Anyone tried it? I’m planning but saw the benchmark is pretty bad. Unsure if I interpret correctly.
I think the default firewall rules allow all VLANs to talk to each other, so you have to add a rule to prevent that.
This traffic will go through the CPU (I think), so benchmarks are heavily dependent on hardware.
If traffic on two different VLANs needs to talk with high throughput, you might ask yourself why they’re on different VLANs.
I have 2 cameras on their own VLAN and they’re only allowed to talk to my NVR. The amount of traffic is pretty low and the CPU use is negligible, so I haven’t bothered to put the NVR on that VLAN.
My use of Mikrotik is somewhat limited, but I’m testing I’ve found routing between VLANs to be pretty performant. The key is to offload that routing to the hardware, which not all configurations allow. Check out the Network Berg’s YouTube channel and you should get a good idea.
From my memory anything that can offload VLANs to hardware is preferred. Pretty much means anything with a switching chip.
I think my RB 5009 can offload VLANs but are exempt from packet inspection.
I have known several ISP in Australia who use them as core routers so depends how you spec them.
If you want gigabit throughput don’t get a hEX look at the CCR range. If you need less than 100Mb go for a hEX.
It really depends on the specific hardware. I have Mikrotik routerOS CHR that routes between VLANs at 6Gbit/s without breaking a sweat on a $300 intel box.
At the same time, some managed switches are dirt-cheap nowadays and they generally can push the traffic around as fast as it comes in.