Community discussions

MikroTik App
 
Duduhandelman
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 89
Joined: Wed Jan 04, 2012 5:30 pm

Ipsec RB-1100X2AH

Wed Jun 13, 2012 10:25 am

Hi All,
Maybe someone has faced this issue before.

I have 2X RB-1100X2AH ver 5.14 and another two X86 running 5.14 as well.
Each pair connected with IPSEC and Eoip which creates two different L2 links over LACP.
The two pairs connected using a single GigE connection.
This gives me a load balancing and redundancy.
A week ago I noticed that the X86 is transferring a lot more data over the IPSEC compared to the RB.
I found that doing a bandwidth test over the ipsec connection from the devices results as follow.

X86 600-800 Mbits (Very GOOD).
RB 1100X2AH 30-80 (Very POOR).
All test using single TCP connection.
In the past the RB has giving me 800+ Mbit.
I have sniffed the traffic and notice that the RB packets looks fragmented 1510 + 150 while on the X86 it looks well 1514.

What should be the correct MTU settings? I have played with the mtu l2mtu i did not notice the change.

Any idea?

Many Thanks.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6045
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Ipsec RB-1100X2AH

Wed Jun 13, 2012 12:36 pm

Ipsec adds additional headers so packets can be fragmented if you try to encapsulate 1500 byte packet over the tunnel.

30-80Mbps is too low, we got 700Mbps with connection tracking enabled, please follow the guide how to set up RB1100AHx2 to get maximum throughput.
http://wiki.mikrotik.com/wiki/Manual:IP ... encryption
 
Duduhandelman
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 89
Joined: Wed Jan 04, 2012 5:30 pm

Re: Ipsec RB-1100X2AH

Fri Jun 15, 2012 2:10 pm

Thank you..
Will configure according and update next week.
Thanks again.
 
Duduhandelman
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 89
Joined: Wed Jan 04, 2012 5:30 pm

Re: Ipsec RB-1100X2AH

Fri Jun 22, 2012 10:15 pm

Hi All,
After a lot of tests and help from Mikrotik support (Thanks). I found that the most important part is to configure the CPU affinity on the RouterBoard.
Without that the performance is poor.

Also there is one open issue while using tcp iperf or Mikrotik bandwidth application from a pc to pc while using L2 vpn (Eoip over IPSEC) with RB 1100X2AH the test shows once good throughput of about 300 Mbits and the second time around 100Mbits round robin every time..
With X86 this does not happen.

Many Thanks.

Who is online

Users browsing this forum: robsgax, Zacharytup and 85 guests