RDS2216 – uses the same AL73400 ASIC, comes with 32 GB RAM (vs. 16 GB on the CCR2216), supports Docker containers and can double as a NAS, and is cheaper overall.
Questions
Can the RDS2216 be configured as a secure, full‑capability router that connects directly to the ISP’s 25 Gbit/s fiber link?
If it can, what drawbacks (if any) does it have compared to the CCR2216?
Could anyone point me to a reliable configuration guide for setting up the RDS2216 as a straight‑through ISP router? I haven’t found detailed steps on the forums.
Loosely, real world speed that can be achieved (and then in some cases further sped up) is the 512 byte packet speed with 25 firewall rules given in test results.
For the rds:
Thanks @jaclaz, for breaking down the Mikrotik Ethernet test results and explaining what “25 IP filter rules” mean in practice for different packet sizes (1518 B, 512 B, 64 B). Your links to the discussion are very helpful for anyone jumping on this post (I should have brought them), many thanks!
I’d appreciate any additional input from other experts on this topic, many thanks everyone!
To be fair, the correlation between the speed in tests 512 bytes/25 firewall rules and real life speed has nothing "scientific" It has only been observed that on many devices these values are similar enough.
I consider It like how you would measure if socks are the right size by wrapping one of them around your closed fist.
When you want to achieve that kind of speeds, it is best to be able to run L3 offloading.
Of course that comes with limitations, which could depend both on the type of switch chip (which is different between those two routers) but also on the type of usage.
I guess when using the routers as a home router with NAT and maybe VPN, you will quickly hit some snag that prohibits the use of L3 offloading on the internet connection… but you never know, maybe it works. In that case you would get speeds similar to switching speed rather than routing speed, at least for connections that transfer quite some data.
Init7 uses PPPoE, no? Then in that case, none of the Mikrotik options available today are viable for 25Gbps internet connectivity due to PPPoE being neither hardware offload capable nor multithreaded (someone please chime in if this has changed in the last few months).
According to their site, the default config they ask you to install on the CCR2004 12S+ (which they recommend and possibly even sell with the 10- and 25Gbps service) uses DHCP on the WAN interface (they put sfp28-2 into its own bridge called “wan”).
The most I’ve been able to pull through that 2004 model is 19Gbps with fastpath/fasttrack (zero firewall or NAT rules, just straight bridging or routing).
Most ISP’s offering that much bandwidth know that virtually nothing on the Internet is going to feed you much over 500+Mbps (except speed tests). I have a 10Gbps enterprise circuit to my place and rarely get anything from large CDN’s to exceed 500Mbps. Crumb, even with 750 customers (that’s households, so imagine 1500-2500 people) on my network, we don’t use much more than 5Gbps at night. So 25 or 10Gbps to the home is a money grab.
That said, yes, the RDS2216 should be able to handle that throughput. Exactly how will be determined by your configuration, especially firewall/NAT rules.
For L3HW-assisted NAT to work, all LAN (internal) ports will need to be in the same bridge (I don’t think the WAN port needs to be in the bridge, but it might, just on its own VLAN). You’d configure your VLANs and other IP settings accordingly, then under Switch L3HW settings, you’d enable L3HW offload for all LAN ports (and not the WAN port).
I haven’t gotten it to work reliably on my CCR2116’s, but that’s because I have WAN+LAN VLANs on a couple of the ports and it gets wonky after a few minutes. Even without L3HW offload, I get 10Gbps reliably on the CCR2116 with ample CPU room to spare.
L3HW offload – the routing ASIC (AL73400) is identical, so the theoretical L3HW offload ceiling (~190 Gbps for “25 ip filter rules (Fasttrack L3HW)” with 512 bytes) is the same. In practice, the limiting factor seems to be the firewall / NAT rule set (or VPN). In practice, the limiting factor is the firewall/NAT rule set (or VPN) that forces packets out of the ASIC fast‑path and onto the CPU. Has anyone measured a noticeable drop‑off on the RDS when you enable a modest NAT plus a few firewall rules or a VPN tunnel (WireGuard)?
Feature trade‑offs – the RDS adds Docker/NAS and 32 GB RAM, which is great for storage or container workloads but can introduce extra background CPU load. The CCR is a “pure” router with 16 GB RAM and no extra services enabled by default. Since the RDS bundles Docker/NAS capabilities, does that add any overhead that could interfere with sustained L3HW performance, especially when the NICs are saturated?
Energy consumption & noise – both units are 1U rack‑mount chassis with dual hot‑swap power supplies, but I’ve seen references suggesting the RDS‑2216 typically draws ≈ 120 W (idle) and up to ≈ 180 W under full load, while the CCR‑2216 is a bit lower at ≈ 100 W idle and ≈ 150 W peak. Because the RDS packs 20 U.2 NVMe bays and extra fans for cooling the storage, it might generate slightly more acoustic noise (around 38 dBA at full fan speed) compared with the CCR’s quieter 34 dBA. For an apartment‑friendly setup, the CCR‑2216 could be marginally cheaper on electricity and quieter, but the difference feels modest. Does anyone have measured power‑draw or noise‑level data to confirm these figures?
If anyone has actual throughput numbers (e.g., 25 Gbps DHCP with 10–25 firewall rules, with or without a light OpenVPN tunnel) on both platforms, that would settle whether the RDS truly matches the CCR in a typical home‑gateway scenario.
Hey @ThrowMeAwayDaddy, you raise a valid concern about PPPoE being a hard limit for 25 Gbps on MikroTik gear. The nuance here is that Init7’s 25 Gbps tier (Fiber 7‑X2) is not delivered over PPPoE - it uses plain DHCP on the WAN side:
Hybrid 7 (P2P/P2MP) and Copper 7 – These Ethernet‑based services are delivered via PPPoE with RADIUS https://www.init7.net/en/internet/hardware/. Their router‑information page also lists PPPoE as a supported WAN protocol for those products.
Hey @sirbryan, many thanks for the detailed rundown and for sharing your experience - it’s really helpful.
A couple of quick follow‑ups that tie back to the core question of this post, could RDS2216replaceCCR2216as a stateful 25 Gbps router:
You mentioned the CCR2116 became “wonky” after a few minutes when you had WAN + LAN VLANs on a couple of ports. Could you elaborate on what symptoms you saw (e.g., packet loss, latency spikes, CPU spikes)? Was the issue tied to the VLAN configuration itself, or to the lack of L3HW offload on those ports? Why not more than 10 Gbps if you had ample CPU to spare?
In the same paragraph you note that even without L3HW offload you got a stable 10 Gbps on the CCR2116. Was that test run with the Init7 DHCP‑WAN configuration (plain Ethernet) you described earlier, or with a different ISP setup? If it was the DHCP‑WAN case, do you expect the CCR2216 to behave similarly (or better) when pushed to a full 25 Gbps link, assuming the same modest firewall/NAT rules?
Your insights on those points would help us gauge whether the CCR2216 can reliably handle a 25 Gbps DHCP‑WAN scenario, and how that compares to the RDS2216’s capabilities.
They are the same processor. The RDS has twice the RAM of the CCR. The CCR has more switching capacity, but for your needs that’s unnecessary.
It was more like NAT just didn’t work when L3HW offload was enabled. The docs give examples of enabling L3HW offload on all the LAN ports and leaving it off on the WAN port. In my case, the WAN interface was a VLAN that was tagged to an LACP-bonded interface. Enabling offload on those ports broke NAT (traffic has to hit the CPU for it to know what to track). Disabling it meant that we’re running on the CPU anyway, so that’s where it is today. I route 10Gbps through it easily, though, with 50% to spare (or so), so it’s no big deal.
The CCR2116 only has 10Gbps interfaces, and at the time I played with it, I didn’t have any 25-40Gbps gear in the lab.
I am the ISP (my business is the ISP and I use it to feed my own home). I have an Ookla Speedtest.net server hosted in a datacenter, with a dedicated 10Gbps connection from the DC to my house. From my desktop I can get around 8Gbps bidirectional between the two computers. On the routers, I can generate ~9.7 of UDP traffic both ways. I have a number of 2116’s at my home and at the data center.
Whether assigned statically or via DHCP, the router’s performance will be the same. DHCP is just how your WAN IP address is assigned.
Routing performance depends on how much you’re pushing through the CPU. MikroTIk’s spec sheets say to expect 11-16Gbps of routing or bridging through the CPU with 25 firewall filters rules. I think I have roughly that number of rules, so the 10Gbps I see is within spec.
If you set aside one 25Gbps port on the 2216 as your WAN interface (with DHCP enabled) facing Init7, leaving L3HW offload disabled on that port, then put all the other ports into a bridge, enable L3HW offload on all ports and on the switch itself, their specs say you should be able to hit 25Gbps (they claim 189Gbps) with roughly 25 ip filter rules.
I personally don’t have a way to test that in my lab yet.
Thanks a lot @sirbryan for following up! Great insight.
Actually, I thought you were only talking about the CCR2216 (the topic of the post, which can handle my SPF28 optics to the ISP and achieve a 25 Gbps link), but if I understand you correctly, in your tests you also mentioned the CCR2116 (a router that can’t make a 25 Gbps link with the ISP because its fastest ports are SFP+ / 10 Gbps). Or is it a typo? I did also the typo in my first response to you, sorry if it brought confusion!
Most of my experience is with L3HW offload on CCR2116’s and CRS300 series switches. It works very well, and they do get full line speed.
I have an RDS2216 in my server lab and a CRS520. I just haven’t had the time to connect things up in a manner that would allow me to test/verify the RDS2216’s L3HW NAT behavior.
Because the CCR2116, CCR2216, and RDS2216 all share the same processor, RAM (16GB or more), and Marvell chipsets, I expect my experience with the 2116’s to be similar to what one would expect with the 2216’s.
Not Mikrotik hardware but if you are struggling for CPU power then a CHR instance is an option
I have a cluster of Minisforum MS01 running proxmox and they are absolutely phenomenal little performers. Can add a 25gbe or 100gbe NIC to the PCI-E port
To give you a somewhat relative speed comparison I ran btest to 127.0.0.1 TCP with a single connection and a CCR2004 achieves about 8gbps, the MS01 is 60gbps
This is not real-world routing performance but it gives you an idea of relative per-core performance. Obviously it's not as simple as slotting a physical router in place and you need to get familiar with virtualisation and the server side of things but if your goal is extremely high performance and still leveraging RouterOS then CHR is the way to go