Page 1 of 1

How to choose proper Mikrotik hardware

Posted: Wed Jul 03, 2019 7:37 pm
by gianlu
Hello Everyone,

I'm not sure if I'm posting in the correct session, if not, please apologise me.
I'm writing here because I need to buy a Mikrotik device to use in my home network and I was not able to find any good info on how to choose the rigth one for me.
I work for aService Provider as a Networking specialist, so I know about the networking world but we never use mikrotik device (Only Cisco, HPE, Check Point and Fortinet but they are too expensive for a home network)
As attachment you can find a very basic layout of how I want my network to be.
Needed point:
- I have a server (ESX Host) at home, I want to be able to create different Vlans with different IP subnets for the different virtual server that I will use.
- The servers will not be published on the internet, people must be able to connect with a Client VPN from they PC (Only software on the remote site, no hardare device, not a Site-to-Site VPN)
- The router must be able to handle around 6 to 10 people connected at the same time via VPN
- I have a theoretical 100Mb/s internet connection, in reality it goes at around 40Mb/s, I wish to being able to use all or at least the major part of it for the VPN traffic (To be more clear, I don't want a device that is able to handle 50Mb/s troughput but only 10Mb/s of encrypted troughput, I want a device that is able to use all my bandwith for encripted traffic if necessary)
- I want to being able of have multiple profiles of VPN that allow access on different subnet (In Cisco is called "Split Tunnel" I do not know how is it called elsewhere. To be more clear: I will have different types of servers on the ESX Host, for example I will have "games" server on the "games" vlan and "development" server on the "development" subnet, I wish that friends who need to play games will only have access to games vlan and friends who need to access development server only access that vlan)
- Still refering to the point above, people must use their own connection to surf the internet, traffic must go trough the VPN tunnel only if is directed to the servers.

I think I have pointed out all of my needs.
Many thanks to anyone that will help me choose the rigth device.

Regards,
Gianluca

Re: How to choose proper Mikrotik hardware

Posted: Thu Jul 04, 2019 4:45 am
by anav
Well I would look at something that has ipsec in the hardware so anything like a routerboard RGB450Gx4 or an RB4011 should be models to start considering.

Re: How to choose proper Mikrotik hardware

Posted: Thu Jul 04, 2019 10:58 am
by gianlu
Well I would look at something that has ipsec in the hardware so anything like a routerboard RGB450Gx4 or an RB4011 should be models to start considering.
Hello Anav,

Many thanks for your reply.
Searching on google for "RGB450Gx4" doesn't give me back any result, removing the "x4" give me the hEX page. Is that rigth?
I have seen that there is also a model called hEX S that have IPSec hardware, but by looking at the section "Test Result" all the value looks to be the same.
Can you please clarify me more? As told in the original post, I'm familiar with Networking, but not with MikroTik Devices.

I have also serched for RB4011, it looks great and it would be fantastic if my internet connection really goes up to 100Mb/s, unfortunately for now it's only around 40Mb/s and I do not expect that to improve for the next couple of years.

Regards,
Gianluca

Re: How to choose proper Mikrotik hardware

Posted: Thu Jul 04, 2019 1:26 pm
by mkx
@anav pressed 'G' once too many. He meant to type RB450Gx4.

When looking at test results, check the lower-right part of the table ... there things make some difference. E.g. routing 25 filter rules, 64 byte packets - RB450Gx4 118Mbps, RB750Gr3 48Mbps. IPsec performs similarly on these two devices.

Re: How to choose proper Mikrotik hardware

Posted: Thu Jul 04, 2019 4:51 pm
by gianlu
@anav pressed 'G' once too many. He meant to type RB450Gx4.

When looking at test results, check the lower-right part of the table ... there things make some difference. E.g. routing 25 filter rules, 64 byte packets - RB450Gx4 118Mbps, RB750Gr3 48Mbps. IPsec performs similarly on these two devices.
Hi Mkx,

Many thanks for the reply, Now I can see the correct device ;)
The Test result looks good for my internet connectivity, can you please confirm that on the "software" side, routerOS is capable of the request I have made in the first post?
Especially the VPN part that is crucial for me:
"
- I want to being able of have multiple profiles of VPN that allow access on different subnet (In Cisco is called "Split Tunnel" I do not know how is it called elsewhere. To be more clear: I will have different types of servers on the ESX Host, for example I will have "games" server on the "games" vlan and "development" server on the "development" subnet, I wish that friends who need to play games will only have access to games vlan and friends who need to access development server only access that vlan)
- Still refering to the point above, people must use their own connection to surf the internet, traffic must go trough the VPN tunnel only if is directed to the servers.
"
Is there a limit to the number of people connected?
Are there some license that must be used?

Again, many thanks for your time,
Regards,
Gianluca