Hi guys,
I’ve got a 750GL with 2 zotac mini PCs connected to ports 2 and 3 .. the ports are both set to master ports, and are part of the same bridge interface. When I run iperf between the 2 PCs I get throughput of around 560Mbps, which already seems a bit on the low side to me as I was expecting somewhere around 1Gbps. However, I have created a simple firewall rule which simply adds a new-packet-mark to and tcp traffic on port 80, and as soon as I set
/interface bridge settings set use-ip-firewall=yes
, throughput drops to around 170Mbps.
Is this something I’m doing wrong?
Thanks in advance.
If you go to port 3 and set master port to port 2 then the two ports will be switched by the switch chip. Then you should see line rate (1Gbps) or near to it as the switch chip handles all the forwarding.
If you have the ports bridged then that uses software forwarding and the CPU in the Routerboard to forward the packets and you see slower performance. If you have 560Mbps forwarding then I am impressed with software bridging on the 750GL. Possibly working with fast path or something else.
As soon as you turn on the use IP Firewall not only is the software having to bridge the packets but now it also has to alter every packet to add your new mark to each one which will slow it down further.
Try work out a way to not mark packets and where possible turn off connection tracking.
Regards
Alexander