I have a CRS317 (idk the numbers, 16x sfp+ and one 1gbe rj45). I’ve had it running SwOS for years with my esxi hosts connected to it. My home network is a router on stick setup and it’s been awesome for ~10 years.
But with all this pfsense plus fees and money garbage, I’m thinking about putting the microtik crs317 into routeros L3 mode so I can buy a netgate box like 1100/2100 (and get pfsense plus with the appliance).
Wondering what people’s real-world experience is with routeros on the crs317 switch? I can currently saturate 10gbe and part of my battery backup and shutdown procedure is based on the timing of those transfers/migrations, etc. so while I don’t need to absolutely keep every bit of 10GbE, I can’t go down to something like 2.5GbE.
Thanks.
I guess if the mikrotik won’t work: Should I buy a router? Should I buy a Cisco sx550x 10gbe switch? Thx.
You must log in or register to comment.
The hardware Mikronik has does not do L3 on-chip so it will be CPU based, and will be horrible. I also find RouterOS really hard to use compared to things like JunOS. I’m bias here.
Why can’t you use OPNsense if you for some reason dont want to sit in the same boat as PFsense? I have not followed whatever happens there as I left PFSense years ago.
Having L3 at the access switch layer have other benefits.
Having L3 at the access switch layer have other benefits.
Thx. for the response. I bit the bullet and bought a second identical machine (lenovo tiny m720q) to what I’m running now with pfsense. When it gets here and I get it together I’ll run the second machine with opnsense, in parallel to the current pfsense setup. I’ll probably do something like a double-nat and use opnsense for my esxi and homelab stuff so I can keep pfsense running the rest of the house.
What do you mean other benefits? ACLs? I have pfsense (2x sfp+ lan lacp, 1x mobo gigabit wan), then a Cisco SG500X-24 in L2 mode, then from there I’ve got the mikrotik crs317 and a bunch of cisco sg300 switches. If I make a change I’d probably offload the dhcp server too. What else am I missing?
Should I try to replace pfsense 1:1 with opnsense for now, and then make changes later (or don’t change anything once I’m comfortable)? I’ve been using essentially the same setup for so long I don’t really know much else.