Im very new to the routerboard products, so I’m just hoping I’m doing something wrong. When I copied data in my old scenario (pc → switch → modem → switch → laptop) I could transfer files with a speed of around 90MB/s.
Now I am testing out my new setup (pc → routerboard → laptop) and (pc → routerboard → synology) and in both scenario’s i hardly get 35MB/s with a CPU load of 100%. There are some minor simple firewall rules active, but also when I turn them off the performance stays the same.
I’m unsure if I did something terrible wrong or if I’m expecting too mutch out of the routerboard… Hope someone could advice me on this.
how is the traffic passing thru the routerboard? bridge or routing?
You can use Tool->profile to see what’s eating the cpu circles. By 35MB/s do you mean 35MByte/s or 35mbit/s ?
It is MByte a sec. I think I found my problem. I made a little too complicated setup:
3 bridges with a firewall between the bridges. This is not working. I resetted the router to defaults and now my speed is as expected. The think is I needed 3 networks to run seperately over the same internet connection, but 1 and 2 needed to communicate, 2 and 3 also, but no connection was allowed between network 1 and 3. I think I have to go back to the drawing board (although not a clue yet how to do this then properly).
Can you describe your current setup and what speed you getting with it? on my RB2011 lab device i was also not able to reach the speed which is announced at the datasheet.
I created 3 DHCP servers, eth2,3,4
I created 3 bridges Home, Office, Storage
Eth2 was in Office 192.168.178.0/24
Eth3 was in Storage 192.168.179.0/24
Eth4 + wlan was in Home 192.168.181.0/24
After getting this to work if created these firewall rules to sepperate the networks:
Drop all traffic from Home to Office
Drop all traffic from Office to Home
Then I did a test and copying from the home to storage reached +/- 35MB a sec.
This morning I did an other test, just set it up as it was out of the box, everything in one bridge, 1 DHCP server etc… Then I had a speed of 100MB a sec… So My best guess is that the problem lies in the bridges (I get a 100% cpu load while copying.)
Now is my biggest problem, how can I make the networks filtered. I tried to create a firewall on the ports, but that is not working. I created a VLAN for each port and filtered on that, but also that is not working (though I could have done it wrong..?)
I’m very new in networking and stuff, so it is a load of trial and error currently. Maybe someone can give me extra pointers?
Now I have the same sort of setup, but with just Master ports, and still I only get 45MB/sec from office to syno… No firewall beside the default rules…
So basicly,
eth2, dhcpserver ..178.*
eth3, dhcpserver ..179.*
Only switching them is giving good performance, but then I get only 1 dhcp server running…
Well.. using the bridge function means that all the traffic flowing trough that bridge must pass the CPU. This is a lot of work for most embedded CPU’s. 35MB/s is what can be expected of the CPU in the RB2011. If you want better performance you need to redesign your network in a way that this traffic does not need to pass through the CPU or use faster hardware.
I’m not famliliar with thee switchchip in the RB2011, but maybe you can put an ACL in it (done in hardware) and do simple routing so that you can use ‘fast path’. That should be much faster.
Try the bridge filter… see if that gets any improvement… But as was stated… your going to be limited by the CPU with any router since all of the traffic has to pass it.
I think you are right about the bridge. Though, with my latest setup I have no bridge, just seperate ethernet ports. And still the performance problem.
I thought that with the master/slave setting you where switching them. The problem is that I then have just 1 DHCP server. Maybe you are pointing something else out, but then I didn’t understand you.
At first I did not get your point, but after some further digging I found the bridge filter rules. So instead of having a lot of different IP ranges, I just created 1 big range, and created a bridge filter for eth2<->eth4 to drop all trafic. This works, jeej! It solves my problem:)
I have one minor should on my shortlist, not sure if I would be able to do this, I would like to drop all traffic from eth4 to eth2, except for 1 IP-address.. (the printer). When I trie to add a rule, I cannot specify the printer, is there any way to achieve this?
I think…
add src-address=192.168.179.10/32 out-interface=eth4 chain=forward action=accept
add dst-address=192.168.179.10/32 in-interface=eth4 chain=forward action=acceptThen just make sure the order is correct on the website…
