Split-horizon bridging is killing your performance (and is completely unnecessary)
Bridging both ports to the same interface is opening your internal network to your ISP’s other customers (usually they have filters for that)
Your router lacks decent firewall rules
If you fix those problems, you’ll be sitting pretty with CPU headroom to spare. I gave you corrected configs for the first two issues. I’ll have to dig up some of the default rules from a hAP or something, or you can search those out. Basically you want rules that 1) fasttrack all existing and related connections, also 2) accept all of those (in case fasttrack misses some), 3) blocks any new incoming TCP connections to the router itself (input), and 4) allows the NAT traffic to be forwarded.
I have a CCR2116 handling NAT for 700 households pushing 3-4Gbps right now (peak hours) tracking 54000 connections and it’s holding steady between 20-30% with L3 hardware offload disabled. The CCR1072 would be nice, but seriously overkill. The 2116 and your MS-01 should be fine doing the work you’re trying to do.
Yea I returned the Ms-01 today, right now on my network I have a ccr2004 & the 2116 the 2004 I will most likely sell on ebay once I get everything fixed with these nodes right now it just has all my other firewall rules on it thats just easier to have seperated at the moment. I did have another 2116 that amazon luckily let me return and I will be getting the refund for plus the refund for the ms-01 I might as well just grab the 1072 I found a good deal on a used one, that way I wont have a problem bc right now I’m at 63k p2p connections via nodes and I will most likely be tripling that number once I get the kinks worked out in the script and get my other server running (right now I’m testing the ram on it)
Have you migrated your rules as suggested, and tried L3HW offload? I’d be curious to see your CPU results after doing that. You may be pleasantly surprised.
alright so I just edited all of the configs and it didn’t change anything my internet is still bogging down super slow and unusable once it gets up to a lot of nodes, one guy in the project was telling me it’s something to do with the OS and the NAT tables he was saying OPNsense is a lot better at handling large nat tables I’m by no means an expert in this so I dont really understand maybe someone could help me shine some light on what my issue is then? The cpu was still about the same cranking up to 50% when nodes were starting and then leveling out once the nodes stopped starting.
How much bandwidth do you have again, and how much are the nodes using? If you only have 1Gbps to share, then it could certainly bog down if you start up hundreds of file sharing nodes and they start filling the pipe with traffic.
I have 2.5gb up/down but its plenty the speed barely affected at all,(I ran a speed test multiple times) I’ve been asking grok and it’s saying that the ccr2116 is getting overloading with millions of connections from the nodes and it is maxxed out. Grok was suggesting I run opnsense on one of my servers bc the ccr2116 isn’t capable of handling all the nodes I have it suggested I needed like 10 2116’s for the amount of nodes I’m running
it’s megabytes I guess. But I was looking at the connections as well in the firewall>connections tab and that is what grok was telling me was over the limit this is what grok told me:
Mate you need to forget about performance for a second and fix your firewall filter rules, or complete lack of them. This is absolutely critical
You’re complaining about slow speeds when you should be looking at the flood wave of bots that are constantly hammering your router from it being left wide open to the internet. Doing anything other than that right now is like focusing on the dripping tap in the bathroom, ignorant of the queue of people storming into your house and stealing all your shit because you left the front door wide open with a sign that says “free stuff, pile on in and take anything not nailed down”
Chances are when you add the absolute basics of filters to stop said influx, your performance woes will magically disappear. And you’ll realize you got rid of a perfectly good MS01 for no reason
So it’s some kind of Distributed storage. But I don’t get it. Is it some kind of competitiion about having the most nodes? 256,000 “nodes” can’t have much storage each of them, and 2.5Gbps is “nothing” in perspective for a for a storage cluster.
well it’s also a network an alternative to https it’s anttps (or something like that I forget) so it’s not just storage but a completely encrypted “new” internet with a one time payment model so I will be able to host a site with just a one time payment of I think a few dollars
