I had really nice plan to push MTU of primary bridge between servers to around 4-9k since it’s supported by both CCR1009 and RB44Ge. However once I created bridge and added some VLANs to it in order to bridge with RB2011 as AP i noticed that L2 MTU dropped to max value supported by RB2011. Then after adding hAP lite to that bridge… ugh…
So I started to wonder - does whole bridge need to have the same MTU? Or am i doing something wrong? Can i boost it a bit so that those servers could push 4k frames between them while to the rest of network packets would be dropped so that they would need to automatically decrese current MTU? Iirc L2 MTU is value that nodes will try to achieve - then why it drops after adding interfaces to bridge? It should be as high as possible right? That’s like the whole purpose of it.
Yeah but I also want firewall. I prefer firewall and general control/monitoring over performance. I have ip-firewall enabled on all bridge interfaces anyways so traffic is controlled also within subnet. If I’d like to just switch them then I’d just get CRS so it’s not really what I want to achieve. One machine is a bit more exposed and another not. I want to maximize throughput preserving really strict control AND security is more important than throughput because It’s just for backup so definitely waiting few seconds more is negligible problem comparing to any vulnerability in network.
Bridges have quite wide range and subnets are more logical than physical here so in fact most of routers have some machines connected to certain subnets.
It is not a sensible network design when you want best performance.
When you use a switch for the server network and do the filtering in a router that only routes the external
traffic you will have better performance and still have the possibility to filter things.
When you want to have high MTU and connect low-MTU devices, use 2 bridges and route between them.
Mhm. So I need separate subnet & bridge for devices with 9k MTU, 4k MTU, and 1.5k MTU? That sounds like some management overhead and more points of failure but well if that’s the only option then okay I guess :<
Additionally I would advise to use a wirespeed switch at least for the server network instead of a bridge.
And I would not buy the switch from MikroTik.