Hello,
the CCR1072-1G-8S+ has one 1G-Port, labeled "Boot" on the front. As I can see in the diagram, it is connected by a PCIe x1 controller.
1. The 1G-Port is connected with PCIe 1.0, one lane, witch might have 2,5 GBit/s - so the ethernet port can work full 1GB/s?
2. The label "Boot" is only for design-aspects, technical it is handled in routerOS like every other port (e.g. the sfp+ ports, only with a different speed). The firewall acts there like on other ports, or is there a secret function for a direct access to the cpu over this port (like "in boot process, (only) this port can ... [do any access to the cpu without firewall]")?
I want to connect this port to the WAN, as we get 1GB/s from the uplink, and use the other ports for the LAN.
Anyone who use it like this?
Thanks for answers!
Re: CCR1072 1G-Port Speed and security
Apart from being handled less efficiently by Tile CPU (it's handled via PCIe drivers etc. instead of directly by CPU like SFP+ ports) the only special treatment is that it's used for netinstall.
Re: CCR1072 1G-Port Speed and security
Thank you for your answer.
Less efficiently - as long as it brings 1GB/s -> Hopefully the PCIe-Driver does not slow down speed, and is not so difficult for the Tile CPU to handle that it really stops the system. There are 72 TILE-Cores, so there might be enough power for all.
As netinstall is used on other devices on eth1, and they are shipped with default configuration ether1 for WAN (Internet), it might be secure.
Next time when I'm next to the CCR I test the speed of the port without any routing or firewall on its behavior with 1GB/s.
Less efficiently - as long as it brings 1GB/s -> Hopefully the PCIe-Driver does not slow down speed, and is not so difficult for the Tile CPU to handle that it really stops the system. There are 72 TILE-Cores, so there might be enough power for all.
As netinstall is used on other devices on eth1, and they are shipped with default configuration ether1 for WAN (Internet), it might be secure.
Next time when I'm next to the CCR I test the speed of the port without any routing or firewall on its behavior with 1GB/s.
Re: CCR1072 1G-Port Speed and security
FYI: Behavior of the CCR1072 - Ethernet-1G-Port
My setup:
2x hap ac2 for receiving the traffic with no filter rules.
- one directly connected to the 1G-Port of the CCR (A)
- one connected to a CRS354-48P-4S+2Q+ (B)
1x CCR1009-7G-1C-1S+ (T) Tester
The CRS is connected to the CCR1072 via two sfp+-Connection 10Gbps, bonded together. The CRS has no filter rules, VLAN via switch-chip.
The CCR1009 (T) is connected with one 10Gbps
The CCR1072 does a lot of firewalling - can't stop him as he is a productive router here, running some services also.
CCR1072-CPU is normaly about 1-2%, no single CPU more than 20%.
In short: A -1Gbps- CCR1072 -2x10Gbps - CRS -1Gbps- B
CCR1072 -10Gbps - T
T -> B: Test, how fast coonection without using 1GB/s of the CCR1072, just the 10Gbs-Ports:
975,6 MBps / 957,7 MBps (10s Average)
T -> A; Main Test:
967,7 Mbps / 894,6 Mbps (10s Average)
Interface 1G-Port of CCR1072 shows:
TX/RX-Drops: 0 / 0
TX/RX-Errors: 0 / 0
CPU still at 1-2%, hardest working CPU0 24%-51%. -> Hardware driver for the 1Gbps-Port might not be hard to handle for the CPU.
So the port might be fine for using.
My setup:
2x hap ac2 for receiving the traffic with no filter rules.
- one directly connected to the 1G-Port of the CCR (A)
- one connected to a CRS354-48P-4S+2Q+ (B)
1x CCR1009-7G-1C-1S+ (T) Tester
The CRS is connected to the CCR1072 via two sfp+-Connection 10Gbps, bonded together. The CRS has no filter rules, VLAN via switch-chip.
The CCR1009 (T) is connected with one 10Gbps
The CCR1072 does a lot of firewalling - can't stop him as he is a productive router here, running some services also.
CCR1072-CPU is normaly about 1-2%, no single CPU more than 20%.
In short: A -1Gbps- CCR1072 -2x10Gbps - CRS -1Gbps- B
CCR1072 -10Gbps - T
T -> B: Test, how fast coonection without using 1GB/s of the CCR1072, just the 10Gbs-Ports:
975,6 MBps / 957,7 MBps (10s Average)
T -> A; Main Test:
967,7 Mbps / 894,6 Mbps (10s Average)
Interface 1G-Port of CCR1072 shows:
TX/RX-Drops: 0 / 0
TX/RX-Errors: 0 / 0
CPU still at 1-2%, hardest working CPU0 24%-51%. -> Hardware driver for the 1Gbps-Port might not be hard to handle for the CPU.
So the port might be fine for using.
Who is online
Users browsing this forum: No registered users and 6 guests