We are connecting several CCR1016-12S-1S+ devices via the Internet using GRE/IPsec and OSPF.
At a remote site, we have a Internet line capable of 150-200 Mbps. This is confirmed by speedtest.net and the build-in tool of Mikrotik. For some reason, when users at this remote site perform network operations via the Mikrotik towards the main site, their throughput is terrible: 500 kbps to a maximum of 1 Mbps.
Resource usage is non-existing (CPU at a max of 2%)… Interface stats also looks good. I’ve been reading some info about changing the interfaces queue’s from ‘only-hardware-queue’ to ‘multi-queue-ethernet-default’ and perhaps changing the IPsec encryption (currently AES-256 CBC) but this is irrelevant if resource usage is non-existing?
You can run packet sniffer and you will see packets are fragmented or not. But you can guess it by simple calculations, by adding tunnel and otehr encapsulated tunnel overheads to the base packet.
If putting voice over the tunnel is your main use case, it might be helpful to use a tool like Ping Plotter to measure your underlying ISP connection to ensure that it has consistent Jitter before troubleshooting the tunnel.
We have solved a lot of voice and other network issues over the years by letting this run for 24 hours or more and then looking at the historical data. Oftentimes you might do a ping for a few minutes and if everything looks good, you will conclude the ISP is solid. This will take detailed and recordable stats that you can save to find issues that only show up intermittently.
For what it’s worth, we have done a lot of implementations that use VoIP (mostly SIP) over tunnels between two MikroTiks and it works very well with consistent jitter - provided the WAN link is stable and there is a proper QoS / Queue config.