I have a Dorm building that has 120 student’s living there, with up to 200 devices (phones xbox’s PC’s Mac’s etc..) that get online Via a ubiquiti Unifi system. The Unifi’s create a layer 2 bridge to a 24-port netgear smart switch, which then uplinks to port 2 of the RB 1100 AHx2. The Fiber feed to the internet with a 75/75 connection is coming into port 1 of the RB. There is 1 public IP on the WAN of the tik, which NAT’s the internal students via the default config of the RB.
My problem is, before I put any rules on to limit torrents, I see the CPU reaching 80+ percent at times when the traffic starts hitting 35+meg. Is 200 NAT connections too many for the RB1100AHx2 to handle? Or is the default config of the mikrotik not very efficient for this scenario? Ping times become erratic.
3 chain=input action=drop protocol=tcp in-interface=ether1 dst-port=8080
4 chain=input action=accept connection-state=related in-interface=ether1
5 chain=input action=accept protocol=tcp dst-port=8291
6 chain=input action=accept protocol=icmp
7 chain=input action=accept connection-state=established
in-interface=ether1
8 chain=input action=drop in-interface=ether1
I have a web proxy blocking .torrent files currently, but what else could be causing my tik to choke?
Thank you in advance, let me know if you need more information.