I would like to ask for support for an annoying problem that I’m facing since a while.
I have a RB750UP to manage a small office. For requirements reasons, the MK was set up to have a LAN network over the set of 5 ethernet ports, and a VLAN. In particular, the VLAN network is regulated through firewall rules. More in details, the LAN and VLAN are not allowed to talk to each other, and the way I implemented this was through firewall rules.
There’s however one exception; in the LAN there is a NAS that is required to be reached from the VLAN side. The scope for this access is to allow VLAN devices to perform backups over the NAS. Recently I’ve noticed that (when a backup is in progress) the CPU usage is almost always stuck at 100%.
By running the profiler, emerged that the firewall is partially responsible for this behavior. Therefore, I imagine that the same rules that are used to prevent the VLAN to talk with the LAN, are also responsible for this high CPU usage when an intense usage and interaction between LAN<->VLAN takes place.
Is there any specific trick that I could use to achieve the same result with less CPU load?
Go through ethernet routers in product page. Look at physical properties (e.g. number of ethernet ports and speed of thereof) and check Test results. Routing capacity is listed under Ethernet test results, the number which is closest to real-life performance[*] in majority of use cases is listed as Routing - 25 ip filter rules - 512 byte packet size. Mind that this number includes LAN-to-LAN routing and depending on layout of your network you may want the number near gigabit. Not many devices with SOHO-friendly price tags can do it.
[*] This statement is not “cast in stone”, it reflects experience of number of users, members of this forum.