Hey,
Does the RB2011UAS-RM have enough power to act as a NAT/Firewall for FIOS running at 50Mbps and also to run a VPN?
-Eric
50mbps, NAT an VPN would be no trouble at all if the use case is reasonable and normal. However there are conditions within those parameters that could be too much for the router. As long as your not talking about a large numer of VPN and LAN users you’ll be fine. The buggest concern is generally the CPU load.
It will be used as a home router and VPN. Low numbers of users. And VPN won’t be used much either. I was looking at using either the RB2011UAS-2HnD-IN or the Lanner FW-7541 which is an Atom D525. The Lanner seems like overkill. Thoughts?
The RB2011 is more then fine for home use. We use them for business use regularly. We even use them in our infrastructure to route to multiple home and business users for small points of presence. My rule of thumb is any location under 50 home or businesses. If I wasn’t doing pppoe termination then I would be comfortable routing for hundreds of users with them. So I would say that the rb2011 is a great choice. If you don’t need the fiber port then you’d be fine withe the RB751 as well.
Awesome. Thanks.
It will run OK except I don’t think it can manage full 50Mbps through the VPN … I’ve tested it on 20mbit link ad cpu usage during VPN transfer was quite high …
JF
I’ll bench test the VPN, what type of VPN are you running?
I finished my bench testing of my RB2011-IN routers.
The Test… RB1200 to RB2011-IN to RB2011-in to RB1200. The RB1200’s are in the same subnet as the adjacent RB2011 but the RB2011’s must route between each other either directly or through a PPTP tunnel, depending on the test..
Summery (bandwidth testing end points are RB1200 routers with RB2011-IN in between0):
FYI: The RB1200’s are capable of bandwidth testing at full gigibit speeds when directly connected…
Routing through RB2011 no tunneling: 769.2Mbps
Routing through RB2011 PPTP tunnel without encryption: 121.9Mbps
Routing through RB2011 PPTP tunnel with encryption: 40Mbps
The following was run with the default config other then what was required to complete the tasks… no QoS, no NAT, etc.
RB2011 CPU loads while Routing without tunneling:
full open: 769.2Mbps / 100%
90% open: 692Mbps / 80-95%
75% open: 576Mbps / 80-90%
50% open: 384Mbps / 62-73%
25% open: 192Mbps / 30-40%
RB2011 CPU loads routing through PPTP tunnel without encryption:
full open: 121.9Mbps / 20-40%
90% open: 109Mbps / 18-28%
75% open: 91Mbps / 7-15%
50% open: 60Mbps / 5-10%
25% open: 30Mbps / 1-7%
RB2011 CPU loads routing through PPTP with encryption:
full open: 40Mbps / 100%
90% open: 36Mbps / 85-92%
75% open: 30Mbps / 63-87%
50% open: 20Mbps / 48-57%
25% open: 10Mbps / 25-32%
Thank you for this tests joshaven and conformation that 2011UAS can’t do 50mbit/s with encryption over VPN … but 40 mbit/s is still quite OK for normal use not to mention the price … I use ipsec with aes-128 and I estimate perfomance would be a bit lower but quite close … I used it on 20mbit/s link without problems.
Unless the router has hardware encryption for AES I am afraid it would be unlikely to do more then 40Mbps. I cannot find any note as to having AES hardware encryption.
Interesting. What do you think the Atom D525 could do? I am pretty sure the RB is sufficient for what I need, but just curious. What hardware encryption if any can be added?
I’ve not used one but I your looking for aes encryption performance then I think the RB1100AHx2 would be the best option because it had plenty of CPU but the key is the hardware encryption.
Sounds good. Thanks for your help!
3 pptp connection,2 sites,1mobile user.
10-15 users on lan. CPU 60-70% with full power without encryption.
So yes… that looks sufficient.
Great to hear… Just to be clear, that was with the RB2011 Right?