Community discussions

 
montanamikro
just joined
Topic Author
Posts: 1
Joined: Wed Jun 19, 2019 7:38 am

Low WAN Throughput (IPSec, EoIP, GRE)

Wed Jun 19, 2019 8:21 am

I'm hoping someone can help as we are really at a loss here...

We want to use a MikroTik device to create an IPSec Tunnel on an Internet circuit back to our hub. This design would be used for all our smaller sites. We ordered a pair of CCR1036-8G-2S+ as a lab/pilot site. We used iPerf to generate traffic and we are just unable to ever reach speeds greater than 480 Mbps. At first we thought it was a limitation of our lab, we had one laptop on a USB 2.0 NIC but after deployment we are still seeing some major slow downs.

We brought the MikroTik's back to establish a good baseline test: here are our results so far:
1.) PCs are on the same subnet, connected to each other via 1 gig switch. We can send TCP traffic at 900 Mbps.
2.) PCs are on different subnets, routed by the 1 gig switch. TCP traffic at 900 Mbps.
3.) PCs are connected to the same MikroTik, different bridges though. TCP traffic at 900 Mbps.
4.) PCs are connected to different MikroTiks over a tunnel:
a.) EoIP: TCP traffic at 312Mbps.
b.) GRE no IPSec: 450 Mbps
c.) GRE with IPSec: 150 Mbps
d.) IPSec without GRE: 280 Mbps

450 Mbps was the highest we could get but usually it's around 1/3 of the actual bandwidth. I saw all the issues with MikroTik packet assemble being "out of order". It looks like that has been fixed though and we are on the latest OS. I also see this is a common problem, here's a thread which sounds very similar to our experience viewtopic.php?t=87892 but there is also a user reporting 10 Gbps throughput over L2!

Should I be shutting interfaces we are not using, are they using up resources? Are we using all the cores or just slamming one? We have some mangle rules and a Queue Tree setup (as we want to shape and prioritize traffic to the internet circuit) but that has all be disabled for our lab. Have we just reached a MikroTik limit, thoughts?
Anyone have any thoughts,

Who is online

Users browsing this forum: eworm, MSN [Bot], Unintentional and 12 guests