-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Chris Herrmann Sent: Sunday, 23 February 2020 1:50 PM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] upgrade from RB2011UiAS to something faster - RB450Gx4 ?
So... to close this one out. I finally actually replaced the RB2011 with
RB3011 yesterday, and took the opportunity to use some better encryption algorithms. It's doing over 3X the IPSEC throughput compared with the 2011 (average 90Mbit vs 20Mbit), which is pretty close to the limit of the link (100Mbit). So my gut feel is it could go further if I had the bandwidth for it. Thanks Mike & the Duxtel team for humouring my 10000 questions! Average CPU was 30% for the duration of the transfer instead of 90% which is also a good indication of headroom I guess.
I did a backup / restore of the config which mostly worked fine, except a couple of gotchas: - the interface labelling was weird on the restore. For example the switch ports were labelled 1-8 following the physical layout... but on restore
Hi Chris, Sounds like you took a binary backup on the 2011 and restored on the 3011 - then discovered one reason you should NEVER do that! ( never EVER! ;-) The interface labelling is only one symptom of broken restore - there are other nasty effects that could blow up down the track, such as CPU clock speeds set incorrectly, bad peripheral IRQ settings and more traps like that - If you did use backup/restore to a different router model, then I STRONGLY encourage you to completely wipe the 3011 using netinstall and start over - it will save a lot of (probable) angst in the near or far future :-} Use export/import instead - that is the /right/ way to transfer configs to new hardware! :) Cheers, Mike. the they
became 1,2,3,4,8,7,6,5 which messed me up until I worked out what was happening. - The policy routes for IPSEC tunnels didn't restore - The IPSEC PSK didn't restore
but easy enough to sort out once I'd worked that out. The thing that caused me most grief actually was creating a borked IPSEC policy route which locked me out of the device totally. Had to log in via console port to disable it. The reset button didn't work btw - it just kicked into etherboot mode but I couldn't get it to actually do a factory reset using the reset button.
Cheers all!
On Wed, 6 Nov 2019 at 13:17, Chris Herrmann <chrisherrmann7@gmail.com> wrote:
Sounds like the RB3011 will fit the bill... I don't quite need to push 1.8Gbps per stream :)
The RB3011/4011 are both more $$ than the RB450Gx4 or 750Gr3. If the extra $ are necessary to meet what i want then that's fine, but if the smaller unit will do it - then that would be better as it's smaller... presumably lower power and cheaper.
@Russell I think the VLAN on switch chip might be the thing that tripped me up with one of the other units I played with, in which case the 3011 would be a better option?
Cheers,
Chris
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au