Performance test for Site to Site tunnels with Mikrotik RB750r2

The objective of this testing is to try different scenarios and test the performance of the Mikrotik RB750r2 router to establish point to point conections solely on the network perfomance, ignoring security, privacy and other specific consdierations (broadcast domains, multi spoke vpns, etc)

To execute this test I’ve used 2 Mirkotik RB750r2 routers with the current ROS 6.38.1 connected to a 10/100/1000 switch. These routers have 100mbit interfaces.

The network diagram is the following. The objective of the test is to force a minimum internal routing and not meassure merely the traffic generated by the routers themselves between their WAN ifaces.

Topologia

IMG_20170125_212639385_8x6

The test compares the performance of both TCP and UDP originated from the computer with the LAN interface of the destination router. The configuration references used for each test are linked in each.

Router A (Destination)

  • WAN: 192.168.100.170
  • LAN 10.0.1.1

Router B (Origin)

  • WAN 192.168.100.71
  • LAN 10.0.2.1

The first test establishes a baseline for the performance. I set up the routes to the LAN segments via the adjacent routers, so that the 10.0.2.0/24 LAN clients can access the clients located in the 10.0.1.0/24 and backwards.

Routes:

  • Router B: 10.0.1.0/24 vía 192.168.100.170
  • Router A 10.0.2.0/24 vía 192.168.100.71

routing

This test just stresses the routing capacity of the router yielding a reazonable result at about 96Mbps sustained rate.

For the next test I eliminate the static routing and establish an IPSEC session between the WAN interfaces of each router according to the following document.

http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Site_to_Site_IpSec_Tunnel

Test with IPSEC tunnel between router A (Origin) and router B (Destination). BTTest client running on the PC connected to the router B (Destination). The test results show a performance with UDP of less than 30mbps, with an average of 27mbps. TCP averages at 24mbps with a max rate of 25.3mbps. This test also shows fluctuations on the transfer rates, droping even to less than 10mbps at times.

Ipsec

For Test number 3 I’ve established a PPTP tunnel. Note that PPTP tunnels have a minimum and flawed security, widely known and easyly exploited. The configuration was set according to this document:

http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP

The PPTP tunnel performance spikes at 88mbps with 84mbps average for UDP. The TCP results show an average of 50mbps.

PPTP

For the last test I’ve defined an IPIP tunnel, that basically encapsulates IP packets inside another IP packed (limited to IP, not like GRE). The setup was done according to this doc:

http://www.mikrotik.com/testdocs/ros/2.9/interface/ipip.php

The IPIP performance showed peaks at 95mbps and was very stable at 94.5 mbps for UDP. For TCP the average was 88mbps with 90mbps spikes.

IPIP

 

MBPS
UDP TCP
Ruteo 96 94
IPIP 94 88
PPTP 84 50
IPSEC 27 24

I’ll do this same test with a CCR router in about 15/20 days. I’ll also try to stress with multiple tunnels to the same Cloud Core Router.

Deja un comentario