I have a central CCR2004-1G-12S+2XS and a remote site with a RB4011iGS+
The internet line is 1Gb/s up and down.
With simple speed checks at both sites to the internet I can reach 900Mb/sec. both up and down.
I have created a wireguard site2site tunnel which works well, but I am a bit disappointed about speeds I get over the tunnel, basically I cannot get past 400Mb/sec. (with a simple iperf test with 10 parallel sessions)
The CPU cores on the RB4011iGS+ is running about 70-80% while the test is going on, while they are much lower on the central router.
Can someone confirm that this is how it is supposed to be? And am I better of using an ipsec tunnel? Or should I just get a router with more CPU power?
Well if it sounds about right, would it make sense to upgrade the smaller og the routers, so there is more power, and hopefully more throughput?
I would rather use wireshark, but on the specs of the RB4011iGS+ is states up to 1Gb/sec with a single tunnel ipsec (AES-128-CBC + SHA1) with a packet-size of 1400… So maybe the Mikrotik has build-in hardware encryption tech that favours ipsec but when using wireshark the CPU is used more.. ?
…or is the issue more that the packed size isn’t 1400 when I am testing with iperf which I ran with no specific options other than the parallel option…
What I am looking for is the best performance with CIFS… and yes I know CIFS isn’t the best protocol for this…
Wireshark is single threaded. Take a look at Your CPU usage: the cypher part (libChaCha, if I’m not wrong) will be using almost a full single core. Firewall and network will be using something on other cores.
Now, get a second client and give a second tunnel to it. Try again, and see if the throughput doesn’t increase.