Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sizing guide: intra-vlan routing speed

Solved
Miyo360
Getting noticed
‎Feb 15 2022 6:07 AM
‎Feb 15 2022 6:07 AM

Sizing guide: intra-vlan routing speed

Hi,

 

Having recently split a flat network into VLANs, I am noticing reduced througput with inter-vlan routing. This is hardly surprising. I'm using an MX84, which has a 'statefull firewall throughput' advertised at 500 Mbps. [MX84 Datasheet]

Conveniently, this MX is due to be replaced in the next few months, so I'm wondering which model can provide 1Gbps inter-vlan routing. Looking at the current sizing guide [link] I'm unsure about the differences between the descriptions of the top 3 columns.

 

  • I assume 'max throughput with all security features enabled' is WAN throughput?
  • And 'Max stateful (L3) firewall throughput in passthrough mode' is inter-VLAN routed firewall throughput?

Have I got that right? 

 

So, assuming I have a 1Gbps WAN circuit, and also want 1Gbps inter-vlan routing, and want to achieve these speeds on both, the minimum model I would pick is the MX95?

 

Thanks in advance. 

0 Kudos
Subscribe
1 Accepted Solution
In response to Miyo360
ww
Kind of a big deal
Kind of a big deal
‎Feb 15 2022 9:28 AM
‎Feb 15 2022 9:28 AM

Yes IDS/IPS is all or nothing.

 

Ips, amp,content filtering are part  of the adv sec  license. If you dont have that or use it you can look at the mx 75/85.

 

If you want the 1Gbit with adv sec  then you could consider the mx95

 

View solution in original post

0 Kudos
Subscribe
3 Replies 3
ww
Kind of a big deal
Kind of a big deal
‎Feb 15 2022 7:04 AM
‎Feb 15 2022 7:04 AM

Passthrough mode is L2

Nat mode is Layer3  (lan to wan, possible vlan to vlan).

security features can also be between VLAN for example IDS/IPS

0 Kudos
Subscribe
In response to ww
Miyo360
Getting noticed
‎Feb 15 2022 9:02 AM
‎Feb 15 2022 9:02 AM

MX-Sizing.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Thanks. I'm using my current MX84 in NAT mode, so I now see I need to be looking at the 3rd line when comparing the MX84 to other devices with regard to inter-vlan routing throughput.

You mention "security features can also be between VLAN for example IDP/IPS". As far I understand, IDP/IPS is always enabled between VLANs and there is no way to disable this, correct?

 

In answer to my own question, it seems the the MX95 is the lowest device to offer 1Gbps WAN speeds and minimum inter-vlan routing speeds of 1Gbps. Please correct me if I'm wrong.

0 Kudos
Subscribe
In response to Miyo360
ww
Kind of a big deal
Kind of a big deal
‎Feb 15 2022 9:28 AM
‎Feb 15 2022 9:28 AM

Yes IDS/IPS is all or nothing.

 

Ips, amp,content filtering are part  of the adv sec  license. If you dont have that or use it you can look at the mx 75/85.

 

If you want the 1Gbit with adv sec  then you could consider the mx95

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.