Community discussions

MikroTik App
 
fernandf
just joined
Topic Author
Posts: 9
Joined: Fri Feb 19, 2016 3:58 pm

Azure S2S VPN Poor performance

Sat May 19, 2018 8:17 pm

Hi,

I'm just testing the following scenario:
IPSEC site to site VPN Mikrotik to Azure
RB951G-2HnD firmware 3.41 ROS 6.40.8 in the onpremises side
VpnGw1 in the Azure side

When I copy a file from an onpremises Windows to other Windows in the cloud the router's CPU goes to 100% and the throughput is about 28Mb/s.

Any idea why I'm getting such as ridiculous throughput?

PS: The configuration in the onpremises side is thisone:
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=7h30m pfs-group=none
/ip firewall
nat add action=accept chain=srcnat dst-address=172.16.0.0/23 src-address=192.168.100.0/24 place-before=0 comment=AzureNAT
/ip firewall raw
add action=notrack chain=prerouting src-address=172.16.0.0/23 dst-address=192.168.100.0/24
add action=notrack chain=prerouting src-address=192.168.100.0/24 dst-address=172.16.0.0/23
/ip ipsec peer
add address=*********/32 dh-group=modp1024 enc-algorithm=aes-256,aes-128 exchange-mode=ike2 secret=******* lifetime=8h
/ip ipsec policy
set 0 disabled=yes
add dst-address=172.16.0.0/23 sa-dst-address=******** sa-src-address=******** src-address=192.168.100.0/24 tunnel=yes

Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Azure S2S VPN Poor performance

Sat May 19, 2018 9:44 pm

When I copy a file from an onpremises Windows to other Windows in the cloud the router's CPU goes to 100% and the throughput is about 28Mb/s.
Any idea why I'm getting such as ridiculous throughput?
You have avoided the common mistake of fasttracking packets which have to be handled by IPsec policy.
But the software encryption is a very CPU - intensive task so I'm afraid that if you need a better throughput, you'll have to use one of the Mikrotik models which support encryption in hardware (hAP ac², cAP, hEXr3).
 
fernandf
just joined
Topic Author
Posts: 9
Joined: Fri Feb 19, 2016 3:58 pm

Re: Azure S2S VPN Poor performance

Wed May 23, 2018 5:07 pm

Thanks Sindy!
I thought in that possibility. Without HW acceleration I expected a low throughput but not as low as 27Mb/s.

Then, this value could be considered normal for my router?
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Azure S2S VPN Poor performance

Wed May 23, 2018 9:05 pm

Playing devils advocate here, how do you know that low throughput is not cause of Azure (Cloud)?

Does not matter what size pipe they have, they might use software encryption hence the low throughput from their side?
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: Azure S2S VPN Poor performance

Wed May 23, 2018 11:07 pm

If you can lend yourself an hour or two you can set up virtual machine on you desktop machine and run x86 version in test mode to text how fast ipsec can be in you case (your desktop is much faster that small ROS device), and how settings can affect that.

Who is online

Users browsing this forum: freemannnn, Semrush [Bot], synchro, vbkp and 81 guests