CPU Max out with IP Firewall

Ok so i got the Payment Reminders redirect working great http://forum.mikrotik.com/t/redirecting-to-payment-reminder-causes-loop-solved/51982/1 Was really looking forward to this. Then over the weekend I noticed we were starting to get packet loss at our main tik.

Tried Winboxing in to no avail. SSH’ed in fine, long story short, turned off Bridge settings/firewall ip and everyone was happy again.

RB493G, FW4.17, No routing on this tik its a straight switch at this point, taffic peaks about 110mbit and its only going to go up. We are working on putting in an RB1100 to replace the 493G and our netscreen100 router.

But looking at this maxing out the cpu and causing PL is the RB1100 going to be any different. I know the 1100 has bigger cpu and more memory.

Or is this more about running the tik in Bridge with firewall instead of as a router. Would running it in router mode be more efficient on the cpu? Does it make a difference?

Routing vs switching doesn’t make much of a difference - it’s negligible.

Depending on the packet size you were mostly seeing you probably just exceeded the 493G’s capabilities. You can see its data rates here: http://routerboard.com/RB493G. The RB1100AH compares at approximately 3 times that of the 493G. You do have to run conntrack since you’re performing NAT for the redirect to the proxy.

Well not sure if I am looking in the right place but I was watching the interface stats and they show p/s but im not seeing anything for packet size or FPS.