My Brume 3 arrived today, and after a little testing I am disappointed to see that while there are 3 physical ports on the device, there are in reality only 2x 2.5g ports on the CPU (eth0 and eth1). This means I am limited in routing speeds and performance. I am also still having to drop into Luci to handle IPSEC, which frustrates me given this device is literally marketed as a VPN Gateway.
I will probably be returning my Brume, as IPSEC is a hard requirement for business use, and the 2.5G “speed” was a big part of waiting for this release.
Please check my first post - there are 2 physical ports (eth0 and eth1) present on the MediaTek MT7987A SOC. eth0 is then split out via either soft switch or backplane mechanism outside the SOC into eth0 and eth0.1 to give "3 physical ports". The SOC ports are 2.5G, but eth0 in reality will never hit anywhere near these speeds given the switching going on behind the scenes.
Looks like the switch chip is limited to 1GB, so speed across the entire system is limited to 1GB total. Is this another "2.5G makes the firmware downloads faster.." instance?
There is some misunderstanding here, the switch chip will do 2.5G and there are users sharing 2.5G speed test results on the Brume 3 in Discord so 2.5G is quite capable on this device, and is pretty normal for LAN ports to be via a switch? I don’t see a problem with this myself.
Understand you might be disappointed with IPSec but this isn’t advertised on the product pages and for remote users as a VPN server (which is what is advertised) IPSec is a pretty dated way of doing things. IPSec has always been problematic for this use case due to remote users being on networks that block IPSec or don’t have the ALG required to have multiple IPSec tunnels working at the same time.
Personally for me IPsec does qualify as advanced usage beyond the target of what this device is intended and not something I would like to see GL.Inet putting dev resources into over other features that would be more useful to a wide group of consumers.
I'm also one of the guys who posted on discord, with my 2.3G speedtest result via brume 3, but the point is the switch connected to processor itself has 2.5G throughput. To utilize two 2.5G LAN ports simultaneously, it should have 5G, not 2.5G uplink.
Yes, there's no problem if you use one WAN and one LAN. But there might be a chance of performance degrade when you use both of ports attached to RTL switch
I’m neutral now in this topic. I agree that two of three in use 2.5G ports won’t have maximal performance and that’s my disappointed point, it would be better if they stated the fact in product detail, but still I think this product is performant per its pricing and has valid usecase as VPN gateway.
he means, that 2.5GbE is shared between the two ports.
basicly he talks about the full switch capacity if I understand it correctly, so if you take this in account with lan1 having a device or even a network upping 2.5GbE and also on lan2 there can be some issues when there is too much congestion going on.
this could easily happen in my network btw I got all upgraded to 2.5GbE especially targeting for moonlight streaming , I can easily get terrabytes on data sometimes dailly and sometimes in a few days, if I would place this as main router this might gonna be a issue, but I expect both ports will slow down then in a balancing order but I haven't tested this.
I had my interest to add this as my main but due to the vlan trouble I decided to wait, I think the Flint 4 is a much better candidate for this if they of course use ethernet ports not sharing each other, I never like such designs, I have had it once with a cheap nuc on Aliexpress and got told it's a way to cut down on costs.
But I really need something with more invidual ports, as I'm currently use a Flint 2 and all connected to it's single lan1 port asking for troubles
I think the way how I have set up my Brume 3 now, is directly on my pc as some kind of DPI firewall I think this suits better
I will do some testing on my unit but my understanding it is a switch chip. That should mean it can switch both 2.5G ports like it was a dedicated separate 2 port switch and not a router. Then internally this switch had a 2.5G uplink to the ‘router’ which is the networking block on the SoC. With this design I don’t see where the limitation is. You should have 2.5G full duplex between the lan ports and another 2.5G towards the router?
A two port router would not have this additional switch chip and you would just have two ‘router’ ports.
A dedicated unmanaged switch could have two ports on a switch chip and none of the router functions.
from how I understand it, is that the switch cpu handles all ports or you can also call it switch cpu.
but in the Brume 3, lan1, and lan2 are basicly one port sharing the same 2.5GbE in total if one port takes that usage there is no spare room for the other port, you can also maybe see it as a splitter to make more sense of it, they are not invidually seperated by the hardware design
the max switch capacity is 2.5gbe total.
normally if the ports are separated and invidually, it should be atleast 2.5gb+2.5gb often the wan port has been seperated from the cpu.
what you see is likely the 2.5gbe negotiation icons
from my testing for a single port connection and purely for wan there is no issue I can easily get 2.0+gbps.
but the issue becomes one when both lan port need it's share.
having them both on 1gb negotiation is maybe a good idea to have some spare room for both ports, if the balancing isn't that good.
I understand what you think is happening, but your understanding is incorrect.
The Realtek RTL8366ub Switch IS the switch CPU, it has all switching features self contained. The 2.5G link to the main SoC is only used for the ‘router’ side.
You have a 2 port dedicated switch inside the brume 3 for lan1 and lan2, this has a dedicated link to the MediaTek SoC that handles routing, NAT, VPN offload etc. or, with SQM will handle software routing functions.
The setup is no different to having a layer2 switch with an ethernet cable into a single LAN Port on a router, but self contain in a single system. The only reason you have a bottleneck is if you are pushing traffic via the router. e.g. VLANS or such which considering the router has a 2.5G WAN port, it makes sense that this link would only be 2.5G. Having a 5G or 10G link here would make no sense on this SoC and a device of this cost that is not designed to NAT/Router 5G of traffic.
, I can easily get terrabytes on data sometimes dailly and sometimes in a few days, if I would place this as main router this might gonna be a issue, but I expect both ports will slow down then in a balancing order but I haven't tested this.
