Re: [MT-AU Public] upgrade from RB2011UiAS to something faster - RB450Gx4 ?
Sounds like the RB3011 will fit the bill... I don't quite need to push 1.8Gbps per stream :) The RB3011/4011 are both more $$ than the RB450Gx4 or 750Gr3. If the extra $ are necessary to meet what i want then that's fine, but if the smaller unit will do it - then that would be better as it's smaller... presumably lower power and cheaper. @Russell I think the VLAN on switch chip might be the thing that tripped me up with one of the other units I played with, in which case the 3011 would be a better option? Cheers, Chris
Hi Chris, I upgraded from the RB2011 to a RB750g3 at home a year or so ago (when the G3 was first released). Works an absolute treat on my 100/40 NBN connection. Can easily pull the full connection speed down with NAT, without CPU flaking out. Two GRE over IPSec tunnels configured, one to a 300M symmetrical, the other to a 100/40 NBN connection. The hardware offload engine works a treat, I can easily saturate the 40M upstream of my NBN, and downstream from the 300M service I get around 75-80M. I did some recent playing around with VLANs on it - didnt have any issues. Had more fun with the CRS125 working, which is designed for it!. Whilst it has a slightly different chip from the RB2011 gig ports, it seems to operate with the same functionality. The biggest difference, of course, is the loss of the 5 FE ports. Config wise, majority of it came across no issues, although I had to ditch the wireless config. Basically I have- * Static routes to one VPN * OSPF to the other VPN and internally to some test gear. * LT2P over IPSec server * Simple Firewall & NAT rules * VLAN stuff segregating out a new network I was configuring for my new house. Haven't had an experience with the 3011/4011, but I have a feeling the 750G3 will fit the bill. Let me know if there's anything specific you want me to test for you. M. ________________________________________ From: Public <public-bounces@talk.mikrotik.com.au> on behalf of Chris Herrmann <chrisherrmann7@gmail.com> Sent: Wednesday, 6 November 2019 13:17 To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] upgrade from RB2011UiAS to something faster - RB450Gx4 ? Sounds like the RB3011 will fit the bill... I don't quite need to push 1.8Gbps per stream :) The RB3011/4011 are both more $$ than the RB450Gx4 or 750Gr3. If the extra $ are necessary to meet what i want then that's fine, but if the smaller unit will do it - then that would be better as it's smaller... presumably lower power and cheaper. @Russell I think the VLAN on switch chip might be the thing that tripped me up with one of the other units I played with, in which case the 3011 would be a better option? Cheers, Chris _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
So... to close this one out. I finally actually replaced the RB2011 with the RB3011 yesterday, and took the opportunity to use some better encryption algorithms. It's doing over 3X the IPSEC throughput compared with the 2011 (average 90Mbit vs 20Mbit), which is pretty close to the limit of the link (100Mbit). So my gut feel is it could go further if I had the bandwidth for it. Thanks Mike & the Duxtel team for humouring my 10000 questions! Average CPU was 30% for the duration of the transfer instead of 90% which is also a good indication of headroom I guess. I did a backup / restore of the config which mostly worked fine, except a couple of gotchas: - the interface labelling was weird on the restore. For example the switch ports were labelled 1-8 following the physical layout... but on restore they became 1,2,3,4,8,7,6,5 which messed me up until I worked out what was happening. - The policy routes for IPSEC tunnels didn't restore - The IPSEC PSK didn't restore but easy enough to sort out once I'd worked that out. The thing that caused me most grief actually was creating a borked IPSEC policy route which locked me out of the device totally. Had to log in via console port to disable it. The reset button didn't work btw - it just kicked into etherboot mode but I couldn't get it to actually do a factory reset using the reset button. Cheers all! On Wed, 6 Nov 2019 at 13:17, Chris Herrmann <chrisherrmann7@gmail.com> wrote:
Sounds like the RB3011 will fit the bill... I don't quite need to push 1.8Gbps per stream :)
The RB3011/4011 are both more $$ than the RB450Gx4 or 750Gr3. If the extra $ are necessary to meet what i want then that's fine, but if the smaller unit will do it - then that would be better as it's smaller... presumably lower power and cheaper.
@Russell I think the VLAN on switch chip might be the thing that tripped me up with one of the other units I played with, in which case the 3011 would be a better option?
Cheers,
Chris
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Chris Herrmann Sent: Sunday, 23 February 2020 1:50 PM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] upgrade from RB2011UiAS to something faster - RB450Gx4 ?
So... to close this one out. I finally actually replaced the RB2011 with
RB3011 yesterday, and took the opportunity to use some better encryption algorithms. It's doing over 3X the IPSEC throughput compared with the 2011 (average 90Mbit vs 20Mbit), which is pretty close to the limit of the link (100Mbit). So my gut feel is it could go further if I had the bandwidth for it. Thanks Mike & the Duxtel team for humouring my 10000 questions! Average CPU was 30% for the duration of the transfer instead of 90% which is also a good indication of headroom I guess.
I did a backup / restore of the config which mostly worked fine, except a couple of gotchas: - the interface labelling was weird on the restore. For example the switch ports were labelled 1-8 following the physical layout... but on restore
Hi Chris, Sounds like you took a binary backup on the 2011 and restored on the 3011 - then discovered one reason you should NEVER do that! ( never EVER! ;-) The interface labelling is only one symptom of broken restore - there are other nasty effects that could blow up down the track, such as CPU clock speeds set incorrectly, bad peripheral IRQ settings and more traps like that - If you did use backup/restore to a different router model, then I STRONGLY encourage you to completely wipe the 3011 using netinstall and start over - it will save a lot of (probable) angst in the near or far future :-} Use export/import instead - that is the /right/ way to transfer configs to new hardware! :) Cheers, Mike. the they
became 1,2,3,4,8,7,6,5 which messed me up until I worked out what was happening. - The policy routes for IPSEC tunnels didn't restore - The IPSEC PSK didn't restore
but easy enough to sort out once I'd worked that out. The thing that caused me most grief actually was creating a borked IPSEC policy route which locked me out of the device totally. Had to log in via console port to disable it. The reset button didn't work btw - it just kicked into etherboot mode but I couldn't get it to actually do a factory reset using the reset button.
Cheers all!
On Wed, 6 Nov 2019 at 13:17, Chris Herrmann <chrisherrmann7@gmail.com> wrote:
Sounds like the RB3011 will fit the bill... I don't quite need to push 1.8Gbps per stream :)
The RB3011/4011 are both more $$ than the RB450Gx4 or 750Gr3. If the extra $ are necessary to meet what i want then that's fine, but if the smaller unit will do it - then that would be better as it's smaller... presumably lower power and cheaper.
@Russell I think the VLAN on switch chip might be the thing that tripped me up with one of the other units I played with, in which case the 3011 would be a better option?
Cheers,
Chris
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (3)
-
Chris Herrmann
-
Michael Junek
-
Mike Everest