We have a CCR1009 which has 192 VLANS (one for each apartment) with packet marking & queues to speed limit each VLAN/apartment to their particular subscribed tariff. Throughput is less than 200Mbps.
This has been running fine for over a year but as the building is reaching 70%+ occupancy, we’re starting to see high CPU loads reach towards 100% (screenshot attached).
The obvious next step is to upgrade to a 1016 or 1032 but im wondering what headroom that will give me.
Perhaps it may be better to look for a different (less CPU intensive) method of limiting the VLANS?
There is something wrong with your config.
First of all use simple queues to limit customers. Simple queues are faster than queue tree when run on multicore cpus. And you don’t need any packet marking.
Let’s start with a screen shot of /tool profile. Run it during rush hour.
I have few CCR1016 with ~380 VLANs, Hotspot, ~1500 customers, simple queues, nat, extensive firewall and ~3000Mbit/s (3Gbps) going thru router. Load never goes above 75%.
I’m not a Telco guy, but I wonder how your HW setup looks like. The CCR1009 models are just 8 port Gigabit routers. I assume you have some cheap unmanged(dumb) Gigabit switches attached to each router port, and from the switches then going to each customer, right? If yes, then IMHO you don’t need any VLAN stuff. I would do it this way. But as said, I’m not a telco guy
Wait… were you connection-marking or packet-marking every packet? The queues in /queue tree match on packet-mark so each packet must have one to get handled by its respective queue, i.e. assigning the packet-mark only to first packet of a connection makes the other packets of that connection bypass the queues (or fall into the default one); the queues in queue simple match on IP range or interface name as target so they don’t require any marking at all.
