I currently get around 5.6Gbps when routing over 10gig on my PFsense box.
I am looking at moving over to the RB4011 for my router/firewall.
Will the RB4011 give me anywhere near this across vlans with very few firewall rules?
I know this is probably how long is a piece of string question, but just wanted to get a rough idea.
thanks
Usually for a rule of thumb I go to the “Test results” tab for the device’s MikroTik product page and check the result for 512 byte packets Mbps with 25 ip filter rules. This generally shows what the real world internet routing performance is for one of the routers that has a default configuration plus a few more bells and whistles turned on aside from the default configuration. You might get more for inter-VLAN routing between internal VLANs, if there are fewer firewall rules that have to be processed for each packet.
Thanks for that. I’ve just had a look and it seems it would suggest around 2.5Gbps.
Yes. If you are able to use Fasttrack for a large portion of traffic, or have fewer rules by accepting certain traffic between VLANs early, you can squeeze a bit more out of it theoretically (maybe another 1 or 2 Gbps), but I think 2.5Gbps is probably a good estimate for that device.
Last time I tested was on v7 beta 3 I achieved linerate 10gbit using the sfp+ port with iperf single threaded. The traffic was fastracked but I also had about 20 firewall rules at play.
Incase it matters wireguard I achieved around 900mbps on the 4011.
One note a lot of folks miss on the 4011. Using the ports in a bridge with vlan tagging greatly impacts performance.
My use case on the 4011 is usually pure router duty and l2 switching on a 2nd device.
How did you do that test with only one SFP+ port on the RB4011? What was it routing from and to? Did you use some sort of bonding configuration to turn the ten GigE ports into a single 10G connection, and if so, how did you get it to work with a “single threaded” test? If you’d referenced MikroTik’s BTest, I’d understand, since then the source or sink could be internal to the router, but iperf?
There’s a wishlist item for MikroTik: an iperf package for the current switches and routers. The current “btest” implementations for regular PC platforms fail to communicate with BTest on current ROS releases due to a change in the authentication protocol.
wireguard I achieved around 900mbps on the 4011.
Yeah, none of the Wireguard crypto primitives are in the hardware-accelerated crypto row for the RB4011, so there’s another wishlist item: hardware ChaCha20 acceleration.
a lot of folks miss on the 4011. Using the ports in a bridge with vlan tagging greatly impacts performance.
Is it safe to say that only the CRS3xx devices support switch-chip-level inter-VLAN routing? That’s how I’m reading this table.
Is anyone even doing that? I always heard that hw acceleration is dead with these new primitives (i.e. WG was meant to not be hw accelerated).
I would like to see a NAS capable of 10 gig write, setup across the RB4011 and a 10 gig switch and workstation using NVME to keep up, using inter-vlan routing, rather than using iperf. Is there anyone who has done this and has some benchmarks using a combination of small and large files in a folder?
Workstation with NVME (VLAN 1) >>>10 gig switch>>>NAS 10 gig (VLAN2)
|
RB4011 connected to switch 10 gig (router on a stick)
Please come back to me if you run this type of config as this is real world for SMB.
Cheers
Can Mikrotik not take the American approach and make a “dogs dooglies quad turbo RB4011”, give us 10gig interv-lan and use under 15W, block the nasty’s from amazon and google and sell it to me for $199? 
Just bolt loads of Turbos and Superchargers to it and make it ludicrous! There must be a way in the IT hardware world?
In the world where turbos and superchargers are meant verbatim, bolting those almost every time means that owner doesn’t want to think about energy consumption (which is reflected to MPG which, in contrary to owners belief, bigger means better 
) as it inevitably goes up.
Unless there’s a big step forward in technology (and that’s not within Mikrotik’s realms) faster means higher energy consumption. And higher price. Which is what Mikrotik did when constructing RB4011 which some see as continuation of RB2011 and or RB3011 designs. Apart from suggested price which would be ridiculously high compared to actual price if it wasn’t for competition.
Yup. The “American approach” gives us Cisco.
Do. Not. Want.
I tested with the SFP+ port connected to a 10gbit switch and two servers connected to the switch on seperate vlan’s, so a router on a stick scenario. I leveraged iperf in my testing along with SMB file copies between hosts.