Hello,
We have set up an EOIP tunnel over IPSec and wanted some guidance on performance tuning the speed when a remote site joins the same subnet and runs a speed test (by Ookla).
We’ve attached the results from the following:
- site1 PC on the same physical location as the gateway
- site2 PC seamlessly joining the same subnet through the Internet
Is there a better way manage the overhead on the IPSEC tunnel? We’ve attached the results as well when IPSEC tunnel is disabled.
Site1 Router is CCR2004-1G-12S+2XS
Site2 Router is CCR1009-7G-1C-1S+
Any assistance and guidance on this topic is greatly appreciated.
The overhead is EOIP.
It’s not hardware offloaded so uses the CPU and I don’t think it’s multithreaded either.
Try the tests again and monitor CPU usage with Tools → Profile running to monitor CPU usage.
Attached are the results of Site2 and the Hub when running a speed test. Is there a better way to reduce this overhead on the EOIP tunnel? For example, using Starlink on Site2 we are only getting 60 Mbps down, 6 Mbps up.
Don’t use EOIP ?
IPSEC can be HW offloaded on those devices.
EOIP is required in this scenario as we want the Layer2 information.
You’re going to have to take the performance hit if you insist on using EOIP. As it’s CPU bound there’s no way around it.
Other than replacing the routers with models with the highest performing CPU!
