Sat Jan 15, 2022 10:28 am
@vanikcz, how did you test the tunnel speed? There are actually two effects of fragmentation.
One is systematic and foreseeable - doubling the rate of "packets" (actually, fragments) to be transported and slightly increasing the bit rate as Ethernet & IP headers for the fragments have to be added. This effect alone should just reduce the throughput smoothly.
The other one can only be seen on some network paths that drop the 2nd fragments, which effectively causes the complete packets to be lost as they cannot be reassembled. And if this happens, throughput testing using Mikrotik /tool bandwidth-test shows variable throughput similar to what you describe, but if you sniff what actually happens, you find out that some TCP sessions stall completely and get replaced by new ones. Whether real TCP sessions, i.e. not those created by bandwidth-test in multi-session mode, succeed depends on whether all fragments are dropped or only part of them, and on how the TCP stacks of the enpoints deal with packet loss and retransmission.
Also worth noting - fragmentation does not increase the amount of IPsec calculations per payload packet, because what gets fragmented are the resulting (transport) packets, not the payload ones.