Currently we are using several X86 systems to operate a VPN service, offering PPTP, OVPN and SSTP connections, all operating on the mikrotik servers.
We are considering trying the new cloud core router and have a few questions about it.
Would you recommend this product for other than routing duty? Such as this VPN appliance, Layer7 firewall or as webproxy?
Could you be more specific with the “high speed encryption engine”? Would it be able to accelerate the AES traffic with OVPN and SSTP connections?
Thank you for your answer.
I was under the impression that CCR is already available, since my distributor is sending ads and accepting orders.
Yes, you are making a valid case with the testing and I guess I’ll do that.
I would expect CCR to outperform any x86 system for VPN because of the greater number of powerful cores. It will probably handle more concurrent VPNs than a regular x86 server.
Haven’t had much time to sit and test Beta ROS’s , but what’s the choice or flexibility of the vpn’s in R6 ? Is OVPN still just tcp based and compressionless ? I’m not a big ipsec guy in general , but I take it it’s still the vpn of choice on the mtk side ?
I was halfway writing the network specs when I thought maybe all this does not interest you and will not add to give an opinion Let me redo it again!
The server a CCR would exchange is an i7-2600 with 4Gb memo, in a datacenter with 1Gbit domestic and 100Mbit international ethernet. Currently there is an avarage of 130 VPN connection to this server with an average of 400/400Mbit TCP transfer. This is all from the VPN client-to/from-internet, as this is a service similar to hidemyass or strongvpn. The VPN connections are mostly OVPN with some PPTP and SSTP. Currently there seems to be a hard cap at 550/550Mbit, but most likely it is due to the lower-class intel NIC.
The aim of the upgrade to CCR is to provide connection for at least double this amount of users and bandwidth. It would also be extended with the role of router for the cloud services offered through the VPN. If this is possible I consider the $1000 a bargain.
Too bad the OVPN support is halted at Mikrotik, but I have to admit the current implementation is working fine for me. The only thing lacking, and will be with CCR too, is the encryption acceleration you mentioned. AES-NI would be nice with even this rig I have now.
I am using ROS6 for testing in a few 'tik devices, it seems we have the very same VPN options as in ROS5. No upgrades for OVPN but CA role has been hinted to be implemented very soon. As for VPN of choice, they are putting a great work into SSTP, and is already stable now.
generally 36-core model performing about 2Gbps on high-load/demanding customers/nodes[high number of tiny packets, high ppc, usual for p2p and other stuff], connecting, ie quite suitable to connect end-customers to CCR.
for backbone, i guess, MikroTik will release something MORE powerful over time[Tilera anounced creating chips with cores number up to thousand !! imagine THAT !].
basically CCR had nearly SMB hardware pricing, so anyone without serious holes in pockets can install it even at home and quite enjoy it, for sure, but i suppose/hope, that MT release something like “CCR LE” for that market.
Thanks for the update!
I’m still waiting a bit to see mostly positive comments on the forum
My main concern is still if the OVPN will work properly on CCR. I mean there will be no acceleration for OVPN even if using AES, and CCR has lower CPU clock, but many cores - how will ROS handle distributing the load.
Let me redo it again!