Community discussions

MikroTik App
  4. RouterOS
  5. General

IPSec, AES-128, MD5

Post Reply
 
kait
just joined
Topic Author
Posts: 15
Joined: Thu May 10, 2012 12:09 pm
Location: Czech Republic

IPSec, AES-128, MD5

Wed May 15, 2013 9:33 am

Hi, on center of network topology star I'm using RB1100AHx2 which has AES offloading support. We have couple of branches connected to RB1100AHx2 by IPSec. On branches we are using RB751G-2HnD routers on 20/20Mbps lines.

For normal using it works, but when someone fill the link of 20Mbps, doesn't matter in which direction, the small branches routers are going to 100% of CPU.

My question is: Is there some Mikrotik router on market which has AES offloading function and are cheaper then RB1100AHx2?

Thanks for answer.
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7056
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: IPSec, AES-128, MD5

Wed May 15, 2013 9:42 am

No, only 1000 and 1100AH.

You can get better performance than on RB751 with RB1200.
Top
 
kait
just joined
Topic Author
Posts: 15
Joined: Thu May 10, 2012 12:09 pm
Location: Czech Republic

Re: IPSec, AES-128, MD5

Wed May 15, 2013 10:06 am

Thanks for answer.

Can you please recommend Mikrotik router with CPU, which is able to handle 20/20Mbps traffic over IPSec with AES-128/MD5 without hardware encryption support?

Only those two Mikrotik routers has hardware encryption support?

- RB1000
- RB1100AHx2
Top
 
ayufan
Member
Member
Posts: 334
Joined: Sun Jun 03, 2007 9:35 pm
Contact:
Contact ayufan

Re: IPSec, AES-128, MD5

Wed May 15, 2013 2:17 pm

You can get RB951G which is twice as fast as RB751G and in the same price range. It should handle fine 20Mbps half-duplex.

Check performance on RB751G on lower traffic mark, check CPU usage. You will get twice as that on RB951G.
Top
 
syadnom
Forum Veteran
Forum Veteran
Posts: 802
Joined: Thu Jan 27, 2011 7:29 am

Re: IPSec, AES-128, MD5

Tue Dec 17, 2013 6:57 pm

You can get RB951G which is twice as fast as RB751G and in the same price range. It should handle fine 20Mbps half-duplex.

Check performance on RB751G on lower traffic mark, check CPU usage. You will get twice as that on RB951G.

FYI, it is unlikely that a 951G can do 20M half duplex, it's more like 12-15Mbps real world. I have deployed 50+ 751G and 951G and get at most 8/12Mbps respectively out of them with aes-128 ipsec. This works well for me though as I rarely need more than that across the VPN tunnels, the router is still able to deliver WAN traffic to users well. I've also had good luck with the 2011 series, but dont have too many out there yet.

The 1100AHx2 is next in line. It would be nice to have an in-between unit with a 1Ghz CPU, or dual core, or some other aes hardware onboard. for example, ubiquiti's ERLite can do 100Mbps+ aes128. Unfortunately, ubiquiti's ERLite's OS just isn't as robust as RouterOS. I have used ERLites for 'dumb' VPN setups, even adding them specifically for ipsec tunnels between sites and using a 'tik for the actual router.
Top
Post Reply

Who is online

Users browsing this forum: Amaan, shahzaddj1 and 168 guests
  4. RouterOS
  5. General