Hi all…
This is a classic question but I need professional answer
assume I have range public IPs like 155.254.153.xx/27 and need a best Mikrotik hardware (with 24 or 10 ports like RB2011 or CRS125-24G-1S-IN) and best configuration to distribute the service with these IPs to clients without any NAT or routing. but with these conditions :-
We have to sign an IP for that hardware to be accessible from out of our network for monitoring.
Is it possible to limit each port for xMb upload and yMb download ?
For security reason it may be required to sign for each port a mic address and only that mac address for that hardware (laptop, desktop) which is connected to can use or access the service.
we going to use it for 300Mb-350Mb throughput.
we need configuration with minimum hardware resources uses .
thanks for your help and effort for this issue and your suggestions are appreciated.
Regards
These devices will not be enough for such throughput when you start using more firewall rules. If you will be switching or bridging with fastpath, both will handle it.
Thanks Jarda for your suggestion .
So you think I must use core36 router for such simple needs . and I am going to do that by bridge ports
I think this is slow and make every thing goes to use more CPU
is there nay other suggestions please I will make diagram below to make it more simple
155.254.153.xx/27 155.254.153.1 / ------> router with IP 155.254.153.4
ISP-----------------> Mikrotik Hardware| ------> server1 with IP 155.254.153.2
------> server2 with IP 155.254.153.3
we have maybe ten servers and real IPs so we need best hardware and best configuration to control the bandwidth of each IP or port and to monitor the main switch to find how much each port is band uses
hope to get more help and example
regards
Well, maybe 36 core tilera is too much but I would go by some of the cheaper CCRs. Wait some time, you will surely get more advices here. If not, try the 2011. If it will be enough, then fine. If not, upgrade to CCR and use 2011 in some other way.
I understand now that you will use queues for limiting the traffic, surely some dozens of firewall rules (depends on how simple-complicated they will be) and you want to be sure to pass 350Mbps. If so, then CCR1009 will be your vote. If you will definitelly want to have connected 10 devices separatelly to their own routed ports (and not to use CCR1009 with some switch), you need the CCR1016:
How did you mean “the configuration for CCRs switch”?
You before wrote “no nat, no routing”. Are you sure? In case of no nat, no routing, no firewall and no queues, you can use whatever “smart” switch, I guess… But there is no security for your servers…
I am really not sure, how are you planning to organize your network.