i got an crs125-24g which i believe has somewhat poor performance currently. I am not sure if its either my config or the hardware limiting the thing i want to archive.
Heres what i want to do:
Have 2 VLANs both with their own dhcp server and pool.
Share internet traffic between those 2 vlans in a way that if:
- vlan1 is idle vlan2 gets full speed and vice versa
if vlan1 and vlan2 need full power, bandwith is shared equally
My observation is that both rulesets do not get full speed because the cpu is hitting solid 90-100%.
My ISP Bandwidth: 150mbit (tested and verified on the modem itself)
Max with simple queues: 90mbit
Max with queue tree: 70mbit
I tried both regular website speed tests and well seeded torrent downloads.
Questions:
I heard that you can reduce cpu load if you do not config the vlan's as interfaces and use the switch cpu exclusively. How would i build separated dhcp pools in that case?
Here is my setup:
Code: Select all
/interface bridge
add name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] master-port=ether2-master
set [ find default-name=ether7 ] master-port=ether2-master
set [ find default-name=ether8 ] master-port=ether2-master
set [ find default-name=ether9 ] master-port=ether2-master
set [ find default-name=ether10 ] master-port=ether2-master
set [ find default-name=ether11 ] master-port=ether2-master
set [ find default-name=ether12 ] master-port=ether2-master
set [ find default-name=ether13 ] master-port=ether2-master
set [ find default-name=ether14 ] master-port=ether2-master
set [ find default-name=ether15 ] master-port=ether2-master
set [ find default-name=ether16 ] master-port=ether2-master
set [ find default-name=ether17 ] master-port=ether2-master
set [ find default-name=ether18 ] master-port=ether2-master
set [ find default-name=ether19 ] master-port=ether2-master
set [ find default-name=ether20 ] master-port=ether2-master
set [ find default-name=ether21 ] master-port=ether2-master
set [ find default-name=ether22 ] master-port=ether2-master
set [ find default-name=ether23 ] master-port=ether2-master
set [ find default-name=ether24 ] master-port=ether2-master
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add comment=Erdgeschoss interface=ether2-master name=vlan10_eg vlan-id=10
add comment=Obergeschoss interface=ether2-master name=vlan20_og vlan-id=20
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1-gateway,et\
her10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ethe\
r19,ether20,ether21,ether22,ether23,ether24" forward-unknown-vlan=no
/ip pool
add name=pool_eg ranges=192.168.10.10-192.168.10.254
add name=pool_og ranges=192.168.20.10-192.168.20.254
/ip dhcp-server
add address-pool=pool_eg disabled=no interface=vlan10_eg name=dhcp_eg
add address-pool=pool_og disabled=no interface=vlan20_og name=dhcp_og
/queue simple
add disabled=yes dst=ether1-gateway limit-at=5M/50M max-limit=10M/150M name=\
eg target=192.168.10.0/24
/queue type
add kind=pcq name=pcq-download pcq-classifier=dst-address
add kind=pcq name=pcq-upload pcq-classifier=src-address
add kind=pfifo name=default-long pfifo-limit=100
/queue interface
set ether1-gateway queue=ethernet-default
set ether2-master queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set ether6 queue=ethernet-default
set ether7 queue=ethernet-default
set ether8 queue=ethernet-default
set ether9 queue=ethernet-default
set ether10 queue=ethernet-default
set ether11 queue=ethernet-default
set ether12 queue=ethernet-default
set ether13 queue=ethernet-default
set ether14 queue=ethernet-default
set ether15 queue=ethernet-default
set ether16 queue=ethernet-default
set ether17 queue=ethernet-default
set ether18 queue=ethernet-default
set ether19 queue=ethernet-default
set ether20 queue=ethernet-default
set ether21 queue=ethernet-default
set ether22 queue=ethernet-default
set ether23 queue=ethernet-default
set ether24 queue=ethernet-default
set sfp1 queue=ethernet-default
/queue simple
add disabled=yes dst=ether1-gateway limit-at=5M/50M max-limit=10M/150M name=\
og queue=ethernet-default/ethernet-default target=192.168.20.0/24
/queue tree
add disabled=yes max-limit=170M name=gateway-down parent=ether2-master queue=\
default
add disabled=yes limit-at=50M max-limit=170M name=og-down packet-mark=\
og_packet parent=gateway-down queue=ethernet-default
add disabled=yes limit-at=50M max-limit=150M name=eg-down packet-mark=\
eg_packet parent=gateway-down queue=ethernet-default
add disabled=yes max-limit=10M name=gateway-up parent=ether1-gateway queue=\
default
add disabled=yes limit-at=5M max-limit=10M name=eg-up packet-mark=eg_packet \
parent=gateway-up queue=ethernet-default
add disabled=yes limit-at=5M max-limit=10M name=og-up packet-mark=og_packet \
parent=gateway-up queue=ethernet-default
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=10
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=20 ports="ether24,ether22,ether20,ether18,\
ether16,ether14,ether12,ether10,switch1-cpu"
add customer-vid=0 new-customer-vid=10 ports="ether23,ether21,ether19,ether17,\
ether15,ether13,ether11,ether9,switch1-cpu"
add customer-vid=0 new-customer-vid=20 ports="ether24,ether22,ether20,ether18,\
ether16,ether14,ether12,ether10,ether8,ether6,ether4,ether2-master,switch1\
-cpu"
add customer-vid=0 new-customer-vid=10 ports="ether23,ether21,ether19,ether17,\
ether15,ether13,ether11,ether9,ether7,ether5,ether3,switch1-cpu"
/interface ethernet switch vlan
add ports="ether10,ether12,ether14,ether16,ether18,ether20,ether22,ether24,swi\
tch1-cpu" vlan-id=20
add ports="ether9,ether11,ether13,ether15,ether17,ether19,ether21,ether23,swit\
ch1-cpu" vlan-id=10
/ip address
add address=192.168.10.1/24 interface=vlan10_eg network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20_og network=192.168.20.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.20.20 client-id=1:9c:c7:a6:3c:e9:92 mac-address=\
9C:C7:A6:3C:E9:92 server=dhcp_og
/ip dhcp-server network
add address=192.168.10.0/32 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1 \
netmask=24
add address=192.168.10.0/24 dns-server=9.9.9.9,8.8.8.8,8.8.4.4 gateway=\
192.168.10.1
add address=192.168.20.0/32 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1 \
netmask=24
add address=192.168.20.0/24 dns-server=9.9.9.9,8.8.8.8,8.8.4.4 gateway=\
192.168.20.1
add address=192.192.192.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.192.192.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9,8.8.8.8,8.8.4.4
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment="accept established related" \
connection-state=established,related disabled=yes
add action=drop chain=input comment="drop invalid connections" \
connection-state=invalid disabled=yes
add action=drop chain=forward connection-state=invalid disabled=yes
add action=accept chain=input comment="allow icmp" disabled=yes protocol=\
icmp
add action=accept chain=input disabled=yes in-interface=!ether1-gateway \
in-interface-list=all src-address=192.168.20.0/24
add action=accept chain=input disabled=yes in-interface=!ether1-gateway \
in-interface-list=all src-address=192.168.10.0/24
add action=drop chain=forward disabled=yes dst-address=192.168.20.0/24 \
src-address=192.168.10.0/24
add action=drop chain=forward disabled=yes dst-address=192.168.10.0/24 \
src-address=192.168.20.0/24
add action=drop chain=forward disabled=yes src-address=0.0.0.0/8
add action=drop chain=forward disabled=yes dst-address=0.0.0.0/8
add action=drop chain=forward disabled=yes src-address=127.0.0.0/8
add action=drop chain=forward disabled=yes dst-address=127.0.0.0/8
add action=drop chain=forward disabled=yes src-address=224.0.0.0/3
add action=drop chain=forward disabled=yes dst-address=224.0.0.0/3
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=yes new-connection-mark=\
og_con passthrough=yes src-address=192.168.20.0/24
add action=mark-connection chain=prerouting disabled=yes new-connection-mark=\
eg_con passthrough=yes src-address=192.168.10.0/24
add action=mark-packet chain=forward connection-mark=og_con disabled=yes \
new-packet-mark=og_packet passthrough=yes
add action=mark-packet chain=forward connection-mark=eg_con disabled=yes \
new-packet-mark=eg_packet passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway
/ip route
add disabled=yes distance=1 gateway=ether1-gateway
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1-gateway type=external
/lcd
set backlight-timeout=10m default-screen=informative-slideshow
/system clock
set time-zone-name=Europe/Berlin
/system watchdog
set watchdog-timer=no