Something I see pop up fairly regularly on a few of the forums, Discords, and subreddits that I hang out on is that the RB4011 is not capable of 10 gigabit routing
I’d be lying if I said that this xkcd wasn’t me sometimes:
Of course, whenever this pops up I’m not in a position to demonstrate the proof. It definitely can go almost full 10Gb.
But you say, it’s only got a single SFP+ port!
That’s what full-duplex is for!
I’ve got a number of these devices and have tested them extensively. The RB4011 is definitely capable of 10 gigabit routing, in a router-on-a-stick fashion.
As this is something that comes up almost weekly, I have decided it’s time to officially document an RB4011 going almost full 10 gigabit.
For this setup, I reset the config on a RB4011 to empty, spun up a simple Debian VM, and connected an existing host and the VM through the RB4011.
As you can see, the hacky result on my desktop:
This config is about as simple as it gets. Two VLANs on the
sfp-sfpplus1 interface, and IP addresses on the respective interfaces.
# jan/02/1970 00:27:33 by RouterOS 6.45.5 # software id = K5KS-T8WB # # model = RB4011iGS+ # serial number = xxxxxxxxxx /interface vlan add interface=sfp-sfpplus1 name=VLAN22 vlan-id=22 add interface=sfp-sfpplus1 name=VLAN2222 vlan-id=2222 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip address add address=10.22.22.10/24 interface=VLAN22 network=10.22.22.0 add address=10.222.222.1/24 interface=VLAN2222 network=10.222.222.0
VLAN2222 is a new VLAN I spun up for this test, and
VLAN22 is an existing VLAN on my network, where a host is running
The Debian VM is also very straightforward. ESXi, with a few vCPUs (sometimes at higher iperf3 tests, the CPU can get tapped out), and network connected to
A static IP and default route, and we are ready to roll:
The results sort of speak for themselves. With an iperf3 to a host on VLAN22 (two streams), we have no issues going 10Gb:
With a single stream, it fairs moderately worse:
Note that is on a basic 1500 MTU network, so I did not set jumbo frames.
And what’s the CPU doing during this?
Firewalls and IPv6
While I’m not going to do it here, I have done testing in the past with IPv6 and firewalling:
- With a fairly extensive firewall, the RB4011 will still do 10Gb, as long as fast track is enabled!! The CPU in this scenario runs at about 80%
- IPv6 performance is abysmal, which is part of the reason I’ve started moving away from these.
- Without fasttrack, the CPU will be at 100% at about 1.6Gbps. IPv6 can’t use fasttrack, therefore IPv6 inter-VLAN stalls out at less than 2Gbps.