anyone notice a big hit between pptp and sstp?
i have a 5 mbit up on both isps
sstp barely can break 350k across tunnel
pptp is pushing well over 550k?
any comments anyone agree? does not seem to be cpu related, neither are maxxed out
It's thru Internet, it means wan to wan tunnel. What else you want?
2011 with 6.19 and omnitik with 6.18. Omnitik is the same like 750. I also tested sstp between two 750s on lan running 6.20 with about 80mbit passed, if I remember well - did not note the values, so hope it's correct.It's thru Internet, it means wan to wan tunnel. What else you want?
sorry it seemed like a local connection,
what code level are you running?
i am using a 2011 with a 750 as a client and see the reduction
How can you get over 600 megabit if the maximum upload on both sides is only 6 megabit?latency is 30-40ms, cpu never maxes out, barely breaks 35% on a MAP2N,
on a pptp connection with both sides having 28/6 i can see over 600mbit, which is great, simply changing to sstp, both sides see 350mbit max, its a huge hit
I consider TCP-based tunnels like SSTP to be tunnels "of last resort"; see Why TCP Over TCP Is A Bad Idea. You only run them if you have absolutely no other alternative (e.g., either end of the tunnel is behind a firewall that you have no direct control over, or perhaps in the case of SSTP specifically, security is valued over performance).
Experiences will vary wildly depending on exact conditions, and running a tunnel like that over the internet instead of over a LAN exponentially compounds the number of variables that you have to account for (most of which you have absolutely NO control over) in order to have a "perfect" experience. I doubt there is anything that MikroTik can do about this. If you want to prove this to yourself, substitute an SSTP concentrator that isn't RouterOS based on one end and an SSTP client that isn't RouterOS based (e.g., Windows) on the other, and repeat your experiments. I bet that your experience will not be that much different than what you see with MikroTik gear.
As they say, "your mileage may vary".
-- Nathan
Reading SSTP Wiki ( http://en.wikipedia.org/wiki/Secure_Soc ... g_Protocol ):Latest update/conclusions:
.. [ CUT] ..
To be clear PPTP does not suffer from this issue at all. I don't know whether anyone has an idea how to diagnose whether it is TCP-meltdown? When keeping the untunneled networks bandwidth HIGHER than the tunneled networks bandwidth, I'm also essentially avoiding this:-)
SSTP suffers from the same performance limitations as any other IP-over-TCP tunnel. In general, performance will be acceptable only as long as there is sufficient excess bandwidth on the un-tunneled network link to guarantee that the tunneled TCP timers do not expire. If this becomes untrue, performance falls off dramatically. This is known as the "TCP meltdown problem"
I'm on ROS 6.27. I'll add the export hopefully in a few hours (I'm testing another config ATM). You must rate limited below your connection upload + download speed*. So run a bunch of speedtests on the SSTP server end and substract 1 megabit. I get 9 megabit on average upload so I filled in 8 megabit in the rate limiter for both up and download*. If your upload is unstable, rate limit to the lowest stable value.i tried rate limiting, it did not seem to really make a difference for me. can you provide the cli export of your ppp? just to confirm, i will test again.
what code you running?
/ppp profile
add change-tcp-mss=yes dns-server=192.168.x.x incoming-filter=\
internet-only-in local-address=192.168.x.x name=internet-only \
outgoing-filter=internet-only-out rate-limit=8M/8M remote-address=\
VPN-users use-encryption=yes
PPP profile rate limiter simply adds dynamic simple queue with default-small queue
size. It is not exactly shaping, it will queue small amount off packets and start
dropping when the queue is full. You can also remove the rate limit and add the
queue yourself and have the ability to change queue type and size.