Radius Dictionary for Linux PPTP/L2TP/PPPoE/IPoE

templates
radius

#1

Hi

We are having issues with customers who connect having very low tcp speed when connected via mikrotik PPTP/L2TP. Users who subscribe typically to 20Mbps are are only getting speeds of 4Mbps when connected to either mikrotik pptp or l2tp server even with encryption disabled. The same users to a windows or linux pptp server are able to get speeds higher than 20Mbps.

There is currently a github project named accel-ppp - High performance PPTP/L2TP/PPPoE/IPoE server for Linux. Would it be possible to integrate it into splynx 2.0 with the right dictionary templates as a work around for mikrotik issues with pptp speeds?


#2

Some background into test done so far on mikrotik server.

Bandwith test through pptp tunel command and results udp

tool bandwidth-test user=admin password=xxxxxxx local-tx-speed=20M remote-tx-speed=20M address=x.x.x.x direction=both protocol=udp duration=20s
status: done testing
duration: 21s
tx-current: 19.1Mbps
tx-10-second-average: 18.0Mbps
tx-total-average: 17.9Mbps
rx-current: 20.0Mbps
rx-10-second-average: 19.7Mbps
rx-total-average: 19.8Mbps
lost-packets: 92
random-data: no
direction: both
tx-size: 1450
rx-size: 1450

Bandwith test through pptp tunel command and results tcp

tool bandwidth-test user=admin password=xxxxxxx local-tx-speed=20M remote-tx-speed=20M address=x.x.x.x direction=both protocol=tcp duration=20s
status: done testing
duration: 21s
tx-current: 6.8Mbps
tx-10-second-average: 5.6Mbps
tx-total-average: 5.8Mbps
rx-current: 18.0Mbps
rx-10-second-average: 14.6Mbps
rx-total-average: 13.9Mbps
random-data: no
direction: both

All tests performed from the server side to the client side. Notice from the server side for tcp tests speed max at 7Mbps. Which means highest speed client can get is 7Mbps. However same client connect to a linux server or microsft server implementing pptp server is only limited by the speed of the physical connection.


#3

Hi, can you please run real traffic measurement instead of Mikrotik bandwidth test ?
I don’t think that PPTP, PPPOE or L2TP traffic is slow on Mikrotik routers, if it was slow, I can guarantee that Mikrotik is not used anywhere. But it’s widely used with high speed plans and it’s working.

I think this is the issue of your local configuration or network design, maybe there is a MTU issue somewhere between points, that can cause MSS TCP problems and TCP cannot send large segments of data , maybe there is wrong queues settings, who knows.

Regarding accel-ppp - I asked our engineers to write a description of configuration, hope they will do it during this week


#4

Hi Alex

Thanks for the reply. PPPoE is quite ok.

Its rather the PPTP and L2TP connections which are very slow even with encryption disabled.
I posted on Mikrotik forum and colleague replied for me to check this link

I guess its a known is with l2tp and pptp connections on mikrotik


#5

This topic doesn’t make sense. This guys is comparing tunnelling speeds in a real funny way.

Why he doesn’t use at least CCR routers ? He took the cheap Mikrotik switch that has same CPU as RB2011 router and is trying to push 600 Mbps traffic with tunnel overhead on it. Of course there will be a high percentage of loss, but it’s not because of the tunnel technology but because of the router CPU weakness.


#6

Usually issues on PPtP or PPPoE are MTU related.
Too small MTU in the tunnel will lead to higher fragmentation and therefore more pps and decreased total performance while to high MTU will lead to timeouts and retransmissions.

Having tons of experience with PPPoE and other tunneling protocols on Mikroitk I can say, it works well if setup right.

Also watch our for some ROS releases, some are quite buggy.

In any case, wrong topic for Splynx Forum, better post on Mikrotik Board.

Heiko Rehm


#7

Hi Heiko

PPPoE connection are ok no issues. The issues is with the PPTP and L2TP connections. I think its mikrotik specific issue. Linux (Debian8/9 and Centos9 tested) as well as Windows Servers located at same place as the mikrotik server do not have that issue so we can rule out Path MTU.


#8

Ok, answer please these questions of our information

  1. What is your Mikrotik equipment model
  2. how many active PPTP/L2TP sessions do you have
  3. What is the total max speed of traffic that goes through Mikrotik.

Screenshots are welcome.

I have customer who has 5 routers with this setup : 1000 L2TP tunnels on CCR1036 with total traffic of 1Gbps and he has no major issues on it.


#9

@theafricanpenguin
What is Your Mikrotik hardware? Try CHR image on the same server you run linux server. of if you want bare metal setup use x86 ROS


#10
  1. What is your Mikrotik equipment model
    Virtual Router CHR /x86 upgraded to 6.41
  2. how many active PPTP/L2TP sessions do you have
    12 PPTP and 10 L2TP
  3. What is the total max speed of traffic that goes through Mikrotik.
    STM-4 internet capacity. Gigabit ports.

#11

We are actually running CHR with intel gigabit nics


#12

ISSUE SOLVED.

So it happened to be an issues with Large Receive Offload (LRO) poor tcp performance of CHR virtual machine running on esxi 6.5 with vmxnet3 vnics.
See https://kb.vmware.com/s/article/1027511

One of the clients the one who was actually making a lot of noise and complains had a faulty gigabit nic which has been replaced. Speed seems to have improved by about 78%.

Thanks guys for all the inputs.


#13

oh man, i see that it was not easy to find, respect :+1:
i even was not thinking about issue on virtualisation side


#14

Configuration for Accel-ppp is described here - https://doc.splynx.com/display/SPL/Linux%3A+Accel-ppp+server


#15

Many thanks Alex

I will test and revert