Community discussions

 
llag
just joined
Topic Author
Posts: 8
Joined: Sat Aug 04, 2018 12:12 am

CRS317 NAT + routing capacity

Fri Aug 10, 2018 12:02 am

I am awaiting delivery of a CRS317-1G-16S+RM and am planning the network restructuring I need to do. The switching side is clear. I am however considering to also use the CPU for my internet routing. I need some PPPOE + NAT for IPv4 and routing of IPv6. The main firewall is my Pfsense cluster that does most of the L3 as well. But because of the cluster setup I need to do the NAT on a router that will know how to send traffic to the CARP address for the cluster. Pfsense cluster does not support CARP/PPPOE on a cluster

Looking at the the routing throughput, I see 1270Mb/sec for all ports. I assume that that means effectively 635 Mbps for a symmetrical connection (up/down). Do I understand it correctly that this means that this is insufficient for a 1Gb fiber connection? Right now I have a 100/60 Mbps connection, so using the CRS as router would be ok. But it would be insufficient for a full 1Gbps, right?
 
User avatar
pukkita
Trainer
Trainer
Posts: 2971
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: CRS317 NAT + routing capacity

Fri Aug 10, 2018 12:01 pm

Your assumptions are correct, this is a programmable switch, whose CPU provides auxiliary functions, but it's not conceived to route 1Gbps.

And no, specs mean that with traffic flowing to/from all ports, the device is capable to route 1270Mbps overall (not each port), if all packets were sized 1518 bytes, which won't happen in real life. To derate performance on a real life scenario, look at 512byte and 64byte packet performance, that will give you a CPU power idea.

Easily solved though: you could connect an hEX or hEX S to the CRS317 for Internet traffic routing/natting, replacing it with a suitable CCR when your uplink bandwidth requirements increase in the future.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
llag
just joined
Topic Author
Posts: 8
Joined: Sat Aug 04, 2018 12:12 am

Re: CRS317 NAT + routing capacity

Fri Aug 10, 2018 1:48 pm

Your assumptions are correct, this is a programmable switch, whose CPU provides auxiliary functions, but it's not conceived to route 1Gbps.

And no, specs mean that with traffic flowing to/from all ports, the device is capable to route 1270Mbps overall (not each port), if all packets were sized 1518 bytes, which won't happen in real life. To derate performance on a real life scenario, look at 512byte and 64byte packet performance, that will give you a CPU power idea.

Easily solved though: you could connect an hEX or hEX S to the CRS317 for Internet traffic routing/natting, replacing it with a suitable CCR when your uplink bandwidth requirements increase in the future.
Thanks for the confirmation. I understood the packet size issue, and was unsure about what would happen if only 2 interfaces were used: effectively there will be only 2, one on the VLAN that ends up on the uplink (modem or FTTH, but both will have to come in on a VLAN in my case) and the other interface on the VLAN to the pfsense cluster. I indeed expected your answer. It was just that I saw a note from a guy (at servethehome?) that said you could do a 1G uplink if you were not too mean. But looking at the figures I had my doubts.
I currently have a Ubiquiti Edgerouter-x, so a Hex (s) would not really be an upgrade (can do roughly 500 Mbitup/down concurrently). I will wait for the 1G FTTH to arrive and look at a suitable CCR when it comes.

Thanks for the feedback.
 
User avatar
pukkita
Trainer
Trainer
Posts: 2971
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: CRS317 NAT + routing capacity

Sat Aug 11, 2018 12:13 pm

By using fasttrack, you will be able to get higher throughput, but I seriously doubt a CRS317 could reach 1Gbps of routed/natted traffic even with fasttrack enabled, guess a more realistic figure will be around 250-500Mbps max, though I never tested.

Do not underestimate the hEX, it's a little mean router, whose dual core CPU is way more powerful than the CRS, moreso having IPSec hardware acceleration built in.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum

Who is online

Users browsing this forum: No registered users and 10 guests