MikroTik CCR1009-7G-1C-PC is a step (or even two) up from rb750gr3 device we reviewed earlier. The unit offers more connectivity and throughput for those who need more than the entry-level solution offers. In our review, we are going to see what this solution offers and how it performs.
MikroTik CCR1009-7G-1C-PC Hardware Overview
On the front of the device, we find one combo RJ45/SFP port, six regular RJ45 1GbE ports, and one POE-in RJ45 1Gbe port. In addition, we can see a recessed reset button, RS232 console port, LEDs, and a microUSB type-AB port.
The device measures 272 x 190 x 44 mm, 892g, and has a maximum power consumption of 25W. MikroTik is using a metal enclosure with passive cooling based on two heat-pipes and a massive heat-sink at the back, so it is completely silent. The CCR1009-7G-1C-PC can be rack-mounted using ears included in the package, which is a nice touch.
On the back of the device, we see a DC power-in jack, heatsink, and grounding screw. The router can be powered by an external 24v 2.5A AC/DC adapter or PoE input, so the power is redundant.
CCR1009-7G-1C-PC is based on a TLR4-00980 SoC containing 9 tiles interconnected with Tilera’s on-chip mesh network. Each tile consists of a processor core as well as L1 and L2 cache and a non-blocking switch that connects the tiles in the mesh.
In addition, the SoC includes a wide variety of connectivity, like two 10Gbps XAUI ports, up to twelve SGMII ports (multiplexed with XAUI), packet processing engine, crypto acceleration engine, 10 lanes of PCIe Gen2, etc. In other words, hardware-wise it is a very capable platform and in the CCR1009-7G-1C-PC it is coupled with 1GB of DDR3 RAM.
As a fun point, Tilera was purchased by EZChip which was purchased by Mellanox that was in-turn purchased by NVIDIA. That means this is now an NVIDIA-powered MikroTik router.
The router is running under MikroTik’s RouterOS which is a custom OS based on Linux kernel v3.3.5. RouterOS provides several management options.
The command-line option offers full access to the router’s functionality and automation. CLI can be accessed remotely through ssh, telnet, and a web interface or locally through the serial port.
Although MikroTik does a lot to add more graphical configuration options available, the CLI is still accessible in just about every mode of management MikroTik offers. That speaks to its importance.
A lot of MikroTik users do like Winbox, a small standalone win32 application that allows administration of MikroTik RouterOS using MDI based GUI. The GUI menu follows the structure of configuration nodes available through CLI and with a few exceptions offers the same level of access/flexibility. Unfortunately, MikroTik does not provide a Linux or Mac version of the Winbox, so non-windows users will need to use wine, VMs or other tools to run the win32 application in their environment.
For many users, this is a go-to management solution for managing installations of MikroTik products.
Web GUI Management
Finally, there is the company’s WebFig. This is a web-based GUI and it is almost identical to Winbox in terms of functionality and menu layout.
An advantage of the Web GUI is that this does not require one to utilize a Windows binary making it much more cross-platform. WebFig is enabled by default so one does not need to first register the device to use it as we have seen with many Netgear devices recently.
Next, let us look at the performance.
Test Bench Setup
Our testing bench is based on a Cisco T-Rex project which in turn is based on the DPDK framework which we are going to cover in future articles and consists of:
|Host||Dell Precision 7920|
|CPU||(2) x Gold 6134 CPUs 16 cores/32 threads x 3.19 GHz|
|RAM||128GB: 8*16GB DDR4-2133P|
|Host OS||VMware ESXi 6.7U3|
5 vCPUs 32GB RAM
|Network||2 x Intel I350-AM4 in PCI Passthrough mode
2 x Dell X520-DA2 in PCI Passthrough mode
Dell T7920 is a versatile platform suitable for a wide range of tasks, you can read our Dell Precision T7920 Dual Intel Xeon Workstation Review for more information on the platform itself. As a quick note, this was our 2020 test platform, we are going to be updating the platform in 2021 as we move up the stack.
The router is updated to the latest firmware. At the time of the review, it was RouterOS 6.47.4
Use Case Driven Benchmarks
While synthetic benchmarks are good for marketing and when used properly give a high-level overview of device potential, it does not make it easier to evaluate the performance of the device for a particular use case or compare performance across devices due to different boundary conditions. Such boundary conditions may result in more than an order of magnitude difference for final numbers.
T-Rex gives us the freedom to define any workflow we like, or even create one based on real traffic captured from a production system. In order to see how the CCR1009-7G-1C-PC will perform in a more realistic scenario, we will use the SFR profile. This profile includes a combination of traffic templates such are:
- http_get / http_post / https
- mail-related traffic flows
- and etc.
Below we can find a graphical representation of the SFR profile:
The profile is normalized to 1GbE. During test execution, a new client/server pair is generated for each flow. For a range of bandwidth, we capture different metrics, such as maximum, and average latency distribution, packet drop rate.
Default firewall rules are removed from the router, and all ports are connected to Aruba S2500-24p switch. The test bench is connected to the switch using two X520-DA2 NICs (one port from each NIC). Static ARP entries and static routes are added to the router and tests are executed based on port pairs. Each pair receives its own pool of client servers. In this mode, the device is able to utilize the full capacity of onboard HW accelerators and packets do not traverse the full Linux network stack. The packet drop rate does not exceed 1 packet per 100,000 sent for all loads up to a maximum of 5.3Gbps we can push to 8port router with SFR profile.
Adding firewall rules, ACLs or QoS typically disables some or all HW acceleration for many consumer grade devices and some packets have to be offloaded to CPU for processing. When it comes to packet processing, the Linux kernel network stack has a lot of locks and often requires data to be copied. As a result, performance does not typically scale linearly with the number of cores available for packet processing.
For our NAT test, all incoming connections to WAN(s) interfaces and all invalid packets with an invalid state are blocked. Connections from clients to servers are masqueraded using static source NAT rules. We believe this would be a base configuration for firewalls deployed by many home and SMB users. Each pair of ports has its own pool of clients and servers. All ports of the router are connected directly to the bench through Intel i350-AM4 NICs to minimize potential sources for loss.
While the CCCR1009-7G-1C-PC showed a decent performance that would satisfy most SOHO users looking for a multi-WAN capable solution, we were expecting much higher numbers. To put it in perspective we compared it to the Ubiquiti EdgeRouter 6P that we reviewed recently.
As we can see CCR1009-7G-1C-PC is slightly behind for this use case. Given the pricing, we would have expected the MikroTik unit to out-pace the Ubiquiti unit on these tests given that we are using the same test setup.
MikroTik CCR1009-7G-1C-PC Power Consumption
The MikroTik CCR1009-7G-1C has rather high idle power consumption.
While the system board is reporting ~21W, the power adapter does not have 100% efficiency so it is pulling more. We have measured 20.8W, while the system is idle with no cables attached, 25.2W idle with eight cables connected and the highest observed during tests was 29.0W.
Frankly speaking, we were expecting much more from this device. Do not get me wrong, this is a very capable router with good routing performance and a decent firewall/gateway, capable of handling multi-wan 2Gbps+ connections to your house or home office. RouterOS provides easy access to advanced configuration options if you needed it. But as we mentioned before, the SOHO market is very competitive these days. At $425 MSRP/ $385 street price it is almost twice the price of EdgeRouter 6P which delivers somewhat similar or even better performance at a fraction of the power budget, has a smaller form factor, and passive PoE support.