Just wondering if anyone had a similar issue / setup. We are currently using a main GRE (MTU 1400) tunnel encrypted with IPsec AES-CBC and within this GRE tunnel we employ other GRE tunnel (MTU 1372) per VRF we’re using. Not optimal perhaps but it works. Unfortunately, throughput really gets flushed down the drain because of this.
After doing some testing with other Mikrotik appliances, it seems that IPsec really takes a big bit out of the throughput (other factors also play their part: connection tracking being on etc…) Security is a must, so disabling it is not an option.
Does anyone know a way to improve performance without doing a major configuration overhaul? Has anyone have a similar setup and are you experiencing the same issues?
On which hardware platform yore you working?
IPsec is only performant on a few hardware platforms: Tile, PPC, MMIPS - and probably ARM (RB3011).
If you have a MIPSBE device, you already found the answer.
-Chris
Now this is strange - I haven’t seen issues like this before. But I must admit that I have never been in the situation of having GRE through GRE.
Are the secondary GRE tunnels terminating in the same device or are they coming from another router in your network?
-Chris