Hi,
with my first topic i want to ask a question about the performance of the RB1100AHx2 with RouterOS 6.33.3
I’ve set up a router with about 25 seperate VLAN like it is shown in the mikrotik wiki.
http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment
Now we have about 3000 firewall rules in the forward_chain for several Clients, Servers etc.
All rules are have filters like SRCIP, DSTIP, Protocoll, Interface, bridge_interface or AdressLists.
The “allow established connections rule” is the first rule in the forward chain.
The rules are mostly sorted from often used to not often used. So the rule that allows the traffic from the client vlans to our proxy server or fileserver are also relatively on top of the forward chain.
For Each Vlan is a seperated rule. So if each vlan has access to the proxy, there are 25 rules in the forward chain for the access to the proxy server.
But with the growing of the company the cpu load is getting higher and higher, now we often have loads from 60-80% the whole day.
My question now is, if it’s better for performance to seperate the forward chain in smaller chains e.g. per dstip ?
Or are there other tips and tricks to improve the performance for such an amount of rules?
Thanks in advance.
Simon