Hi All,

Quick question for you all.

I currently use a RB750 for a customer wireless / hotspot. Currently this is running on a 20/2meg ADSL2M+ connection, but we are upgrading to 100meg fibre shortly.

I can find lots of info on forwarding speeds of the Mikrotik hardware but nothing of NAT performance. From my work in Cisco land I have learned that NAT performance is always significantly less than the routing performance of a given device.

What kind of typical NAT throughput should I expect from an RB750 (I understand this can vary depending on lots of things)?

Which routerboard should I be looking to get to NAT a 100mbit connection ?

If this is indicated somewhere if someone could point me to it that would be great.

I will be using Router OS 6.15.

Thanks!

M.

For 100Mbit NAT speed, I suggest you RB1100AHx2

Remeber that on NAT, at the end, the real problem are the number of concurrent connections, because NAT can use only 32767 TCP + 32767 UDP concurrent connections for single public IP address...

For 100Mbit NAT speed, I suggest you RB1100AHx2

Really? bit overkill...

I use a 951-2n.

I had a 100M fiber connection in port 1, a 50M fiber connection in port2, with NAT, and mangle rules to detect traffic and direct it via 100M and other by the 50M.

I could pull around 140M (both connections to about 95%) before hitting 100% CPU (about 3000~ connections on P2P).

Unless you are using it for backhaul for a HEAP of users (like 30+ at a time), a 750 should almost do the job.

Perhaps the 2011 for a step up.

A RB450G tops on around 200Mbps NAT. This could also be an option.
But as joegoldman said, the 750 could be enough.
I would rather first upgrade the link, check it out, and change the HW only if needed.
(I had a 750GL doing around 50 Mbps NAT throttled by the provider without maxing out).

RB 2011 should easily be able to do that.

RB 2011 should easily be able to do that.

Not so easily

Nat performance will depend on your firewall and queue tree settings and size.

The more rules you have the more cpu you need.

Small Business will be able to get away with a 2011 series (or 951-2nhd). With a good firewall it'll do about 140mbit.

If you intend on any kind of queue tree, traffic shaping or vpn on the device, get the 1100ahx2.

RB 2011 should easily be able to do that.

Not so easily

In most situations I have used a RB2011 it was able to do about ~200Mbit NAT without too much problems. With only a few rules it can even do 300Mbit NAT.

But it all depends on your usage scenario. In my home I have a 180/18 connection and it is quite happy with that never going above 80%. But, I don't have many traffic shaping rules applied.

If you do intend on having a lot of traffic shaping rules I would suggest getting something a bit more powerful. The RB1100AHx2 that was mentioned or maybe the newer CC1009 would be an option. But personally, up to 100Mbit the RB2011 should be more then enough except for the heaviest rule configurations.

[flash=][/flash]

RB 2011 should easily be able to do that.

Not so easily

Not sure how you people are setting up your firewalls.I have a couple RB2011's that do 200Mbit NAT + policy routes pretty much all day.

Not sure how you people are setting up your firewalls.I have a couple RB2011's that do 200Mbit NAT + policy routes pretty much all day.

Since ROS 6.1X my RB2011UiAS got a speed bump.

It used to do ~250Mbps NAT but it's now giving me ~320Mbps NAT without any change in config.

I've quite a lot of Firewall rules and PBR configured in it too, as well as 6 simultaneous connections to VPN servers around the world.

Somewhat related question,

Can a RB2011UiAS-2HnD handle 1Gbps NAT?

I'm seeing 100% CPU load when doing about 410Mbps, with 10 Firewall rules, 6 NAT rules, no mangle, no queues
Is this a misconfiguration or a hardware limit?

In normal the usage of SPI and NAT will narrow down the entire throughput or in plain words
shorten this throughput for 3% till 5% firewall rules at the wan interface and mangle rules at
the LAN interface are defining than the WAN - LAN throughput for this router and internet
connection as I see it right, perhaps on top VLANs and ACLs are coming on top of this.

And at 100 MBit/s FTTH account it would be more pointed to the entire rest of the usage I think
WiFi usage, how many switches and wired users or devices are connected to the entire network
causing also traffic that must be routed through the RouterBoard.
RB450G
RB493G
RB951
RB750
RB2011

CCR1009 & RB953GS-5HnT would be my next set up for my home network for sure.
Based on the QoS and DPI usage it would be enough for me but also not to tiny.

They all would be doing the job more or less fine, but this is also owed to the circumstance
what ever the router should do also on top of SPI and NAT.

Or in shorter words, what kind of router you should buy, is mostly also based on many more things
than only having 100 MBit/s and doing SPI and NAT.