Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Poor performance Starlink/IP6 endpoint routing ip4

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 855 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timboau 0
      last edited by timboau 0

      Hey,

      New to starlink so trying to sort a few things out.

      Starlink IP4 is CGNAT'ed so I've enabled IPv6 at both ends of my IPSEC tunnel - link is up and stable - yay! Datacentre to me.

      However the performance seems to be really poor compared to a 100mb Australia NBN connection (FTTN) vdsl service.

      NBN ping time around 16ms - Starlink 40ms DC - ME

      Both using hardware accel

      P1: AES128-CGM AES Hash DH=2
      P2: AES128-CGM no hash

      DC to NBN I achieve around 8MB/s
      DC to starlink about 1.5MB/s however interestingly the bandwidth is calculated twice on the WAN IV6>IP4 maybe?

      Starlink_LI.jpg NBN.png

      I have plenty of overhead ie a speed test while running shows extra downloads.st.JPG

      Nothing crazy with states/cpu/ram

      ram.JPG

      I have other IPSEC tunnels behaving as you would expect.

      links.JPG

      Pretty much out of thoughts? Is the bandwidth doubling a bug? any ideas to improve site to site performance?

      Asynchronous Cryptography is enabled both ends

      1 Reply Last reply Reply Quote 0
      • T
        timboau 0
        last edited by

        MMS Clamping is set to 1350 at each end ping -f -l confirming 1350 are flowing unfragmented

        1 Reply Last reply Reply Quote 0
        • N
          NOCling
          last edited by

          Latency is so important if you want to share Files.

          File Sharing on the WAN: A Matter of Latency

          Netgate 6100 & Netgate 2100

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @NOCling
            last edited by johnpoz

            @nocling Don't forget window size as well. Some simple napkin math

            16ms RTT with 128k window size gets you about 65.54 Mbps or 8.125MBps

            40ms RTT with 128k window size gets you 26.21 Mbps or like 3.25 MBps

            Pretty slick how the math pretty much lines up with exactly what your seeing.. Bump the window size up..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              timboau 0
              last edited by

              In the end I switched over to WireGuard - smashing it in around 6-8 MB/s. Tried everything with IPSec but gave up. I think I might have to investiage Wireguard further and switch the other VPNS over too.. The WireGuard seems to really forgiving of the StarLink latency/dropped packets.

              Here is a file copy from a remote server to local along with 20x robocopy in the background doing file compares (no actual transfers)

              FC.JPG wg.JPG

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.