Hi All,
So I have a virtualized CHR running in a datacentre which has a GRE Tunnel running over IPSEC to my home router, which is a hEX v3 (RB750Gr3).
For some reason when using an IPSEC tunnel, I only seem to be able to achieve around 20Mbps with a bandwidth test from the CHR to RB750Gr3. However if I perform the bandwidth test directly from the CHR to the public IP of the RB750Gr3 (Directly over the internet instead of IPSEC tunnel), I am able to achieve maximum throughput.
The resources allocated to the CHR are:
CPU: 4 Cores of a D-1531 Xeon processor,
Memory: 1GB,
Network: VirtIO Adapters
When running a bandwidth test over the IPSEC tunnel, the CPU of the CHR sits at 25% with one core maxed out at 100%. The CPU of the hEX v3 sits happily around 10%.
I'm using the following IPSEC settings:
Auth Algorithm: sha1
Encr. Algorithm: aes-256-cbc
PFS group: modp1024
Does anyone have any idea how I could improve performance over IPSEC? I realize the hEX has hardware acceleration, but shouldn't I be achieving more than a measly 20Mbps over an IPSEC tunnel between these routers?