hello
What router would be suitable for multiple wireless p2p links IPSEC? CCR series?
Does more bandwidth cause more CPU usage? How to calculate the required resources؟
For any serious IPsec throughput you should look at devices with HW support for encryption. Those devices have IPsec throughput numbers stated in test result page, such as CCR1009-7G-1C-1S+. When deciding on which device offers enough performance: seems that number for 512-byte packet sizes represents real-life pretty good.
How to know the supported ipsec configuration in different devices? For example rb450 has no test result?
If there are no test results and the product description does not mention IPSec Harware Encryption then it probably doesn’t have it.
I use the Hex:
https://mikrotik.com/product/RB750Gr3
It’s test says 470 mbps. My max internet speed is 100mbps. I can sustain 100 mbps IPSec. When Covid came, I was concerned about adding 20 users to the VPN server. So I had an IPSec tunnel to another branch and then 20 people working from home. The router worked just fine.
The ones without hardware encryption will max out the CPU, probably less than 10 mbps. Internet connections will suffer major packet loss and it’ll become painfully slow to connect to the router for management.
Is it possible to configure ipsec on a device without IPsec hardware acceleration? If so, is it reasonable In terms of CPU usage? for example RB450 for a 200mbps link?
It’s possible to use IPSec without hardware acceleration but at around 5-10 mbps you’ll begin to max out the CPU. Then you’ll have severe packet loss. If you’re hoping to achieve 200 mbps over IPSec, get a HEX or any other one with HW acceleration.
thanks alot
The RB750Gr3 is a beast in IPsec performance, certainly considering its price.
Many other routers (also MikroTik and also more expensive) are slower in IPsec than this one.