Thank you for reply. Yes we do require L2 connectivity. I can completely disable ipsec for this tunnel, but results are the same.Do you require bridging (L2 interconnect)? If not try ipsec in tunnel mode (over UDP).
With regards to throughput, verify with iperf using UDP, and then TCP. I also think it's mtu related.
Solution, solution is very simple - just use Multilink Protocol on ppp connection = set mrru to 1600 on both sites and disable tcp mss on the ppp profile too !L2TP is generally no solution for anything on mikrotik as it is not stable. See my corresponding question from 15th Feb. L2TP on IPSec is very slow with single TCP streams. And I have not found any solution for both. Has anyone?
This is not dependant on high latency. L2TP has a stability problem per se.
Not only physical links, mlp can transport the full size of packet instead tcp mss clamping on L4 ! Finally you must use AES 128 CBC for use hardware encryption !@internetolog and @JohnTRIVOLTA:
I've never had any problem with the stability of the L2TP connection (except for 6.48, but that's another story, 6.48.1 took care of it). My challenge is to get a single stream IPSec perform adequately. We need high file transfer performance on a single link. Looking at a PPP MultiLink configuration, it seems to be built to aggregate over two or more devices. I have only one SPF fiber interface or ONT to work with. It is possible that CCRs cannot deliver this type of performance? You both seem to suggest that aggregation will solve the problem. I understand aggregation will increase total capacity, but are we still not limited to the ~300Mpbs single stream?
Can you explain why hidden fragmentation of 1500-byte TCP packets (i.e. 2 PPP packets per each payload one) should provide a better TCP throughput than transmission of 1462-byte TCP packets using one PPP packet per each payload one?mlp can transport the full size of packet instead tcp mss clamping on L4
The CPU load is less at L3 fragmentation vs L4 segmentation, this also reflects on latency ... this is my experience . Let's not forget the quality of the internet between the two locations !Can you explain why hidden fragmentation of 1500-byte TCP packets (i.e. 2 PPP packets per each payload one) should provide a better TCP throughput than transmission of 1462 byte TCP packets using one PPP packet per each payload one?mlp can transport the full size of packet instead tcp mss clamping on L4
I understand that MLPPP puts away the headache associated to PMTUD failures by allowing 1500-byte packets to get through without IP fragmentation at payload level, but I never thought of it as a method to improve throughput (on a single link, that is).
Not only. It splits the payload packet into multiple transport ones, and it can use the same link to transport both/all of them, providing a hidden fragmentation of the payload, hence payload protocols lacking fragmentation capability can be transported without packet/frame size limitations.Looking at a PPP MultiLink configuration, it seems to be built to aggregate over two or more devices.