we have several CCR1036 on several locations and try (for months now) to set up really stable L2TP connections between them. Unfortunately we have the following experiences up to now:
Starting with RouterOS 6.40 upwards (we did not try earlier versions) all L2TPs based on CCR1036 crash every now and then without the slightest message in the logs what happened. The connections are simply hung up and mostly do not come up again without user interaction. The connections btw should have peak rates of around 800 Mbit/s.
Even as admin we are often not able to restore them by disable/enable. Instead we found out they often come back only by enabling IPSec. 10 minutes later they mostly can be restored again without IPSec. We don't want to use IPSec because it is dead slow on single TCP streams, we cannot get more than around 30-50 Mbit/s with a single stream, whereas without we easily reach around 500 Mbit/s.
The crashes happen every now and then, lets say around twice a month. It seems they can be triggered by an immediate high load on the L2TP. We are not talking about a peak, but more a jump from lets say 50 Mbit/s to a continous 500 Mbit/s. Which means of course this can be used for a DoS.
We tried to overcome the problem with new hardware, CCR2004. That was no good idea. This box crashes every 6-12 hours in the same setup and is not stable at all. We even saw kernel crashes in the logs. Our impression is the build system for ARM64 Mikrotik uses is broken.
So we stopped using CCR2004 completely and are trying to give them back.
Our problem stays: can anyone show a config or share an experience of a really stable working L2TP with around Gbit bandwith?