Where to do routing? RB5009 or CRS305?

I’ve just purchased a CRS305-1G-4S+IN to connect my two server and access switch (Zyxel XGS1210-12) via 10GB SFP+ with my RB5009.

I’m now trying to understand where it is better to do the routing between my vlans and get the best performance.

I think that I should still use the RB5009 as router and the CRS just as an L2 switch but wanted to make sure and hear other opinions.

Also, while the CRS305 supports dual boot, I would like to use RouterOS (and WinBox) due to already knowing it but like said before, open to other opinions.

Thanks in advance!

!!!!!

For inter-VLAN routing, I would use the CRS. Using L3 offload it’s far faster than the RB5009. If you need NAT, us de RB5009.

I personally use switches just for L2, SwitchOS is ancient but pretty easy for non complicated setups.

If you want to try something fancy, you may want to follow suggestion by @biomesh :

But then I would need to move all of my firewall rules to the switch, and that could make it slower right?

Obviously... but he's talking about INTERNAL traffic (so, advanced setup)

inter-VLAN routing

anything coming from outside has to go through RB5009 if you need a firewall...

Yes, the CRS305 cannot do NAT or firewalling in hardware, just simple routing. If you need a firewall between your VLANs, you need to do that on the RB5009.

So if I want for example to block clients from VLAN 5 to VLAN 10 (which for I’m going to use firewall), here I will have bandwith problems.

While if I just enable routing between all the vlans adding a vlan interface, here I will have wire-speed routing, right?

As with all things, individual needs must be considered before an actual estimate can be made of what is needed.

Yes. If you want a CRS that can do firewalling and NAT in hardware, the smallest is the CRS309.

Can I still use RouterOS even if doing only L2 switching or is it best for some reason to use SwOS?

For switching functions, both OSes should provide same performance. If you're fluent in ROSish, then simplicity of SwOS doesn't matter.

I've a similar setup at home, rb5009 as router and crs310 as "l2-core".
Juts read the specs/eth tests on product page, RB is better for sure.

An other question can be : who must be the root bridge ?

What do you mean as root bridge? All the traffic will flow through the CRS305, like your setup.

STP Root Bridge...

Well, I think the router? I don’t have STP currently set up.

dangerous...

What is the purpose of the vlans? If it is to keep the traffic separated, how much inter-vlan traffic will there be?

Given the sparse info you have provided, I would say to do the routing on the RB5009 where you will have the most flexibility with the firewall. That's what the RB5009 is designed to do, routing with a flexible stateful firewall.

Are the clients for the "two servers" on the same vlan with it? If so, then the traffic won't be routed anyway, so the traffic will be forwarded at L2, whether done by an external switch, the internal switch in the RB5009 (or if configured to, by a CPU using bridging software, if HW offload is disabled).

Where you definiately don't want to do routing: non-HW assisted on the CRS305 (i.e. by the CPU in the CRS305). So to prevent the possibility of this happening, configure only one IP interface on the CRS305, and use it for management of the CRS305 only. Then it can't even try to route traffic between vlans.

See the switching and ethernet (CPU) results for the CRS305

image1426×692 57.1 KB

For comparison, see the results for the RB5009

image1404×423 34.8 KB

If you really need a lot of very high speed intervlan routing, and only need very simple
rules. (eg. block vlan5 connecting to vlan 10 is possibly simple, though likely less simple than it would seem)

You can use the switch to do this, with some switch rules.

For all other cases the RB5009 would be better.

It would be nice if there were some way of doing the very basic (fast) routing in the CRS305 but in hardware, offload the fiddlier stuff onto the RB5009.