08-29-2019 01:08 AM - edited 08-29-2019 01:13 AM
Hi,
I Already got a great help to decide me buy the SG350 switch in this topic:
The uncertain question is to definitely confirm, from a user or someone knowing the RV series, if the RV345 isn't able to NAT traffic from VLAN subinterfaces to the internet and if the C921-4P would fit my needs
My planned setup:
ISP Cable Modem (600 Mbps internet access, upgradable to 1 Gbps)
|
Cisco RV345 SMB router
(10.0.10.1)
+
Router Port 1 (Trunk/Tagged to all VLANs)
|
Cisco SG350 + DHCP server enabled
+ VLAN 10 (private): 10.0.10.0/24
* Port 1 (trunk) : connected to router
* Port 2 (trunk): connected to WLAN AP (3 tagged SSIDs for VLANs 10, 20 and 40)
* Port 3 (access) : management PC
+ VLAN 20 (office): 10.0.20.0/24, Ports 1-2 (trunk), Ports 4-5 (access)
+ VLAN 30 (shared): 10.0.30.0/24, Ports 1-2 (trunk), Ports 6-7 (access)
+ VLAN 40 (guest): 10.0.40.0/24, Ports 1-2 (trunk), Port 8 (access)
Configuration:
My needs:
Questions:
Many thanks for helping me buy the appropriate product.
08-29-2019 09:28 AM - edited 08-29-2019 09:34 AM
Hello Filomena,
our discussion in that thread was about the fact that RV345 is likely not able to NAT internal subnets that are not directly connected to it (that is the case if inter-vlan routing is performed on the SG350).
RV345 should be able to enable NAT for direcly connected Vlans / Vlan based subinterfaces but moving the inter-vlan routing to the router has a very high price it becomes a bottle neck for intra site inter vlan routing.
What the C921 can give you is the ability to NAT subnets not directly connected.
To answer your final questions :
The C921 is still in my budget:
see
SL-900-IPB base license is enough to support NAT.
I cannot find data about expected performance. Be aware that ISR 4000 routers have performance and boost performance licenses I don't see these options for the ISR 900 series.
Hope to help
Giuseppe
08-29-2019 10:16 AM - edited 08-29-2019 10:19 AM
>>
@Giuseppe Larosa wrote
I cannot find data about expected performance. Be aware that ISR 4000 routers have performance and boost performance licenses I don't see these options for the ISR 900 series.
<<
I found this link:
http://www.anticisco.ru/pubs/ISR_G2_Perfomance.pdf
The ISR 800 has very bad WAN and firewall performance it seems, not even close to 25% of the 100 Mbps WAN interface.
I guess the WAN interface of the 900 series will never reach anything close to the 100 Mbps !! I need the fast internet 600 Mbps connection I have. Why put a 1Gb WAN port if it is capped ? Even home routers achieve these speeds on WAN ! Anyone can confirm if I can reach the advertised speeds on the WAN side for internet traffic (https, ftps...). I don't plan using licensed VPN services by the way.
Any more info about their performance for normal internet traffic (file transfers through servers...)
08-29-2019 11:33 AM
Hello Filomena,
the reported datasheet is old (year 2010) and the reported numbers are "conservative".
What is the performance limit in a SW based cisco router ( using a general purpose cpu to move packets) ?
the maximum packet per seconds it can process.
In cisco IOS routers this limit is reached regardless of the true packet size. For this reason the performance numbers with small packets are low.
To be able to support a GE wire speed with frames of minimum size 64 bytes you should use the following formula
pps = 1 x 10^9 /[(64+20.2)*8] = 1484560 pps
to fill a GE with frames of size 1518 bytes you need:
ppsmin = 1 x 10^9 /[(1518+20,2)*8] = 81263 pps
Here 20,2 accounts for : 8 byte pre-amble that allows receiver to synchronize before starting of the frame and minimum Inter Frame Gap = minimum silence time interval to make the receiver able to detect the end of a frame before the beginning of next frame.
A given router can process a max of N packets per seconds depending on the packet size the aggregate throughput change.
But as you can see from the numbers of examples above the packet size is important.
Hope to help
Giuseppe
08-29-2019 11:30 PM
Thank you, I really need to make my decision.
I don't have a huge number of users that will browse internet all day. I mainly need transferring data files of various sizes in multi-segmented connection to maximise bandwidth use. A Netgear R7000 Home router with a smart switch actually fill my needs except for segmenting the network which is now mandatory.
The problem is that I also don't find any info about the R7000 pps performance for 64 and 512 byte packets.
So, my simple user question: I suppose the C921 should perform better than my actual R7000 home router for rather big data transfers and general web surfing for 5-10 users ? If not, I would drop to an Ubiquity router of the same price like the Edge Pro which have all specs well documented. However, I really do prefer Cisco for the community support and tech support if needed.
08-30-2019 12:27 AM
Hello Filomena,
>> I don't have a huge number of users that will browse internet all day. I mainly need transferring data files of various sizes in multi-segmented connection to maximise bandwidth use. A Netgear R7000 Home router with a smart switch actually fill my needs except for segmenting the network which is now mandatory.
a) segmenting = using multiple Vlans ? correct this is what led you to buy the new multilayer swtich SG350.
b) if I correctly remember your current router is not able to support Vlans and not able to support NAT for not directly connected subnets, but you have found a firmware upgrade that could allow you either to enable NAT For not directly connected internal subnets either ( EXOR) to enable vlans. However, you have made a note that this firmware upgrade might not be fully supported by Netgear and this moved you about considering to change it.
The C921 supports up to 32 Vlans and support IOS NAT that is not limited to directly connected internal subnets.
We are not finding the performance of this device, for now we can say it has the required features.
And yes, there are no performance numbers in netgear RV7000 datasheet too
I have found the following:
https://www.netgear.it/images/datasheet/networking/wifirouter/R7000.pdf
There is great emphasis about the performance of the WIFI embedded access points and the use of both 2.4 and 5 Ghz RF channels.
The only info about the CPU is that it is a 1GHz CPU with two cores.
Hope to help
Giuseppe
08-30-2019 09:09 AM - edited 08-30-2019 09:46 AM
Hello @Giuseppe Larosa
a) and b) : yes, you got it all right :-)
Wifi: I am going with a dedicated AP supporting VLANs per SSID
Performance: if it can handle at least same performance as the old R7000 Home router it would be great. That is the 900 Mbps on WAN side for large packets I guess.
Smallnetbuilder test:
And for the RV345P:
1- Any info on the CPU of C921 ? I found an Intel x86 2.2 GHz which sounds way better than an ARM 1 GHz, but no idea if this spec is true:
https://www.router-switch.com/media/upload/product-pdf/cisco-900-series-integrated-services-routers-datasheet.pdf
2- Also, since I am not used to Cisco, do their other 1 Gbps WAN routers support my speed needs or they are capped with licensing fees needed ? If they are what I see for the RV345, that's enough for my needs. Any tech support could help here before I buy ?
3- IP Base license: is it free bundled on shipping the devise or also as an annual subscription ?
09-06-2019 11:42 AM
Since it is hard to find any data/specs, I started looking at pfsense.
From many guides it seems able to NAT while letting the routing on the L3 switch
Will update you, unless Cisco releases some decent specs before I find an adequate hardware to build pfsense
09-23-2019 10:25 AM - edited 09-23-2019 10:26 AM
Just for the feedback: I finally ordered parts to mount an i3 based pfsense ITX box. Will probably get more for my money than the consumer grade routers and at least be certain of the specs. Also, OpenVPN support vs the payed VPN options pushed me towards this choice.
I ordered the SG-350 switch though
Many thanks for all your help
01-02-2020 10:51 AM
Just so you know:
Cisco will not provide ANY support for this device unless you have a support contract. You do NOT get AnyConnect clients included. The Community is pretty silent on small business and home devices. If you anticipate a need for ANY support in configuration, or later, go with Juniper or Arista.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide