Received my first Routerboard recently, an RB2011UAS-2HnD. Feature set and config flexibility is amazing at this price, but I’m wondering if there’s anything I can do (or not do) to squeeze more throughput performance out of it.
The specs say with firewall & conntrack on, routing, it can in theory do up to ~950Mbps on large packets. I’ve tried a couple of different configurations but the most I can get through it with iperf is ~270-290Mbps. Still meets my needs, but can’t help but wonder if there’s any easy gains somewhere?
To start with I baselined with PC1 & PC2 both connected to the HP switch on same subnet; iperf 900M+.
Moving PC2 to hang off the RB2011, most I saw was 290M.
On the RB e1-e4 are in a bridge group.
Vlan 10 is tied to that bridge group, and has an IP address on it.
e5 is not in any bridge group, and has an IP address in a different subnet directly on it.
I also tried it with e2 not in a bridge group (vlan was still there though).
PC’s have routes configured to push traffic through the RB.
There’s a handful of firewall rules on the RB, and conntrack is on - the traffic is routed, not nat’d; I’ve tried to turn most other features off.
Is the difference between specs & real-world throughput for this type of setup expected?
What model of RB would people suggest if I’m looking for 1Gbit routed firewall throughput?
Good point; if I ended up using more than one of the first few ports in the same L2 domain I could convert those to a master/slave switch group. Wouldn’t change routed throughput in the example case though.
I do find the bridge group concept very flexible and easy to use as it creates an extra abstraction layer, rather than tying other objects to one of the physical ports themselves.
Thanks for response to my post. Don’t get me wrong, I’m really happy with the 2011 - have thrown a lot more config at it since this and it’s been flawless and fantastic value.
The baseline comparison when both hosts were connected to the HP was just to verify what the max rate of the end hosts themselves was…not to compare the HP to the RB.
What originally prompted my query is that the spec sheet for this model says it can do routing with firewall & conn track on, at up to 952.09Mbps with large frames. Since then I read the MT post about their testing procedures, so I suspect this means total combined throughput when processing traffic on multiple in/out ports at once?
I guess the piece I’m missing is this:
If the individual ports can run at wire speed (as I’m sure they would if I used them in a switch group),
and
if the cpu/system can process total combined routed/firewall traffic at 900M+
then what is stopping it from getting a single TCP connection from running that fast when no other load is present?
Just don’t know which limit it’s hitting…