New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Recommended router for hosts?
SHN_Silver
Member
in General
What router would you recommend for 1 to two racks? Need something that wont break the bank but can withstand quite a bit of traffic. Something with SFP+ ports. Was looking at the Mikrotik CCR2216. Or even just a CCR2004, although the throughput of the 2004 is pretty low.
Or is even building a server and running a CHR a better idea?
Main concern would be a little DDoS taking it out. Though, we will be using Cosmic Guard.
Comments
Mikrocock? Fuck that Shit im Out.
I've heard this a few times. If you have another brand and model recommendation, feel free to share lol.
Cisco ISR, Juniper Networks 10G
If you really want MKT, 2216 or 1072.
2004 will hardly pass 3GBPS unfiltered
Mentally strong provider uses Juniper.
https://www.clouvider.com/news/clouvider-chose-juniper-networks-new-network-roll/
Do yourself a favor and go for real enterprise equipment.
They are quite expensive, but good supported and normally tested.
There are juniper, Cisco and whatever else there is.
Mikrotik is good for personal use, but nothing you want to have in an enterprise. The software is quite buggy, and there are no real enterprise functionality.
What exactly do you want to do?
A basement DC?
Then it doesn’t really matter. Your ISP line will be saturated, before the good systems will think about going berserk.
You can even go with something like OPNsense and a box you have around.
What functionality are you looking for?
Only routing? BGP? deep-package-inspection? Crowdsec/zenarmor?
Also … this is a SOP. Think about clustering
why'd they write that article in third person lol
Juniper MX204 - Cheap and performant.
Nice router, just remember to check out https://apps.juniper.net/port-checker/ to see which combination of ports/speeds work on juniper routers.
And for the love of god, do not use a switch that is layer 3 for routing. I’ve seen that too many times I can remember.
Router = Routing
Switch = Switching
I'd say it depends on the size of the operation. There are certain Arista switches that can handle full tables pretty well and are fine-ish for small operations.
Are you planning to pose or push some traffic reliably?
If latter; Look for used actual routers. Sure they take a bit of electricity, sure they look on paper bad value; But you get rock solid HW built for the purpose, with the reliability that comes with it.
A entry level Juniper, or if you don't need much routes; then even a Arista (those can do routing, but are not proper routers) will do just fine. Dell has some nice options too. Stay the f* away from Cisco tho; Those are backdoor riddled little spymachines.
Brocade if you want big honking HW. Those are cheap AF refurb/used since the router business was sold to extreme networks and Extreme likes to pose as football club more than make routers & switches.
I like the looks of the MikroTik CCR1072 actually. I understand Mikrotik may be frowned upon. But will it be that bad if its our first run at using our own router within only 1 to 2 racks?
Arista switches - it is in the name , switch
We have some nexus N9K, those can actually handle routing, but again , they excel in switching .
Smal operations, if small enough, can be handled by the “-link” brands also
Mikrotik makes home gamer / prosumer grade stuff, those can't push the full line rate. If you are happy with that, then sure they work. Just don't expect to push full linerate with any features in use; just maybe without features being used.
Just watch out, those external power bricks fail.
You got to pick the right tool for the job; And way too often people think mikrotik is up in class and can do the job of a machine 10 to 1000x as expensive.
When there's a right job for a mikrotik; They are good.
Arista switch capable of handling full tables in FIB is always the better choice versus Mikrotik. They can certainly move packets in an amount that's magnitudes larger than any Mikrotik can.
The can handle one 10g isp line filtered, 2 isp 10g lines unfiltered .
Tiliera cpus used in that model perform well, even in high firewall usage, and you have 72 cpus in that model
ROS6 is the max for that device, ROS7 is full of shit and bugs.
Bear in mind it is high grade model, but not datacenter stuff.
Gotcha. I mean, if we try the 1072 for what size we are now, and have to upgrade later on, whether that means go to Juniper or Cisco I'd be fine with that.
If you are used to MKT, as I presume since you asked, then 1072 will do its job until a point. 10-20 gbps
If you have big plans, I recommend Cisco or Junos definitely.
Rock stable OS, well documented. MKT on the other hand, not so.
Do not go CHR or other software based Routing.
I will trust an ASIC that is designed for a specific task over software any day of the week. As it was said before me, use the right tool for the right job.
Most of the replies if not all are cringe, first of all no one even bothered knowing the bandwidth needed by OP or what exactly it is needed for before recommending your 40k fancy routers vs a 2k one OP wants to get
most of you actually miss the concept of what exactly a core router is when trying to push 200Gbps through a core it should be configured to run as a core not offload edge stuff on top of it and expect full line rate. you should have specific network design using several CCRs to get full rate to all your servers..
you are always recommending 40k routers when most of you do not even have 100Gb or struggle at those rates because of bad design.If you cant correctly or know how to design a network where each router does its job. you do not directly go to 40K routers to solve the issue.. yea juniper has great routers but it also struggles hard with small packets and couple of rules to reach 1/4 line rate thats the case with all routers... off course it will be less noticable on a 40k or 100k one lol
The thing with these companies is marketing and support, mikrotik lack this or are bad at it. this is why you wont see it recommended in DC environments although if you research you will see them being used all over the place in major ISPs and DCs even for small tasks they work great like DNS caching etc..
Regarding CHRs they are powerfull and stable amd offer great flexibility nothing bad to say about them the amount of scripting you can and running docker containers inside of it for varous services is so powerfull!!
i am not a mikrotik fanboy but also i dont like to waste my money if they can work great. currently i moved to V7 after they worked out BFD issues i am using them now in MPLS environment with several vpls tunnels and bgp signaled L3VPNs and they are working amazing for what i want ..i really didnt have to spend 400K on routing and switching equipment just a good design and config.
You could try 6wind or TNSR if you have more time than budget. I've seen benchmarks apparently exceeding 300 Mpps for routing performance in VPP so it at least seems viable. I'm sure performance will sharply drop off if you need lots of ACLs though. Grab an eval license and a spare server then hammer it with TRex to see if benchmarks translate into reality.
Hello,
if you plan to receive DDoS the quickest answer would be: skip MikroTik, purchase hardware router.
If you can’t skip MikroTik, a CCR2216 has a switch chip so if a DDoS occurs you could at least block it before burning the cpu.
For your use case a CCR2216, MX80, etc.. would be good
OP started with 2004, and sfp+
2216 is out of the discussion, that is a 2 x 100g and 16x 25g router, so he was aming for 10g
At 10g today, 1036 and 1072 are the only stable products of that brand.
ROS 7 is still a piece of shit, and will stay there for at least version 7.6x
MKT lost last year, 2023 most of its datacenter sales, or who used it there, got the TILE from where they could.
All shred that he should go bigger, and all are right, mkt shits it’s pants at 64byte packets, as most brands, but the big guys can do 10g even there, and he asked for 1 device, so that will do all, from routing to filtering, he did not imply a 3 router design or even a 2 one,
No one told him to cash out $ for a Cisco or Junos.
And if the OP starter this thread with using MKT Switches , all, including me, would have told him rather just get TPLink at that point. Those suck as much as that brand, the 10g line from them barley pushes 60% of port speed in good conditions .
MKT is a decent brand, but not in hosting, there you need Datacenter stuff, and OP needs to understand that
ISP is one thing, Hosting is totally diferent in terms of PPS. That is why all urged him to get some big stuff.
Those appliances can handle abuse , so in that case, he can still access he’s network, and fix the issue .
It is quite funny, when the PPS count is so high, that all your devices CPU run at 100% and you cannot log in to see what’s wrong, regardless of how well or bad your setup is.
I would say it depends largely on his target audience/market.
If its for local businesses and he is doing managed services with relatively low thruput (ie: 1 to 2g sustained with peaks to 10G ) then he has different options compared to higher throughput scenarios.
The other thing is that we do not know if he will just take the ip-transit blend from the dc he wants be in (assuming they offer it) or if he wants to be ready for multiple transit providers. If its just "dc traffic blend", then some thing swill work reasonably well...., assuming they only give him a only default route via bgp. If we are talking multiple transit providers, things get a lot more interesting
Looking at the things i have seen, I'd suggest skipping the mikrotik options mentioned so far, at least for the moment...
If he aims for low throughput, then i'd look at something like Netgate 1541. Maybe two in order do some sort of first hop redundancy setup.
If he aims for more, then i'd go the Juniper MX route. MX204 being a very obvious candidate here...
Th
Perhaps a FortiGate 200F?
MKT 1072 works good IF you upgrade it before use to ROS7, take head, the 1072 has cpu issues 100% random load, watchdog reboot, at random on ROS6. MKT won't say what it is other than upgrade because they want everyone off v6.
V7 fixes the issue, but upgrading BGP tables from 6 to 7 is a pain, easier to upgrade to start.
Every ISP I know running the 1072 on v7 says after the upgrade they are rock solid and get exactly what they are advertised to do.
2216 comes v7 already, no downgrade, havent played with it yet but supposedly is really nice. Hot swap fans and dual hot swap PSU. Id recommend if you're going MKT go 2216, because of hot swap. Yes it has larger BW but its also cheaper than a new 1072, doesn't make sense but it is.
MKT doesn't use brick power for CCR series as some have commented, thats their smb line. The CCR has regular C14 plugs, and this new one is hot swap.
Also, if you're doing MKT put them on a shelf! They havent figured out removable front modules yet like the others have. If the device fails, have you ever tried to remove a switch from a rack when its full?? 😂 forget ears, put it on a small shelf with a front and back lip that fits it.
Probably everything will do line rate, even the old reliable power suckers. Once you do anything fancy that isn't hardware accelerated, that's when you need to look at the numbers.
PPS is something to look out for, especially not hardware accelerated. The entry level routers inside a fancy box are costly but if if it's comfortable for you, consider it.
You can step it up and figure out what you want. The fancy looking boxes will hit your wallet quickly.
A software router on beefy hardware can be obtained for the least investment and power costs. One can start with a virtual router (even do some high availability) and step it up with physical machines. BSD based distros like OPNSense/pfSense are not so efficient on Linux based virtualization, however they will push your racks uplinks and more.
For internal non-edge traffic it might make sense to use costly routers, maybe an established provider here can provide independent consultancy and throw them a couple of bucks. It would be peanuts versus biased sales person and the many K for the good looking box.
About the DDOS concerns: you will run out of money if you want to DIY. Use an external service that delivers clean traffic to your uplink. But again you can step that up and become independent one day.
Everyone and their mother has 10G+ and will saturate you on a bad day, you are vulnerable on your own.
@jfreak53
Hy, do not think of me being a smart ass, and please take this as exchange of opinions.
I have too much experience on MKT at customers. And even there, in the normal world, with clean nice traffic, they strugle.
Why on earth would someone put ROS7 on a TILE cpu?
As of my knowledge, ROS7 is based on linux Kernel 5, Linux Kernel 5 has no support for TILE, MKT injected the drivers into the kernel. If this is the case, it will work like any thing that is "forced", bad. Sure 72 cores will keep up, but nahh.
Those ISP do not give 10G, or if they do, I saw that, 0 filters on packets, otherwise even 72 cores shit their pants.
Did you try to install ROS7 on CRS326-24S+2Q+RM for example? and that is an ARM supported by ROS7, I am curious of how much speed you loose / port, oh even better, try an ISCSI multi-path 2 links 10G, one test on ROS6 and one test on ROS7.
CCR2216 is to new in the family, actually not to new, rather then ROS7 is not mature enough = pice of crap OS, and I will say this because it is true. Probably by V7.4X - C7.6X usable.
MKT does not have a Datacenter line, probably when they will make products on AMPERE.
HW Layer 3 Offloading is sweet, but totally unusable at the moment, I mean, I have to disable the interface, make the settings, and re-enable after. WTF? Try this on WAN at your client that has 1 Uplink only.
ROS7 might be as they say "production ready", sadly it is nothing then a pre-release.
)
I have a bunch of MKT guys on Telegram, that in 2023 switched to Refurbished Cisco, Junos, or lost a lot sticking to MKT for serious workload. ( 10G, and if 10G today is serious, I will go to TENDA for routing
From their product line, what we saw, that actually worth plugin in in high workload was 1072 and 1036 ( the 2 SFP+ model ), and only on ROS6.
For CCR2216 - well, we even tested it, I think we have 3 of them, nahh. Product nice-lish, definitely not premium, and definitely not worth the 3000+ USD price Point because of the OS for the moment.
I better get an MX80 or some first gen ISR 10G, even better, I would do what i said not to do, run routing and filtering from a Nexus N9K / ARISTA / JUNOS ( switch ), or just use a server with OPNSense or PFsense or IP fire, or just blank linux distro with iptabels.
Coolers in the PSU are SOUxxxx, eh cannot pronounce it, you know, the cheap shit cooler you find in cheap PC PSU. How hard it is to get a decent DELTA or other established PSU brand in your product. I mean, it is a 150W PSU @ 12V for crying out loud in a 3000USD product.
I have upmost respect for MKT, a company with ~300 employees, for that, they definitely beat the competition on low and mid. On high grade, no way. Data-center stuff,
They have their use case with some of their products in a DC like environment, for sure, but not core.
CCR2216 at a glance:
I wait for the pitchforks
It's about the technique, not about the size
Unfortunately, in routing above 10G, it is about the size.
It dosen't matter how much you empathize starting out, 1-2 racks, affordable, etc
Everytime a router question gets asked here, it always turns into a dick measuring contest
Cringe, sad and stupid