Hap ac2 vs. Hex S

schumagal · June 26, 2018, 1:54pm

Hello,

May anyone of you know which device has the better performance? Hap ac2 or Hex S?

I want do to some layer7 filtering and ipsec connections to other routers over the internet.

I already have the hap ac. But as i have seen, when i use layer7 filter, cpu load increases significantly.

Thank you in advance!

samsung172 · June 26, 2018, 6:21pm

https://mikrotik.com/product/hex_s#fndtn-testresults

https://mikrotik.com/product/hap_ac2#fndtn-testresults

Compare this.

schumagal · June 26, 2018, 7:51pm

Thank you!

So that means hap ac2 is faster, great

vecernik87 · June 27, 2018, 1:23am

Firstly, I would suggest to make sure if you really need Layer7 filtering (actually, if you have time, watch the whole presentation, One of best I have seen about Mikrotik basic config. Revised version include info about TLS filtering from ROS 6.41 but has slightly different topics)

Now back to the discussion about of speed:
Despite being true that hAP ac^2 is probably faster, I would advise against using published test results as simple comparison, without detailed understanding of the performance.

There may be hidden limitations due to internal wiring - please always inspect block diagram.
For example Hex S: https://i.mt.lv/routerboard/files/RB760iGS-esw-180517144516.png / https://i.mt.lv/routerboard/files/RB760iGS-dsw-180517144423.png

if you use SFP, you will limit all Eth ports to shared 1Gbit line to CPU.
if you don’t use switch, Ethernet ports 1, 3 and 5 share same 1Gbit line (while 2 and 4 share second line). Simple decision of using Eth1 or Eth2 can have significant impact on the performance.
if you use switch but you have for example Eth1 as WAN (therefore not switched), you will end up with 1Gbit line for Eth1 and shared 1Gbit line for Eth 2,3,4 and 5.

On the other hand, Hex S might have better performance in some specific tasks due to its larger memory. It also has advantage of microSD card, which can store logs/data/Dude database etc…

Fortunately hAP ac^2 does not seem to have this limitations: https://i.mt.lv/routerboard/files/RBD52G-5HacD2HnD-TC-180326082323.png
All ports go directly to switch and then through shared 2Gbit line to CPU. Unless this diagram is untrue, I find this design much better.

I personally also ended up with hAP ac^2 due to it’s universality. Instead of buying dedicated router and dedicated AP, I have simply bunch of hAP devices which can do everything with pretty good speed.

ps: secret info - some of hAP ac^2 actually have 256MB of RAM (233MB available) which is double of official specs! You might find yourself lucky like me.

schumagal · June 27, 2018, 7:35pm

Hi,

thank you for your response.
I think i will go for hap ac2, because i do not need sfp port and also i do not need poe.
According to the block diagram it also seems that hap ac2 is more powerful for router only purpose.

Btw: i changed from layer 7 filter to content filter in mangle rule. In combination with adress list uses much less cpu and until now it seems to work correctly

I will take a llok the presentations, may i will see some improvements which i can try to do.

chechito · June 27, 2018, 7:45pm

i think the proper comparison is rb750gr3 (without sfp) vs hap ac2

only advantage of rb750gr3 is amount of ram memory

but this advantage only will be useful in specific scenarios with more demand of RAM than CPU processing power this scenario will need to had this characteristics:
many users
many simple queues
many tcp/ip connections
the dude running
not too much traffic

in that specific scenario you can take advantage of that amount of ram before cpu resources will be your bottle-neck.

but in any other scenario cpu processing power will be the main bottle-neck, in that cases hap ac2 will outperform rb750gr3

and the plus of dual band concurrent wifi radios make it a more versatile device

I think that in some years we can expect a new iteration of RB750g with the same CPU seen in hAP ac2 for 60us (but without wifi), for a while I think that mikrotik will not launch it because it will cannibalize the rb450gx4

lapsio · August 2, 2018, 7:41am

It’s also worth to mention that hEX series has crappy switch chip while hAP ac2 has pretty decent one with VLANs support and stuff so you can also repurpose your device as managed L2 wire-speed switch. For me it was big deal as I wanted to loop traffic through IPS and ROS has issues with software bridging the same connection twice, so the only way was to make traffic “invisible” for ROS after it reaches IPS using switch chip vlan filtering. Issue with double bridge is described here: http://forum.mikrotik.com/t/loopback-nat-is-performed-only-once/121914/1

cgrey001 · August 23, 2018, 6:21pm

Is the Hap ac2 the same board as the RB450Gx4 just without the wireless module?

I’m trying to upgrade from a ubnt edgerouter ER-X-SFP because it can’t full take advantage of gigabit internet. Plus there is a bug that IPv6 PD does not work with hardware acceleration which is necessary to get close to gigabit speed.

My understanding is the RB450Gx4 will be substantially faster than the ER-X. Is that correct?

proximus · August 23, 2018, 8:27pm

The key difference, other than the wireless, is that the RB450Gx4 has more memory, more and different type of storage, as well as microSD slot.

I replaced my RB750Gr3 with a RB450Gx4 for the much larger NAND storage, which means I can create partitions.