I’m setting up a new office in a new location. I’m trying to determine the most efficient set of devices to fit my needs (and by efficient I mean least costly).
The most impactful of these needs is the internet service, which is 1Gbps x 1Gbps. I would like to ensure full throughput to any one of my individual devices (where possible).
I have a total of 9 wired devices, all capable of gigabit.
I have at least 8 wireless devices with varying capabilities, including a Surface Book and Surface Pro 4 (both having 2x2 802.11ac).
Any RouterOS device should be able to fit my needs in regards to software (basic routing, VPN (both server and point-to-point), PPPoE for authentication with internet service). My two thoughts are:
hAP ac (RB962UiGS-5HacT2HnT-US) router + generic 16 port unmanaged gigabit switch
CRS125-24G-1S-2HnD-IN
RB450G + generic 16 port switch + access point(s) (?)
Please let me know your thoughts and thank you in advance for the help!
To fully exploit a symmetrical 1Gbps Internet Uplink the minimum I’d use is a RB1100AHx2 or a CCR1009 router.
If you go the CCR1009 route, you can “couple” it with the CRS125-24G-1S-2HnD-IN you mentioned, or a CRS109 switch+wireless (both have 2x2 N wireless) device in order to have some spare ports.
CRS line is comprised of Switches (which achieve wirespeed throughtput by swich chip hardware) with RouterOS capabilities on top, not intended for high BW routing.
If you want wireless to be double band AC, then I’d use either a Hap AC, Hap ac lite, or a wAP ac. How big is the area to be covered?
I would say the CCR1009 for the router, paired with a switch, at the least.
Personally, I would do a CCR1016 and an hAP AC to avoid the need for an extra switch, and get MUCH better wireless than the CRS. The CCR1016 also gives you much more power to grow with over the years. Baltic Networks sells the CCR1016-12G for $532. Not too bad for a router capable of 12Gbps throughput.
That’s why I asked for the office dimensions, wireless on CRS devices can be considered as a plus, useful for smaller offices (in terms of space and devices).
CCR1016 IntrusDave suggested could be seen as overkill, but it is actually the best price/performance ratio router in the CCR line, and a wise investment for sure.
Pair that with CAPsMAN and Hap ac or wAP ac (several, if it’s a large, or very “noisy” office) and you’ll be golden as all could be centrally managed.
If your main target is cost, then a RB3011 + AP will suffice, you’ll need to use fasttrack however sacrificing possible useable features and even though I’m not sure it will cope with 1Gbps unless you don’t use pppoe-client (all pppoe encapsulation is done by software) to connect to your Telco router.
I learned long ago to always go bigger than you need. Buying 1 CCR1016 is cheaper than buying a RB1100 now, and a CCR1016 when you out grow it. As for the wireless, with more and more devices supporting AC now, and the 2.4GHz spectrum being so saturated, the hAP AC or wAP AC is a much better choice.
Can you explain your justification for high bandwidth routing? Let’s say I went with CCR1016 and a cheap 24 port switch (like a ZyXEL GS1100-24). All internal traffic is done through the switch (aside from DNS/DHCP or other server roles being performed by the router), so the only traffic actually being routed is the internet traffic which is restricted to 1Gbps anyway. I don’t see any tangible benefit to a CCR1016 vs a hAP AC as the router in this scenario, perhaps you see something I don’t (plus hAP AC would eliminate the need for a separate wireless AP).
It’s a matter of selecting the right tool for the job.
A Kia and a Porsche will both get you to work.
But a Kia isn’t going to get you there at over 70mph.
the hAP AC will limit your bandwidth to just about 900mbps.
If you plan on putting any Mangle rules, or more than about 10~15 filter rules, you will start dropping that bandwidth very quickly. If you need a VPN with 256bit encryption? even lower. The fact that you have 1gbps bandwidth right now, tells me that you network is more than just a little office with a small budget. And you have 1gbps NOW. what happens in 5 years when you need 2 or 5gbps? Then you need a new router no matter what. At least with the CCR line, you have an option to get one with a 10gbps SFP.
In general, I’ve found that if you buy the best now, you save yourself a lot of money (and time) later.
But if you really can’t justify the cost of a router that will grow with your business, then consider the RB3011, it will be able keep up with your internet connection, even with lots of filter and mangle rules.
Also, hAP only has 16M disk. Just enough for the running OS and ability to install updates. If you plan on keeping any logs or stats, you are going to run out very quick. AFAIK the hAP and the wAP are by definition intended to be Access Points (hence the “ap” in the name)
I mean, we are talking about 2 users (my wife and I) and our new apartment. Yes, as far as users go the two of us are exceptionally demanding:
Her desk consists of:
A dual monitor workstation
Hardware VPN appliance to her home office
Work laptop with docking station and dual monitors
VOIP phone
Personal laptop with docking station
My desk consists of:
A triple monitor workstation
Work laptop with docking station
Surface Book with dock
Surface Pro 4 with dock
Personal laptop
In the office is:
File Server
Switch (currently Linksys SD2008)
Router (currently provided ZyXEL model with Wireless N and 5x 1Gb ports)
ONT
In the living room:
Home theater PC
Xbox One
In the bedroom:
Home theater PC
Plus smartphones, printer, guest devices, and occasional smattering of lab VMs.
Yet, we are still only two users. Yes I am considering doing an encrypted Point to Point VPN between the new apartment and our house (with my main office, currently running on an RB450G, internet service there is 100Mbps x 20Mbps) and yes, we might consider hosting some services (I mean, I have 1Gbps x 1Gbps… why would I continue to host services from my main office at 100Mbps x 20Mbps), and yes, at any one time we might have half a dozen VPN connections (client connections from devices inside the network to servers elsewhere) to my client’s offices and my wife’s main office. Still, I just can’t see us even taxing the processing power of a single 720MHz core… not when we’re talking about some very basic routing and serving literally a single VPN session.
I don’t mean to be ornery, I’m just trying to understand the difference between my logic and yours.
Then you have your answer. Go with what you feel will do the job. If you know you wont ever need to do QoS or vpn on the router, then you are good to go with the low end units. Personally, I only have 130mbps at home, and my RB3011 runs about 40% CPU load. My traffic would choke a MIPSBE router pretty quickly. But I use DSCP and queues for my traffic shaping, and given that I work in healthcare, all of my VPNs are meet the state requirements for encryption, which does put more load on the CPU.
Bottom line, buy what you want to buy. But as pukkita and I have both pointed out, if you want the full 1gbps throughput from the WAN link, you will at least need a router can that do it. None of the MIPSBE routers can. At peak, you will get 940mbps, assuming you have minimal filters, no mangles and no queues. You also wont get much more than 20mbps VPN throughput on them.
There’s another reason to go with a router + standalone Hap: design best practices: each routerboard will be devoted to do its specific task: the Hap will be freed from any tasks not pertaining to AP duties, thus optimizing its AP performance; do not forget you have 1Gbps of bandwidth to share and two possible points of bottleneck: WAN and WLAN; this way you’ll have a device devoted to each.
Additionally, you will be able to position the Hap optimally, which usually isn’t at the rack.
RouterOS offers an incredible amount of features you may find yourself needing in the short future; you mentioned you’re going to host services, so a very probable need will be QoS to priorize and organize traffic in categories, so that a file transfer doesn’t affect any streaming video services, or a huge download doesn’t affect browsing or outgoing hosted services performance.
Again, a dedicated router for the task will allow the router resources to “focus” on its primary duty, leaving room for scalability and possible future enhancements/needs; as IntrusDave pointed, I won’t be surprised if by next year your ISP doubles your line bandwidth…
Thanks, that is what I was looking for: the real world ramifications as apply to me. Those including:
being limited to 940Mbps maximum throughput (on the provided ZyXEL the highest I’ve seen is 962Mbps up and 905Mbps down, so that seems reasonable)
being limited to 20Mbps on a hosted VPN due to encryption overhead (just to point out I could run VPN from my server instead to grab the power from an 8 or 12 core Xeon machine)
experiencing lower than the above performance if I do complex filters, QoS etc
The way I see it if I go with hAP AC and Zyxel GS1100-24 that puts me at ~$210, way under the price of any CCR. If I end up needing the CCR and more oomph, I would have needed an AP and a switch anyway, and hAP AC is only $40 more than wAP AC and allows for triple chain vs dual chain.
Keep in mind that the hAP AC will only do 900mbps in fasttrack mode, I wouldn’t expect more than 150-250mbps real world routing performance once QoS rules and queues are used. It’s really best used as an AP only as even just one 3x3 wireless client at full speed will max out the CPU. The CCR series is really the only decent choice for 1gbps+ connections. Yes, it’s expensive, but if you want wire speed firewall, QoS, queues, etc, you aren’t going to find anything else.