Posted inDebian mikrotik Networking RouterOS Routing

10 gigabit inter-VLAN with a Mikrotik RB4011

September 13, 2019
10 gigabit inter-VLAN with a Mikrotik RB4011

Something I see pop up fairly regularly on a few of the forums, Discords, and subreddits that I hang out on is that the RB4011 is not capable of 10 gigabit routing

Guess what?

THAT’S WRONG

I’d be lying if I said that this xkcd wasn’t me sometimes:

https://xkcd.com/386/

Of course, whenever this pops up I’m not in a position to demonstrate the proof. It definitely can go almost full 10Gb.

But you say, it’s only got a single SFP+ port!

That’s what full-duplex is for!

I’ve got a number of these devices and have tested them extensively. The RB4011 is definitely capable of 10 gigabit routing, in a router-on-a-stick fashion.

The Proof

As this is something that comes up almost weekly, I have decided it’s time to officially document an RB4011 going almost full 10 gigabit.

For this setup, I reset the config on a RB4011 to empty, spun up a simple Debian VM, and connected an existing host and the VM through the RB4011.

As you can see, the hacky result on my desktop:

The Configs:

This config is about as simple as it gets. Two VLANs on the sfp-sfpplus1 interface, and IP addresses on the respective interfaces. 

# jan/02/1970 00:27:33 by RouterOS 6.45.5
# software id = K5KS-T8WB
#
# model = RB4011iGS+
# serial number = xxxxxxxxxx
/interface vlan
add interface=sfp-sfpplus1 name=VLAN22 vlan-id=22
add interface=sfp-sfpplus1 name=VLAN2222 vlan-id=2222
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=10.22.22.10/24 interface=VLAN22 network=10.22.22.0
add address=10.222.222.1/24 interface=VLAN2222 network=10.222.222.0

VLAN2222 is a new VLAN I spun up for this test, and VLAN22 is an existing VLAN on my network, where a host is running iperf3 -s

The Debian VM is also very straightforward. ESXi, with a few vCPUs (sometimes at higher iperf3 tests, the CPU can get tapped out), and network connected to VLAN2222

A static IP and default route, and we are ready to roll:

The Results

The results sort of speak for themselves. With an iperf3 to a host on VLAN22 (two streams), we have no issues going 10Gb:

10Gb yo

With a single stream, it fairs moderately worse:

Note that is on a basic 1500 MTU network, so I did not set jumbo frames.

And what’s the CPU doing during this?

Firewalls and IPv6

While I’m not going to do it here, I have done testing in the past with IPv6 and firewalling:

  • With a fairly extensive firewall, the RB4011 will still do 10Gb, as long as fast track is enabled!! The CPU in this scenario runs at about 80%
  • IPv6 performance is abysmal, which is part of the reason I’ve started moving away from these.
  • Without fasttrack, the CPU will be at 100% at about 1.6Gbps. IPv6 can’t use fasttrack, therefore IPv6 inter-VLAN stalls out at less than 2Gbps.
Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon
Last updated on December 7, 2020