We are ISP designing a new network, and we are evaluating Mikrotik as on of first choices.

We have two x 200Mbit Internet connections, going to two x 1Gbit, need to use BGP, VLANs, dedicated subnetworks and firewalls for customers, etc.

We've already tried Routeros under VMware and we feel unsatisfied about performances.

We are uncertain if going to use hardware like Proliant and forget MetaRouter, or going to RB1000/1100 and adopt metarouter.

Actually, we are not able to have data/opinions on following topics:

• - rb1000-rb1100: real performances of these boxes; how many Gbit/pkts can be handled?

• - can these boxes handle routing, BGP and filtering rules without any degradation?

• - metarouter: we are not able to understand real performances and security of metarouter: which is the penalty in performance of using metarouters? Is there any security issue?

Thanks,

Tonino

Hi!

Welcome to the forum.

If you need high performance buy a L6 license and put it in a PCBased solution. You'll get more performance than the RB1000/1100.


Chupaka has a network with +500Mbps traffic, but I don't know what hw is.

forget about RB1000-1100 for you network, no more than 150-200MBit whith little firewall.
Use Core-i5-i7 based routers or Xeon 54x, 55x, 56x + Intel based ethernet. (Now on Core-i7 have 2 BGB full view uplink, ~ 400 Mbit traffic, heavy mangle chain, little forward chain , little nat chain, CPU load 8-12%)

nice avatar

forget about RB1000-1100 for you network, no more than 150-200MBit whith little firewall.
Use Core-i5-i7 based routers or Xeon 54x, 55x, 56x + Intel based ethernet. (Now on Core-i7 have 2 BGB full view uplink, ~ 400 Mbit traffic, heavy mangle chain, little forward chain , little nat chain, CPU load 8-12%)

Any special consideration about using 10GB adapters?
Would we have any gain, using one 10GB port instead of several 1GB ports?

Tonino

[quote="tonix"
Any special consideration about using 10GB adapters?
Would we have any gain, using one 10GB port instead of several 1GB ports?

Tonino[/quote]

Get Intel NIC's, and the fastest clockspeed CPU you can find.In general here you should go for clock speed instead of multicore abilities. If you can get it, you will be better off with a 3.5 GHz dual-core CPU (like Xeon 52xx) than a 3 GHz quad-core CPU. Additional cores will not be used by network processing in your case.
Example,with Intel 82576 nics on FreeBSD 8.x Release amd64 you may get ~9xx/9xx mbit/sec (obout 3-4K users)

Get Intel NIC's, and the fastest clockspeed CPU you can find.In general here you should go for clock speed instead of multicore abilities. If you can get it, you will be better off with a 3.5 GHz dual-core CPU (like Xeon 52xx) than a 3 GHz quad-core CPU. Additional cores will not be used by network processing in your case.
Example,with Intel 82576 nics on FreeBSD 8.x Release amd64 you may get ~9xx/9xx mbit/sec (obout 3-4K users)

Thanks for hints... We are going to try. Willing to connect more 1GB connections to central switch, and a 10GB connection between switch and firewall. When we'll have more data we'll post results.

Thanks again,

Tonino

If you really want to reach gigabit performance you should opt for x86 hardware. I'm using RB1000 and I can't get more than 700Mbits at full duplex (700Mbps in at eth0 and 700Mbps out at eth1), just with static (but complex) routing, a heavy (but optimized) 250 rules firewall and some Nat/mangle rules. Sorry, I don't remember how many PPS it was dealing with, but average packet size was around 600b

It's enough for me right now, but I know that I will have to use different hardware if I ever need to deal with more PPS.

Bye

forget about RB1000-1100 for you network, no more than 150-200MBit whith little firewall.
Use Core-i5-i7 based routers or Xeon 54x, 55x, 56x + Intel based ethernet. (Now on Core-i7 have 2 BGB full view uplink, ~ 400 Mbit traffic, heavy mangle chain, little forward chain , little nat chain, CPU load 8-12%)

How many mangles do you have?

I'm using ~500 lines of mangles (and growing), i5 3.3GHz dual-core, bonded 2x intel pro 1000, can handle max 35k pps only before it start dropping (100% of CPUs)
I need far more than this. Any suggestion?

Hi,

Try to optimize the mangle chain. Each packet shouldn't be checked against each rule. Segment your network in order to be able to place a "selector" and then jump to a given subchain where those will be mangled acordingly. For example, if you have 2 internal networks with different mangle rules, place a jump rule with 4 options: PKts_for_Net1, Pkts_from_Net1, PKts_for_Net2, Pkts_from_Net2. Then define those chains with their rules.

Bye

Selector is a great idea!

Thanks leonset.

You're welcome!

Just take care, it isn't as simple to implement as it may seem... specially on a live system. At least for me!

great!

i manage to create selector for connection markings (which hits on new connection only) and the packet marking.
on my simulation router the performance is increase 25k to 62.5k pps

it's 250% increase ... yahoooooo

Nice to know!! I whis I had tested my setup before using "selectors" in my forward chain to be able to compare.

Which tools do you use to do those performance meterings?

Just using mikrotik's bandwidth test on 2 PCs and router under test in between.