Hi Guys,
I am contemplating on purchasing a "RB3011UiAS-RM" for use with connecting several VPN connections to home as well as sending all my traffic down to the main data center (VPN). First however, I have a few questions to ask before I place my order to make sure that it would be suitable for my purpose.
Q1. Would this be suitable to run around 80Mbits/s of VPN throughput? using either OpenVPN (AES-256-CBC) or IPSEC VPN tunnel(s)? (currently all VPN's are OpenVPN AES-256-CBC but can be changed to IPSEC if required/faster)
Q2. I also couldn't find definitive answer to whether this router now has support for hardware based encryption. I read on the forums that it was/is being worked on last year but no prograss update since. Do we know anything more about this?
What I would like to do is route all traffic over the VPN as well as connecting me to the other sites but I need it to be able to do around 80Mbits or greater throughput with the VPN(s) conencted. Would this router be acceptiable for my needs?
I was also planning on using OSPF to work out the best route for the VPN's but from what I understand you don't need a great deal of processing power to use this logic but I thought I would mention it nevertheless.
I also plan to use this to issue a PPPoE connection to my ISP and will be its main feed. Currently don't need any failover but having support would be an advantage which I understand that this does also do.
If there is someting else which is more suitabe for my uses, please could someone be kind enough to drop me a line so I can investigate. Thank you.
Kind Regards,
Simon
Re: Is RB3011UiAS-RM suitable for VPN?
I got about 80 Megabits/second in L2TP IPsec VPN. For now it doesn't have hardware encryption.
Re: Is RB3011UiAS-RM suitable for VPN?
From my expirience:
Q1. IPSEC+AES-256 = 80 => No. I tested RB951 (the same perfomance as RB2011) - 20M is maximum for AES-256. But it was RouterOS 5.x
Q2. No. Check http://wiki.mikrotik.com/wiki/Manual:IP ... encryption
Possibly RB3011 will allow pass ~80M ipsec AES-256 but I'm not sure 100%.
More preferable RB1100AHx2 or CCR. But CCR still have packets reordeing issue for hardware encoding
HEX v3 aka RB750Gr3 - https://routerboard.com/RB750Gr3 - you can read about "450M", But it is for UDP, AES-128, MTU 1400
More here - http://forum.mikrotik.com/viewtopic.php?t=113724
PS: UPS. I read RB2011 instead RB3011 in the subject %)) But answer the same - possibly RB3011 can reach 80M, I saw tests when people could reach 78-80M on it but with AES-128.
Q1. IPSEC+AES-256 = 80 => No. I tested RB951 (the same perfomance as RB2011) - 20M is maximum for AES-256. But it was RouterOS 5.x
Q2. No. Check http://wiki.mikrotik.com/wiki/Manual:IP ... encryption
Possibly RB3011 will allow pass ~80M ipsec AES-256 but I'm not sure 100%.
More preferable RB1100AHx2 or CCR. But CCR still have packets reordeing issue for hardware encoding
HEX v3 aka RB750Gr3 - https://routerboard.com/RB750Gr3 - you can read about "450M", But it is for UDP, AES-128, MTU 1400
More here - http://forum.mikrotik.com/viewtopic.php?t=113724
PS: UPS. I read RB2011 instead RB3011 in the subject %)) But answer the same - possibly RB3011 can reach 80M, I saw tests when people could reach 78-80M on it but with AES-128.
Re: Is RB3011UiAS-RM suitable for VPN?
Hi Guys,
I trully am sorry for the late reply. For some reason I never had an email alert or anything so I wasn't aware that anyone replied. I just thought I would manualy check as its getting closer to time to buy and was plesently surpised that I had some replies.
I wont make that mistake again
With regards to 3011 VPN speeds, thank you for getting the info to me. Doing some extra research also myself and it does look like the "RB1100AHx2" maybe more suitable for a little more (£100 approx) which when your paying £150 whats the differnce in an extra £100 lol.
Anyway I have a friend who has a 3011 in his office and I have asked him to do me a quick VPN test with OVPN+AES-256-CBC and we will know for sure if it can cope or not.
BlackVS: ref HEX v3 aka RB750Gr3, I wasnt aware that this was as good as you say and if I remember correctly its far cheaper. This maybe an even better option if it can do as you say. I know dropping the encryption down to 128bit isn't ideal but assuming it does the 450Mbits, it should easily pull 200Mbits+ with 256 and if thats the case, that would be much better.
Thanks Black also for the URL's, I will go and read up on them now.
To you both, again im really sorry for the DELAY in responding, thats highly unlike me.
Time to check profile settings in case I forgot to tick something
p.s. now ive found the subscribe button
I trully am sorry for the late reply. For some reason I never had an email alert or anything so I wasn't aware that anyone replied. I just thought I would manualy check as its getting closer to time to buy and was plesently surpised that I had some replies.
I wont make that mistake again
With regards to 3011 VPN speeds, thank you for getting the info to me. Doing some extra research also myself and it does look like the "RB1100AHx2" maybe more suitable for a little more (£100 approx) which when your paying £150 whats the differnce in an extra £100 lol.
Anyway I have a friend who has a 3011 in his office and I have asked him to do me a quick VPN test with OVPN+AES-256-CBC and we will know for sure if it can cope or not.
BlackVS: ref HEX v3 aka RB750Gr3, I wasnt aware that this was as good as you say and if I remember correctly its far cheaper. This maybe an even better option if it can do as you say. I know dropping the encryption down to 128bit isn't ideal but assuming it does the 450Mbits, it should easily pull 200Mbits+ with 256 and if thats the case, that would be much better.
Thanks Black also for the URL's, I will go and read up on them now.
To you both, again im really sorry for the DELAY in responding, thats highly unlike me.
Time to check profile settings in case I forgot to tick something
p.s. now ive found the subscribe button
Re: Is RB3011UiAS-RM suitable for VPN?
Wow, thank you so much.
Just been looking now at the Hexv3 as you suggested..
https://routerboard.com/RB750Gr3
I am impressed, its less power, more vpn throughput and less money! can get three plus of these for price of one of the 3011. This is just perfect. Thank you.
Just been looking now at the Hexv3 as you suggested..
https://routerboard.com/RB750Gr3
I am impressed, its less power, more vpn throughput and less money! can get three plus of these for price of one of the 3011. This is just perfect. Thank you.
Re: Is RB3011UiAS-RM suitable for VPN?
Thanks everyone.
Just ordered a RB750Gr3 as suggested by Black and should be here just before christmas.
Assuming this all goes well, I will be ordering 3-4 more as they should be perfect for VPN tunnels between the DC's as we don't curently need to push anything more then what they do right now. Good cheap solution for the private/lan networks.
Thanks again.
Just ordered a RB750Gr3 as suggested by Black and should be here just before christmas.
Assuming this all goes well, I will be ordering 3-4 more as they should be perfect for VPN tunnels between the DC's as we don't curently need to push anything more then what they do right now. Good cheap solution for the private/lan networks.
Thanks again.
Re: Is RB3011UiAS-RM suitable for VPN?
Hex v3 with aes256/sha256 can get approximately 355Mbps
Re: Is RB3011UiAS-RM suitable for VPN?
Thank you mrz for your reply. This is more then fine for its curent uses.
Right now they are mostly for home use and most of the lines are 80/20 with the aim to use them with PPPoE+OpenVPN+OPSF (so it will work out the shortest path/link) and from my understanding and reserch on your forum that it should do all this and have a bit of room for future growth.
I beleive I saw someone with a simular setup to what I am thinking somewhere on the forum and he was getting around 155Mbits out of it which again is fine for my current use. The only thing he didn't have was using it as the PPoE conenction for his WAN but I highly doubt that will cause much of a loss in performance acting as a client. Worst case, if it does, I just use the existing router(s) for the main internet connection then just use these small boxes for the VPN network instead.
If you know approx how much PPPoE load on top would cause at around 80/20, I would be really greatful to know. One have just been purchased about an hour ago (more of a test unit then anything) so we can see if it will do what we want. Everything ive read seems to lead me to the conclusion that it will and if thats so, I will be highly recomending them to everyone I know for home replacments due to the new UK law which was announced last month, everyone now wants to encrypt their home lines just to make govs work even harder.
With regards to the DC links, well right now there isn't a great deal of traffic going over there and its way under 100Mbits total anyway even in the main DC's I have gear in. The aim is to send more and more traffic down the VPN's in time which right now isn't practictble because we dont run OSPF or anything so everything is being directed to one main central hub machine which is bad due to no reduendcy plus extra latency that it costs. The main reason to get these boxes is so we no longer have to do it this way and also considuring the licence cost for the cloud router version and this box is almost the same, it makes a little bit more sence to just use these for the VPN network and be done with it.
Right now they are mostly for home use and most of the lines are 80/20 with the aim to use them with PPPoE+OpenVPN+OPSF (so it will work out the shortest path/link) and from my understanding and reserch on your forum that it should do all this and have a bit of room for future growth.
I beleive I saw someone with a simular setup to what I am thinking somewhere on the forum and he was getting around 155Mbits out of it which again is fine for my current use. The only thing he didn't have was using it as the PPoE conenction for his WAN but I highly doubt that will cause much of a loss in performance acting as a client. Worst case, if it does, I just use the existing router(s) for the main internet connection then just use these small boxes for the VPN network instead.
If you know approx how much PPPoE load on top would cause at around 80/20, I would be really greatful to know. One have just been purchased about an hour ago (more of a test unit then anything) so we can see if it will do what we want. Everything ive read seems to lead me to the conclusion that it will and if thats so, I will be highly recomending them to everyone I know for home replacments due to the new UK law which was announced last month, everyone now wants to encrypt their home lines just to make govs work even harder.
With regards to the DC links, well right now there isn't a great deal of traffic going over there and its way under 100Mbits total anyway even in the main DC's I have gear in. The aim is to send more and more traffic down the VPN's in time which right now isn't practictble because we dont run OSPF or anything so everything is being directed to one main central hub machine which is bad due to no reduendcy plus extra latency that it costs. The main reason to get these boxes is so we no longer have to do it this way and also considuring the licence cost for the cloud router version and this box is almost the same, it makes a little bit more sence to just use these for the VPN network and be done with it.
Who is online
Users browsing this forum: No registered users and 4 guests