Hello Mikrotik team,

could you please provide us configuration by which we would accomplish the announced IPSec test result.

I'm trying to crypt 200Mbps (one session, one direction, 512B UDP packets) by two hAP ac^2.

I don't need any other features, just crypto.


Your test results:

RBD52G-5HacD2HnD-TCr2 IPQ-4018 IPsec throughput

Single tunnel - AES-128-CBC + SHA1 - 512 byte - 59 kpps - 241.7 Mbps

Hi mrz,

could you tell me please what is wrong with the configuration below:

traffic-->------hAPac^2-1-----crypto------hAPac^2-2------->----

Profile the CPU usage to see where CPU cycles are spent.

In addition check the packet size of data traffic. If apps are using full 1500 byte frames, then IPsec will have to fragment them (due to own overhead) which means double frame rate and PPS is a constraint as well. Either reduce packet size (which might be impossible) or increase MTU on ethernet interfaces linking both hAP ac2s ...

Hi mkx,

as you can read in first post, the packets are small (618B in fact). Profile of CPU usage shows networking.

I have tested almost every single RouterBoard and no one of them is able to crypt even the quarter of the results that Mikrotik announced. According to RFC2544 the results are showing bidirectional speeds o_O !!!

That's why I requested their configuration.