Is there any difference if I connect the 1 Gbps ISP cable to eth1 instead of eth2?
1 Like
Always prefer to connect to port that is not connected directly to CPU, so in this case Ether8 is better sollution, because WAN connections always will make more load id is connected directly to CPU.
I doubt that there will be much difference. The L009 doesn't have the CPU resources for 1Gbps (at least not with 25 firwall rules and 512 byte packets).
As far as what @deanMK posted, I would like to see some evidence for the assertion "WAN connections always will make more load id is connected directly to CPU."
If that's the interface connected to the ISP and the L009 is being used as a router and not a distrubution switch for multiple ips in a block, I don't see how going through the CPU can be avoided. Are you saying that the CPU doesn't have an ethernet controller to offload mac address recognition, CRC computions for FCS, etc? I find that hard to believe.
1 Like
Ignoring SFP, make your choice:
Case 1: Internal NAT network
Any proof of this or is based on nothing?
Hint of some Artificial Deficiency?
Case 2: Public IPs passing to internal machines that don't need to be filtered.
Obviously WAN must go on ether2..8 and ether1 used as MGMT.
Case 3: WLANs passing to other internal machines that don't need to be filtered.
Obviously WAN must go on ether2..8 and ether1 used as MGMT.
Whatever happens, if someone has a fiber connection, they put the WAN on the SFP...
I am not understanding, on the L009 the SFP Is connected to the switch chip, just like ethernet 2-8, it looks to me like the opposite of case #1.
At the start...
In this topic, SFP is ignored, because probably the user do not have SFP module or fiber connection, but just one RJ45 cable...
Obviously, if someone has an SFP module for the fiber connection, they'll use the SFP.
But if someone has a WAN connection without internal public IPs or pass-through VLANs, or anything similar,
it's pointless (but not forbidden) to use ether2...8, as all traffic will need to be NATted regardless.
In fact, to avoid double-passing through the internal switch, ether1 is the logical port for connecting the WAN.
1 Like
Yep, the concepts remain the same.
When routing/natting packets that needs to get through the CPU would probably be faster if WAN is on a Port directly connected to CPU, provided that the internal connection Is fast, but this latter may not always be the case.
And there are "spot exceptions" with some devices and certain Ros versions, like It happened recently with the new hex and hex s, which - until the OS (and/or drivers/whatever) were changed - did sport a much slower routing with WAN on ether1.
My view:
any port which takes part in managed switch config, should be on switch chip in order to benefit from HW offloading.
Since for most ISP connection is not in a managed switch context, it's logical to use (for L009) ether1 which goes directly to CPU.
All other ports can then benefit from HW offloading (again, IF used in managed switch context).
Hex Refresh and Hex S 2025 were subject to bugs right after release. That problem has indeed been solved a while ago.
1 Like
With this entry level router... No difference
There will be no difference when you do not use ether1 at all, or when it is used for something like management.
As soon as you put ether1 in the bridge (and take ether8 out and use it as WAN) you will actually make things WORSE.
The default config for this device is to use ether1 as WAN and the other ports as LAN.
Wan on 90% use cases use cpu. So directly connected or not.... It's the same.
You can choose one and change after and you'll see.
If you need more performance, go to rb5009. L009 is a good way for just fews rules and not enough routing (Soho) with small internet connection.
1 Like
@pe1chl
I don't think that things are so clear-cut as you seem to depict them.
The "channel" between the CPU and the Switch chip is (according to block diagram) a 2.5 Gb/s (please read as 2.5x the speed of the 1 Gb/s one connecting ether1 to the CPU), and - as rextended posted - the "normal" configuration, if WAN is SFP, is to use the one and only SFP port (that is connected directly to the Switrch chip and thus is connected to the CPU through the same 2.5 Gb/s link).
The 1 Gb/s of any "other" port is connected to the CPU through this 2.5 Gb/s link.
If there was such a penalty when using (say) ether8 as WAN, this same penalty would be applied to the SFP port.
In any case the actual throughput of the device is lower than what would be saturating the 1 Gb/s of the ethernet port, if we use the normally used reference of 25 rules, 512 b packet, it is:
Routing 25 Filter rules 323.6 Mbps
even with fasttrack or whatever other acceleration enabled, it won't probably exceed, in good days, with strong tailwind, 600-700 Mbps, maybe 800.
So, as I see it, using any of ether2-8 as WAN likely won't change much unless - at the same time - the switch chip is saturated by LAN traffic (but if this is the case, this would also be true is SFP is WAN).
1 Like
The issue I tried to highlight is that when you make a bridge with both the single port and the link to the switch, you now task the CPU with maintaining a host table (MAC address table) to know which traffic to send to which bridge port. When you have a bridge with only a single physical port, it does not have to do that and can send all traffic to the port without a lookup. That is “bridge fast forward”.
That I why I wrote it will be worse when you still use ether1. When it is unused or at least not put in the bridge, it will not be different.
When ether1 is the WAN port this issue does not occur either, because the decision to use ether1 or bridge is determined by routing.
Indeed, this device is less optimal when SFP is used as WAN port. You could use it to link to another switch without that penalty.
Yep, but OP has a 1 Gb/s ethernet WAN connection.
There are three ways (in theory) that it could be connected to the L009:
- "normally" to ether1.
- "differently" to any of ether2-8.
- "alternatively" to a SFP 1 Gb copper ethernet module in the SFP cage.
The "real" answer is that the L009 is simply not capable of fully use a 1 Gb/s internet connection, as in any of the three ways above will max out at a lower speed than what actually the ISP provides.
But once set that aside (and the OP needing to get a beefier router like the RB5009 to use fully the available speed on the ISP 1 Gb/s conneection) what differences would there be on a "more adequate to the L009 capabilities" slower connection?
Let's say with a 300 Mb/s one?
Will there be any performance difference using any of the three available connection modes?
Probably not in any case, but particularly, in cases #2 and #3, if you use the ether1 port as management port (please read as not part of either LAN or WAN), there won't be a noiticeable difference.
1 Like
The question was “Is there any difference if I connect the 1 Gbps ISP cable to eth1 instead of eth2?” (and in the subject it says eth8 instead of eth2, but that doesn’t matter).
The answer is like what I said: it would be slower when ether1 is then put in the bridge.
I have not noticed a question like “Is it advisable to use my L009 for a 1Gbps internet connection”, the answer would probably be no, but that also depends on usage and expectations.
This topic has a lot of responses for a question similar to "which is better, a hammer or a screwdriver" without specifying what the tool will be used for.
If the traffic is routed (as would be the "normal" case for a connection to an ISP) then the traffic is going to have to go through the CPU (at least on the L009). In that case, then I would guess that using ether1 would be better. (but under most conditions, I would not expect there to be much difference, in other words I don't think users would notice a difference one way or the other).
Reason: There is a separate data path for the traffic between the ISP and the CPU. If going through the switch, it becomes a "Router on a stick", and all traffic must share the link between the CPU and the switch (although it has a bigger 2.5 Gbps pipe). About the only time that the 2.5Gb link would be a bottleneck is if there was a lot of inter-vlan routing being done, and in that case, I think the CPU would be the bottleneck before the 2.5 Gbps link, that's the reason I don't think there would be a significant difference.
If there is L2 switching traffic within the same (v)lan and no routing is being done, then it would definitely be better to use two ports directly connected to the switch, since in that case all intra-vlan traffic would be handled by the switch ASIC and have minimal effect on CPU utilization, compared to adding ether1 to the bridge. I think this was pe1chl's position. But for a connection from an ISP, I don't think that would normally apply (unless as rextendened mentioned, as a distribution switch for interal pubilc ips, or pass-through vlans).
So the answer is dependent upon "is there routing/natting/firewall/vpn involved or not?".
But until evidence for the answer posted by deanMK is provided, I am not convinced that is true. Yes, there are special cases where implementations are broken, and need a switch between to rectify (like the "spot exceptions" mentioned by jaclaz).
If we put aside CPU in L009 being unable to keeep up with 1Gbps WAN, the difference between using CPU-connected port for WAN and switch-connected port for WAN is in utilization of CPU-switch interconnect.
In case when WAN us on switch-connected port, every packet has to pass the interconnect two times (once for LAN-routing engine leg and once for WAN-routing engine leg). If everyting was up to 1Gbps full duplex, this means 2Gbps full duplex on interconnect. If interconnect is 2.5Gbps full duplex, this leaves 500Mbps for any other traffic which has to be handled by CPU (e.g. ROSE or WiFi).
In case when WAN port is on CPU-connected port, every packet passes the CPU-switch interconnect only once (on LAN-routing engine leg) and leaves 1.5Gbps full duplex to other CPU-handled traffic.
The above really only fully applies when CPU is capable of handling lots of traffic ... which in case of low-end devices (such as L009) is clearly not the case. But might be true for mid- and high-end devices (such as 5009 ... which doesn't have any CPU connected ports so it's a completely different beast).
So when considering which is the best option, it's necessary to consider actual device performance and block diagram ... or go with MT defaults for sake of simplicity.
1 Like