after testing RB4011iGS+ I ended up buying some for ourself and our customers. Really a nice piece of h/w and a mighty OS.
I’ve been able to test several VPN scenarios with different h/w vendors, speedtests, advanced routing features, netflow monitoring etc. all of that is working like a charm at speeds that I didn’t expect in that price range.
But when it comes to the term “bridge” I’m not sure how this has to be handled:
if I’ve just 3 segments, e.g. DMZ, WAN, LAN in different networks, so none of them is bridged, why is there always a “bridge” involved? Or can I simply switch off that bridge doing just the routing with simple interfaces bound to dedicated port (no WLAN or other non Ethernet medium used, no VLAN).
AND:
the RB4011 has 2 switches. Is there any advice regarding speed increase or decrease when seperating ethernet segments assigning specific ports to each of them?
if I’ve just 3 > segments> , e.g. DMZ, WAN, LAN in different networks, so none of them is bridged, why is there always a “bridge” involved?
Because that’s the way you build the “segments”.
Before 6.42 you had the option of either build a L2 segment by creating a bridge (by software, using CPU) or by using the switch chip if present (hardware).
From 6.42 onwards, this has been “consolidated”, now when you create a bridge and add ports to it with “hardware offload” enabled, ROS will enable the switch chip hardware acceleration features if possible.
Or can I simply switch off that bridge doing just the routing with simple interfaces bound to dedicated port (no WLAN or other non Ethernet medium used, no VLAN).
the RB4011 has 2 switches. Is there any advice regarding speed increase or decrease when seperating ethernet segments assigning specific ports to each of them?
As explained before, Routerboards with switch chips use hardware acceleration for switching/bridging given the appropiate conditions. So grouping ports that will be “talking between them” under the same switch chip will get the benefit of hardware acceleration, just as a regular X port switch.
So a sound approach to leverage switch acceleration on a 4011 could be: use some of the remaining ports from switch chip 1 (ether3-5 for example) to build a bridge for the DMZ, and use all LAN ports on switch2 (ether6-10) for LAN.
I’m guessing 4011 is the only device on the LAN; if there are more devices (switches) then the approach would be different.
thx for the explanation, after some hours “in the lab” trying different scenarios, the way it’s done in RouterOS is much more logical and comprehensive.