 7.16.2
current-firmware: 7.19.6
upgrade-firmware: 7.19.6
/ip ipsec policy group
add name=ipsec-group1
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
add dh-group=modp1024 dpd-interval=10s enc-algorithm=aes-128 name=profile1
/ip ipsec peer
add address=1.2.3.4/32 exchange-mode=ike2 name=peer2 profile=profile1
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-128-cbc name=proposal1
/ip ipsec identity
add peer=peer2 policy-template-group=ipsec-group1
/ip ipsec policy
add dst-address=10.0.0.1/32 peer=peer2 proposal=proposal1 src-address=10.0.0.24/32 tunnel=yes
/ip firewall mangle
add action=change-mss chain=forward in-interface=gre-tunnel1 new-mss=1240 protocol=tcp tcp-flags=syn tcp-mss=1241-65535
add action=change-mss chain=forward new-mss=1240 out-interface=gre-tunnel1 protocol=tcp tcp-flags=syn tcp-mss=1241-65535
download 1 connection:
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 338 KBytes 2.77 Mbits/sec 20 4.80 KBytes
[ 5] 1.00-2.00 sec 205 KBytes 1.68 Mbits/sec 14 6.00 KBytes
[ 5] 2.00-3.00 sec 278 KBytes 2.28 Mbits/sec 18 4.80 KBytes
[ 5] 3.00-4.00 sec 200 KBytes 1.64 Mbits/sec 18 6.00 KBytes
[ 5] 4.00-5.00 sec 237 KBytes 1.95 Mbits/sec 22 3.60 KBytes
[ 5] 5.00-6.00 sec 249 KBytes 2.04 Mbits/sec 12 6.00 KBytes
[ 5] 6.00-7.00 sec 245 KBytes 2.00 Mbits/sec 22 8.39 KBytes
[ 5] 7.00-8.00 sec 283 KBytes 2.32 Mbits/sec 12 6.00 KBytes
[ 5] 8.00-9.00 sec 284 KBytes 2.33 Mbits/sec 12 4.80 KBytes
[ 5] 9.00-10.00 sec 288 KBytes 2.36 Mbits/sec 12 7.20 KBytes
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.02 sec 2.55 MBytes 2.13 Mbits/sec 162 sender
download 10 connection:
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.02 sec 16.2 MBytes 13.5 Mbits/sec 220 sender
[ 8] 0.00-10.02 sec 9.34 MBytes 7.82 Mbits/sec 67 sender
[ 10] 0.00-10.02 sec 7.78 MBytes 6.52 Mbits/sec 64 sender
[ 12] 0.00-10.02 sec 9.19 MBytes 7.69 Mbits/sec 81 sender
[ 14] 0.00-10.02 sec 8.45 MBytes 7.07 Mbits/sec 46 sender
[ 16] 0.00-10.02 sec 7.88 MBytes 6.60 Mbits/sec 66 sender
[ 18] 0.00-10.02 sec 8.77 MBytes 7.34 Mbits/sec 76 sender
[ 20] 0.00-10.02 sec 13.7 MBytes 11.4 Mbits/sec 59 sender
[ 22] 0.00-10.02 sec 9.67 MBytes 8.09 Mbits/sec 45 sender
[ 24] 0.00-10.02 sec 13.7 MBytes 11.5 Mbits/sec 70 sender
[SUM] 0.00-10.02 sec 105 MBytes 87.6 Mbits/sec 794 sender
upload 1 connection:
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 11.3 MBytes 94.6 Mbits/sec 19 417 KBytes
[ 5] 1.00-2.00 sec 10.0 MBytes 84.0 Mbits/sec 0 464 KBytes
[ 5] 2.00-3.00 sec 10.4 MBytes 87.4 Mbits/sec 0 495 KBytes
[ 5] 3.00-4.00 sec 10.5 MBytes 87.9 Mbits/sec 0 516 KBytes
[ 5] 4.00-5.00 sec 10.0 MBytes 84.0 Mbits/sec 0 526 KBytes
[ 5] 5.00-6.00 sec 10.6 MBytes 88.9 Mbits/sec 0 531 KBytes
[ 5] 6.00-7.00 sec 10.5 MBytes 87.9 Mbits/sec 0 531 KBytes
[ 5] 7.00-8.00 sec 9.84 MBytes 82.5 Mbits/sec 0 531 KBytes
[ 5] 8.00-9.00 sec 10.7 MBytes 89.9 Mbits/sec 4 427 KBytes
[ 5] 9.00-10.00 sec 9.95 MBytes 83.5 Mbits/sec 0 471 KBytes
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 104 MBytes 87.1 Mbits/sec 23 sender
[ 5] 0.00-10.03 sec 103 MBytes 86.0 Mbits/sec receiver
750gr3
[admin@test22] > system/routerboard/print
routerboard: yes
board-name: hEX
model: RB750Gr3
revision: r4
serial-number: CC230D5B6B5C
firmware-type: mt7621L
factory-firmware: 6.47.4
current-firmware: 7.19.6
upgrade-firmware: 7.19.6
/ip ipsec policy group
add name=ipsec-group1
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
add dh-group=modp1024 dpd-interval=10s name=profile1
/ip ipsec peer
add address=1.2.3.4/32 exchange-mode=ike2 name=peer2 profile=profile1
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-128-cbc name=proposal1
/ip ipsec identity
add peer=peer2 policy-template-group=ipsec-group1
/ip ipsec policy
add dst-address=10.0.0.1/32 peer=peer2 proposal=proposal1 src-address=10.0.0.3/32 tunnel=yes
download 1 connection:
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 10.2 MBytes 85.9 Mbits/sec 14 287 KBytes
[ 5] 1.00-2.00 sec 10.6 MBytes 88.5 Mbits/sec 0 320 KBytes
[ 5] 2.00-3.00 sec 10.1 MBytes 84.9 Mbits/sec 0 341 KBytes
[ 5] 3.00-4.00 sec 10.7 MBytes 89.6 Mbits/sec 0 351 KBytes
[ 5] 4.00-5.00 sec 10.1 MBytes 84.3 Mbits/sec 13 257 KBytes
[ 5] 5.00-6.00 sec 9.74 MBytes 81.7 Mbits/sec 51 197 KBytes
[ 5] 6.00-7.00 sec 9.12 MBytes 76.5 Mbits/sec 0 223 KBytes
[ 5] 7.00-8.00 sec 10.1 MBytes 84.3 Mbits/sec 0 252 KBytes
[ 5] 8.00-9.00 sec 10.1 MBytes 84.9 Mbits/sec 0 276 KBytes
[ 5] 9.00-10.00 sec 10.5 MBytes 88.0 Mbits/sec 0 300 KBytes
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.02 sec 101 MBytes 84.7 Mbits/sec 78 sender
upload 1 connection:
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 10.9 MBytes 91.0 Mbits/sec 49 386 KBytes
[ 5] 1.00-2.00 sec 10.4 MBytes 87.0 Mbits/sec 0 429 KBytes
[ 5] 2.00-3.00 sec 10.3 MBytes 86.4 Mbits/sec 0 459 KBytes
[ 5] 3.00-4.00 sec 10.4 MBytes 86.9 Mbits/sec 1 341 KBytes
[ 5] 4.00-5.00 sec 10.3 MBytes 86.4 Mbits/sec 0 371 KBytes
[ 5] 5.00-6.00 sec 10.3 MBytes 86.4 Mbits/sec 0 389 KBytes
[ 5] 6.00-7.00 sec 10.3 MBytes 86.5 Mbits/sec 0 397 KBytes
[ 5] 7.00-8.00 sec 10.9 MBytes 91.9 Mbits/sec 0 405 KBytes
[ 5] 8.00-9.00 sec 10.3 MBytes 86.4 Mbits/sec 0 422 KBytes
[ 5] 9.00-10.00 sec 10.3 MBytes 86.4 Mbits/sec 65 307 KBytes
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 104 MBytes 87.5 Mbits/sec 115 sender
[ 5] 0.00-10.03 sec 103 MBytes 86.2 Mbits/sec receiver