I have a ccr2004-1G-12S+2XS with a Marvell-98PX1012 switch chip that doesn’t offer hw-offloading.
I therefore struggle with 25G performance (< 16gbps inter-vlan) atm and looking for a solution.
It seems like the CCR2004 (the 2XS version with the SFP28 ports) is not capabable of reaching line speed for inter-vlan routing.
Any objections?
Currently I only have 10gbps WAN, but will be able to upgrade to 25gbps symmetrical. All servers have dual 25g NICs.Other equipment uses 10g NICs (all fiber, no copper).
I can’t justify to pay 3000$ for a Mikrotik CCR2216-1G-12XS-2XQ (that’s the only router with >= 25g connectivity).
Would a CRS504 (or more likely a CRS510) be able to solve my issues or is there an alternative?
The WAN part will most likely still be a problem as the CCR2004 doesn’t seem to be capabable of reaching LAN to WAN linespeed.
As long as it’s plain routing without firewalling, then any switch with L3HW capability will be able to “route” at wire speed. Whatever that speed might be. As soon as
one starts with firewall, then things get messy … some devices can L3HW fasttracked connections (part of firewalling functionality), some can’t.
Likely yes … your device is realistically capable of routing at around 5Gbps - give or take, but almost definitely not at 25Gbps.
Concur, you bought a router that for all intensive purposes will be able to route from WAN to LAN maxing out around 5gbps real world.
I do note that just bridging and just routing with no other rules in play is around 25gbps.
What is not clear to me is what happens on the switching side.
a. etherportX -25gb to etherportY -25gb SAME VLAN speed= probably close to 25gigs
b. etherportX -25gb to etherportY -25gb VLANA to VLANB speed= probably close to 5gigs
Hope that makes sense.
In every case, if you are crossing vlans then you hit layer 3 firewall rules and wirespeed is thrown out the window ( in general ).
If you are getting throughputs, higher than those predicted by official test results (with common sense applied), then consider yourself lucky.
Check official L3HW offload docs. It seems that on CRS5xx it is possible to offload fasttracked traffic, so the above should be doable using firewall filter rules (no need to resort to ACLs). Note that ROS doesn’t support fasttrack in IPv6 …
Personally I’d keep a proper router/firewall as edge device of my LAN. For one that’s needed if NAT is required (I’m pretty sure NAT can’t be offloaded to hardware). So L3 switch by Mikrotik is quite useful for intra-LAN (inter-VLAN) traffic where one perhaps needs a bit less granularity from firewall … and only a few basic functions. But for internet-facing device I’d rely on full-blown firewall … in MT world this means something run by CPU/OS, not by switch ASICs.
And where I live, even 10Gbps WAN (not to mention symmetrical 25Gbps) is not considered as low-to-mid level market, which in reality is covered by MT devices.