Updated 7/13/2011 Corrected multiple subnet error
|At a Glance|
|Product||Cisco Dual WAN VPN Router [RV082v3]
Cisco Multi WAN VPN Router [RV016v3]
|Summary||New, more powerful versions of Cisco's workhorse small business routers based on Cavium processors.|
|Pros||• 100 IPsec tunnels
• ~70 Mbps 3DES IPsec throughput
• Up and downlink priority and bandwidth QoS
• Dual-stack IPv6 support
• VLAN support
• Subscription content filtering option
• PPTP server
|Cons||• No L2TP tunnel support
• Physical ports can't belong to multiple VLANs
• Tricky Win 7 Quick VPN setup
• 016 model does not support split VPN tunnel
Doug Reid recently did a very complete review of the RV042 four-port member of Cisco's revamped RV0XX "v3" line. So this review of its eight and 16 port siblings will focus on the differences and run through performance.
As you can see in the beauty shots above, the 082 and 016 are designed with rack mounting in mind. All ports, indicators and recessed reset button are on the front and Cisco even throws in a pair of rack mount ears with each. The only thing on the rear panel is the serial number label and AC power port.
Figure 1: RV016 / 082 v3 ports and LEDS
Speaking of serial number label, it's the only place where you know for sure you have a "v3". There is no indication on the product box itself. The box exterior does show serial number and MAC address, though.
Figure 2: Serial number label with v3 notation
Note that the beauty shots above are misleading in that they make the products look like they come in all-black cabinets. That must be a lighting effect, because in-person, the only thing black is the front and rear plastic panels. The top, bottom and side sheet metal is still silvery gray.
As with the RV042, the 082 and 016 have no cooling fans. They also have rubber feet for placing on a desk, and holes on the bottom for wall mounting.
I didn't open up either box to take a shot of its board. But Cisco was kind enough to provide a summary of the key components in the three RV0XX's, shown in Table 1 below.
|Model||CPU||Flash (MB)||RAM (MB)||Switch|
|RV042||Cavium CN5010 @ 300 MHz||32||128||Realtek RTL8309G|
|RV082||Cavium CN5020 @ 300 MHz||32||256||Realtek RTL8309G, RTL8306SD|
|RV016||Cavium CN5020 @ 300 MHz||32||256||Realtek RTL8329M|
Table 1: Cisco RV0XX v3 series component summary
Like the RV042, the original 016 and 082 used an Intel IXP425-266 processor with 16 MB of flash and 64 and 32 MB of RAM, respectively. The V3's double the amount of flash and increase RAM by 8X for the 082 and 4X for the 016.
Doug covered the IPv6 features pretty well in the RV042 v3 review, but I'll summarize them here:
- Switchable between IPv4 only (default) and dual-stack mode, without rebooting
- Provides IPv6 addresses to devices on its LAN via DHCP or stateless auto-configuration
- WAN interfaces support IPv6 addressing via static or DHCP
- DMZ interface supports IPv6
- DHCP server can set IPv6 range and DNS servers
- 6to4 tunnel enable
- Static and dynamic (RIPng) routing
There are some shots of various IPv6 and other screens in the gallery with additional detail.
Figure 3: Main IPv6 screen for WAN and LAN
Note: IPv6 requires v4.0.3.03-tm firmware or higher. So upgrade if your unit is below that level.
Feature-wise, the main things the RV082 and RV016 add over the RV042 are a bit higher performance, more WAN port flexibility and more IPsec tunnels (100 vs. 50). Table 2 summarizes the WAN, LAN and DMZ port situtation.
|RV042||2||4||1||Second WAN port shared w/ DMZ|
|RV082||2||8||1||Second WAN port shared w/ DMZ|
|RV016||7||13||1||5 LAN ports can be configured as WAN|
Table 2: Cisco RV0XX v3 series WAN and LAN port comparison
The RV016 also gives you five more PPTP tunnels than the RV042 and 082—a total of ten.
Doug did a good job of walking through many of the new GUI's features in the RV042 v3 review. Note that the new v4.0.3.03-tm firmware fixes the GUI access problems Doug had with Firefox.
Figure 4: RV016 v3 System summary page
Here's a summary of the RV0XX series' other features, with differences between models noted.
General and Firewall
- IPv4 and dual-stack IPv4 / IPv6 support (requires v4.0.3.03-tm or higher firmware)
- Static, Dynamic PPPoE and PPTP WAN types with MTU adjustment and MAC address clone
- Firewall can be disabled for bridge mode
- One-to-One NAT support
- Dynamic DNS clients for DynDNS.org and 3322.org
- RIPv1, RIPv2 and RIPng (IPv6) dyanmic routing
- DMZ physical port and LAN IP support
- Triggered and static port and port range forwarding (30 each)
- SPI+NAT firewall with Java, cookie, ActieX and proxy blocks, SPI, DoS, Multicast passthrough, WAN request block and remote management disables
- HTTP / HTTPs remote management with port setting
- Scheduleable firewall inbound / outbound access rules with separate source and destination ports (50 max)
- Status URL keyword blocking
- Optional ($) Cisco ProtectLink content filtering
- 100 IPsec tunnels for site-to-site or client-to-gateway (50 on RV042)
- 50 Quick VPN tunnels (client to gateway)
- 5 PPTP tunnels (10 on RV016)
- Encryption levels: DES, 3DES, AES-128, AES-192, AES-256
- MD5/SHA1 authentication
- IPsec NAT traversal supported
- PPTP, L2TP, IPsec passthrough
- Split tunnel supported (RV042, RV082 only)
- Rate (bandwidth) and priority modes
- Two-level priority, upstream and downstream, assignable by WAN interface and service port
- Max and min rate (bandwidth) limits can be assigned to IP ranges and WAN interfaces, up and downstream
There are some shots of the various IPv6 and other screens in the gallery with additional detail.
Despite all the features, the RV0XXes don't do everything you might want from a small business router. For example, VLAN handling isn't as flexible as you can get in most "smart" switches.
Figure 5 shows the Port Setup page that contains physical port disables, priority and speed / mode settings. There is also a VLAN selector, which looks encouraging.
Figure 5: Port setup
You can't assign LAN ports to multiple VLANs, nor can you assign WAN or DMZ ports to any VLANs. And 802.1q VLAN tagging also isn't supported. But Cisco tells me that assigning ports to different VLANs will block broadcast traffic and keep them from accessing one another, while still supporting Internet access for all clients.
So the most common use of VLANs, segmenting a LAN, but maintaining Internet access is handled without needing to mess with PVIDs and other complications you run into with managed / smart switches.
The RV0XXes also don't support multiple subnets, which more advanced networks might need.
All the RV0XXes do support multiple subnets (option under Network - Setup).
Routing throughput running the latest v4.0.3.03-tm firmware and our router test process for the RV082 v3 and RV016 v3 has been gathered from the Router Charts and plunked into Table 3 for your comparison convenience.
All three products are essentially 100 Mbps wire-speed in each direction. The RV042, with its less powerful Cavium CN5010, can't reach the higher simultaneous throughput that the 082 and 016 can, however. This won't matter for most uses, since getting 100 Mbps of down and up bandwidth isn't that common, at least for U.S. users!
(client-to-gateway, 3DES, MD5 encryption)
Table 3: Cisco RV0XX v3 series throughput summary (All values Mbps)
Figure 6 shows the IxChariot composite throughput plot for the RV082 v3.
Figure 6: Cisco RV082 v3 Routing throughput summary
And Figure 7 for the RV016 v3.
Figure 7: Cisco RV016 v3 Routing throughput summary
You won't see Maximum Simultaneous Connection results in the Charts, however. Neither I nor Cisco could explain why I could only get a few dozen connections from my UDP based test tool before it stopped. This happened for both the RV082 and RV016 v3. The odd thing is that the RV042 v3, with earlier firmware, maxed out the test.
Table 3 also presents the results of more-painful-than-it-should-have-been client-to-gateway tests using Cisco's QuickVPN client. I should have re-read Doug's review, which warned of QuickVPN's quirks. Suffice it to say that if you're using QuickVPN with Win 7 or Vista, you better have Windows Firewall enabled and not muck with its default settings!
My previous encounters with QuickVPN for some reason didn't bring home the fact that it doesn't set up a normal IPsec connection. This Cisco Forum post explains why I could not reach the QuickVPN's client from a LAN client and why IxChariot's LAN-side endpoint couldn't return results at the end of a test.
So if all you need is for a remote client to be able to "dial in" and securely grab files from a server behind the RV0XX, QuickVPN will encrypt the traffic using 3DES and MD5. But don't expect that a QuickVPN connection is a full, bi-directional IPsec tunnel. It isn't.
Figure 8 shows that both the RV082 and RV016 v3 can support around 70 Mbps through a 3DES, MD5 encrypted QuickVPN connection.
Figure 8: RV082, RV016 v3 Quick VPN throughput
I can see why the RV0XXes have been a favorite of folks charged with keeping small businesses connected. They provide most of the features that small businesses need, i.e. bandwidth management, multiple WAN support and even LAN segmentation via their simplified VLAN features.
There has been some grumbling in the forums about the user interface changes that have come with transition from Intel to Cavium platforms. And, from my experience, it looks like the code base still needs to mature a bit.
But once Cisco gets it all sorted, I'm sure the v3 RV016 and RV082 will join the new RV042 as good footsoldiers in Cisco's expanding small business router line.