In a office with 10-15 users (mostly IT geeks) it is planed to deploy RB750Gr3 device as a router. The main purpose is to do NAT to 2 WAN links each of 100Mb, and maintain one IPSec link (which appears to be hardware-accelerated so no big load on CPU, isn’t it?).
951 and 2011 were unable to handle such a load but hEX looks like more powereful, so I wonder if this device be OK for the purpuse? The roadmap is to use it for economical reason then upgrade to CCR as needed.
So to say, CCRs are expensive so if it is ok to stay with hEX for some time it’ll be nice idea.
For what I know 3011 has no h/w-accelerated crypto while hEX has. Won’t it affects 3011 CPU?
But to talk about office-to-WAN routing with load balancing (just to use both WAN at the same time), what WAN bandwidth 3011 is ok for, from your experience?
I’ve been running a Rb3011 with two 300mbps WANs and 24 IPsec tunnels for almost a year with no issues. The CPU is quire powerful. I have recently replaced it with a RB1100AHx4, but only because I wanted the internal storage.
Were you able to encrypt and decrypt IPSec traffic at linespeed (i.e. 300Mbit/s?).
I’m a bit on the fence currently for the RB3011. Normally I’d pick RB1100AHx2 (now x4 maybe) in a heartbeat for IPSec duty, but in this case I feel it’s a bit overkill for a 100 Mbit/s fiber and office of ~15 users. However I’ve been bitten before by non-hardware encrypted models (RB850x2 rev1) so I’m a bit cautious and overall I like a bit of headroom.
Seen statements by MT staff suggesting 150 Mbit/s but I guess those are ideal numbers (not a lot of filtering going on, no users hammering cloud-based office IT) as elsewhere I see reports of it struggling to reach 100Mbit/s IPSec (albeit without configuration details), so I’d welcome a field report from a trustworthy source.
After seeing CCR1009 at 300Mb/sec link with some like 150 VPN pptp/sstp clients (which is not h/w accelerated), several IPSec tunnels (which is h/w accelerated), and the CPU was at 3-5% loaded at all (5%, that’s 1/20 share of the router power!) I’d say CCR and AHx2 is an overkill. Have never touched 3011 myself but hEX are known to be powerfull for the money.
Agreed, hEX is awesome value (deployed to replace the above mentioned RB850x2 rev1 when upgraded tot 500/500 Mbit/s fiber) and would actually be my fallback option to the RB3011, however for this scenario I’d prefer something metal and rackmounted if at all possible (not at 6x the price though…).