I am happy long time user of three RB493G boards, acting as WiFi access points, but also as SNAT/DNAT boxes and simple firewalls, and some GRE tunneling boxes.
I just found out, that I cannot do more than 250Mbps one way NAT (Masquerading) on it, without hitting 100% CPU. Even removing all the firewall rules, and using fasttrack, I was only able to achieve 300Mbps one way.
I know CCR1036 is able to push 1Gbps with NAT, with less than 10% CPU usage, so I was wondering, if I could do something similar cheaper on CCR1009 or CCR1016, with relatively small firewall ruleset? Do I need to use fasttrack, or could it still handle 2Gbps full duplex in software, with reasonably small firewall, SNAT/MASQUERADE, maybe few DNAT rules (some IP based, some port or port range based), and bridging between most of the Ethernet ports. I will also be doing native IPv6 routing (with some custom vlan on some ports), up to 2Gbps full duplex. I might also be doing some GRE and OpenVPN tunneling, but that would be less than 30Mbps probably on average. but still peak could be close to 1Gbps.
How many PPS I can NAT between two ports on 1009 ? How much more on 1016? Will it scale well if all packets belong to one flow, or do I need to have multiple flows (i.e. multiple UDP, TCP connections) to utilize all cores well?
I can do that pretty easily on a PC with few years old CPU (NAT between two Gigabit ethernet ports) and a bunch of bash script, but would love a compactness of CCR and nice built-in management and configuration. Not to mention more Ethernet ports and lower power consumption, and probably better latency.