Router Sizing

mortimm · August 3, 2022, 7:50pm

Hi …
I have to get a Mikrotik router for the production environment and I know nothing about how to ‘size’ the router - the number of ethernet ports can be minimal, as all devices are connected to a managed switch.

I attach a schematic of our test environment but in the top left corner, there are the specs for the ‘load’ in production.

Has anyone a suggestion~(s) od suitable devices and in the spirit of ‘educating’ me, what are you considering when selectin a router.

Many thanks in advance … Mike
Router Sizing.pdf (646 KB)

dhoulbrooke · August 5, 2022, 9:45pm

Hi Mike,

Quick question on your network - do you need routing between the VLANs? If so which device are you going to use to do that routing? The switch would make sense here as it is capable of doing it in hardware at wire speed (assuming I’m reading the right datasheet). If you’re not moving a lot of traffic between the VLANs the MikroTik will do it just fine as well.

Other than that yes a hAP ac2 should do what you need just fine given you’re limited to xDSL speeds. Personally in networks like these I’d use an RB4011 (or RB5009). Partially to future proof things. Partially to have something that is rack mountable.

One general rule of thumb in sizing MikroTik’s is to use the test results that they list and look at the “512b/25 IP filter rules” cell and use those numbers as a basis for figuring out if it will pass the traffic you need:

Cheers

chechito · August 5, 2022, 11:01pm

if you currently have an hap ac2, your next step in processing power to upgrade is a rb4011igs+rm or RB5009UG+S+IN

zandor · August 7, 2022, 7:42am

I’m not sure routing between VLANs on that switch would work for this setup, and I mean it about the “not sure” part. I don’t see anything in the manual about firewall capabilities, and I have this hunch you’d need them if any traffic is going between the guest VLAN and others and you might want a firewall between corporate and security too. I’d think an RB5009 or RB4011 would be more than able to handle the inter-VLAN routing for that setup assuming guests are basically just doing internet access and maybe hitting an internal web server and traffic between security and corporate is just people looking at video streams from cameras.

dhoulbrooke · August 7, 2022, 8:44pm

As far as I could see (again assuming I am looking at the right datasheet) the switch hardware supports basic routing and ACLs:

And yes I agree that a RB4011/5009 would handle that routing just fine.

Buckeye · August 7, 2022, 10:55pm

As long as you keep your NVR and cameras on the same vlan, and your corporate PC on the same vlan, then the should be minimal inter-vlan routing. The “tech station” is about the only thing that would possibly be need routing assistance.

That so probably any router would do. But if you can get one, the RB5009 would reduce the probability that you would need to upgrade soon.

But I would recommend getting two of whatever you get, then you can play with one, and it can also act as a spare in case of any issue. It is cheap compared to not having a spare if something causes your router to stop working.