Hi All,
I'm using RouterOS 3.20 on a dual core 2.4GHz, 512MB, Gb interfaces box.
I'm experiencing slow network routing performance when I use a few basic firewall rules (port blocks to/from specific IP addresses).
This was proven by conducting simple network load with pings (6Kb, ~200 times) gave a 6% up to 10% loss, and when I test using file copy (~2-3Mb) gave me 50 seconds
Then after I disabled the firewall, the loss from the pings was down to 0% and the file copy is faster up to 20-30 seconds.
I was wondering is there anything I should to do to tune up the firewall performance? Since the box system resource showed a lot of idle resources (470Mb free memory, 30% CPU peaks)
Thanks for the responses guys....
Re: Firewall (basic rules) slow down routing performance?
The information given is too sketchy, please post your firewall rules for us to see and analyze
Re: Firewall (basic rules) slow down routing performance?
Hi guys,
attached is my firewall configuration. hopefully it's clear enough
thanks.
attached is my firewall configuration. hopefully it's clear enough
thanks.
You do not have the required permissions to view the files attached to this post.
Re: Firewall (basic rules) slow down routing performance?
hi guys, any comment ?
how can we measure firewall effect to the performance ? by set of rules ?
how can we measure firewall effect to the performance ? by set of rules ?
Re: Firewall (basic rules) slow down routing performance?
Add these to the top of your list. It should help with performance.
You will also want to add them to your input chain.
-Louis
Code: Select all
/ip firewall filter
add chain=forward connection-state=established comment="allow established connections"
add chain=forward connection-state=related comment="allow related connections"
add chain=forward connection-state=invalid action=drop comment="drop invalid connections" -Louis
Re: Firewall (basic rules) slow down routing performance?
Louis, thanks! I added them to my firewall rules.
anyway, how can we measure on network throughput capability of mikrotik router?
Do the resource meters (CPU load, memory) can represent the actual network throughput performance?
anyway, how can we measure on network throughput capability of mikrotik router?
Do the resource meters (CPU load, memory) can represent the actual network throughput performance?
Re: Firewall (basic rules) slow down routing performance?
The standard for measuring throughput for a mikrotik router is:
Download the bandwidth test tool from this page http://www.mikrotik.com/download.html onto 2 computers that are directly connected to the router. Start one up and go into settings and check 'Server Enabled'. Then on the second machine, run the tool and put in the IP of the first machine. You can change some of the settings (Protocol,Direction) for specific testing.
CPU of the RB will be the main limitation.
-Louis
Download the bandwidth test tool from this page http://www.mikrotik.com/download.html onto 2 computers that are directly connected to the router. Start one up and go into settings and check 'Server Enabled'. Then on the second machine, run the tool and put in the IP of the first machine. You can change some of the settings (Protocol,Direction) for specific testing.
CPU of the RB will be the main limitation.
-Louis
Re: Firewall (basic rules) slow down routing performance?
Thanks... I try this on. great..!
Re: Firewall (basic rules) slow down routing performance?
you can read from this web http://mikrotik.unimedcenter.org/mikrotik-firewall
Who is online
Users browsing this forum: No registered users and 46 guests