I am looking for a solution to meet a set of requirements, or close to it. I intend to have a hub router (something virtual), that customer spoke routers can connect to via IP tunnel and IPSEC encryption. At the moment im thinking i need to support 1gb of bandwidth total and allow varrying sizes of residential and business class cable/dsl connections to achieve close to their alloted bandwidth. I could have users with 300mbps cable connection, so I would want to get them as close to that 300mbps they can get nativley over the hub/spoke solution.
My current hub ive tested is CHR on an esxi host using 8 cpus and 2gb memory. My test spoke is a CCR1009-8G with a 300mbps cable connection. using IPIP and IPSEC (with the simplest encryption settings) I seem to only manage 150mbps or so. With just IPIP and no encryption i can get 200mbps or a little more.
So here I am asking what sort of virtual set up would i need to be able to handle 1gb of total bandwidth (aggregate from multiple spokes) using IPIP+IPSEC? What would I need to achieve a 300mbps throughput using a multithread TCP session?
I believe having IPIP+ipsec is not a very wise choice. if your clients need to establish site to site tunnel protocol and at the same time you need encryption i wiuld definitly recomment using IPSEC only. therefore IPIP is very overhead intensivr as it will encapsulates the ip packet in a whole new packet so it is using much more overhead than if you use IPSEC alone.
I was wanting to use a routing protocol, which is why I had a tunnel. I may think of another way if no one things IPIP+IPSEC is doable at somewhat high speeds.
Dear Friend, I am sure it is not well configured as CCR are much more effective. Would you send me your export config in orther to troubleshoot your your scenario?