Hello,
I have a setup made of 2 1100 Mikrotiks, one is serving as aggregator for 500 EoIP tunnels, bridged to a single bridge group that is also a default gateway. Bridge has all the necessary filters to filter out broadcasts, spoofed traffic, allowing only http/https traffic to portal IP, DHCP etc.
Next the traffic is routed to a second Mikrotik that has Hotspot running on a ether interface, HTTPS based authentication with a remote RADIUS backend.
NAT is performed further in the network, so I have pools set to none on Portal Mikrotik. Traffic volume is rather low, 10-20Mbit, with about 50 active users at a time.
Problem is that clients are experiencing huge delay from the first HTTP GET till they get a portal page, sometimes it takes like 10-20 seconds and more till portal shows up. Sometimes it works almost fine, sometimes it slows to a crawl and simply timeouts. CPU on portal Mikrotik averages around 40-50% for the www process. It’s a 2x2Ghz virtual machine with 2Gb RAM running on ESX virtual infrastructure. ROS version 5.24.
However once connected and passed through a portal, everything seems to work fine, with a decent throughput (limiting factor is the wireless access, not the mentioned infrastructure). That is why I am keen to exclude the EoIP aggregation and bridging as a source of the problem and blame it on the Portal server scalability.
Any ideas?