The plain old RB4011 will do just fine. I got the Wifi version when I upgraded to 100/40 NBN a few months ago. It imported my RB2011 config albeit with a few minor changes like removing MAC addresses attached to bridges with no dramas and worked just the same. I didn't have any VLANs, just a few bridges. The CPU in is a 4 core beast and will handle your VLANs just fine at wirespeed. It has hardware accelerated IPSEC. Everything I do on it at 100/40, including simple queues and CAPSMAN the CPU is comatose. You could also go the cheaper RB3011, apart from the big case it's right in between the 2011 and 4011 for power. It will handle your IPSEC requirements with ease too as it has hardware assisted crypto as well. I have seen photos of the RB3011 board fitted into the RB2011 case - it's a shame that never came out. Regards, Jason Hecker <https://www.upandrunningtech.com.au/> <https://www.upandrunningtech.com.au/> On Tue, 5 Nov 2019, at 17:15, Chris Herrmann wrote:
Hi all,
I've been using the rb2011 for several years now, happy user. I'm about to get faster internet (NBN - please stop snickering), so I'm looking at models that will handle higher throughput and after people's recommendations.
Things I care about... * I'm running a few VLANs. there was one rb or Hex model that I played with that didn't handle VLANs as well as the 2011 but I can't remember the reason now. Might have been a software switch and not hardware or something like that. * IPSEC - the 2011 tops out around 16Mbit before it flakes out in my experience. Would like to get more throughput.. if I look at the RB450Gx4 specs and pick the worst-case IPSEC throughput, it claims to do 20Mbit which is better than my real-world experience with the RB2011. * Non-IPSEC NAT - would like it to comfortably handle 100Mbit * I'm running a few other things but nothing that should be too taxing (logging, not a huge number of policies, only a little bit of mangling). * Don't want wifi on it * Don't need POE * Would love to be able to export / import my RB2011 config and have that work :) but I'm guessing it'll have to be a rebuild based upon prior experience switching models.
Cheers,
Chris _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au