Hi everyone,
just started to support a small company with RB2011UiAS-Rm as main router and the problem is - very slow internet speed. I am not very experinced with mikrotik, but what i’ve seen so far is this:
The router is running ROS 7.18.2, internet is via sfp1 port - 1G full duplex.
3 unifi access points attached to 3 of the gigabit ports and 2 workstations attached with gigabit switch to the 4-th port. Workstations are running 54 vm on hyper-v.
In the router are configured 10 wan ip addresses on sfp1, 11 nat rules (src-nat → netmap) - vm’s must use specific wan ip
Also - 46 wireguard peers, 5-6 l2tp vpn accounts.
The result is 100% cpu load, and very slow internet speed.
question 1: i think a good decision to upgrade will be Mikrotik RB5009UPr+S+IN, or Mikrotik CCR2004-16G-2S+, but i am not sure which one is the better option.
question 2: is there a way to reduce the cpu load until the router is replaced.
RB2011UiAS-Rm is a very old router that can route at around 250Mbps with moderately complex configuration. Your description of config makes it pretty complex so performance is likely even lower. And there’s nothing much to be done about it, you’re simply using an old family sedan on a WRC track.
When deciding about new router, it’s important to consider complexity of the setup and reqired performance. Since complexity of setup is unique characteristic, you won’t see a benchmark result showing performance in your particular use case. But you can look at official test results, every Routerboard has them published on official product page (RB2011-UiAS, RB5009UG-S, CCR2004-16G-2S+). Look at numbers in lower right part of table “Ethernet test results”. And only use those numbers to compare different devices, don’t take them as something you’ll achieve.
And mind that RB2011 test results were obtained while running ROS v6 which had feature (route cache) which increased performance (up to 25% or so) in certain use cases and benchmarking was one of those use cases. Ehich means that when RB2011 runs ROS v7, benchmarked throughput would be quite a bit lower than published.
Yep. The rb2011 is a nice and decent device, it just has its limitations. Saying that you only problem with a device introduced in 2011 is that it feels sluggish with today’s internet speeds is a testament to the quality of their design, and the fact that it still receives regular software updates is amazing. (I kept one around for a long time as a desktop switch,)
Both the rb5009 and the ccr2004 will easily keep up with 1Gpbs internet speeds. In more involved setups like yours it’s best to look at the 25 ip filter rules / 512 byte packets benchmark on the product pages. Don’t forget to account for inter-vlan routed traffic and possible bandwidth increases in the next few years.
I think it all comes down to other factors. The rb5009 is very well built and passively cooled; the ccr2004 has a passively cooled variant as well, but it’s CPU is clocked lower than the non-PC version. However having 2 SFP+ ports is also nice.
Thank you for the replies!
The manager want to keep all wireguard peers, so i was wondering if the cpu will handle the load. Also, I read in the forum that ccr2004 cpu manages the switch chips, and rb5009 switch management is not from the cpu - if i got this correctly - so isn’t this a bottleneck for the ccr2004 (pardon my english). I don’t know what 25 ip filter rules/ 512 byte packet is, will read about this
Both can do wireguard at well over 1Gbps. The ccr2004 is about 50% faster in about everything involving the CPU. I would assume that L2TP would mean IPSec - both have hardware acceleration and benchmarks are posted on the product pages. If you really want to do high bandwidth encryption, use a virtual server - they generally blow these ARM based routers out of the water.
By the 25 ip filter rules / 512 byte packets stuff I just meant to look at this number (row/column) in the “test results” tab of the official product pages. For routing with some marking/queueing devices usually reach a bit more than the throughput stated there, so it’s a good first estimate. Because configurations are so diverse it’s hard to predict exactly how they will perform, but this number is usually a good estimate for the things you described.
In all devices the CPUs manage the switch chip(s). How exactly things are configured for each device is also available on the product page. Somewhat confusingly it’s in the “Support and Downloads” section as “Block Diagram”.
The rb5009 has a Marvell Link Street switch that connects all of its ports (SFP and ethernet). The ccr2004 12g (gigabit port) variants have two of the same family of switch chips each attached to 8 gigabit ports with the SFPs attached to the CPU directly. This means that traffic between any of the SFPs and the 2 groups of ethernet ports cannot be switched in hardware. In the 12S variant of the ccr2004 there is no switch chip present (it has what’s called a passive port extender, this basically only drives interfaces and has no switching functionality.)
Doing switching/bridging in software is a relatively lightweight task for these CPUs so other than a bit of an increase in CPU usage it will not really tax any of these relatively higher powered devices. The included switch chips are not bad, but they are mainly included to provide a port configuration that provides convenient options for connectivity. If you really want high powered switching between your servers that these can’t provide, you should probably look at dedicated switches. (Mikrotik’s CRS3xx and 5xx series are not bad, but other vendors produce nice stuff as well.)
