I have a CCR2004-1G-12S+2XS that I started testing. However, I didn’t realize when I bough it but it seems there are no features supported directly in the hardware switching on this device. The Mikrotik documentation for switch chips reports nothing is available on the ASIC and apparently all is done on the CPU. Is that correct?
Report showing features available says (under 98PX1012 chip):
Port switching: No
Port Mirroring: No
TX limit: No
RX limit: No
Host table: No
Vlan table: No
Rule table: No
I’m looking for a 10G switch that can do VLAN functions (pull off provider tag, change incoming tags when necessary) at wire speed. If this is not a good model, what would be the best model to accomplish this that has 8 or more 10G ports? What switch chip is in CRS326-24S+2Q+RM?
basically all traffic between interfaces must go through the cpu/soc
I dont see a big problem with this because the previous device this router try to replace (ccr1016-12s-1s+) does not have any hardware acceleration
in fact except for the infamous ccr1009-8g series no CCR10xx had any hardware acceleration using switching chip o any other asic
CCR2004-1G-12S+2XS was the first ccr2xxx but i think is a niche product fitted to replace (ccr1016-12s-1s+) because of that does not share the newer models tendency to integrate switch asics
You bought router which happens to have 2x 25Gbps ports (and some others). Official test results tell that thing can route at speeds between 5Gbps and 20Gbps depending on amount of config. Which is fine if you want to use thing as “router on a stick” … and with MSRP of around $600 price of “surplus” 1Gbps RJ45 ports is negligible. If you want to use the thing as router between multiple gigabit networks, each connected to distinct port, then you have necessary ports … and cumulative routing speed is still adequate.
However, if you want to use the thing as “typical bridge”, then … sorry, you chose wrong device. “typical bridge” is a switch, and MT calls those “CRSxxx”. There are a few switches which have multiple 25/40/100 Gbps ports and can do “typical bridge” at wire speed.
The 12 SFP+ model has two 25G and 12 SFP+ ports, all of which traverse the CPU. I did find the 25G ports use less CPU than the 10G ports, and was able to get 20Gbps full duplex with practically no configuration, both routing and bridging (FastPath for both). Its sweet spot is really for routing 3-5Gbps between a bunch of multigig legs of the network (using more than 1Gbps but not a full 10), especially bursty traffic. I have a pair acting as redundant edge aggregation routers prior to feeding the traffic to a CGNAT box.
The other model has two 10G ports and two switch chips for 8x 1GBE ports. Similar throughput limitations due to CPU, but at least your devices can talk at Layer 2 at wire speed on the gigabit ports. A lot of providers use them as edge routers feeding a couple hundred customers at a site.
the test results state that with 25 ip rules it still gets around 14gbps. has your experience really been closer to 3-5?
i’m kind of considering this device (the CCR2004-1G-12S+2XS) for, as the name suggests, a core router. it will be at a sub-site edge, connecting multiple sub-sites in a large site together at, hopefully, more that 3-5 gbps. it will be doing a lot of vxlan, which at present is cpu-bound anyway in mikrotik land. a few extra thoughts from someone who’s used it a lot would be nice
Don’t. You’ll be disappointed, especially if you add VXLAN tagging/tunneling. The 2004’s CPU is too weak to handle it.
I originally had 2004’s doing my border BGP routing, and I could not get them to reliably push much over 3Gbps when under load with 300+ subscribers. As soon as I upgraded to 2116’s, the difference was amazing. Plus, the 2116’s have L3HW offload available to help the CPU’s with anything MikroTik can get the ASICs to do.
If you’re adding VXLANs to the mix, you’ll definitely want 2116’s. The 2004 as a branch router (one site) will be fine, but don’t set your heart on anything much over 5Gbps.
do you think mikrotik will get their switching asics to help process vxlan encap/decap in the near future? (on their l3hw capable models of course) especially with inter-vni route advertisement using evpn? if that’s the case, the need for large cpu’s would be dramatically reduced, in favor of distributed anycast processed by the switching asics.
that’s basically all my decision is hinging on at this point.
asic based vxlan would make our network completely l3 asic-routed, up to the nat routers, which already have fast-track. it would be the stuff
anyway. thank you for your time and insight; we’ll go 2116’s for now and try not to be too annoyed that one of their most powerful routers is stuffed with 1gbe interfaces
There is a world of difference between the ccr2004 and the ccr2116. If you’re considering that hw offload may be useful, then there’s really no decision to be made: the ccr2116 may be able to do what you want, the ccr2004 will never be able to.
I know it’s really easy to be cavalier with other people’s money, but if you have the slightest doubt that a 2004 will be enough, I’d definitely go for a 2116.
Mikrotik has been working on both the EVPN (as in routing protocol) side of things and on vxlan offload. I’ve not really experimented with these features in any significant way, but they seem to be coming along. How quickly and in what order it will progress is anyone’s guess.
