MikroTik

I need an L2 tunnel from a CCR-1009 to a hEX router.

I currently have a BCP tunnel that appears to be very CPU heavy on the hEX side.

What is the least CPU intensive method of setting up an L2 tunnel over the public Internet? I need to run ~70 Mbps through it. It does not have to be encrypted, but it currently is.

Thank you, Chris

I think CCR1009 should easly handle the L2TP Tunnel with 70Mbps Throughput.

I am running a L2TP Tunnel with BCP on by two RB3011 UiAS-RM RouterBOARD and it is easily giving be a throughput of 30~40Mbps.
With Duel Core CPU 30~40M means then with 9Core it should easily give you around 70M.

I think CCR1009 should easly handle the L2TP Tunnel with 70Mbps Throughput...

I agree. The CCR1009 side is working just fine, it is the hEX side that is using high CPU (RB750Gr3).

I think CCR1009 should easly handle the L2TP Tunnel with 70Mbps Throughput...

I agree. The CCR1009 side is working just fine, it is the hEX side that is using high CPU (RB750Gr3).

Try Fast Track and remove firewall rules to reduce CPU Utilization

I can do that, but before I start messing with it, I'd like to start the best way. Is EoIP more CPU efficient than BCP?

I can do that, but before I start messing with it, I'd like to start the best way. Is EoIP more CPU efficient than BCP?

As far as i understand EOIP Tunneling creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel, or any other connection capable of transporting IP. It is very simple method of Bridging two routers over IP where as the L2TP is a secured method of tunneling which allows encryption of data packets.

If you use EOIP obviously reduce the load on mikrotik as there is no PPP or Encryption load there on CPU. But If you want to secure it again you need to use IPsec which will again increase load on CPU.

Some reading?
https://wiki.mikrotik.com/wiki/Transpar ... using_MPLS
https://mum.mikrotik.com/presentations/ ... thrift.pdf

As far as i understand EOIP Tunneling creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel, or any other connection capable of transporting IP. It is very simple method of Bridging two routers over IP where as the L2TP is a secured method of tunneling which allows encryption of data packets.

If you use EOIP obviously reduce the load on mikrotik as there is no PPP or Encryption load there on CPU. But If you want to secure it again you need to use IPsec which will again increase load on CPU.

Thank you for the ideas. The hEX supports hardware encryption, but I'm not sure if certain configurations cannot use hardware encryption. I suppose I will do some testing.

Some reading?
https://wiki.mikrotik.com/wiki/Transpar ... using_MPLS
https://mum.mikrotik.com/presentations/ ... thrift.pdf

Thank you for the suggestion. The question is regarding a tunnel over the public Internet. Although VPLS is much more CPU efficient relative to EoIP, to get it over the public Internet you would need to have an underlying connection (Presumably a VPN) that would increase overhead. In your experience, is VPLS more CPU efficient over the public Internet than EoIP?

Some reading?
https://wiki.mikrotik.com/wiki/Transpar ... using_MPLS
https://mum.mikrotik.com/presentations/ ... thrift.pdf

Thank you for the suggestion. The question is regarding a tunnel over the public Internet. Although VPLS is much more CPU efficient relative to EoIP, to get it over the public Internet you would need to have an underlying connection (Presumably a VPN) that would increase overhead. In your experience, is VPLS more CPU efficient over the public Internet than EoIP?

Actually when you use MPLS only Lables are checked forwarding which is more faster then routing method. But i dont think MPLS is best when you are routing through public network.
I Would prefer EOIP.

Both routers support AES hw acceleration. So both can do way more than 70mbit/s with encryption.

Also, AFAIK, increasing the CPU cores, will not increase your throughput if all traffic flows through a single IPsec session.

EoIP and L2TP can both do hundreds of mbits/s without breaking a sweat. So, it doesn't really matter which one is most CPU efficient. Your bottleneck is most likely elsewhere anyway.

Post the output of /tool profile cpu=total duration=5 while you have high CPU usage to see what exactly is taking up all the CPU.

Encryption shouldn't have used the CPU in your case, since both routers support hw acceleration.
Unless you have some weird IPsec configuration that doesn't use the proper encryption algorithms.

Post your full configuration from both routers (/export hide-sensitive) so we can help further.

Also, I am not sure if FastTrack will help in any way here.
EoIP is proto 47 (GRE), not 6 (TCP) or 17 (UDP) which FastTrack only supports - according to the documentation: https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack