Just switched from cable to fiber from 50/10 Mbps to 1 Gbps symmetrical.
As I did not have a modem or router with a fiber-optic connection, I purchased a RB2011UiAS-2HnD bundled with a SFP module and patch-cable at the recommendation of the ISP.
The connection from the ISP is on SFP1, the test computer connected to Port 3
Tested via speedtest.net over several different servers, multiple runs (425 Mbps, 100% CPU load)
Tested by downloading the BSD DVD release with multiple mirrors (40 to 42 MB/s, 80% to 100% CPU load)
There are 10 Firewall rules, 5 NAT rules, no mangling, no queues
Judging by the CPU load it is either a configuration issue or a hardware limit.
Has anyone successfully done gigabit routing with a RB2011UiAS-2HnD? Any ideas for troubleshooting?
If you require additional information, I’d be happy to provide it.
On the RB2011 series, all gigabit ports inclueding SFP1 are on the same switch chip with a single gigabit link to the SoC. It means no more than 1Gbps half duplex can flow through the switch uplink.
The real limit is still on the CPU though. As you may have already seen, reading the specifications (like http://routerboard.com/RB2011UiAS-2HnD-IN), the RB2011 is not capable of sustained gigabit speed when routing and applying a few filters, even on large packets.
When using a RB2011 in typical internet access scenarii (no encryption, simple routing, minimal ACLs), I’d usualy rate it for 300Mbps. For higher speeds, the 1100AHx2 or CCR1009 are far better choices.
my cable operator boosted my line to the 240/24 Mbps for summer, but sadly I wasn’t able to achieve this speed with RB2011.
packet mangle, some shaping and NAT => 174 Mbps
mangling and NAT => 190 Mbps
only NAT => 214 Mbps
In all cases CPU is driven to 100%. Without NAT only with switching I can reach 240 Mbps. But RB2011 CPU seems not to be so powerful to do NAT for such bandwidth.
The link is full-duplex, but it your WAN and LAN are on the same switchchip the traffic flows from switchchip to CPU twice.
That way you can reach only 500 mbit/s full-duplex or 1gbit/s half-duplex maximum.
Thank you for your answers, I feared as much.
The 1100AHx2 is not an option, as I need a SFP slot, as for the CCR1009, I will try alternative solutions before investing in an additional router.
Tested the router by bridging SFP and port 5, this resulted in much better performance, alas there is no security (also CPU was at 80%).
I will attempt to use my server as a Firewall / Router by adding an additional network card and bridging directly to the server.
Wouldn’t a RB260GS used basically as a media converter do a better job connecting to the server?
It offers you a SFP and 5 gigabit ports at wire speed at a fair price. http://routerboard.com/RB260GS
If that is an option for you, it would be even better to switch the two ports together instead of bridging. This will make the RB2011 basically a switch/media converter though.
As stated above, I agree that an RB2011 is a good match for a 200Mbit internet link max. It can do more, but when you add NAT, firewall rules, some mangle stuff, etc. 200Mbit is a good average to stick to.
I have a CCR1009 and it’s easilly capble of many times the performance of the RB2011. But if you have a server which you can utilize, maybe you can just run RouterOS on the server? Keeping your RB2011 as a media converter. If the server also has other purposes, it won’t work though.
I run a Core2Duo x86 (2x 2.2GHz cores) w/ routeros and it’ll route about 1.6Gb effectivly; even with full firewall, vpn servers with 4-5 clients all the time, mangle rules and traffic shaping. It’s a HP SFF system I picked up off ebay for about $45, put a couple PCIe NIC’s in ($30) plus a $40 RouterOS licence. Does really good for $115 out the door, full load is about 50w of power.
Is an x86 box an option for you? If not CCR1009 is really the cheapest RouterBoard solution for you.
Using my home server as a router and firewall (webmin package), using an additional NIC. Doing a speed test causes a load of 25% on 2 out 4 cores of the i5-2500 CPU.
As recommended, using the switch function instead of routing, routerboard load is now 1% - 3%.
I just bought and installed a RB2011UiAS-2HnD-IN in my home office config.
My plan was to use it with my gigabit fiber connexion (french “Free” ISP with a freebox in bridge mode).
The idea is to use the RB2011 as a routeur/firewall and set my freebox as a bridge (with the SFP connected to the freebox).
My fiber isn’t up yet (I’m currently connected through DSL).
I’m sorry to read what is said here (ie that I won’t be able to route to anything faster than 200 or 300 MB/s)
My freebox is supposed to support up to 600 MB/s as a router, and up to 1GB/s as a bridge, and I bought the RB2011UiAS-2HnD-IN in order to reach the higher speeds…
I’m thinking about buying a CCR1009-8G-1S to replace the RB2011, or maybe keeping the RB2011 for the wifi AP.
Could you confirm me that the CCR1009 will be able to handle the 1 gigabits fiber connexion to the max, when setup as a router/firewall with simple filter rules ?
CCR1009 is good if you can afford it. But there are better access points than RB2011. Especially, if you hope to have high internet speeds over Wi-Fi too. You need smth with 5Ghz and 802.11ac support.
Well the thing is that I already bought the 2011. So I might as well use it. And I don’t care much about the wifi speed. It’s brazil in my house. I love Ethernet
Thanks for your info, though ! I’ll keep that in mind if I start to use wifi heavily !
