Community discussions

 
Andys
just joined
Topic Author
Posts: 11
Joined: Fri Aug 03, 2012 8:02 am

Are interface lists worth using?

Thu Sep 13, 2018 11:50 am

Hi, just a quick question.
Recently I upgraded to HAP AC2, and I see now all default rules use interface lists LAN and WAN.
Would I get worse performance if I'd change my working config to interface lists instead of specific interfaces?
I remember reading somewhere that address lists would slow down rule processing if used abundantly, is that a thing with interface lists too?
I have 3 WANs, so the general choice would be between making one firewall/nat rule for interface list or making 3 rules for each interface (masquerade, dstnat, etc)

Though I think that even if there is a performance hit it would be very negligible with a quad-core CPU, just interested in 'best practices' I guess
 
User avatar
leoservices
Trainer
Trainer
Posts: 138
Joined: Fri Jan 13, 2012 2:20 am
Location: Belo Horizonte - MG - Brazil
Contact:

Re: Are interface lists worth using?

Fri Sep 14, 2018 3:33 am

Hello,
Actually the gain with CPU economy is not meaningful depending on the number of rules etc.

I consider it a good practice to interface list, for example WAN to make it easier to create rules for the purpose of control / security "WAN"
I try to help !

Leonardo Vieira
https://youtube.com/contractti
Like Facebook.com/contractti
 
Paternot
Long time Member
Long time Member
Posts: 607
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Are interface lists worth using?

Fri Sep 14, 2018 4:41 am

The lists make our lifes easier: with 3 WAN links, and lists, you don't have to change/create 3 rules - one for each interface. You just create a rule to a list. Much easier than deal with 3 of them.

I don't think that it will have a measurable impact on performance. The address lists can - but we would be talking about thousands of addresses. With just... 10? 20? interfaces? Give me lists all the way. :D
 
Andys
just joined
Topic Author
Posts: 11
Joined: Fri Aug 03, 2012 8:02 am

Re: Are interface lists worth using?

Mon Sep 17, 2018 3:37 pm

Thanks for replies!
In practical tests I see this new CPU is so more powerful than my previous one (RB751G). My previous router was struggling (>90% cpu) with just 1.5mbytes/sec traffic over OpenVPN, while ac^2 goes up to 11 mbytes/s and is still at 10-11% CPU utilization.
I definitely won't notice any slowdowns from using any lists...
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1110
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Are interface lists worth using?

Mon Sep 17, 2018 4:09 pm

Absolutely!

I find them very handy when setting up firewall and NAT rules.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials

Who is online

Users browsing this forum: Google [Bot] and 39 guests