Difference between Mikrotik routers

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

katit

Member
Mar 18, 2015
372
18
18
53
Seeing how recommended those are - I'm looking to get one. I need wireless as well. Currently I'm looking at those 2 available from Amazon:

Amazon.com: Mikrotik Routerboard RB2011UiAS-2HnD-IN Sfp Port plus 10 Port Ethernet: Computers & Accessories

Amazon.com: Mikrotik CRS125-24G-1S-2HnD-IN, Cloud Router Gigabit Switch, Fully manageable Layer 3, 24x 10/100/1000, 1000mW Wireless: Computers & Accessories

Second one seems to have more ports and I may use that. I don't know anything about them. This Layer 3 thing confused me. First one is L5 and second one is L3. What does it mean?

Here is what I need from router (and I think it's all pretty standard stuff)
1. Pre-assign IPs by MAC (about 10)
2. VPN access - up to 10 simultaneous
3. Connect to other VPN's at the same time.. Possible?
4. QOS with priority for VOIP(this is what Mikrotik was recommended for)
5. Wireless access point
6. Forward ports
7. Limit outgoing traffic from certain IPs (for example if I do cloud backup I need some channel left over)

Do all that and be fast and stable. Right now I have ASUS router and VPN drops (not sure if it's router or not), access to web servers works great and than all of the sudden freezes. Not sure if it's all router's fault, but anyway.

Number of ports is not that important, but I'd rather take #2 if all equal, that way I will not need to use external switch for our small office.
 

RTM

Well-Known Member
Jan 26, 2014
956
359
63
As far as I know, both devices uses the same main CPU(Atheros AR9344), so performance should be similar.
I would not consider either device to be fast, but of course that depends on your connection.

Personally I would prefer the second device, because the RB2011's only have 5 gigabit (+ 1 optional SFP) ports.

Another option could be to replace the firmware on your Asus router, if that is possible (this assumes that your current problem is software related) with something like OpenWRT, DDWRT, Gargoyle, Tomato etc.
 

katit

Member
Mar 18, 2015
372
18
18
53
I would not consider either device to be fast, but of course that depends on your connection.
Can you explain? By fast I'm not talking raw traffic. We have 25/5 connection, nothing to write home about :)
But I do have slow connects to VPN, hiccups with outside connectivity.

Which router would be fast in terms of handling many connections?
 

RTM

Well-Known Member
Jan 26, 2014
956
359
63
Can you explain? By fast I'm not talking raw traffic. We have 25/5 connection, nothing to write home about :)
But I do have slow connects to VPN, hiccups with outside connectivity.

Which router would be fast in terms of handling many connections?
To be honest, I do not have enough experience with these products to be able to give you an estimate of how much they can handle given the features you desire.
QoS (including bandwidth limitation) and VPNs in general takes a decent amount of computational power.

However 25/5 would probably be okay, you can use Mikrotiks performance table for the devices to get a gist of what performance to expect, here is the RB2011: RouterBoard.com : RB2011UiAS-2HnD-IN

I would personally prefer a small x86 computer with pfsense, ideally with a CPU that supports something like AES-NI, to help accelerate VPN performance.
 

PigLover

Moderator
Jan 26, 2011
3,184
1,545
113
Which router would be fast in terms of handling many connections?
I think you need to give a bit more context here on what you mean by "fast". What is your actual application and what are you trying to achieve? How many connections is "many"? What performance do you need for each of them?

I'm not trying to be difficult, but you have to understand that "fast" and "many connections" means different things to different people and this board has a range that goes from emerging home lab users all the way to backbone ISP developers. For example, to me "fast" means a 2.5tbs switch with multiple 100Gb/40Gb connections tracing 80M sessions or more...in that context the Mikrotik is definitely not fast.
 

PigLover

Moderator
Jan 26, 2011
3,184
1,545
113
I think you need to give a bit more context here on what you mean by "fast". What is your actual application and what are you trying to achieve? How many connections is "many"? What performance do you need for each of them?

I'm not trying to be difficult, but you have to understand that "fast" and "many connections" means different things to different people and this board has a range that goes from emerging home lab users all the way to backbone ISP developers. For example, to me "fast" means a 2.5tbs switch with multiple 100Gb/40Gb connections tracking 80M sessions or more...in that context the Mikrotik is definitely not fast.
 

katit

Member
Mar 18, 2015
372
18
18
53
I think you need to give a bit more context here on what you mean by "fast". What is your actual application and what are you trying to achieve? How many connections is "many"? What performance do you need for each of them?

I'm not trying to be difficult, but you have to understand that "fast" and "many connections" means different things to different people and this board has a range that goes from emerging home lab users all the way to backbone ISP developers. For example, to me "fast" means a 2.5tbs switch with multiple 100Gb/40Gb connections tracing 80M sessions or more...in that context the Mikrotik is definitely not fast.
No offence taken.

We are small office of 5, but I would like it to handle up to 10. Obviosuly, $ to get and time($) to configure is factors, so no overkill needed.

Inside office not much going on. We have gigabit network with couple of clients. Server is our dev environment with VMs. SQL Server, IIS, etc.
Problem starts when people work outside. We need to VPN to get to our dev servers (we develop on shared SQL Server, need to publish test sites, etc)
I also plan to run Asterisk internally (VOIP)

I see hickups with VPN. Sometimes it would not respond for a while. When responds - it may take some time to login and get authenticated. Sometimes something happens on client side (on our PCs) and they wouldn't connect until rebooted. Sounds like clients issue, but I do connect to other VPNs and normally connection won't drop for days at a time if no issue with internet.

So, I want reliable VPN, fast connects. 25/5 fiber with static IP is enough for what we do and definitely not a problem as we never have any issues working inside. It's when I started to make everyone VPN to work on local server.. I feel like ASUS RT-N66U can't handle this load.
 

petree77

New Member
Mar 10, 2015
12
3
3
46
You should go with the RB2011UiAS-2HnD-IN, the CRS125 is designated as primarily being for a Layer 2 (ethernet only) device. Mikrotik themselves will tell you that its a layer 2 switch first and everything else second.

The RB2011 has a 600MHz processor and the CRS125 has a 400MHz processor.
 

RTM

Well-Known Member
Jan 26, 2014
956
359
63
The RB2011 has a 600MHz processor and the CRS125 has a 400MHz processor.
That is incorrect, the CRS125 uses the same CPU (AR9344) as the RB2011 at the same 600MHz, the newer CRS226 has the 400MHz CPU.

Again I will suggest OP to consider replacing the firmware of the router, it is not supported by OpenWRT, but you can install DDWRT on it, you can find more information on their wiki: http://www.dd-wrt.com/wiki/index.php/Asus_RT-N66U

The performance of the Asus router, should given decent software, be very comparable to either Mikrotik device.
All devices uses SoCs with MIPS 74k CPU cores at 600 MHz.
 

katit

Member
Mar 18, 2015
372
18
18
53
What about Mirkotik I linked above? 1.2Ghz CPU with 1Gb of RAM. Will it be much faster than Asus? I seriously rather have something more non-residential. And I would repurpose ASUS for WAP only..
 

RTM

Well-Known Member
Jan 26, 2014
956
359
63
What about Mirkotik I linked above? 1.2Ghz CPU with 1Gb of RAM. Will it be much faster than Asus? I seriously rather have something more non-residential. And I would repurpose ASUS for WAP only..
The CCR1009 will be MUCH faster than the ASUS, and the other Mikrotiks.
Again you can use Mikrotiks hardware website to get an indication of its performance: RouterBoard.com : CCR1009-8G-1S
Oh and good call on the Asus, it is probably better left to doing just wifi :)

Btw: What types of VPNs will you be doing?
While Mikrotiks firmware supports OpenVPN, some features are missing such as UDP and compression.
I believe Mikrotik recommends SSTP for their devices as a "better" alternative.
 

katit

Member
Mar 18, 2015
372
18
18
53
Don't know what kind :) Whatever works with Windows/Mac built-in clients will work for us. Right now it' PPPoE
 

PigLover

Moderator
Jan 26, 2011
3,184
1,545
113
So, I want reliable VPN, fast connects. 25/5 fiber with static IP is enough for what we do and definitely not a problem as we never have any issues working inside. It's when I started to make everyone VPN to work on local server.. I feel like ASUS RT-N66U can't handle this load.
I think everyone commenting needs to pay attention to the OPs core need (quoted above). He's after something that can manage multiple simultaneously active VPN connections. When he says "fast" he doesn't mean basic switch/router performance - that isn't his real issue.

Personally I don't think any of the low power solutions being discussed here are going to foot the bill for him. None of these 1.2ghz ARMs w/out crypto acceleration are going to survive the multiple VPN anchors he wants. Not any of the Mikrotiks. Not his current ASUS even with DDWRT.

In my opinion, he probably needs something like an Avoton-based pfSense router with its AES-NI IPsec acceleration and a small switch to fan out to his 10 or so local workstations.

Something like this running pfSense: Netgate RCC-VE 2440 Intel Rangeley C2358 Dual Core Board to handle layer-3 and VPN. A cheap dumb layer-2 switch for the rest.
 
  • Like
Reactions: RTM

markarr

Active Member
Oct 31, 2013
421
122
43
You could look at the UBNT edgerouter light. It has the crypto offloading for IPSec encryption. You would need a switch.
 

ultradense

Member
Feb 2, 2015
61
11
8
41
I agree with Petree77: CRS is meant for switching (and it's CPU overcapacity can be used for some extra fun). The 1100 and the like are older models with EAS hardware accellerated encryption.
CRS is where the real power starts. Especially when you rely heavily on VPN, I'd advise to play safe and buy the smallest CCR. It wil go above 1Gbit in VPN traffic when configured right, while the CRS and older Mikrotiks (non CCR) it will be hard to get them above 20Mbit without 99% CPU.
 

katit

Member
Mar 18, 2015
372
18
18
53
Personally I don't think any of the low power solutions being discussed here are going to foot the bill for him. None of these 1.2ghz ARMs w/out crypto acceleration are going to survive the multiple VPN anchors he wants. Not any of the Mikrotiks. Not his current ASUS even with DDWRT.
I'm convinced now I don't need 600MHz routers. But what about this one?
Amazon.com: MikroTik Cloud Core Router 1009-8G-1S: Computers & Accessories

What those 9 cores mean? And what 1Gb RAM will do?

I do want it to manage active VPN's but again, not multiple as 100, more like up to 10, realistically ~5 but with spare.

Again, I'd like to start collecting rack equipment and really like form-factor of those devices.. For the price..