Which one should i take - RB2011UiAS-2HnD-IN or CRS109-8G-1S-2HnD-IN

ubimikro · June 29, 2016, 8:33am

Hello,

i am completely new to Mikrotik and need an advice on which router to take for SoHo use.

What the router should include is:

-) WAN port
-) At least 7 ports (some gigabit ports should be available)
-) WLAN (2,4 and preferrably 5GHz)
-) VPN server
-) "The Dude" server should run on it

As far as i have seen, the following two devices come closest to the specs:

RB2011UiAS-2HnD-IN
CRS109-8G-1S-2HnD-IN

However, che CRS109 is in the switch cathegory? Can it be used as classic router?

Can anybody please give me a hint on what device best suits my needs?
Thank you

nz_monkey · June 29, 2016, 8:51am

They are both based on the same underlying hardware.

From your requirements I would reccomend the CRS109. It has a single switch group meaning any port can reach any other port at wirespeed.

Please note, neither product has 5ghz wireless at this time. Maybe it will come in a future product.

andriys · June 29, 2016, 8:58am

Dude server cannot be run on either of these two devices.

nz_monkey · June 29, 2016, 9:23am

Good point. I missed that

You could go for a RB3011 and a wAP AC to meet your requirements.

ubimikro · June 29, 2016, 10:13am

I would have wanted “the dude” for 24h monitoring and logging of my PtP link.
However, i don’t wanna spend extra money for that feature.
Is there another solution to monitor Mikrotik Devices? (SNMP…)
I would like to run that tool on the mikrotik router that is always on anyway.

haik01 · June 30, 2016, 8:06am

CRS line is the cloud router SWITCH. It does very well switching, VLAN’s etc… But it is poor in routing, especially VPN’s.

Of you need more routing then take CCR. That is a cloud core ROUTER. That one is more powerful with routing purposes.

andriys · June 30, 2016, 8:55am

That heavily depends on what “poor” means for you.
CRS109 features a router on board with processing power roughly identical to the RB951G and RB2011 series, which is not that bad at all.

ubimikro · June 30, 2016, 9:34am

I think i’ll go with the CRS109-8G-1S-2HnD-IN.
Although i’ll use VPN from time to time, i prefere having the 8 gigabit ports over the split solution of the RB2011 with the CPU as bottleneck in between.
Hope that IKEv2 will be available soon

Thanks for your advices!!

haik01 · July 5, 2016, 6:39pm

Well, that “poor” is of course relative. That is what the trainer explained in my MTCWE course, that if you want to use the router function heavily, you should use the CCR, instead of CRS.

vortex · July 5, 2016, 6:52pm

RB2011, CRS109, and CRS125 are fine for 500/50 SOHO. They use the same CPU.

jarda · July 7, 2016, 2:37pm

Unfortunately it is not obvious what “soho” means. If you assume using fasttrack and no queues, that’s true. Otherwise it will be much much slower.

vortex · July 7, 2016, 3:18pm

For me, SOHO is not the same as SMB.

chechito · July 7, 2016, 4:37pm

+1 for that

using routerOS functionalities i will recommend 40mbps wan connection maxx

for vpn we can expect around 25mbps of throughput

vortex · July 7, 2016, 6:54pm

You mean 40Mbps without fasttrack, don’t you?

andriys · July 7, 2016, 7:02pm

I guess he meant 400 (four hundred) Mbps. I have 100Mbps WAN connection at home and RB951G (which is roughly as powerful as RB2011 series boards are) copes with it just fine even without fastpath/fasttrack.

vortex · July 7, 2016, 10:07pm

They are talking about using queues and so on.

chechito · July 7, 2016, 10:23pm

yes without fast-track because firewall filtering, mangle marking and queue tree are in heavy use:
41 filtering rules (a few using an adress-list of 1000 items)
8 nat rules
159 mangle rules (marking traffic for use in queue tree)
26 queues on queue tree

andriys · July 8, 2016, 4:47am

It’s usually a matter of configuration optimization; 40 Mbps sounds like way too little for RB2011 even with complex configuration (and I’m, of course, NOT talking about things like IPsec here, since crypto will definitely be slow).

Putting rules in the right order, with the one accepting established,related on top, should speed things up significantly. The number of NAT rules is less important, since they are evaluated once per connection lifetime anyways.

That number of mangle rules may be a serious bottleneck, indeed. Marking connection first, then marking packets based on the connection mark (thus reducing the number of rules being process per packet) may be a solution. Also Simple Queues are officially recommended over the Queue Trees since RouterOS v6 due to performance reason, especially if the number of queues is high. Thousands of Simple Queues must in general be much much cheaper (in terms of performance) than hundreds of Queue Trees.

vortex · July 8, 2016, 2:15pm

Is this using PPPoE too?