MikroTik

If I may ask the community for ideas/suggestions:

Through bandwidth tests between multiple locations (site-site MT routers) from Location A to B/C/D the CPU (in Location A) maxes out at approximately 21Mbits (whether sending to one or to all), when location A can offer 200Mbits upload speeds.

I have tried this over IPsec and OVPN at 256 encryption (by changing it to 128 gain is about 2-3Mbits) and results are similar .

Now the MT @ location A is 650MHz CPU, 64MB RAM and was thinking to replace it with a tiny x86 PC with a 4 core Intel Z8350 - @ 1.92GHz to overcome CPU maxing out.

I have been told in the past that x86 and RouterOS doesn’t guarantee compatibility (based on NIC cards?), but assuming it would work for this one, do you think I ‘d be able to get the full speed ?

What is important is the size of the device (has to be be as small as possible) and establish multiple connections to Location A and receive as close as possible from it, the 200Mbits .

All MT routers are slow when it comes to encryption ... apart from a few that support HW-assisted encryption but that is currently available for IPsec. And even those don't easily pass multi-100Mbps mark.

So yes, probably you'll have to go with x86. But you'll have to benchmark yourself if the device you're mentioning will actually be able to encrypt traffic at wanted throughput using tunnelling protocol of choice. ROSv7 is coming with better support for tunnelling technologies, could come with wider HW encryption support, but ETA of stable v7 doesn't seem to be determined yet.

Thank you MKX! When you say that I 'd have to benchmark, you mean get the device and start tests right? As it would be the only way to tell weather such a CPU would be powerful enough to handle the encrypted traffic?

Yes.

Thank you!

If anyone else has experience with X86 processors and encryption transfer algorithms please share your findings ...

What is important is the size of the device (has to be be as small as possible) and establish multiple connections to Location A and receive as close as possible from it, the 200Mbits .

Look at the "IPsec test results" section of any prospective router at mikrotik.com/routerboard.
hEX S gets pretty close to 200Mbps IPsec and is very competitively priced. Next step up would be RB4011 which can do >500Mbps IPsec.

Look at the "IPsec test results" section of any prospective router at mikrotik.com/routerboard.
hEX S gets pretty close to 200Mbps IPsec and is very competitively priced. Next step up would be RB4011 which can do >500Mbps IPsec.

With hEX S I was able reach ~120Mbps using AES128 and SHA1. For me, almost in every case, I was able get close to "512 byte" results.
I think for IPSec is better hAP ac2, same price, more powerful hardware. If you don't need/want wifi, just turn it off.