Hi.
I have several offices and i want to jojn them using IPIPtunnel witch IPsec so i bought several MT CCR1036 and CCR1009 because they have hardware IPsec acceleration very good throughput (based on ruouterbord.com). But when I setup everything I was surprised by very low speed when i try copy file between two offices (both offices have symmetric 500/500 fiber), I got file transfer around 4-10MB/s that is about 40-80 Mbps. So I create lab environment with very simple configuration, without any firewall configuration. Only IP address, basic static routing, and IPIP tunnel with IPsec encryption on default settings.
Client1->CCR1009<-----IPIP+IPsec------>CCR1009<-Client2
And result was this same (windows file copy, FTP, HTTP... ) max transfer was about 40-80Mbps, so It look oddly for that powerful hardware.
So I create series of tests using Iperf as reliable testing software running on client computers, So mikrotik not have to waste resources to generate traffic.
After several test, turned out that mikrotik has no problem with resources but with number of connections.
When i try send something through ipip+ipsec tunnel using only one connection i got 40-80Mps but when i try send something but using 20 simultaneous connection I got 800 Mbps, what is already a good result (That transfer is in one direction from client1->client2)
I attach several files witch diagram of my testing lab, files witch configuration, and table of Test Results.
Maybe someone knows how to solve this problem and improve transfer on single connection?
我知道结果在ruterboard.com上是UDPtraffic and looks very nice but in real word most users use TCP, and in real word when user try copy file from one office to another or try download file from company website through IPsec tunnel and got only 50Mbps file transfer It does not look good, especially after buying almost the most powerful device available from manufacturer.