Community discussions

 
upower3
Member
Member
Topic Author
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Need more CPU and 10 eth ports - which device to choose?

Tue May 12, 2015 11:12 am

A friend of mine once brought CRS125-24G-1S-RM for his company so he was able to connect their servers on LAN and 1 WAN link. It worked well for pretty long time and everyone was happy.

As time goes by they set up PPtP and L2TP servers on the CRS125-24G-1S-RM to allow remote workers to connect. It worked well until recently they found that CPU on router is at 100% most of the time. While they see no big slow down in internet speed so far, they decided to upgrade and get another router with more CPU power. They will keep this device as a spare and use new, more powerful one as a gateway.

So the question is simple, which router is to choose? The requirements are easy to predict:
- rack-mounted,
- at least 10 eth ports (at least 9 of them to be switch-connected so servers will communicate within switch and not via CPU),
- more CPU power (I suspect it should be TILE device due to its multicore but not necessary).

They expect to have at least 150 pp2p and l2tp users right now and at least 200-250 within a year (don't ask me why they won't build or rent redundant cloud base corporate VPN system, as everyone try to save), the traffic won't be huge (single RDP within each VPN connection). Anyway, even if they have 130-150 VPNs right now I can say many warm words to CRS125's CPU!

The problem is they don't have another free space in the rack (the rack is rented and it costs a lot to rent another one just to accommodate new router) so they prefer to set 1U device and not to keep separate router and switch.

I asked them to recalculate need for ports so maybe they scale down to 8 ports (7 for servers and 1 for WAN), but even so, devices like CCR1009-8G have only 4-port switch and another 4 ports are CPU based. CCR1016-12G is good but have no switch at all. Should I worry for that or I can recommend these devices in hope that CPU will be able to handle that traffic without switch at all?

P.S. Maybe I should even recommend old-but-good RB1100AHx2 for its two switches? Will it CPU be significantly more powerful that CRS125-24G-1S-RM's one?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Need more CPU and 10 eth ports - which device to choose?

Tue May 12, 2015 11:34 am

A friend of mine once brought CRS125-24G-1S-RM for his company so he was able to connect their servers on LAN and 1 WAN link. It worked well for pretty long time and everyone was happy.

As time goes by they set up PPtP and L2TP servers on the CRS125-24G-1S-RM to allow remote workers to connect. It worked well until recently they found that CPU on router is at 100% most of the time. While they see no big slow down in internet speed so far, they decided to upgrade and get another router with more CPU power. They will keep this device as a spare and use new, more powerful one as a gateway.

So the question is simple, which router is to choose? The requirements are easy to predict:
- rack-mounted,
- at least 10 eth ports (at least 9 of them to be switch-connected so servers will communicate within switch and not via CPU),
- more CPU power (I suspect it should be TILE device due to its multicore but not necessary).

They expect to have at least 150 pp2p and l2tp users right now and at least 200-250 within a year (don't ask me why they won't build or rent redundant cloud base corporate VPN system, as everyone try to save), the traffic won't be huge (single RDP within each VPN connection). Anyway, even if they have 130-150 VPNs right now I can say many warm words to CRS125's CPU!

The problem is they don't have another free space in the rack (the rack is rented and it costs a lot to rent another one just to accommodate new router) so they prefer to set 1U device and not to keep separate router and switch.

I asked them to recalculate need for ports so maybe they scale down to 8 ports (7 for servers and 1 for WAN), but even so, devices like CCR1009-8G have only 4-port switch and another 4 ports are CPU based. CCR1016-12G is good but have no switch at all. Should I worry for that or I can recommend these devices in hope that CPU will be able to handle that traffic without switch at all?

P.S. Maybe I should even recommend old-but-good RB1100AHx2 for its two switches? Will it CPU be significantly more powerful that CRS125-24G-1S-RM's one?
first thing, please use the CRS to do switching it will do that at wire speed without problem

For routing and other Layer 3 task use a router, CCR1016 will be fine
 
User avatar
pukkita
Trainer
Trainer
Posts: 2984
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Need more CPU and 10 eth ports - which device to choose?

Tue May 12, 2015 11:59 am

CCRs concept is switchless, all ports directly connected to CPU.

CCR1009 is a "special" case for those cases you don't need too many ports for the "heavy lifting", offering 4 in a switch chip.

CCR1016 will be more than fine; RB1100AHx2 is much more powerful than CRS125. You can use ports 1-10 for servers, and 11 (directly connected to CPU) for WAN.

Depending on budget you can get the RB1100AHx2 then upgrade to a CCR in the case it gets overwhelmed over time.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
upower3
Member
Member
Topic Author
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Re: Need more CPU and 10 eth ports - which device to choose?

Tue May 12, 2015 1:05 pm

RB1100AHx2 is much more powerful than CRS125.
I really like 1100 series, the only thing I worry about is if it'll be supported in the future (new f/w and RouterOS versions) due to its PowerPC nature.

By the way, maybe you know the way to enable hardware acceleration to be used in any VPN server (pptp or l2tp or sstp or ovpn)? I remember the MT wiki article that discuss the possibility in some limited case to accelerate IPSec in h/w so maybe it is possible to do that for VPN?
 
User avatar
pukkita
Trainer
Trainer
Posts: 2984
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Need more CPU and 10 eth ports - which device to choose?

Tue May 12, 2015 1:50 pm

I doubt support for the RB1100AHx2 would be a problem in the future.

Hardware acceleration is for encryption. On supported boards, for IPSec use AES.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Need more CPU and 10 eth ports - which device to choose?

Tue May 12, 2015 5:04 pm

take in count the limited functionalities of switching on rb1100ahx2 and ccr1009 integrated switches
 
upower3
Member
Member
Topic Author
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Re: Need more CPU and 10 eth ports - which device to choose?

Wed May 13, 2015 9:42 am

Just to be sure in the choice: I've heard that CCR1009 is 3x more powerful and only 40% expensive that 1100AHx2. This way, won't it be worth to overpay now and never care for the CPU? I'd say "yes", but still I have a doubts for plain packet switching between ports. They don't need anything sophisticated, but if CPU will be involved then CPU will be busy with packets, isn't it?

As I compare performance info at http://routerboard.com/CCR1009-8G-1S-1Splus vs http://routerboard.com/RB1100AHx2 I notice that 1009 is more that 4x faster on routing. But what I can't count is CPU power for VPN, and switching performance.
 
upower3
Member
Member
Topic Author
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Re: Need more CPU and 10 eth ports - which device to choose?

Wed May 13, 2015 4:15 pm

take in count the limited functionalities of switching on rb1100ahx2 and ccr1009 integrated switches
They need only basic connectivity, nothing more. The only thing is if sending packet thru CPU will significantly affect performance of the device or not.
 
upower3
Member
Member
Topic Author
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Re: Need more CPU and 10 eth ports - which device to choose?

Wed May 13, 2015 4:16 pm

Hardware acceleration is for encryption. On supported boards, for IPSec use AES.
RB1100AHx2 appears to be "supported" one but that's useless as they won't use IPSec.
 
User avatar
pukkita
Trainer
Trainer
Posts: 2984
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Need more CPU and 10 eth ports - which device to choose?

Wed May 13, 2015 5:29 pm

Not useless, just it won't have hardware acceleration for tunnels themselves.

As I previously said for your current, and medium-term needs its CPU will be able to cope with your tunnel requisites, and also for switch ports. You can of course go straight to a CCR (less ports) if budget is no problem, but if the CRS is coping right now at 100%CPU, RB1100 will hardly go over 20%.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: Need more CPU and 10 eth ports - which device to choose?

Wed May 13, 2015 9:33 pm

I would not worry about number of ports on the router unless you need that many WAN connections, or have a lot of isolated internal LAN subnets.

You need WAN and LAN connections on the new router. Continue to use your existing CRS as a switch.

If you have multiple internal LANs that need to be routed between: You can trunk multiple VLANs between the router and the switch if needed. You can use multiple physical cables between the router and switch if that is easier for you to understand and configure, or you need full gigabit between the LANs.

Just remember that on the CCR1009, the first 4 ports are in one switch. So, the CCR1009 is more like a 5 port router with a 4 port switch. Just like the CRS125 is a 1 port router with a 25 port switch.

I believe the hardware acceleration will help any encryption using the AES algorithm. Whichever VPN type you use, try to use AES encryption. The CCRs and the RB1100AHx2 are all supposed to have acceleration, as I understand it. I could be wrong.
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: Need more CPU and 10 eth ports - which device to choose?

Wed May 13, 2015 9:35 pm

Oh and the RB1100AHx2 is a 5 port router with two 4 port switches.
 
upower3
Member
Member
Topic Author
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Re: Need more CPU and 10 eth ports - which device to choose?

Thu May 14, 2015 4:10 pm

Oh and the RB1100AHx2 is a 5 port router with two 4 port switches.
Yes, and it has very nice feature (which is very rare needed) - pass-thru link between 10 and 11 ports (if I'm rights with numbers) when power goes off.

Hard to say why MT won't install 10 ports switch chip and use 2 x 4 or 2 x 5 ports chips.

Who is online

Users browsing this forum: No registered users and 52 guests