This is a comparison of the major MikroTik tunneling protocols. The values in the table below reflect the way that Mikrotik can handle these tunnels as opposed to how the tunnels might behave when in strict accordance with their respective standards. For example, as per the published standard L2TP is not an encrypted tunnel, but when used between two MikroTik routers the L2TP tunnel can use the same encryption as PPtP.
All tunnels have an affect upon throughput. In the table below, I’ll show how much throughput is lost per tunnel type. These tests were not conducted to see what the max throughput between the routers could have possibly have been, but rather to show the loss of throughput when traversing a tunnel. The tests were conducted between two 8 port CRS routers running ROS 6.27. Each of the tunnels was using its highest encryption method. Your results will probably vary a little but the % of loss should be somewhat similar. A lower encryption standard should give more favorable results, but that won’t always be true.
Update 9-19-2018: ROS has made many improvements and these test results are not accurate anymore. Fast Track and other features can produce much higher throughput values then what was true in ROS 6.27. To test your tunnel, first do a bandwidth test between the IPs that are being used to connect the tunnel. Frequently, this will be the public IP address of the two routers. Then test between the IP addresses used on the tunnel to compare the results.
MikroTik Manual Pages
PPP
PPTP
PPPoE
L2TP
SSTP
OVPN
IPIP
GRE
EOIP
VLAN
IPSEC
Authentication/ Encryption Protocols
PAP
CHAP
MSCHAP v1&2
DES
3DES
TLS
MD5
SHA1
MPPE
Blowfish 128
Twofish
AES
Like Loading…
Xem tiếp...
This is a comparison of the major MikroTik tunneling protocols. The values in the table below reflect the way that Mikrotik can handle these tunnels as opposed to how the tunnels might behave when in strict accordance with their respective standards. For example, as per the published standard L2TP is not an encrypted tunnel, but when used between two MikroTik routers the L2TP tunnel can use the same encryption as PPtP.
Tunnel | Introduced | Authentication Layer | Port | Port can be changed | Default MTU | Authentication Protocols | Encryption Protocols | Encryption Level | Clients can call home | Bridging or BCP Supported |
GRE | Oct 1994 | 3 | N/A | No | 1476 | N/A | N/A | None | No | No |
IPIP | Oct 1996 | 3 | N/A | No | 1480 | N/A | N/A | None | No | No |
VLAN | 1998 | 2 | N/A | No | 1500 | N/A | N/A | None | N/A | Yes |
IPSEC | Nov 1998 | 3 | UDP 500 | Yes | N/A | None MD5 SHA1 SHA256 SHA512 | None DES, 3DES, AES, Blowfish, Twofish, Camellia | None, 64bits, 128bit, 192bit, 256bit | Yes | No |
PPPoE | Feb 1999 | 2 | N/A | N/A | 1480 | PAP CHAP MSCHAP v1 MSCHAP v2 | None MPPE 40bit MPPE 128bit | None or 40bit or 128bit | N/A | Yes |
PPtP | July 1999 | 3 | TCP 1723 | No | 1450 | PAP CHAP MSCHAP v1 MSCHAP v2 | None MPPE 40bit MPPE 128bit | None or 40bit or 128bit | Yes | Yes |
L2TP | Aug 1999 | 3 | UDP 1701 | No | 1450 | PAP CHAP MSCHAP v1 MSCHAP v2 | None MPPE 40bit MPPE 128bit | None or 40bit or 128bit | Yes | Yes |
OVPN | May 2001 | 3 | TCP 1194 | Yes | 1500 | None MD5 SHA1 | None Blowfish 128 AES 128 AES 192 AES 256 | None 128bit, 192bit, or 256bit | Yes | Yes |
EOIP | Sept 2002 | 3 | N/A | No | 1458 | N/A | N/A | None | No | Yes |
SSTP | Jan 2007 | 3 | TCP 443 | Yes | 1500 | PAP CHAP MSCHAP v1 MSCHAP v2 TLS 1.0 | None MPPE 40bit MPPE 128bit TLS 1.0 | None or 40bit or 128bit or 256bit | Yes | Yes |
All tunnels have an affect upon throughput. In the table below, I’ll show how much throughput is lost per tunnel type. These tests were not conducted to see what the max throughput between the routers could have possibly have been, but rather to show the loss of throughput when traversing a tunnel. The tests were conducted between two 8 port CRS routers running ROS 6.27. Each of the tunnels was using its highest encryption method. Your results will probably vary a little but the % of loss should be somewhat similar. A lower encryption standard should give more favorable results, but that won’t always be true.
Update 9-19-2018: ROS has made many improvements and these test results are not accurate anymore. Fast Track and other features can produce much higher throughput values then what was true in ROS 6.27. To test your tunnel, first do a bandwidth test between the IPs that are being used to connect the tunnel. Frequently, this will be the public IP address of the two routers. Then test between the IP addresses used on the tunnel to compare the results.
Tunnel | Initial Bandwidth | With Tunnel | % of Loss |
GRE | 691M RX | 195M RX | 71.80% |
IPIP | 691M RX | 204M RX | 70.50% |
VLAN | 691M RX | 582M RX | 15.80% |
IPSEC | 691M RX | 667M RX | 3.50% |
PPPoE | 691M RX | 94M RX | 86.40% |
PPtP | 691M RX | 61M RX | 91.20% |
L2TP | 691M RX | 59M RX | 91.50% |
OVPN | 691M RX | 29M RX | 95.90% |
EOIP | 691M RX | 190M RX | 72.50% |
SSTP | 691M RX | 29M RX | 95.80% |
MikroTik Manual Pages
PPP
PPTP
PPPoE
L2TP
SSTP
OVPN
IPIP
GRE
EOIP
VLAN
IPSEC
Authentication/ Encryption Protocols
PAP
CHAP
MSCHAP v1&2
DES
3DES
TLS
MD5
SHA1
MPPE
Blowfish 128
Twofish
AES
Like this:
Like Loading…
Related
Xem tiếp...