I’m excited to join the Mikrotik family with this project. I do have a friend local to help with pointers on setup etc. But this post is more about general direction regarding which protocol best matches the capabilities of this hardware than anything else.
Long story short, this is going to be a distributed CCTV network being fed back to head end servers via fiber public internet links. Each spoke will serve anywhere from 4-16 IP cameras (20-80mbps continuous) and one access control panel. Currently the head end server is receiving 120-140mbps from the current CCTV setup. But, we expect to bring significantly more online shortly and continue to centralize the the network in the coming year(s). My theory is that we may be pushing 450-500mbps over these tunnels soon. I don’t expect either the hub or spoke devices to have any issue with the initial throughput. However, I really don't want to have to re roll the vpn setup if things get taxing later.
So I suppose my real question is what protocol best suits the hEXr3 and CCR1009-7G-1C-1S+ In this configuration? There will be nearly zero overhead related to complicated firewall rules, queuing, or excessive routing loads. Are there any gotchas in setup that I need to watch out for that could bring it all to a grinding halt?
I’m thinking of IPSEC or Wireguard. I assume tried and true IPSEC will be the most foolproof as long as the hardware acceleration will cope with the encode/decode at those speeds.