CHR VLAN Nat Performance

Hi,

I am currently running a CHR on a system with an I7-4770S and 10Gb ethernet adapter

The performance is super fast (around 4.0Gbit VLAN-to-VLAN Routing Performance) and works really well, but I have one problem:

The download performance from the local vlans to my internetrouter (AVM Fritzbox 6460) with srcnat is horrible (around 10-20Mbit)

The connection has 200Mbit and I can also reach this on the router locally via fetch, so i am a bit confused.

Do you have any idea, what could be the problem?

# nov/26/2016 20:27:21 by RouterOS 6.37.1
# software id =
#
/interface bridge
add name=bridge151 protocol-mode=none
add name=bridge152 protocol-mode=none
add name=bridge153 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] speed=10Gbps
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether1 name=vlan151 vlan-id=151
add interface=ether1 name=vlan178 vlan-id=178
/interface bridge port
add bridge=bridge151 interface=vlan151
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip firewall address-list
add address=192.168.151.0/24 list=internet
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward in-interface=bridge151 out-interface=bridge151
add action=accept chain=input connection-state=established,related
add action=accept chain=output connection-state=established,related
add action=accept chain=input protocol=icmp src-address-list=ping
add action=accept chain=input dst-port=22 in-interface=!vlan178 protocol=tcp
add action=accept chain=input dst-port=8291 in-interface=!vlan178 protocol=tcp
add action=accept chain=output protocol=icmp
add action=accept chain=forward out-interface=vlan178 src-address-list=internet
add action=drop chain=input
add action=drop chain=output
add action=drop chain=forward
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=vlan178 to-addresses=192.168.178.2
/ip route
add distance=1 gateway=192.168.178.1

Please close this thread, as I’ve found the reason for my problem.
It’s not about nat, but because the underlying network topology.
In Short: Do not use OpenvSwitch under CHR, but use normal linux bridging

Hah. Had the same issue myself, with this “production ready” openvswitch crap.
To be avoided