I currently use a RB750 for a customer wireless / hotspot. Currently this is running on a 20/2meg ADSL2M+ connection, but we are upgrading to 100meg fibre shortly.
I can find lots of info on forwarding speeds of the Mikrotik hardware but nothing of NAT performance. From my work in Cisco land I have learned that NAT performance is always significantly less than the routing performance of a given device.
What kind of typical NAT throughput should I expect from an RB750 (I understand this can vary depending on lots of things)?
Which routerboard should I be looking to get to NAT a 100mbit connection ?
If this is indicated somewhere if someone could point me to it that would be great.
Remeber that on NAT, at the end, the real problem are the number of concurrent connections, because NAT can use only 32767 TCP + 32767 UDP concurrent connections for single public IP address…
I had a 100M fiber connection in port 1, a 50M fiber connection in port2, with NAT, and mangle rules to detect traffic and direct it via 100M and other by the 50M.
I could pull around 140M (both connections to about 95%) before hitting 100% CPU (about 3000~ connections on P2P).
Unless you are using it for backhaul for a HEAP of users (like 30+ at a time), a 750 should almost do the job.
A RB450G tops on around 200Mbps NAT. This could also be an option.
But as joegoldman said, the 750 could be enough.
I would rather first upgrade the link, check it out, and change the HW only if needed.
(I had a 750GL doing around 50 Mbps NAT throttled by the provider without maxing out).
In most situations I have used a RB2011 it was able to do about ~200Mbit NAT without too much problems. With only a few rules it can even do 300Mbit NAT.
But it all depends on your usage scenario. In my home I have a 180/18 connection and it is quite happy with that never going above 80%. But, I don’t have many traffic shaping rules applied.
If you do intend on having a lot of traffic shaping rules I would suggest getting something a bit more powerful. The RB1100AHx2 that was mentioned or maybe the newer CC1009 would be an option. But personally, up to 100Mbit the RB2011 should be more then enough except for the heaviest rule configurations.
I’m seeing 100% CPU load when doing about 410Mbps, with 10 Firewall rules, 6 NAT rules, no mangle, no queues
Is this a misconfiguration or a hardware limit?
In normal the usage of SPI and NAT will narrow down the entire throughput or in plain words
shorten this throughput for 3% till 5% firewall rules at the wan interface and mangle rules at
the LAN interface are defining than the WAN - LAN throughput for this router and internet
connection as I see it right, perhaps on top VLANs and ACLs are coming on top of this.
And at 100 MBit/s FTTH account it would be more pointed to the entire rest of the usage I think
WiFi usage, how many switches and wired users or devices are connected to the entire network
causing also traffic that must be routed through the RouterBoard.
RB450G
RB493G
RB951
RB750
RB2011
CCR1009 & RB953GS-5HnT would be my next set up for my home network for sure.
Based on the QoS and DPI usage it would be enough for me but also not to tiny.
They all would be doing the job more or less fine, but this is also owed to the circumstance
what ever the router should do also on top of SPI and NAT.
Or in shorter words, what kind of router you should buy, is mostly also based on many more things
than only having 100 MBit/s and doing SPI and NAT.