So I am in a situation where I am trying to figure out the best way to re-configure core network routing.
Currently using some old HPE kit to handle that and I have a CCR2004-16G and CRS354-48G both currently running v7. I need to perform basic L3 inter-VLAN routing of ~1Gb/s, averaging much less than that most of the time.
Little bit of insight into the design-
4 locations, each with isolated LAN segments & WiFi
This Router would be the "core" router with the other three sites being connected to this one. So performing all inter-vlan routing between sites & subnets, as well as internet facing traffic towards enterprise firewall would be on this unit.
Other VLAN are a mixture. WiFi, Guest WiFi (internet only), and isolated LAN segments. - So while most traffic is internal L2, there is some L3 expected to be wire-speed. An some of it is basic internet traffic. Besides peak times, such as when Off-site backups (Gig WAN limited) are occurring, the L3 requirements would be quite low, 200Mb/s or less likely.
I feel like I have no choice but to use CCR2004 if I expect to isolate subnets, but I worry it may struggle with near wire-speed L3.
My understanding tells me I need to use Firewall to ACL the subnets, Does this automatically eliminate the CRS354 as a choice? I know it can only do L3 wire-speed in Hardware offload mode. Does that mean its unable to isolate subnets and maintain wire-speed or can I use some kind of connection fast-track to check if its allowed an off-load it or not allowed block it? It would be purely SRC/DST by subnet isolation.
What would you suggest in my situation?
Follow up question:
If using CCR2004 for this: What configuration method would you use for the VLAN routing? Do I use Bridge-VLAN configuration on this hardware (Like the CRS3xx) or another method?
Thank you