Hi,
Currently running RB450G’s and are maxing out around 10Mbps IPSEC throughput, I am looking for something that can do up to around the 45Mbps mark.
What would people recommend, both interms of routerboards and alternatives like cisco etc.
Thanks
Stephen
http://routerboard.com/pdf/360/RB1100AHx2.pdf
this is the one that include ipsec hardware acceleration
AFAIK not all encryption types are hardware accelerated so be sure that you double check if one you want is supported by ROS…
you can look at this thread.
http://forum.mikrotik.com/t/rb1100ah-new-product/44731/90
What encryption and hashing are you using?
With aes128 and md5 you should get much better performance out of 450G.
JF
3des and md5
With aes128 and md5, a 750GL can do 16mbit of encryption in real world enviroment, so a 450G should really do more then just 10mbit.
As for the original question, a RB1200 or RB1100AH should do the work without a problem.
As an example, this is a 750GL encrypting a GRE tunnel in IPSec transport mode using aes128 and md5 from our remote office to our main office.
3des is as cpu consuming as aes256. 10Mbps for RB450 sounds right (it was 8Mbps for me IIRC). Btw, US-CERT now says that MD5 “should be considered cryptographically broken and unsuitable for further use”
Thanks for all the feedback.
What would be the optimal combination of encryption and hashing that people would recommend for optimal through-put whilst still being secure.
Cheers
I would say that ipsec security is as far as regarding encryption and hashing, beyond scope of this forum. True md5 is considered less secure than sha1, but sha1 is not perfect too… aes128 is by many considered very secure but less cpu intensive than aes256 or 3des which are about equal as far as cpu consumption goes. You can try different combinations and evaluate them against your needs.
JF