As showed I plan to use three (3) Mikrotik routes (the 4th is a Synology router I have for my home) where there is a CORE router which will receive two ISP modems and distribute public IPs to the LAB and SERVER Mikrotik routers and the Synology router.
CORE Router, will handle all the traffic in and out between modems and the other routers
LAB Router, is only to do sporadic tests with new configurations whit one small NAS attached.
SERVER Router, is the main workhorse, that will handle a couple of mid size servers and plan to be manage traffic for around 300 users by WireGuard VPN running on this router.
HOME router will have his own separated ISP and use internet access only for backup, so is only for marginal backup.
I think that based on the above use the Mikrotik routers I have as follow:
RB5009 as CORE to handle all the internet traffic
CCR1016-12G as SERVERS to handle the WireGuard users to access from outside the servers and at last
hEX S for the LAB Router
So I would like to receive comments for my planning. Do you think this routers hardware distribution is OK? Would be better another distribution? To achieve the above will have to get a more powerful Mikrotik router?
With MikroTik, the type of router to buy is determined more by the internet line speeds and expected performance than by the topology. In principle, all the devices can do the same thing, only at different performance.
I have just 1 internet connection about 15 devices, a WAP and a managed switch, which is not on your scale, so ignore me if you like. I would make the following observations:
I can see justification for Home, Core and Lab routers, but the Servers router looks a bit like overkill to me. I think that should be a managed switch
The Servers router has 300 users which looks to me to be a little bit beyond the level where you need to consider vLANs, because 300 users on a Single Broadcast Domain is quite demanding on ARP
In connection with 1. and 2. above, you need to think more about [show more of] the functionality within the network below the servers router, to establish what vLANs are required
The Home router could perhaps connect to the Servers Switch directly with a vLAN if its own connection to the wider internet is sufficient
The fact that you have designed this with routers suggests you are familiar with Layer 3 routing [IP addresses and subnets], but not with Layer 2 switching via vLANs [MAC addresses and Broadcast Domains]. For a network on this scale, you would do well to understand Layer 2, so you can make good choices on what should be Layer 2 and what should be Layer 3.
Hi, tks for the comments. Your approach is very interesting, so I will go to learn more about VLANs. Following your reasoning I could set VLANs on the CCR1016-12G Mikrotik router (discontinued but still powerful device) and connect everything to this. Except for LAB router which I will keep it as test unit to avoid create a mess whit the CORE router when experimenting new router configs.
Just revisited your opening post and I see you already have hardware. Remember that a router can also act as a managed switch or act as a combo of switch and router.
