Community discussions

MikroTik App
 
uberdome
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Oct 31, 2014 5:50 pm

L2 Tunnel with Minimum CPU Usage?

Sun Jul 19, 2020 7:17 pm

I need an L2 tunnel from a CCR-1009 to a hEX router.

I currently have a BCP tunnel that appears to be very CPU heavy on the hEX side.

What is the least CPU intensive method of setting up an L2 tunnel over the public Internet? I need to run ~70 Mbps through it. It does not have to be encrypted, but it currently is.

Thank you, Chris
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 159
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: L2 Tunnel with Minimum CPU Usage?

Mon Jul 20, 2020 7:33 am

I think CCR1009 should easly handle the L2TP Tunnel with 70Mbps Throughput.

I am running a L2TP Tunnel with BCP on by two RB3011 UiAS-RM RouterBOARD and it is easily giving be a throughput of 30~40Mbps.
With Duel Core CPU 30~40M means then with 9Core it should easily give you around 70M.
 
uberdome
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Oct 31, 2014 5:50 pm

Re: L2 Tunnel with Minimum CPU Usage?

Mon Jul 20, 2020 9:17 am

I think CCR1009 should easly handle the L2TP Tunnel with 70Mbps Throughput...
I agree. The CCR1009 side is working just fine, it is the hEX side that is using high CPU (RB750Gr3).
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 159
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: L2 Tunnel with Minimum CPU Usage?

Mon Jul 20, 2020 5:27 pm

I think CCR1009 should easly handle the L2TP Tunnel with 70Mbps Throughput...
I agree. The CCR1009 side is working just fine, it is the hEX side that is using high CPU (RB750Gr3).
Try Fast Track and remove firewall rules to reduce CPU Utilization
 
uberdome
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Oct 31, 2014 5:50 pm

Re: L2 Tunnel with Minimum CPU Usage?

Mon Jul 20, 2020 5:37 pm

I can do that, but before I start messing with it, I'd like to start the best way. Is EoIP more CPU efficient than BCP?
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 159
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: L2 Tunnel with Minimum CPU Usage?

Tue Jul 21, 2020 9:25 am

I can do that, but before I start messing with it, I'd like to start the best way. Is EoIP more CPU efficient than BCP?
As far as i understand EOIP Tunneling creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel, or any other connection capable of transporting IP. It is very simple method of Bridging two routers over IP where as the L2TP is a secured method of tunneling which allows encryption of data packets.

If you use EOIP obviously reduce the load on mikrotik as there is no PPP or Encryption load there on CPU. But If you want to secure it again you need to use IPsec which will again increase load on CPU. :(
 
 
uberdome
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Oct 31, 2014 5:50 pm

Re: L2 Tunnel with Minimum CPU Usage?

Tue Jul 21, 2020 3:12 pm

As far as i understand EOIP Tunneling creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel, or any other connection capable of transporting IP. It is very simple method of Bridging two routers over IP where as the L2TP is a secured method of tunneling which allows encryption of data packets.

If you use EOIP obviously reduce the load on mikrotik as there is no PPP or Encryption load there on CPU. But If you want to secure it again you need to use IPsec which will again increase load on CPU. :(
Thank you for the ideas. The hEX supports hardware encryption, but I'm not sure if certain configurations cannot use hardware encryption. I suppose I will do some testing.
 
uberdome
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Oct 31, 2014 5:50 pm

Re: L2 Tunnel with Minimum CPU Usage?

Tue Jul 21, 2020 3:16 pm

Thank you for the suggestion. The question is regarding a tunnel over the public Internet. Although VPLS is much more CPU efficient relative to EoIP, to get it over the public Internet you would need to have an underlying connection (Presumably a VPN) that would increase overhead. In your experience, is VPLS more CPU efficient over the public Internet than EoIP?
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 159
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: L2 Tunnel with Minimum CPU Usage?

Tue Jul 21, 2020 5:05 pm

Thank you for the suggestion. The question is regarding a tunnel over the public Internet. Although VPLS is much more CPU efficient relative to EoIP, to get it over the public Internet you would need to have an underlying connection (Presumably a VPN) that would increase overhead. In your experience, is VPLS more CPU efficient over the public Internet than EoIP?
Actually when you use MPLS only Lables are checked forwarding which is more faster then routing method. But i dont think MPLS is best when you are routing through public network.
I Would prefer EOIP.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: L2 Tunnel with Minimum CPU Usage?

Wed Jul 22, 2020 6:56 pm

Both routers support AES hw acceleration. So both can do way more than 70mbit/s with encryption.

Also, AFAIK, increasing the CPU cores, will not increase your throughput if all traffic flows through a single IPsec session.

EoIP and L2TP can both do hundreds of mbits/s without breaking a sweat. So, it doesn't really matter which one is most CPU efficient. Your bottleneck is most likely elsewhere anyway.

Post the output of /tool profile cpu=total duration=5 while you have high CPU usage to see what exactly is taking up all the CPU.

Encryption shouldn't have used the CPU in your case, since both routers support hw acceleration.
Unless you have some weird IPsec configuration that doesn't use the proper encryption algorithms.

Post your full configuration from both routers (/export hide-sensitive) so we can help further.

Also, I am not sure if FastTrack will help in any way here.
EoIP is proto 47 (GRE), not 6 (TCP) or 17 (UDP) which FastTrack only supports - according to the documentation: https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

Who is online

Users browsing this forum: No registered users and 17 guests