Dear MikroTik gurus,
I would like to kindly ask you for help. I have a network structure similar to the one in the picture:
There is a WireGuard VPN between the two RB4011. I basically follow the https://help.mikrotik.com/docs/display/ROS/WireGuard document (one WG interface and peer in each site) and the VPN works perfectly.
It is just a matter of adding more routes and FW rules to achieve:
- 192.168.1.0/24 can communicate with 192.168.2.0/24 and vice versa
- 192.168.3.0/24 can communicate with 192.168.4.0/24 and vice versa
- no other communication between subnets is allowed (192.168.1.0/24 - 192.168.4.0/24 for example)
Question 1: considering RB4011 4 core CPUs, is there any more effective way how to spread VPN calculation load between the individual cores? By the other words, if the WAN lines to the internet will be fast enough, can I expect VPN throughput to decrease because of one (?) core of CPU will be fully utilized?
The only way I can think of is to create a pair of WG interface/peer for each pair of subnets. In this case, would be the overall VPN throughput handled by more processes?
Question 2: what are the real world scenarios where creating more WG interfaces/peers actually makes sense? Site-to-site VPN and road warriors?
Thank you and happy routing!
Petr