Community discussions

MikroTik App
 
Scorcerer
just joined
Topic Author
Posts: 1
Joined: Tue Nov 22, 2022 11:23 am
Location: Poland

Lack of throughput EoIP+IPsec encrypted tunnel with CCR2216

Tue Nov 22, 2022 12:31 pm

Hello!
We're currently testing a following scenario:
Two offices (with multiple VLANs) connected via L2 10Gig connection which we don't necessarily trust. Therefore we'd like to encrypt the traffic passing through, and configured EoIP on it. Everything seems to be working in general, but the performance is as follows:
a) IPsec secret enabled (no FastPath possible): ~500Mbps, CPU 8 at 100%, other cpus doing nothing basically
b) no IPsec secret (FastPath allowed): ~750Mbps, CPU 8 again at 100%, all the rest idling
c) no IPsec secret (FastPath allowed), disabled firewall connection tracking: ~800Mbps, CPU 8 again at 100%, all the rest idling

The configuration itself is as minimal as we could make it, so bridge interface with two ports, the EOIP and local side (in this case bonding interface consisting of two 10Gig ports), no CPU interface.

Is it possible to split the workload across multiple CPUs? We tried to create multiple EoIP tunnels thinking that maybe the encryption is the biggest showstopper here, but that just split the available bandwidth between the tunnels.

Who is online

Users browsing this forum: Bing [Bot] and 72 guests