I run an internet provider that pushes ~20Gb at peak usage. I upgraded our 1072’s to 2216’s and everything has been working really well, except the extremely disappointing CPU usage when doing firewalling. Mikrotik’s webpage states that with 25 bridge filters at 512 byte size the 1072 will do 37,270Mbps and the 2216 will do 13,992Mbps.
I’ve got a dedicated 2216 bridging only to function as a firewall but it will hit 90%+ cpu usage when running packets through the 8 firewall filter rules I have setup for blocking spoofing, winbox ports, ntp, etc. I have multiple providers coming into my firewall with 100Gb and 25Gb ports so using the 1072 isn’t really an option since it only has 10Gb ports. It kind of stinks that the 1072 is 6+ years old now and still offers the best Mikrotik performance in some respects but only has 10Gb ports.
Is there any new hardware coming with a processor better at firewalling or a version of the 1072 with 25Gb/100Gb ports?
I was thinking about moving the filter rules to raw, but with connection tracking off I don’t think that will really help. Is there anything else I can do to help lower CPU usage and make this work?
Thanks!