SG-2100 vs SG-3100 vs SG-5100... ? Purchase advice needed
-
ISPs providing exactly that do exist but I don't think we have ever tested one with a SG-2100.
I love to hear about it if anyone has.
Steve
-
I read this "extensive" post for this to work here in Spain. Finally a company called Carlitoxx-Pro started shipping a GPON to GigabitEthernet device. There is also a ZISA one that is sold online from China:
https://forum.mikrotik.com/viewtopic.php?t=116364
It is from Mikrotik, but all the electronics are inside the device so I think it should work while the SG-2100 provides power to the GPON.
I've seen that UniFi also sells a GPON to Gigabit adapter but I don't know if this one could work on a SG-2100:
https://dl.ubnt.com/ds/uf_gpon
If you look into the data sheet, there is a GPON for ONT side, not for OLT. But I don't know if this SFP could work against "non-unifi" OLT's.
But yes, I think it is "doable" :) for the moment I am using a UF Loco ONT and connect my SG-2100 straight to RJ-45 cable, but maybe in the future I'll try one of those.
BR!
ISO
-
@stephenw10 said in SG-2100 vs SG-3100 vs SG-5100... ? Purchase advice needed:
ISPs providing exactly that do exist but I don't think we have ever tested one with a SG-2100.
I love to hear about it if anyone has.
Steve
I’m running a SG-2100 with a 1000Base-BX20 SFP in the SFP slot that connects my fiber to the home directly. As the tranciever indicates, my ISP uses single strand Gigabit Ethernet to the edge.
-
Nice!
I tested some BiDi modules here and they worked without issue.
Steve
-
@stephenw10 said in SG-2100 vs SG-3100 vs SG-5100... ? Purchase advice needed:
Nice!
I tested some BiDi modules here and they worked without issue.
Steve
Steve,
Do you know if the 1G BiDi will work with the XG-7100 1U? I've having some issues using the "generic" ones from FS.com. I've started another thread but haven't heard anything.
-
The one I have does:
[21.02.2-RELEASE][root@7100.stevew.lan]/root: ifconfig -vvvm ix1 ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: IX1 options=e138bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6> capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6> ether 00:08:a2:0e:a5:92 inet6 fe80::208:a2ff:fe0e:a592%ix1 prefixlen 64 scopeid 0x4 inet 172.21.16.243 netmask 0xffffff00 broadcast 172.21.16.255 media: Ethernet autoselect (Unknown <rxpause,txpause>) status: active supported media: media autoselect nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> plugged: SFP/SFP+/SFP28 1000BASE-LX (LC) vendor: OEM PN: SFP-GE-BX03-D SN: NV20200713025 DATE: 2020-07-14 module temperature: 27.94 C Voltage: 3.31 Volts RX: 0.20 mW (-6.79 dBm) TX: 0.12 mW (-8.97 dBm) SFF8472 DUMP (0xA0 0..127 range): 03 04 07 00 00 00 02 00 00 01 01 01 0D 00 03 1E 00 00 00 00 4F 45 4D 20 20 20 20 20 20 20 20 20 20 20 20 20 00 00 90 65 53 46 50 2D 47 45 2D 42 58 30 33 2D 44 20 20 20 41 20 20 20 06 0E 00 09 00 1A 00 00 4E 56 32 30 32 30 30 37 31 33 30 32 35 20 20 20 32 30 30 37 31 34 20 20 68 F0 01 0B FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FFThough I was quite surprised about that. It doesn't report a link speed so cannot be set to 1G fixed which is often required for use like this.
Steve
-
@stephenw10 Good to know it's possible! Have you been running this without any issue?
-
Not for any time. I just moved it from an SG-2100 to test. I saw no problems though and it also runs fine in the SG-2100, been running there for months.
Steve
-
@cabledude
You may be able to do the SG-3100 but only if you offload Suricata and/or nTopNG to a separate machine. Otherwise, go with the 5100 as suggested earlier.I speak from experience, as having tried it before. ;)
-
@msf2000 I too happen to be in the same boat. I have the SG-3100 and currently experiencing lock ups and random reboots. It just does not have the horse power needed to run these applications. I am now facing the hard choice that I am going to have to upgrade to the 5100. Don't make the same mistake that I did.
-
@msf2000 SG-3100 is not good for me. I just installed one for customer and was trying to get decent IPSec speeds between installed 3100 at 200Mbps fibre site and 500Mbps fibre remote site using SG-5100. I was only able to achieve around 80Mbps throughput. I had tried at home for a while where I use a home built pfSense. I try connecting SG-3100 to our work SG-5100 - both sites are 1Gbps fibre. With my home build setup I get around 700-800Mbps IPSec but with SG-3100 could not get any decent speed at all. Older SG-2220 is way better around 400Mbps IPSec but it is limited to around only 700Mbps LAN routing so I could never hit full 940Mbps in Speedtest. I wish Netgate would come out with inexpensive line of routers using the Intel CPU with good IPSec encryption instead of these ARM processors. Maybe SG-3100 work good connecting IPSec to another SG-3100 and maybe when I have time I can test a 700Mbps site to a this 200Mbps site both using SG-3100
-
The biggest trouble with the hardware offerings is that there is a world of difference between an Atom cpu and a Xeon. Atom can hardly keep up with moderate home use; and there is literally nothing in the lineup for full wire speed home without going up to a much more enterprise capable Xeon. The 5100 is really the lowest priced NICE machine in the lineup that can pretend to keep up with crypto.
I think something with Ryzen V2000 series embedded processors would be much more appropriate for long term use. Engineering team...please hear my prayers...
-
@brians said in SG-2100 vs SG-3100 vs SG-5100... ? Purchase advice needed:
I was only able to achieve around 80Mbps throughput. I had tried at home for a while where I use a home built pfSense. I try connecting SG-3100 to our work SG-5100 - both sites are 1Gbps fibre. With my home build setup I get around 700-800Mbps IPSec but with SG-3100 could not get any decent speed at all.
The Hardware Crypto offload in the SG-3100 supports AES_CBC do you use this?
I guess you have set up the IPsec with AEC_GCM and then, the SG-3100 have it run in slow software mode. -
Yes I tried AES and SHA1 for encryption and did not get expected results.
Could be that the other end, SG-5100, is doing software crypto with these settings and is the bottleneck? I am thinking SG-3100 to SG-3100 may be a good test to do when I get the chance.
-
I don't think so. the Atom of the SG-5100 supports AES CBC to.
-
After upgrading a few SG-3100 to 20.05 it seems to have resolved my issues with VPN speed, and I get expected IPsec VPN performance now.
SG-5100 is still far better if can justify the price.
