Community discussions

MikroTik App
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Encryption performance on OpenVPN/IPsec VPN

Tue Feb 16, 2016 3:27 am

My fast test result: http://take.ms/fAhKw
For test was used nas qnap-ts210 connected to lan (1 Gbit) and macbook pro 15" 2015 802.11ac (connection speed 867 - 1300 Mbits/s)
Traffic was generated with iperf
Could you also test VPN performance ( ipsec and openvpn ) ??
 
ayufan
Member
Member
Posts: 331
Joined: Sun Jun 03, 2007 9:35 pm
Contact:

Re: HAP AC

Tue Feb 16, 2016 11:43 am

It is interesting too see the CPU% when doing this 500Mbps.

Either way the results are not astonishing.

@cpliu903

I expect that you will see no more 30Mbps IPsec md5/aes, and no more than 10-15Mbps OpenVPN sha1/aes.
hAP AC, TP-Link Archer C7 v2, RB951G, RB450G, RPI2, RPI zero
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: HAP AC

Tue Feb 16, 2016 1:27 pm

It is interesting too see the CPU% when doing this 500Mbps.

Either way the results are not astonishing.

@cpliu903

I expect that you will see no more 30Mbps IPsec md5/aes, and no more than 10-15Mbps OpenVPN sha1/aes.
http://www.cisco.com/c/en/us/products/c ... 31522.html

Based on this spec, Cisco RV130W only provide 802.11n but it can provide 50Mbps IPSec VPN throughput ? It has more powerful CPU compare with hAP ac ?
 
alber
just joined
Posts: 6
Joined: Tue Feb 16, 2016 12:35 am

Re: HAP AC

Tue Feb 16, 2016 1:29 pm

Could you also test VPN performance ( ipsec and openvpn ) ??
Yes. Can you describe more in detail VPN config and methodology tests?
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: HAP AC

Tue Feb 16, 2016 3:15 pm

Could you also test VPN performance ( ipsec and openvpn ) ??
Yes. Can you describe more in detail VPN config and methodology tests?
About VPN config, please see wiki http://wiki.mikrotik.com/wiki/Manual:TOC

Test case:
1. Site to Site
2. Remote client access for mobile and PC device ( show network speed for before VPN connect and after VPN connected ) Please use this website for speed test http://www.speedtest.net
 
ayufan
Member
Member
Posts: 331
Joined: Sun Jun 03, 2007 9:35 pm
Contact:

Re: HAP AC

Tue Feb 16, 2016 3:44 pm

It is interesting too see the CPU% when doing this 500Mbps.

Either way the results are not astonishing.

@cpliu903

I expect that you will see no more 30Mbps IPsec md5/aes, and no more than 10-15Mbps OpenVPN sha1/aes.
http://www.cisco.com/c/en/us/products/c ... 31522.html

Based on this spec, Cisco RV130W only provide 802.11n but it can provide 50Mbps IPSec VPN throughput ? It has more powerful CPU compare with hAP ac ?
I'm saying that after what I see when using the OpenVPN on TP-Link Archer C7 (the same HW). The crypto engine is the same (fully software), it will not go any faster.

9Mbps TCP UL, OpenVPN on OpenWrt CC, BF-CBC-128bit/SHA1 (one of the fastest combinations), CPU: 75%
hAP AC, TP-Link Archer C7 v2, RB951G, RB450G, RPI2, RPI zero
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: HAP AC

Wed Feb 17, 2016 2:57 am

It is interesting too see the CPU% when doing this 500Mbps.

Either way the results are not astonishing.

@cpliu903

I expect that you will see no more 30Mbps IPsec md5/aes, and no more than 10-15Mbps OpenVPN sha1/aes.
http://www.cisco.com/c/en/us/products/c ... 31522.html

Based on this spec, Cisco RV130W only provide 802.11n but it can provide 50Mbps IPSec VPN throughput ? It has more powerful CPU compare with hAP ac ?
I'm saying that after what I see when using the OpenVPN on TP-Link Archer C7 (the same HW). The crypto engine is the same (fully software), it will not go any faster.

9Mbps TCP UL, OpenVPN on OpenWrt CC, BF-CBC-128bit/SHA1 (one of the fastest combinations), CPU: 75%

Which wireless router can provide 50~100 Mbps throughput for OpenVPN ?
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: HAP AC

Wed Feb 17, 2016 10:00 am

Which wireless router can provide 50~100 Mbps throughput for OpenVPN ?
The CCR series routers. The 1100AHx2 (the pre-CCR flagship). And once the hardware crypto works (I don't know if it does already), the RB3011 series should be able to reach this as well.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6047
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: HAP AC

Wed Feb 17, 2016 10:22 am

RB3011 will not have hw encryption support enabled in ROSv6.
HW encryption works only with Ipsec.
 
mavink
newbie
Posts: 32
Joined: Sun Sep 06, 2015 5:55 pm

Re: HAP AC

Wed Feb 17, 2016 10:40 am

RB3011 will not have hw encryption support enabled in ROSv6.
HW encryption works only with Ipsec.
That's good to know. Is hardware encryption for IPSec already enabled form the RB3011, or are you still working on that?
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: HAP AC

Wed Feb 17, 2016 11:09 am

Which wireless router can provide 50~100 Mbps throughput for OpenVPN ?
The CCR series routers. The 1100AHx2 (the pre-CCR flagship). And once the hardware crypto works (I don't know if it does already), the RB3011 series should be able to reach this as well.

1100AHx2 and RB3011 are not wireless router !! :-?
 
alber
just joined
Posts: 6
Joined: Tue Feb 16, 2016 12:35 am

Re: HAP AC

Wed Feb 17, 2016 11:33 am

Test case:
1. Site to Site
2. Remote client access for mobile and PC device ( show network speed for before VPN connect and after VPN connected ) Please use this website for speed test http://www.speedtest.net
I can't do it. My internet connection too slow for that.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 926
Joined: Sun Oct 01, 2006 11:44 pm

Re: HAP AC

Wed Feb 17, 2016 12:50 pm

Seems like the wireless ac performance is CPU limited in any case. Is this with fast path active and connection tracking disabled?
 
ayufan
Member
Member
Posts: 331
Joined: Sun Jun 03, 2007 9:35 pm
Contact:

Re: HAP AC

Thu Feb 18, 2016 12:26 am

9Mbps TCP UL, OpenVPN on OpenWrt CC, BF-CBC-128bit/SHA1 (one of the fastest combinations), CPU: 75%

Which wireless router can provide 50~100 Mbps throughput for OpenVPN ?
You should get pretty decent performance with this: https://www.indiegogo.com/projects/turr ... rce-router. It looks like a best router, maybe it doesn't have the awesomeness of RouterOS, but it's definitely more beefy in every terms. The WRT1900ACS appears to use the same CPU and here they show that it reaches 10-12MB/s: http://www.smallnetbuilder.com/wireless ... l=&start=1. I kind of believe that, because this MIPS processors are pretty weak.

And here too: https://airvpn.org/topic/11827-routers- ... eleration/ (look at the bottom). So if you want the best VPN performance get the Turris Omnia.
hAP AC, TP-Link Archer C7 v2, RB951G, RB450G, RPI2, RPI zero
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: HAP AC

Thu Feb 18, 2016 4:53 am

The WRT1900ACS appears to use the same CPU and here they show that it reaches 10-12MB/s: http://www.smallnetbuilder.com/wireless ... l=&start=1. I kind of believe that, because this MIPS processors are pretty weak.
And here too: https://airvpn.org/topic/11827-routers- ... eleration/ (look at the bottom).

(as an aside, while I was able to test BF-CBC throughput of OpenVPN on a WRT1900ACS with Linksys stock firmware, it maxed out at 97mbit/s unidirectionally
Test 1: 10-12MB/s
Test 2: 97mbit/s

Why it has more different between two testing ?? If WRT1900ACS can get 97mbit/s for OVPN, I will consider to buy it. Who can confirm that testing???
 
brwainer
newbie
Posts: 47
Joined: Tue Feb 02, 2016 2:55 am

Re: HAP AC

Thu Feb 18, 2016 8:35 am

The WRT1900ACS appears to use the same CPU and here they show that it reaches 10-12MB/s: http://www.smallnetbuilder.com/wireless ... l=&start=1. I kind of believe that, because this MIPS processors are pretty weak.
And here too: https://airvpn.org/topic/11827-routers- ... eleration/ (look at the bottom).

(as an aside, while I was able to test BF-CBC throughput of OpenVPN on a WRT1900ACS with Linksys stock firmware, it maxed out at 97mbit/s unidirectionally
Test 1: 10-12MB/s
Test 2: 97mbit/s

Why it has more different between two testing ?? If WRT1900ACS can get 97mbit/s for OVPN, I will consider to buy it. Who can confirm that testing???
12MB/s = 96Mb/s - they are reporting roughly the same speed, just in different terms. Windows always shows MBytes instead of Mbits because it defaults to storage terms and not network terms.
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: HAP AC

Thu Feb 18, 2016 9:04 am

The WRT1900ACS appears to use the same CPU and here they show that it reaches 10-12MB/s: http://www.smallnetbuilder.com/wireless ... l=&start=1. I kind of believe that, because this MIPS processors are pretty weak.
And here too: https://airvpn.org/topic/11827-routers- ... eleration/ (look at the bottom).

(as an aside, while I was able to test BF-CBC throughput of OpenVPN on a WRT1900ACS with Linksys stock firmware, it maxed out at 97mbit/s unidirectionally
Test 1: 10-12MB/s
Test 2: 97mbit/s

Why it has more different between two testing ?? If WRT1900ACS can get 97mbit/s for OVPN, I will consider to buy it. Who can confirm that testing???
12MB/s = 96Mb/s - they are reporting roughly the same speed, just in different terms. Windows always shows MBytes instead of Mbits because it defaults to storage terms and not network terms.
I see. Thanks your explanation!
I'm saying that after what I see when using the OpenVPN on TP-Link Archer C7 (the same HW). The crypto engine is the same (fully software), it will not go any faster.

9Mbps TCP UL, OpenVPN on OpenWrt CC, BF-CBC-128bit/SHA1 (one of the fastest combinations), CPU: 75%
I only concern about wireless router with VPN performance (OPVN and IPSEC).
Based on these result, WRT1900ACS is better for me ( not hAP ac ) ??
 
ayufan
Member
Member
Posts: 331
Joined: Sun Jun 03, 2007 9:35 pm
Contact:

Re: HAP AC

Thu Feb 18, 2016 11:21 am

I only concern about wireless router with VPN performance (OPVN and IPSEC).
Based on these result, WRT1900ACS is better for me ( not hAP ac ) ??
On hAP AC you will get around 10-15Mbps (The OpenVPN performance is limited by CPU), On Turris/1900ACS you will get around 90Mbps. I would wait for Turris, because this is the router with open source design and with open source software.

Yes, the numbers 10-12MB/s and 97Mbps are roughly the same. One is in Megabytes the second is in Megabits.
hAP AC, TP-Link Archer C7 v2, RB951G, RB450G, RPI2, RPI zero
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: HAP AC

Thu Feb 18, 2016 11:44 am

I only concern about wireless router with VPN performance (OPVN and IPSEC).
Based on these result, WRT1900ACS is better for me ( not hAP ac ) ??
On hAP AC you will get around 10-15Mbps (The OpenVPN performance is limited by CPU), On Turris/1900ACS you will get around 90Mbps. I would wait for Turris, because this is the router with open source design and with open source software.

Yes, the numbers 10-12MB/s and 97Mbps are roughly the same. One is in Megabytes the second is in Megabits.
Any testing or review engineering sample for Turris Omnia ?
 
alber
just joined
Posts: 6
Joined: Tue Feb 16, 2016 12:35 am

Re: HAP AC

Thu Feb 18, 2016 12:08 pm

Seems like the wireless ac performance is CPU limited in any case. Is this with fast path active and connection tracking disabled?
Fast path enabled and connection tracking set to auto.

In tools::profile cpu load looks like:
wireless ~ 85%
ethernet ~ 10%

Overclocking is not available in 6.34.1 firmware. I hope, we will have this possibility in the future.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 926
Joined: Sun Oct 01, 2006 11:44 pm

Re: HAP AC

Thu Feb 18, 2016 4:44 pm

Shows how slowly the CPU improvements are coming compared to the rest of the hardware and modern broadband speeds. Hopefully MT can come out with a newer series of boards with CPUs that can actually keep up with the hardware! The hAP AC is nice as an access point but if it can easily be overloaded by just wireless traffic, I wouldn't trust it as a router.
 
ayufan
Member
Member
Posts: 331
Joined: Sun Jun 03, 2007 9:35 pm
Contact:

Re: HAP AC

Thu Feb 18, 2016 5:41 pm

Shows how slowly the CPU improvements are coming compared to the rest of the hardware and modern broadband speeds. Hopefully MT can come out with a newer series of boards with CPUs that can actually keep up with the hardware! The hAP AC is nice as an access point but if it can easily be overloaded by just wireless traffic, I wouldn't trust it as a router.
Exactly, this is underpowered low-end home router that can't fully use the AC that have installed in it. It seems that, if you use the SFP with AC radio and you configure it to use a Routing with NAT I expect that you will get no more than 300Mbps on AC radio :(
hAP AC, TP-Link Archer C7 v2, RB951G, RB450G, RPI2, RPI zero
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2314
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: HAP AC

Thu Feb 18, 2016 10:37 pm

Exactly, this is underpowered low-end home router that can't fully use the AC that have installed in it. It seems that, if you use the SFP with AC radio and you configure it to use a Routing with NAT I expect that you will get no more than 300Mbps on AC radio :(
If Fasttrack is turned on it will be definitely much more ...
See: https://monosnap.com/file/O8rbK6nfuyii5 ... yBUH0Vvrk8#
http://www.microcontrols.org/quick-revi ... hnthap-ac/
LAN, FTTx, Wireless. ISP operator
 
ayufan
Member
Member
Posts: 331
Joined: Sun Jun 03, 2007 9:35 pm
Contact:

Re: HAP AC

Fri Feb 19, 2016 12:49 pm

Exactly, this is underpowered low-end home router that can't fully use the AC that have installed in it. It seems that, if you use the SFP with AC radio and you configure it to use a Routing with NAT I expect that you will get no more than 300Mbps on AC radio :(
If Fasttrack is turned on it will be definitely much more ...
See: https://monosnap.com/file/O8rbK6nfuyii5 ... yBUH0Vvrk8#
http://www.microcontrols.org/quick-revi ... hnthap-ac/
Maybe, it would be certainly nice to see hAP AC with some default QuickSet configuration for NAT and with fasttrack at the top.
hAP AC, TP-Link Archer C7 v2, RB951G, RB450G, RPI2, RPI zero
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24609
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Encryption performance on OpenVPN/IPsec VPN

Fri Feb 19, 2016 12:52 pm

all new routers have Fasttrack by default (it's not even in quickset, just enabled by default in firewall)
No answer to your question? How to write posts
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2314
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: Encryption performance on OpenVPN/IPsec VPN

Fri Feb 19, 2016 2:00 pm

Normis: Have you any official wireless performance test? Can you share it with us?
LAN, FTTx, Wireless. ISP operator
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24609
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Encryption performance on OpenVPN/IPsec VPN

Fri Feb 19, 2016 2:03 pm

with VPN ? this topic is now about VPN, it got very off topic, so we split it.

hAP ac wireless tests we have not published, but I could see what we can do.

This guy has excellent results, but I am not sure what he tested and how:
https://twitter.com/Janamaja/status/698152711896829953
No answer to your question? How to write posts
 
ayufan
Member
Member
Posts: 331
Joined: Sun Jun 03, 2007 9:35 pm
Contact:

Re: Encryption performance on OpenVPN/IPsec VPN

Sun Feb 21, 2016 1:34 am

with VPN ? this topic is now about VPN, it got very off topic, so we split it.

hAP ac wireless tests we have not published, but I could see what we can do.

This guy has excellent results, but I am not sure what he tested and how:
https://twitter.com/Janamaja/status/698152711896829953
It's nice, maybe even almost too impossible :)

I would like to see btest over WiFi with NATed host :)
hAP AC, TP-Link Archer C7 v2, RB951G, RB450G, RPI2, RPI zero
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: Encryption performance on OpenVPN/IPsec VPN

Sun Feb 21, 2016 1:59 pm

with VPN ? this topic is now about VPN, it got very off topic, so we split it.

hAP ac wireless tests we have not published, but I could see what we can do.

This guy has excellent results, but I am not sure what he tested and how:
https://twitter.com/Janamaja/status/698152711896829953
Hi normis, could you publish more detail VPN spec for all RouterBroad and CCR router?

E.g.
http://www.fortinet.com/sites/default/f ... te-30D.pdf
 
cpliu903
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Apr 01, 2015 10:20 am

Re: Encryption performance on OpenVPN/IPsec VPN

Thu Feb 25, 2016 8:42 am

For below VPN, Which is the fastest in the ROS ?

OpenVPN (TCP)
Cisco IPsec
L2TP Over IPsec
SSTP
 
User avatar
spippan
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Nov 12, 2014 1:00 pm

Re: Encryption performance on OpenVPN/IPsec VPN

Thu Feb 25, 2016 2:03 pm

For below VPN, Which is the fastest in the ROS ?

OpenVPN (TCP)
Cisco IPsec
L2TP Over IPsec
SSTP
i'd also like to hear about that ... currently i'm using OpenVPN (TCP)

at least it would be great if MIKROTIK would finally enhance OVPN Server in allowing UDP and COMPRESSION!
---
raiffeisen data center infrastructure and security
...stay curious
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24609
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Encryption performance on OpenVPN/IPsec VPN

Thu Feb 25, 2016 2:57 pm

OpenVPN UDP mode is already made in v7, but that is in very fragile Alpha right now. Public beta will come after a while.
No answer to your question? How to write posts
 
User avatar
spippan
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Nov 12, 2014 1:00 pm

Re: Encryption performance on OpenVPN/IPsec VPN

Thu Feb 25, 2016 3:25 pm

OpenVPN UDP mode is already made in v7, but that is in very fragile Alpha right now. Public beta will come after a while.
okay thank you very much

do you have an estimated ETA for beta or RC of rOSv7? would like to make some tests and benchmarks ;)
---
raiffeisen data center infrastructure and security
...stay curious

Who is online

Users browsing this forum: elbob2002, Majestic-12 [Bot] and 39 guests