MikroTik CCR1009-7G-1C-PC Router Review

8
MikroTik CCR1009 7G 1C PC Cover
MikroTik CCR1009 7G 1C PC Cover

MikroTik CCR1009-7G-1C-PC is a step (or even two) up from rb750gr3 device we reviewed earlier. The unit offers more connectivity and throughput for those who need more than the entry-level solution offers. In our review, we are going to see what this solution offers and how it performs.

MikroTik CCR1009-7G-1C-PC Hardware Overview

On the front of the device, we find one combo RJ45/SFP port, six regular RJ45 1GbE ports, and one POE-in RJ45 1Gbe port. In addition, we can see a recessed reset button, RS232 console port, LEDs, and a microUSB type-AB port.

CCR1009 Front
CCR1009 Front

The device measures 272 x 190 x 44 mm, 892g, and has a maximum power consumption of 25W. MikroTik is using a metal enclosure with passive cooling based on two heat-pipes and a massive heat-sink at the back, so it is completely silent. The CCR1009-7G-1C-PC can be rack-mounted using ears included in the package, which is a nice touch.

On the back of the device, we see a DC power-in jack, heatsink, and grounding screw. The router can be powered by an external 24v 2.5A AC/DC adapter or PoE input, so the power is redundant.

CCR1009 Back
CCR1009 Back

CCR1009-7G-1C-PC is based on a TLR4-00980 SoC containing 9 tiles interconnected with Tilera’s on-chip mesh network. Each tile consists of a processor core as well as L1 and L2 cache and a non-blocking switch that connects the tiles in the mesh.

Tile SOC
TILE-Gx8009 SoC

In addition, the SoC includes a wide variety of connectivity, like two 10Gbps XAUI ports, up to twelve SGMII ports (multiplexed with XAUI), packet processing engine, crypto acceleration engine, 10 lanes of PCIe Gen2, etc. In other words, hardware-wise it is a very capable platform and in the CCR1009-7G-1C-PC it is coupled with 1GB of DDR3 RAM.

As a fun point, Tilera was purchased by EZChip which was purchased by Mellanox that was in-turn purchased by NVIDIA. That means this is now an NVIDIA-powered MikroTik router.

CCR1009-7G-1C Management

The router is running under MikroTik’s RouterOS which is a custom OS based on Linux kernel v3.3.5. RouterOS provides several management options.

CLI Management

The command-line option offers full access to the router’s functionality and automation. CLI can be accessed remotely through ssh, telnet, and a web interface or locally through the serial port.

Mikrotik CLI
Mikrotik CLI

Although MikroTik does a lot to add more graphical configuration options available, the CLI is still accessible in just about every mode of management MikroTik offers. That speaks to its importance.

Winbox Management

A lot of MikroTik users do like Winbox, a small standalone win32 application that allows administration of MikroTik RouterOS using MDI based GUI. The GUI menu follows the structure of configuration nodes available through CLI and with a few exceptions offers the same level of access/flexibility. Unfortunately, MikroTik does not provide a Linux or Mac version of the Winbox, so non-windows users will need to use wine, VMs or other tools to run the win32 application in their environment.

Mikrotik Winbox
Mikrotik Winbox

For many users, this is a go-to management solution for managing installations of MikroTik products.

Web GUI Management

Finally, there is the company’s WebFig. This is a web-based GUI and it is almost identical to Winbox in terms of functionality and menu layout.

Mikrotik UI
Mikrotik UI

An advantage of the Web GUI is that this does not require one to utilize a Windows binary making it much more cross-platform. WebFig is enabled by default so one does not need to first register the device to use it as we have seen with many Netgear devices recently.

Next, let us look at the performance.

Performance Testing

Test Bench Setup

Our testing bench is based on a Cisco T-Rex project which in turn is based on the DPDK framework which we are going to cover in future articles and consists of:

Host Dell Precision 7920
CPU (2) x Gold 6134 CPUs 16 cores/32 threads x 3.19 GHz
RAM 128GB: 8*16GB DDR4-2133P
Host OS VMware ESXi 6.7U3
Guest Debian 10

5 vCPUs 32GB RAM

T-Rex version v2.81
Network 2 x Intel I350-AM4 in PCI Passthrough mode

2 x Dell X520-DA2 in PCI Passthrough mode

Dell T7920 is a versatile platform suitable for a wide range of tasks, you can read our Dell Precision T7920 Dual Intel Xeon Workstation Review for more information on the platform itself. As a quick note, this was our 2020 test platform, we are going to be updating the platform in 2021 as we move up the stack.

The router is updated to the latest firmware. At the time of the review, it was RouterOS 6.47.4

Use Case Driven Benchmarks

While synthetic benchmarks are good for marketing and when used properly give a high-level overview of device potential, it does not make it easier to evaluate the performance of the device for a particular use case or compare performance across devices due to different boundary conditions. Such boundary conditions may result in more than an order of magnitude difference for final numbers.

T-Rex gives us the freedom to define any workflow we like, or even create one based on real traffic captured from a production system. In order to see how the CCR1009-7G-1C-PC will perform in a more realistic scenario, we will use the SFR profile. This profile includes a combination of traffic templates such are:

  • http_get / http_post / https
  • mail-related traffic flows
  • SIP
  • DNS
  • and etc.

Below we can find a graphical representation of the SFR profile:

SFR Profile
SFR Profile

The profile is normalized to 1GbE. During test execution, a new client/server pair is generated for each flow. For a range of bandwidth, we capture different metrics, such as maximum, and average latency distribution, packet drop rate.

Routing performance

Default firewall rules are removed from the router, and all ports are connected to Aruba S2500-24p switch. The test bench is connected to the switch using two X520-DA2 NICs (one port from each NIC). Static ARP entries and static routes are added to the router and tests are executed based on port pairs. Each pair receives its own pool of client servers. In this mode, the device is able to utilize the full capacity of onboard HW accelerators and packets do not traverse the full Linux network stack. The packet drop rate does not exceed 1 packet per 100,000 sent for all loads up to a maximum of 5.3Gbps we can push to 8port router with SFR profile.

Gateway/NAT performance

Adding firewall rules, ACLs or QoS typically disables some or all HW acceleration for many consumer grade devices and some packets have to be offloaded to CPU for processing. When it comes to packet processing, the Linux kernel network stack has a lot of locks and often requires data to be copied. As a result, performance does not typically scale linearly with the number of cores available for packet processing.

For our NAT test, all incoming connections to WAN(s) interfaces and all invalid packets with an invalid state are blocked. Connections from clients to servers are masqueraded using static source NAT rules.  We believe this would be a base configuration for firewalls deployed by many home and SMB users. Each pair of ports has its own pool of clients and servers. All ports of the router are connected directly to the bench through Intel i350-AM4 NICs to minimize potential sources for loss.

CCR1009 7G 1C NAT pkt_drop
CCR1009-7G-1C NAT %pkt drop

While the CCCR1009-7G-1C-PC showed a decent performance that would satisfy most SOHO users looking for a multi-WAN capable solution, we were expecting much higher numbers. To put it in perspective we compared it to the Ubiquiti EdgeRouter 6P that we reviewed recently.

ER-6p Vs CCR-1009
ER6p Vs CCR1009

As we can see CCR1009-7G-1C-PC is slightly behind for this use case. Given the pricing, we would have expected the MikroTik unit to out-pace the Ubiquiti unit on these tests given that we are using the same test setup.

MikroTik CCR1009-7G-1C-PC Power Consumption

The MikroTik CCR1009-7G-1C has rather high idle power consumption.

CCR1009 Power
CCR1009 Idle

While the system board is reporting ~21W, the power adapter does not have 100% efficiency so it is pulling more. We have measured 20.8W, while the system is idle with no cables attached, 25.2W idle with eight cables connected and the highest observed during tests was 29.0W.

Final Words

Frankly speaking, we were expecting much more from this device. Do not get me wrong, this is a very capable router with good routing performance and a decent firewall/gateway, capable of handling multi-wan 2Gbps+ connections to your house or home office. RouterOS provides easy access to advanced configuration options if you needed it. But as we mentioned before, the SOHO market is very competitive these days. At $425 MSRP/ $385 street price it is almost twice the price of EdgeRouter 6P which delivers somewhat similar or even better performance at a fraction of the power budget, has a smaller form factor, and passive PoE support.

8 COMMENTS

  1. I mean keep in mind you are reviewing 10 plus year old hardware here. The CCR 1000 series has been around for a long long time. The new 2000 series CCRs just came out recently (I have one deployed performing edge routing bgp and another sitting here as a spare). Also the 4011 is quite capable and likely outperforms this unit at a lower price. Great review, great methodology, looking forward to seeing you review other more modern mikrotik platforms!

  2. I’ve been a big Mikrotik user for a long time. Especially the CCR1009 series. One thing that many people don’t see is that practically unlimited licenses and capabilities that the Mikrotik OS provides. Compared with Cisco, where you need to purchase additional “licenses” depending on the amount of VPN tunnels you want. Need to add BGP support? That will be another charge. So on and so forth.
    Mikrotik gives you all the features with every model you buy, from the $50 basic router, to the $5000 CCR. You might not want 1000 VPN tunnels on the $50 model, but you can do it. And you can download a free VM with all the features. New software updates are available for practically forever. No charge, no support fees. My 2-year old Ubiquiti AP is already on “extended support”.
    As always, STH does a great job with performance testing! But you may want to do a feature and licensing comparison between that Ubiquiti Edgerouter 6P and the Mikrotik CCR. Keep up the good work!

  3. What I get out of this is that a 10-year-old design does pretty well, and is still supported with free firmware updates. I’ve used Mikrotik routers and I would also note that they add features along with fixing bugs and security issues, so this particular router is now more capable than it was when first released.

    I don’t have any of these (CCR1009) and I’m not sure that I’d buy one since there are other models that might be more suitable for me. However, it says something that you could have installed these and still be able to get a replacement, and have been supported for all this time (and probably will continue to be supported for some time yet).

    I’ve played with an Edgerouter-X and think that it’s a good product. I’m sure the Edgerouter 6P is as well. I’m happy that I have alternatives that are worthwhile.

    I too would like to see some more modern Mikrotik models reviewed and see your test results.

  4. @Johnathan Huettner thanks to these licenses you have 24/7/365 instant support which is necessary in any bigger company where hour without network is equal to loss of tens of thousands dollars at least. Thats why mikrotik will never be used as a base in bigger companies, these things are created for small businesses and powerusers which can handle hours without internet without big loss of money or anything. Also Cisco gives a big discount to bigger clients so what you are offered are around 50% more expensive than same thing for bigger client. BTW BGP is in IP base license no additional charge so stop spreading miss information.

  5. The strength of Mikrotik is not measured in X millions of packets per second. It’s strength is in RouterOS software, the licensing model, the very large user community, wide geographic presence, and diversified portfolio of products. Also the fact that Mikrotik works with education institutions, and have an active training program speaks for itself. All of the above mean that the company will be around for a long time.

    Also don’t forget the virtualization solution from Mikrotik – Cloud Hosted RouterOS (CHR). It offers smooth upgrade path should you decide to move towards software defined infrastructure, and need or want to upgrade the aging “fill in your model here”. The scripts you have developed will continue to work whether you upgrade to the new Mikrotik hardware device, or choose to go all virtual (CHR).

    And who cares what model of Mikrotik you have? I have used Mikrotik products since 2013, and can say that I have only scratched the surface with regards to available RouterOS functionality. All scripts I have developed for RouterOS continue to work, and with each upgrade my infrastructure is getting easier to manage and more reliable. Looking back I can say buying Mikrotik was a wise investment for me.

  6. Thanks for the review.

    When you remove the defaul firewall rules, you’re disabling Fasttrack. In RouterOS the throughput difference with and without Fasttrack is very very expressive, something between two to three fold. And Fasttrack is enabled in almost all Mikrotik deployments, except in very special cases.

    Please, see this documentation and consider testing the router again with Fasttrack enabled:

    https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

  7. @ For Real In big company there is always redundancy backup for all device. Switching for davice that fail is around 20 s. so tell my why I need support? I deployed hundreds of MT devices with nearly 1 % failures for 10 y. in company with more then 100 clients. MT gives discount too. Overall in my region better to buy new MT then buying a Cisco license… chipper and better.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.