I'm attempting to build a transparent shaper on routeros v7 but I'm seeing something odd.
It seems that the bridge firewall adds both sides together.
config notes: v7b5. bridge w/ IP firewall enabled, fast path disabled, 2 ports ether4 and ether5 in bridge both with hardware accel disabled. both ports link up at 1G full duplex as do all other devices in the chain. My PC where I'm hosting the iperf3 server instances and the PC across the bridge. If I disable all queues, I can push ~940Mbps/~940Mbps across the bridge. I've tested multiple queue types, all with sale result. Also, this hap ac2 was factory reset with config removed and the only changes made were bridging the ports and enabling the queue, and attempting mangle rules.
Test host is connected to port 5, upstream router in port 4.
I've tried just adding a simple queue targeting the test host's IP. ie, target=192.168.1.185, set upload=100m and download=100m. Then I run 2 iperf3s across, one sending and one receiving to attempt to get a 100m/100m queue running. This results in only 100Mbps *total* passing the bridge as if the bridge were half-duplex. If I cancel one of the iperf3s, then I get about 100M passing in that direction.
I've tried marking packets with source=192.168.1.185=packet mark 'UL' and dst=....185 for packet mark 'DL' and putting those packet marks in the queue, same result.
Any idea what's going on here?
The ultimate goal is a transparent fq-codel shaper. I can get fantastic results *one way* but then this strange half-duplex-like behavior is kicking in.