I need to connect two Mikrotik routers (suppose to be CCR1009, so CPU is not a subject) via VPN link (both end has static public IP, so technology may be any), but it is very desirable to compress the data in transmit. What kind of VPN that can Mikrotik use capable of compression?
I’m asking since I used to believe MT can not compress VPN dispute the technology used, so the compression settings won’t affect anything.
In fact I’m short of bandwidth on one of the end and need to send a lot of data daily so may I please ask to recommend what kind of approach may be better in my case?
I’m afraid you won’t get much benefit out of compression - AFAIR there is no tunnel with compression available. PPtP probably but this is no option because of security concerns.
In case you’re really moving much data through a small pipe, I’d say that you’re better off with WAN optimization. Especially when traffic is chatty and/or much the same (like SQL, SMB, NFS… these are really great targets for WAN optimization).
Yes, it’s f*ing expensive but worth every cent in low bandwidth scenarios.
Used riverbed steelhead appliances are available really cheap on eBay for example. And pretty easy to configure. And a good start to deal with WAN optimization.
-Chris
There are two places where compression could occur:
1 - PPP has a compression option that you can enable in a custom PPP profile and use that with PPP-based VPNs.
2 - IPsec has a compression module that is enabled by default and can be used with “over-IPsec” VPNs (tunnels and tunnel interfaces)
However, I have never observed any of these actually working. The options are negotiated, but it is questionable if they actually do anything.
A bad sign is that there is no screen where you can see “compression statistics”.
Using compression won’t transform such WAN into a 2x or 3x capacity one.
Using compression will probably disable ROS packet handler optimizations, so I think there are more benefits on not using it.
How to tackle with your scenario will heavility depend on your WAN usage. Most webservers today are setup to already send webpages compressed, so if you’re short on bw for users browsing, VPN compression is not going to change your scenario at all.
The best approach is using a queue tree QoS, categorizing traffic and priorizing it, ensuring e.g. DNS, VoIP, interactive, and other sensitive applications get priorized over data intensive ones. which are throttled and modulated not to interfere with other traffic categories.
This will allow to nearly saturate the wan link, while keeping the network “zippy” for users.
Have you considered adding a second wan?
What’s the bandwith on those WANs? Are those symmetric?