Hi there, i’m a new subscribed in to this forum. I never used Mikrotik’s devices, but the are looking interesting, also for their price. I’m configuring a little’s office network and i have some questions about that. My idea is to use a Mikrotik’s router to manage internet’s connection, nat, port forwarding, dhcp servers and ppoe connection, but not the routing between vlan’s. This is for performace reason, i need to connetc two switches (CRS326-24G-2S+RM) with 10Gbit fiber connection and the router would slow down my routing. The first vlan is connected to the first switch, and the second vlan to the second one in differents floors. My firs question is about Inter Vlan Routing, can these switches provide me this feature with good peformance? and how can i activate this feature, i’m not able to find that. So my idea is to use switches ti do vlan’s routing. Another question is: do you think that this router (hEX) is good to manage 1Gbit internet connection, i think is good. The router will provide internet with two different nat at the vlans.
This office don’t have many money so i chose these devices. Sorry for the long post but i always used Cisco’s devices and this is my firts time with Mikrotik’s one and i decided to ask at people with more experience in to this devices.
Thank you for your help and attention, have a realy nice day.
These switches can do it if you start them with routerOS not SwitchOS as they are dual boot!
But if we are talking to performance, they are switches not routers! They will not handle more then 1G in fast path routing!
Mikrotik publishes performance test results for every device. Surf to product list, select your device and click “Test results”. There are different sections for different functionality, when it comes to routing (any kind, including inter-VLAN), look at Ethernet test results table, rows Routing. Interpretation of the results is important as well. My own experience is that number under “Routing, 25 ip filter rules, 512 byte packet size” best estimates performance as internet gateway (which includes basic firewalling). Of used as inter-VLAN router, performance can be higher depending on amount of packet processing (i.e. will firewall be enabled or not).
BTW, hEX can route around (or slightly less than) 400 Mbps …
No, the hex would not be the lowest cost choice to meet your 1gig need. Cost is good, throughput not so good.
Its the very reason I went for the RB450Gx3 routerboard for my 1gig connection plus nice CPU and ram numbers and built in ipsec and reasonable price.
You have some very nice fast switches there. I am not a networking expert but cannot you not ensure that most traffic is contained within the switches?
Concur one wants to avoid sending traffic through the router from one vlan to another, but the whole purpose of vlans is to separate traffic so not sure how much intervlan traffic (that would have to b routed at layer 3 through the router) would occur in your setup without further details. A simple case is shared devices. If lets say there was a shared printer on one VLAN that another VLAN needed access to. I hardly think that traffic is going to be a bottleneck?? Dont have answers just trying to understand the magnitude of the traffic and hopefully others can chime in on how to efffectively use vlans on the fast switches.
MicroTik Switches are not Multi-Layer Switches so Inter-VLAN Routing will have a performance penalty when L3 is used … Because the switches you have identified have L3 capabilities tied to the OS system called RouterOS you can do Inter-VLAN Routing. You best bet is to use Roter-on-a-stick approach to accomplish your desired objective.
My suggestion is to use the RB450Gx4 RouterBoard + its complimentary black case [$120] … however the choice of Router for the type {RoS] configuration all depends on the load you expect … if the load is light then the RB450 will do very nicely … but if the load is heavy you might need something better.
Thank you all for your quick answers, I am re-evaluating my project. Your answers have been very helpful. Thanks again
Thanks for the advice and for the clear answer, I had seen and evaluated it but the 1Gbit ports worry me. The reason for connecting to 10Gbit is to avoid saturation in the event that someone downloads a large file from the internet and in the meantime someone exchanges data with the office backup server. I’m concerned about passing all the routing through a single gigabit port. I have placed too much trust in the switch’s Inter Vlan Routing. Even if I separated internet traffic on a different port, I wouldn’t take advantage of the sfp + modules anyway. What do you think about it? Thanks again for the quick reply.
Your internet allocated bandwidth will determine your capability on your local network. Having a 10G connection at the switch level will not help to level the load.
The 10G connection is best suited for NAS, stuff you will do locally assuming you will have 10G network … But your 2 switches provide you with a 1G network … the 10G ports enable you to establish a 10G network as long as you add in another 10G switch … or if you connect a 10G capable NAS to the SFP+ port.
If your users will be heavy downloaders you best bet is to put limits on their internet connections.
Your bottleneck will not be your LAN if you design it properly … internet download traffic will not impact what happens in your LAN if you put limiters in place.
If You want the router to just route internet traffic, I’d suggest the hAP ac2, instead. Costs a little more, but very little, and is quite faster. Comes with wireless too - but You can turn it off.
Here it is:
https://mikrotik.com/product/hap_ac2#fndtn-testresults
I’d say this is the bare minimum to route 1Gbps, in real life. It is cheap, it works well for pure routing/firewall and that’s it. No bells nor whistles, not much grunt to do traffic shaping either. It will NOT be able to handle routing between Vlans - but neither would the hEX.
First of all thank you for your quick reply
yes I know, the connection to the various clients would still be limited to 1Gbit, but this suits me well
yes this is my intention
As I said, I have placed too much trust in switches and their performance. At this point I am evaluating various options: let go of the two vlan and make one (but I don’t like it very much, I would prefer to keep everything separate) or try to convince the company to buy a more powerful ruter, perhaps equipped with an sfp + port. Thanks again for the answer, very clear.
Thanks a lot for your answer, this router looks good, I will definitely consider it if (as I said in the post above) in the end I will do everything on one vlan. Thanks again for the reply, much appreciated
Hello,
Above is mentioned that the hex is not able to do VLAN routing. Is that due to performance ? Or is it not able at all?
I bought one to experiment with RouterOS and set up the base for my config (incl. Inter-VLAN routing) before I move to a CRS or CCR device. Is that not possible?
Lars
My hEX (RB750Gr3) do route fine between VLAN.
Main VLAN (my home)
Guest VLAN
DMZ VLAN
As mkx write
BTW, hEX can route around (or slightly less than) 400 Mbps …
Hi,
good to know, thank you.
Lars
duplicate
Concur with Jotne, the only reason I went to the RB450Gx4 (from the two hexes I have) was my 1 gig internet connection. ( I typically use around 10 vlans)
In fact I think it’s a good router, but I’m worried about the traffic between vlan that the switch would send to be managed. I don’t think they will be huge traffic thresholds but if for example I wanted to do with the RoS mode, vlan 2 (which is located on floor 2) that tries to access vlan 1 (which is located on floor 1) because it is located on server, would be limited to 1Gbit only because of the router port, and if others on the same floor did the same thing, it would already be saturated
Performance. It would barely be able to route 1Gbps internet. Add to this routing between VLANs, and it will NOT be able to deliver full speed. Even the hEX ac2 would be hard pressed to achieve this - an it is quite faster than the hEX.