I plan to get a Switch with at least 2 10G Ports to connect my NAS and my Workstation.
If I place the NAS and my Workstation on different VLANs only defined by the router, which is only connected by a 1G port to the Switch, will my traffic get bottlenecked ?
If the traffic does get bottlenecked, is there a way to define VLANs on SwitchOS, or do I have to use RouterOS ?
I don’t really understand what you mean. If only the router knows about the VLANs, how is the switch going to handle them? And yes, SwOS will do VLANs as well.
I would put the NAS and your workstation in the same VLAN, because otherwise yes, you’ll be bottlenecked by the external router, or the routing capabilities of your switch, if you use that for inter-VLAN routing.
With MT gear, it’s still ‘Switch when you can, route when you must’, unless you have a) a very powerful external router (CCR2004 or CCR1036 and the like) or b) a CRS317 with ROS7beta8 and L3 offloading enabled.
Sorry, my question wasn’t clear.
Let’s say, I have a RB4011iGS+RM and a CSS326-24G-2S+RM.
The Nas and the Workstation are on the 2 10G Ports of the CSS326-24G-2S+RM and the RB4011iGS+RM is connected via one of the 1G Ports.
I want the NAS and Workstation to be on different vlans and subnets, that have rules between them.
In this case all traffic has to be routed over the RB, if I remember correctly, therefore creating a bottleneck.
Now if I buy a CRS326-24G-2S+RM, could that route between the subnets ? And would I need RouterOS for this ?
Is the CRS326-24G-2S+RM powerful enough to route 10G ?
Yes, if you have a CSS326 it will handle VLANs, but it will not route between them; it’s an L2 switch only. A CRS326 will (when running RouterOS), but it’s not powerful enough to route 10G. Not by a long shot. The RB4011 comes closer, if you make a 10G router-on-a-stick out of it.
But in essence it’s simple: don’t put 10G devices in different VLANs unless you absolutely must, and can live with less than 10G performance between them. In MT land, 10G L2 switching is cheap. 10G L3 routing is not (although the RB4011 is very fast for the price, and so is the CCR2004).
The only exception is the CRS317 with RouterOS 7.0beta8. That can route as fast as it can switch, if simple routing is all you need (but no firewall!).
Ok thanks for the help, I will have to redo some planing for my network, but that is ok.
just in theory, does the CCR2004 have enough CPU to handle a Firewall between 2 Vlans at 10G ?
Or if I were to buy a CRS305-1G-4S+IN, then connect the NAS, the Workstation and the RB4011 to it.
Then it would still need to router over the RB4011, but now with a 10G uplink, could that work ?
Will RouterOS 7.0beta8 eventually come to more switches when it comes out of beta, or is this functionality limited to that switch.
Also a little bit off topic, but do you expect any other vendor to manage what I want ?
I am fairly new in networking and wanted to build on Mikrotik because it is always praised for it’s quality especially regarding the price.
But I could also imagine for example, using a PFSense Build with a Mikrotik Switch, or other hardware alltogether.
Thanks for the help 
Shadow
The CCR2004 probably comes close enough in practice, assuming your firewall is simple: https://mikrotik.com/product/ccr2004_1g_12s_2xs#fndtn-testresults
Connecting everything with 10G on a CRS305 will still limit you to the routing performance of the RB4011, and it won’t do full 10G, as you can see in the test results I linked to earlier.
I expect the L3 hardware offloading to come to other switches in the CRS3xx line in the future, as they all use a member of the same switching ASIC family (Marvell PresteraDX), but I know no more than you do. For now only the 317 has it.
I don’t know of any switch/router vendor in MT’s price range that even comes close to what MT offers in that regard. If you really must have 10G with all the bells and whistles, you could look at the CHR and toss enough hardware at it. More or less what you would do with PfSense, but within the MT ecosystem.
What about a simple policy like
Server Vlan → Lan = Drop
Lan → Server Vlan = Accept
Is it possible to do that on a L3 Switch ?
Or will that also bottleneck ?
Any IP handling, even the simplest, will drop performance of MT L3 switch to almost nothing. As soon as main CPU gets involved (and it gets when L3 comes into play), it’s slow CPU, not wirespeed switch, that is handling the traffic.
Simple switch handling can not perform what you want because router has to track connections to know which packet from server to client is allowed (belongs to connection initiated by client) and which is not allowed (server-initiated connections).
Ok thanks for the help then 