Community discussions

MUM Europe 2020
 
bedior
newbie
Topic Author
Posts: 39
Joined: Sat Jan 31, 2015 5:09 pm

Decreasing inbound speed on L2TP/IPsec

Sat Jul 30, 2016 6:48 pm

Hello.
After update RB2011UiAS-2HnD-IN on 6.35.2 or 6.36 inbound speed became slower at L2TP/IPsec (AES256 + SHA1):
http://www.speedtest.net/result/5349439075.png (CPU 60% when downloading)
On version 6.32.2:
http://www.speedtest.net/result/5349455563.png (CPU 100% when downloading)

Any ideas why so?
 
mjsabri
Trainer
Trainer
Posts: 109
Joined: Sat Dec 12, 2015 10:55 am

Re: Decreasing inbound speed on L2TP/IPsec

Sat Jul 30, 2016 11:01 pm

please check profile in tools then put photo here
Mikrotik Certified Consultant
[ MTCNA , MTCRE , MTCWE , MTCTCE , MTCUME , MTCINE ]
 
bedior
newbie
Topic Author
Posts: 39
Joined: Sat Jan 31, 2015 5:09 pm

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 6:03 am

Downloading:
8k3POSM1qX.png
Uploading:
rv3jgA8Jod.png
You do not have the required permissions to view the files attached to this post.
 
mjsabri
Trainer
Trainer
Posts: 109
Joined: Sat Dec 12, 2015 10:55 am

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 8:30 am

how many L2TP Client do you have ?
Mikrotik Certified Consultant
[ MTCNA , MTCRE , MTCWE , MTCTCE , MTCUME , MTCINE ]
 
bedior
newbie
Topic Author
Posts: 39
Joined: Sat Jan 31, 2015 5:09 pm

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 8:42 am

I have 1 client (on router), VPN server is VDS with Softether. Devices in local network 3, but if all devices except one is powered off, than nothing change.
 
kujo
Member Candidate
Member Candidate
Posts: 158
Joined: Sat Jun 18, 2016 10:17 am
Location: Ukraine

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 9:56 am

Try use aes128


Have a good day!
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 10:24 am

If you need crypto on any of the mips routers, use aes128 with md5. You don't have a lot of power to work with. If I recall correctly, you are going to max out at 20mbps, with little to no rules. The RB3011 (current no crypto acceleration) will do 150mbps (I would expect 300mbps once acceleration is enabled). CCR is much higher.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
bedior
newbie
Topic Author
Posts: 39
Joined: Sat Jan 31, 2015 5:09 pm

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 10:45 am

Thank you. But why an old version of firmware it work with AES-256 on 24 mbps, but on current 14 mbps? Why downloading doesn't load fully CPU, when uploading do that? If CPU weak why uploading with AES-256 give 20 mbps?
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 10:47 am

I would assume it is because something changed in the firmware and the CPU is doing more work now. 
As for CPU load, that is because the encryption process takes more CPU power than the decryption process.
You should also look into using FastTrack on the VPN connections and the data that passes through them.
That will help reduce the CPU load.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
bedior
newbie
Topic Author
Posts: 39
Joined: Sat Jan 31, 2015 5:09 pm

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 11:04 am

I make video demonstration:
In my logic if decryption need less CPU power, it must pass more data. :)
About FastTrack - where I can tune it?
 
User avatar
колбаскин
newbie
Posts: 37
Joined: Tue Mar 29, 2016 6:36 pm
Location: Ukraine Zaporozhye
Contact:

Re: Decreasing inbound speed on L2TP/IPsec

Sun Jul 31, 2016 11:30 am

Indeed, after the firmware update, there is no CPU load to 100%
The speed through l2tp lower than was specified person firmware.
Several times already met such comments on the forum.
Кое что для Mikrotik | hd.zp.ua - Запорожье ITшное.
 
bedior
newbie
Topic Author
Posts: 39
Joined: Sat Jan 31, 2015 5:09 pm

Re: Decreasing inbound speed on L2TP/IPsec

Tue Aug 02, 2016 6:30 pm

I checked older versions and found, that last working version was 6.34.4. Video:
6.34.4: https://www.youtube.com/watch?v=-NlQYavQ78Y
6.35: https://www.youtube.com/watch?v=J0WTUJFkRJ0

Who is online

Users browsing this forum: MSN [Bot] and 65 guests