Community discussions

MUM Europe 2020

Search found 63 matches

by jasejames
Wed Mar 03, 2010 4:35 pm
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5959

Re: VPLS RouterOS <-> JUNOS BGP signalling problem

Thanks Mplsguy, much appreciated. We're a fairly big regional public-sector ISP, and there's a possibility that we could use RBs for non-internal networks (internals need to be EAL4 so we need Junipers for them), but of course our network is all Juniper. Awaiting any updates with interest :D And tha...
by jasejames
Wed Mar 03, 2010 3:45 pm
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5959

Re: VPLS RouterOS <-> JUNOS BGP signalling problem

Yeah this definitely seems to be the outstanding issue. From what I can tell JUNOS doesn't use the control word, and there doesn't seem to be a way of enabling it. Given that it is "optional" and its purpose doesn't seem to be defined, is this a Mikrotik-proprietary thing? Looks like ROS is using it...
by jasejames
Wed Mar 03, 2010 11:13 am
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5959

Re: VPLS RouterOS <-> JUNOS BGP signalling problem

Actually I think Wireshark is talking crap when it comes to the nature of the disagreement between the two. Mikrotik is setting 00000010 for the control vector against 00000000 for JUNOS. According to the RFC this means that Mikrotik demands a control word, and JUNOS says it must not be there. Nothi...
by jasejames
Wed Mar 03, 2010 10:53 am
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5959

Re: VPLS RouterOS <-> JUNOS BGP signalling problem

Hi Mplsguy, Thanks very much for your reply. I set the ID on the JUNOS box to 20 and on the Mikrotik to 21. The Juniper now gets past the sanity check, suggesting that offset 0 is indeed the problem. Debug enclosed (important bits starred): Mar 3 16:48:50.424990 L2VPN instance VPLS1 updated from con...
by jasejames
Tue Mar 02, 2010 11:22 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS testing
Replies: 14
Views: 7112

Re: MPLS/VPLS testing

Would the issue I am having with JUNOS help you guys in any way?

After the Routerboard, the SRX100 is probably the cheapest VPLS-ready box out there (£500UK), and I can probably give you an SSH in if required.
by jasejames
Tue Mar 02, 2010 10:49 pm
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5959

Re: VPLS RouterOS <-> JUNOS BGP signalling problem

Right, I've been reading a little further on this and have reached the following two conclusions: 1) There is a political difference between JUNOS and RouterOS on the block-size: 8 for JUNOS (2 blocks for 16 sites), 16 for Mikrotik (and an unknown number of sites). Juniper say that this is configura...
by jasejames
Tue Mar 02, 2010 9:36 pm
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5959

Re: VPLS RouterOS <-> JUNOS with RSVP/BGP signalling possible?

Actually just looking at this I note that the site range is set to 8 on the Junos device despite my setting it to 16 (can't work that one out). Must look into that, doesn't seem right.

Still think it's that offset though!
by jasejames
Tue Mar 02, 2010 9:31 pm
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5959

Re: VPLS RouterOS <-> JUNOS with RSVP/BGP signalling possible?

Right, looking into this further I have noticed some differences in the way the BGP packets are constructed. 1) (probably a benign difference) under extended communities, the Mikrotik device has the F and S flags set, whereas these are clear on the Juniper. 2) (also probably benign) the BGP update i...
by jasejames
Tue Mar 02, 2010 11:44 am
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5959

VPLS RouterOS <-> JUNOS BGP signalling problem

I am trying to get a VPLS session working between a JUNOS router and RouterOS. Mikrotik works fine; setting OSPF with TE, BGP with l2vpn family set and RSVP to specify the tunnel paths between the devices works without issue. However I'm having problems getting the JUNOS box to play (an SRX100, V10....
by jasejames
Thu Aug 27, 2009 1:00 pm
Forum: RouterBOARD hardware
Topic: Possible DVB Multicasting System Using Routerboards
Replies: 2
Views: 1251

Possible DVB Multicasting System Using Routerboards

I am going to give this one a go in the near future. I'll have all the pieces to hand, and the system seems viable, so I just thought I'd run this by the forum. We have a need to multicast television programmes broadcast over the UK DVB-T terrestrial system. From what I can see the following is poss...
by jasejames
Sun Aug 23, 2009 2:38 am
Forum: General
Topic: Can we PLEASE leave the menu orders ALONE?
Replies: 30
Views: 5428

Re: Can we PLEASE leave the menu orders ALONE?

If driving a car gave me RSI in the way a stupid mouse does, or took three times as long to complete a repetitive task, of course I'd ride a horse!
by jasejames
Sun Aug 23, 2009 1:42 am
Forum: Virtualization
Topic: Where are people getting their Metarouter repository from?
Replies: 5
Views: 3483

Where are people getting their Metarouter repository from?

Tried using Mikrotik's Metarouter image. Works but the Metarouter repository from OpenWRT is unavailable. Tried building my own image: same deal. One can build these packages manually but is this really the only option? It's one slow way of getting an application!!! pantele has used a different arch...
by jasejames
Fri Aug 21, 2009 4:48 pm
Forum: General
Topic: Can we PLEASE leave the menu orders ALONE?
Replies: 30
Views: 5428

Re: Can we PLEASE leave the menu orders ALONE?

GUI. Tsk.

Real men use CLI. Never even tried to use Winbox other than when demoing a couple of bits to a manager.
by jasejames
Wed Aug 19, 2009 5:33 pm
Forum: General
Topic: Directly-connected routes staying in table when link is down
Replies: 12
Views: 1255

Re: Directly-connected routes staying in table when link is down

Brilliant, thanks for the speedy resolution to this query. Doesn't really what mechanism is used to kill bad connected routes, as long as it is possible. In fact, ROS now has a distinct advantage over some other systems in that you can elect to keep a connected route up -- particularly with things l...
by jasejames
Wed Aug 19, 2009 12:06 pm
Forum: General
Topic: Can i bind an ip address to a mac address?
Replies: 2
Views: 718

Re: Can i bind an ip address to a mac address?

Standard wireless MAC filtering would do the job wouldn't it?
by jasejames
Wed Aug 19, 2009 12:04 pm
Forum: General
Topic: Any chance of reintroducing the H323 telephony module to V4?
Replies: 4
Views: 1216

Re: Any chance of reintroducing the H323 telephony module to V4?

Like I say though, Metarouter, whilst it is a good system it's slow (packet rates down by a good 50-60% with a Metarouter running on a 400-series device for example). I guess the alternative would be to buy in a second, cheaper box (RB750?) and install OpenWRT/Asterisk directly onto it. The stupid t...
by jasejames
Wed Aug 19, 2009 10:55 am
Forum: General
Topic: OpenVPN implementation vs default gateway
Replies: 7
Views: 8074

Re: OpenVPN implementation vs default gateway

Thanks very much for the time you have spend in answering this post, it is very much appreciated. Two interesting points (well, interesting to me anyway!) are that you can specify an address rather than a pool for the local address (makes perfect sense, missed it on the CLI, d'oh), and that the redi...
by jasejames
Wed Aug 19, 2009 10:12 am
Forum: General
Topic: Any chance of reintroducing the H323 telephony module to V4?
Replies: 4
Views: 1216

Re: Any chance of reintroducing the H323 telephony module to V4?

The problem is that running a VM is slow, and impacts on the ease of mass-deployment.

The code already exists; I don't understand why it was pulled in the first place.
by jasejames
Wed Aug 19, 2009 1:16 am
Forum: General
Topic: Request to switch off connected routes when they are down
Replies: 0
Views: 655

Request to switch off connected routes when they are down

... and what would be fantastic would be an interface tracking system that, say, pinged an arbitrary address, from a specified port, and disabled it if the pings stop responding (while continuing to attempt to ping the remote box). Juniper Netscreens allow this feature. To clarify, I am talking abou...
by jasejames
Wed Aug 19, 2009 1:13 am
Forum: General
Topic: ovpn can't support lzo compress?
Replies: 31
Views: 20903

Re: ovpn can't support lzo compress?

I think that the OVPN could do with DHCP push options to be manually settable.

Some options (route gateway, DNS server, WINS server) are already available. So surely adding arbitrary values should be a simple addition?
by jasejames
Wed Aug 19, 2009 1:09 am
Forum: General
Topic: Any chance of reintroducing the H323 telephony module to V4?
Replies: 4
Views: 1216

Any chance of reintroducing the H323 telephony module to V4?

The software has already been written.

How difficult would it be to update the code and reintroduce it as a module?

Is it at all possible?
by jasejames
Wed Aug 19, 2009 1:07 am
Forum: RouterBOARD hardware
Topic: Any chance of SATA/eSATA support on future RB
Replies: 1
Views: 759

Any chance of SATA/eSATA support on future RB

After the comments on the Mikrotik proxy, I was wondering if there is any intention to provide the above? Such a connector (which should be cheaply implemented, the controller chips cost pennies) would be a massive advantage to a RouterBoard's usefulness as a proxying system. Normis mentioned that t...
by jasejames
Tue Aug 18, 2009 9:30 pm
Forum: General
Topic: sonicwall vs mikrotik
Replies: 4
Views: 1439

Re: sonicwall vs mikrotik

All true; just be aware that the Sonicwall is ICSA and EAL4 certified, which I believe the Mikrotik is not.

In the real world, this doesn't matter at all, but in the world of the manager it might mean everything -- just be sure you're aware.
by jasejames
Tue Aug 18, 2009 5:00 pm
Forum: General
Topic: SLOW Webproxy cache with CompactFlash
Replies: 19
Views: 4940

Re: SLOW Webproxy cache with CompactFlash

Further to what noam_chom has said, might I make a suggestion? It seems to me that the RB1000, and even the RB450G, are more than capable of keeping up with a caching proxy in CPU performance terms. If the issue is that the CPU is being eaten alive by PIO calls, then how difficult would it be to iss...
by jasejames
Mon Aug 17, 2009 5:00 pm
Forum: General
Topic: OpenVPN implementation vs default gateway
Replies: 7
Views: 8074

Re: OpenVPN implementation vs default gateway

No-one have an answer to this? The problem is made worse by the fact that, in routing mode, a separate interface is created for each connection. Great, except that routing to other subnets if the address is assigned from a pool! (No way of statically assigning routes on a Windows PC to a dynamically...
by jasejames
Mon Aug 17, 2009 12:52 am
Forum: General
Topic: OpenVPN implementation vs default gateway
Replies: 7
Views: 8074

Re: OpenVPN implementation vs default gateway

Looking into this further it would appear that the "redirect-gateway" option is what is required, but I cannot find this in ROS. If this were in place I believe that the "route-gateway" would indeed work with redirect to give me what I want. So, is this option available somewhere, and if so, how do ...
by jasejames
Sun Aug 16, 2009 10:24 pm
Forum: General
Topic: OpenVPN implementation vs default gateway
Replies: 7
Views: 8074

Re: OpenVPN implementation vs default gateway

Just for clarification: 1) The *actual* default gateway is 10.1.2.1, the same as the DNS. 2) The 10.1.2.76 address is being assigned to the RB as a gateway address to the client. .75 is the client address in this instance (it's taking these from a pool -- the only way I could get OVPN to work was to...
by jasejames
Sun Aug 16, 2009 9:58 pm
Forum: General
Topic: OpenVPN implementation vs default gateway
Replies: 7
Views: 8074

OpenVPN implementation vs default gateway

I hve set up OpenVPN server on an RB450G today, and all seems well. I have multiple networks bridged within the same session, DNS is working and the local network is accessible. However the default gateway option seems to be broken (ROS v3.28). It seems that an option is being sent to the client; th...
by jasejames
Fri Aug 14, 2009 10:12 pm
Forum: RouterBOARD hardware
Topic: How do load balancing 8 adsl modem?
Replies: 6
Views: 2983

Re: How do load balancing 8 adsl modem?

I'd also add that if you are in Europe (or any other area that uses PPPoA rather than PPPoE), the Draytek 100/110/120 bridges are an excellent way of doing this.

Zero config on the Drayteks, they simply convert PPPoA to PPPoE. Plug these in and go.
by jasejames
Thu Aug 13, 2009 5:42 pm
Forum: RouterBOARD hardware
Topic: How to configure the onboard SIM card 3G (RB411U) ?
Replies: 39
Views: 35285

Re: How to configure the onboard SIM card 3G (RB411U) ?

no because the USB driver is expecting to use the inbuilt card reader.

The miniPCIe cards (sorry typo earlier) are the same ones you see in laptops -- these always have a separate card reader (usually under the battery).

Mikrotik have just moved this technology onto a router.
by jasejames
Thu Aug 13, 2009 5:39 pm
Forum: RouterBOARD hardware
Topic: RB450 High temperature !
Replies: 18
Views: 7790

Re: RB450 High temperature !

I don't know if this is related, but I have noticed that the 433UAH gets warm (very warm under load), but that if the stock 24V PSU is swapped out for a 12V one of the correct rating the temperature drops considerably.

Could this just be a case of the regulator IC being worked too hard?
by jasejames
Thu Aug 13, 2009 5:34 pm
Forum: General
Topic: Directly-connected routes staying in table when link is down
Replies: 12
Views: 1255

Re: Directly-connected routes staying in table when link is down

Is that wise though mrz? Just because a router's connection to a network fails doesn't mean that the network itself is down, nor does it mean that there isn't another possible way of getting there. I accept that Mikrotik's way probably helps to safeguard against loops, but is it not possible to swit...
by jasejames
Thu Aug 13, 2009 2:35 am
Forum: General
Topic: MikroTik banner
Replies: 8
Views: 2463

Re: MikroTik banner

I personally think that the telnet connection shouldn't advertise the OS version -- all OSs have their vulnerabilities and this is simply making life easier for hackers.

That said, anyone concerned with security shouldn't be using telnet in the first place, and SSH does not have this issue.
by jasejames
Thu Aug 13, 2009 2:28 am
Forum: General
Topic: Directly-connected routes staying in table when link is down
Replies: 12
Views: 1255

Re: Directly-connected routes staying in table when link is down

Ethernet. The ADSL side actually does work -- it's on a PPPoE interface and when the link is not made, the PPPoE virtual interface is down and the route is made inactive (along with the NAT rules and firewall filters -- a good feature). However the main ethernet interface on the LAN connection (a st...
by jasejames
Thu Aug 13, 2009 12:38 am
Forum: General
Topic: Directly-connected routes staying in table when link is down
Replies: 12
Views: 1255

Directly-connected routes staying in table when link is down

Is there any way around this? On our network we plan on using an ADSL line as a failover to a main fibre circuit (terminating as a CAT5 on the RB obviously). We've got it all sorted such that OSPF provides the failover on the main connection and the ADSL has a default floating route. BUT, the direct...
by jasejames
Wed Aug 12, 2009 9:08 pm
Forum: RouterBOARD hardware
Topic: How to configure the onboard SIM card 3G (RB411U) ?
Replies: 39
Views: 35285

Re: How to configure the onboard SIM card 3G (RB411U) ?

Thought you needed a 3G MiniPCI card in addition to the SIM with the RB411U?
by jasejames
Wed Aug 12, 2009 10:15 am
Forum: RouterBOARD hardware
Topic: In which factory are the Routerboards manufactured?
Replies: 3
Views: 2870

Re: In which factory are the Routerboards manufactured?

Always good to see the manufacture of technology products remaining here in Europe :D
by jasejames
Mon Aug 10, 2009 3:44 am
Forum: General
Topic: Reducing the size of the Proxy log
Replies: 1
Views: 401

Re: Reducing the size of the Proxy log

...and indeed it was just something silly. Feel a bit of a fool here but if anyone else has this issue here's the solution: topics=accounts,web-proxy. The system ANDs the two together and produces the desired result. Excellent, I now have a faster, cheaper and probably more stable version of the cur...
by jasejames
Mon Aug 10, 2009 3:34 am
Forum: General
Topic: Reducing the size of the Proxy log
Replies: 1
Views: 401

Reducing the size of the Proxy log

Right, I have more or less completed an analogue to our Linux boxes with a Mikrotik router, one part of which is a Squid proxy. On these boxes we keep logs (obviously) of traffic that goes through the system. That's all well and good, and I have sorted this out with RouterOS's proxy as well. Except....
by jasejames
Sun Aug 02, 2009 11:06 pm
Forum: Virtualization
Topic: Metarouter OpenWRT custom compile not working on latest
Replies: 5
Views: 4473

Re: Metarouter OpenWRT custom compile not working on latest

Yup, same issue here. If you alter the 208 patch file to remove that last section that is failing, then the kernel-updates section also fails with a bunch of patch errors. The kernel-updates section also fails once the trunk is patched, even if you leave the config at the defaults. Suspect that a ne...
by jasejames
Sun Aug 02, 2009 5:07 am
Forum: Virtualization
Topic: Metarouter OpenWRT custom compile not working on latest
Replies: 5
Views: 4473

Metarouter OpenWRT custom compile not working on latest

I'm trying to compile the latest OpenWRT trunk to run on Metarouter but it is failing at various points with the patch apparently the culprit.

Does anyone know if the patch should be working currently and if not, is there an update?
by jasejames
Sat Aug 01, 2009 10:08 pm
Forum: RouterBOARD hardware
Topic: Getting H323 functionality on a new Routerboard
Replies: 0
Views: 479

Getting H323 functionality on a new Routerboard

Can this be done? I require BASIC H323 functionality (I believe the old Telephony service on RB software V2.9 should be enough). As I see it I have a few options: 1) Get a RB with V2.9 support -- is this available for any current RB other than the 230? It would be useful to get it on one of the 400/...
by jasejames
Wed Jul 22, 2009 8:57 pm
Forum: RouterBOARD hardware
Topic: RB750 vs RB450
Replies: 47
Views: 23332

Re: RB750 vs RB450

I don't care about the pretty box either. That gets thrown away. My point is that bosses tend to like something that "looks like a router", not something I've put together out of an off-the-shelf metal box and some switches. I'm not making any comment on the actual build quality of the case -- they'...
by jasejames
Tue Jul 21, 2009 9:13 pm
Forum: RouterBOARD hardware
Topic: RB750 vs RB450
Replies: 47
Views: 23332

Re: RB750 vs RB450

Yes indeed, but to be honest you don't even necessarily need a 1U device. We install Netscreen SSG5s everywhere and don't get complaints about them looking unprofessional. I think the 750 is a step in the right direction quite honestly. My boss's main objection initially to the Mikrotiks didn't come...
by jasejames
Mon Jul 20, 2009 10:08 pm
Forum: Virtualization
Topic: Metarouter with OpenWRT (reboot, shutdown)
Replies: 1
Views: 2930

Re: Metarouter with OpenWRT (reboot, shutdown)

I second this email -- I've noticed both issues on a 433UAH with the latest 4.0 beta release. In addition, is there any way of allowing the VM partial access to the main flash RAM? That would allow us to link a file on the VM to a file on the outside, thereby allowing mass deployment of an image (wi...
by jasejames
Mon Jul 20, 2009 4:19 pm
Forum: RouterBOARD hardware
Topic: RB750 vs RB450
Replies: 47
Views: 23332

Re: RB750 vs RB450

Interesting. Thing is, you're advertising the 750 as, among other things, an MPLS CPE. That's great, but if the hardware is of a "different" (presumably inferior) quality to the 750, is that wise? The way I see it, hardware is either reliable or it isn't. Doesn't matter how expensive it is. The case...
by jasejames
Sun Jul 19, 2009 11:01 pm
Forum: RouterBOARD hardware
Topic: RB750 vs RB450
Replies: 47
Views: 23332

Re: RB750 vs RB450

RB750 has a switch chip that will allow interport troughput up to the wire speed limit in ports 2-5 if switching is used. Yes I realise that, but the question was, does the switch *only* perform in this mode. In other words, are you able to set switched or bridged mode. roc-noc's site defines that ...
by jasejames
Sun Jul 19, 2009 2:13 am
Forum: RouterBOARD hardware
Topic: RB750 vs RB450
Replies: 47
Views: 23332

Re: RB750 vs RB450

So you mean that there are only two ethernet interfaces available for configuration because ether2 - ether5 are permanently switched? Actually I can't imagine that, the datasheet does say that the 750 has a switch chip, but the 450 has one as well. I don't think so. From roc-noc's site: All etherne...
by jasejames
Sun Jul 19, 2009 2:01 am
Forum: RouterBOARD hardware
Topic: RB750 vs RB450
Replies: 47
Views: 23332

Re: RB750 vs RB450

Must admit this is something I've been wondering about as well. The 750 seems to have a faster processor -- it's the same architecture as the 450 but is more tightly integrated. The 450's only advantage, on the surface, is that it has a console port. Useful, but ultimately not a huge issue -- you co...
by jasejames
Wed Jul 15, 2009 10:54 am
Forum: RouterBOARD hardware
Topic: Would this work? CF on RB400
Replies: 8
Views: 1110

Re: Would this work? CF on RB400

Do we actually know anything about the 616? I suspect the reason the 600 does not support Metarouter is the lack of memory. In my opinion something is needed between the 600 and the 1000 to fill in a few gaps. I think we'd be happy to pay $500 for a board that had CF slots, similar memory to the 450...
by jasejames
Tue Jul 14, 2009 7:56 pm
Forum: RouterBOARD hardware
Topic: Would this work? CF on RB400
Replies: 8
Views: 1110

Re: Would this work? CF on RB400

... which have no support for virtualisation. The RB1000 will have shortly, that is fair enough, but I was hoping not to have to pay $800 for these boxes :lol:
by jasejames
Mon Jul 13, 2009 5:23 pm
Forum: RouterBOARD hardware
Topic: Would this work? CF on RB400
Replies: 8
Views: 1110

Re: Would this work? CF on RB400

I know, but CF is far better suited to this task -- I'd like wirespeed writes to the chosen media at up to 100Mbps. In theory a uSD should manage it but in practice the extra CPU requirements would swamp the system surely? And in any case, there's no way a $15 8GB uSD card is going to be as durable ...
by jasejames
Mon Jul 13, 2009 4:39 am
Forum: RouterBOARD hardware
Topic: Would this work? CF on RB400
Replies: 8
Views: 1110

Would this work? CF on RB400

MP6421 MiniPCI to CF adaptor: ftp://ftp.commell.com.tw/Public/Datasheet/Peripheral/MP-6421.pdf Reason I ask is that it's the only way I can see to get a decent caching system working on a 400-series Routerboard. I know that I can use an RB600 or RB1000, but these don't support MetaRouter to the best...
by jasejames
Mon Jul 13, 2009 4:11 am
Forum: Virtualization
Topic: Will MetaRouter be supported on the RB600/1000 any time soon
Replies: 2
Views: 2173

Will MetaRouter be supported on the RB600/1000 any time soon

I'd really like the answer to be yes on this one! Looking at the specsheet for this device, it is ideal for our needs, with one crucial missing piece : H323 Gatekeeper. I was thinking that we could run a virtual session for this one system, and run the rest from RouterOS on the one board, but this i...
by jasejames
Sat Jul 11, 2009 1:23 am
Forum: RouterBOARD hardware
Topic: Compact Flash Web Proxy Reliability / Speed
Replies: 1
Views: 673

Re: Compact Flash Web Proxy Reliability / Speed

Actually, after reading some explanations here and running the figures through I can see how these devices would be reliable if the filesystem is correctly implemented. A typical cache will only hold requests up to 4MB in size, so a 16GB CF card would hold at least 4000 of these. Assuming that the l...
by jasejames
Fri Jul 10, 2009 11:48 pm
Forum: RouterBOARD hardware
Topic: Compact Flash Web Proxy Reliability / Speed
Replies: 1
Views: 673

Compact Flash Web Proxy Reliability / Speed

Been reading up on the use of CF cards for web proxying, and I'm intrigued by this possibility. My questions on the matter would be: 1) Is this setup really reliable? If I have, say 200+ users on a branch site connected to a 100Mbit link, how long will it take before a typical, say, 8GB CF card will...
by jasejames
Mon Jul 06, 2009 3:53 pm
Forum: RouterBOARD hardware
Topic: Large performance differential between SHA-1 and MD5
Replies: 0
Views: 400

Large performance differential between SHA-1 and MD5

Further to my recent query, it would seem on testing the RB433UAH that there is a major speed bottleneck when using SHA-1 authentication. This surprised me since I thought that this was a fairly minor part of the computation when running an IPSEC tunnel. With SHA-1 I am only achieving ~5Mbps; move t...
by jasejames
Wed Jul 01, 2009 10:31 am
Forum: RouterBOARD hardware
Topic: IPSEC figures for RB600 vs RB4xxAH, 3DES vs AES
Replies: 6
Views: 2129

Re: IPSEC figures for RB600 vs RB4xxAH, 3DES vs AES

Unfortunately not, the UK distro wouldn't entertain the idea of lending equipment out for testing.
by jasejames
Tue Jun 30, 2009 9:05 pm
Forum: RouterBOARD hardware
Topic: IPSEC figures for RB600 vs RB4xxAH, 3DES vs AES
Replies: 6
Views: 2129

Re: IPSEC figures for RB600 vs RB4xxAH, 3DES vs AES

Thanks tolstii. If 3DES ~=AES256 (seems reasonable), that would imply that AES128 (enough for our requirements) should be around 2/3 of 3DES from past experience. Those extra few Mbps of throughput could well be the difference between the RB400AH series being enough, and not quite powerful enough. B...
by jasejames
Tue Jun 30, 2009 10:44 am
Forum: RouterBOARD hardware
Topic: IPSEC figures for RB600 vs RB4xxAH, 3DES vs AES
Replies: 6
Views: 2129

Re: IPSEC figures for RB600 vs RB4xxAH, 3DES vs AES

Yes, that's fair enough, but I need to be able to justify the purchase for a test item, and I can only really buy one or two in. Besides, the immediate need is for a low-cost solution. If the smaller routers check out then we may end up buying in some of the RB1000s but as it stands the 1000 is not ...
by jasejames
Mon Jun 29, 2009 9:57 pm
Forum: RouterBOARD hardware
Topic: IPSEC figures for RB600 vs RB4xxAH, 3DES vs AES
Replies: 6
Views: 2129

IPSEC figures for RB600 vs RB4xxAH, 3DES vs AES

Quick question regarding the implementation of IPSEC on the lower-end Routerboards. I am trying to work out which is the better system in general out of the RB600 and RB4xxAH in terms of IPSEC performance. Looking at the raw stats for the CPUs in these boards the '600 should come out on top, and the...
by jasejames
Sat Jun 27, 2009 3:28 pm
Forum: RouterBOARD hardware
Topic: RouterBoard real world performance for IPSEC deployment
Replies: 2
Views: 1239

Re: RouterBoard real world performance for IPSEC deployment

Thanks very much for the reply. Unfortunately we have a code of connections which dictates that we cannot have public and corporate data traversing the same link on different VLANs -- due to a ten-year-old Cisco bug which leads to VLAN-hopping if improperly configured. Whilst I am sure we could secu...
by jasejames
Fri Jun 26, 2009 11:17 am
Forum: RouterBOARD hardware
Topic: RouterBoard real world performance for IPSEC deployment
Replies: 2
Views: 1239

RouterBoard real world performance for IPSEC deployment

Hi, We're interested in this device/OS at work here, and we have a specific use for the box. What we need is a box that can do the following: 1) Has an AP built-in, which can be used in conjunction with an existing RADIUS/WPA2/EAP-TLS installation for small branch sites. 2) Can connect to two ADSL m...