Community discussions

 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

crs326-24g-2s+rm traffic storm

Wed Jun 20, 2018 2:36 pm

Hello,
i want buy a crs326-24g-2s+rm but i need to limit known/unknown unicast,multicast,broadcast traffic to X% and if exceed more than this limit or drop it,
i see some article on wiki.mikrotik.com but it seems it can only limit unknown unicast, can anyone help me regarding this?
thanks
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1398
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: crs326-24g-2s+rm traffic storm

Wed Jun 20, 2018 8:51 pm

In Firewall Filter, you can create a rule with packet limit per sec, etc. not %. On this rule you can then select src / dst address type as unicast, broadcast, etc. Look under the "Extra" tab
MTCNA, MTCTCE, MTCRE & MTCINE
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

Re: crs326-24g-2s+rm traffic storm

Wed Jun 20, 2018 11:31 pm

hi,
just another question if i use swos or routeros on crs326 it cause any difference on speed performance?
thanks
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: crs326-24g-2s+rm traffic storm

Thu Jun 21, 2018 9:36 pm

In Firewall Filter, you can create a rule with packet limit per sec, etc. not %. On this rule you can then select src / dst address type as unicast, broadcast, etc. Look under the "Extra" tab
is a switch, the best way to do it s using switching features
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: crs326-24g-2s+rm traffic storm

Thu Jun 21, 2018 9:36 pm

hi,
just another question if i use swos or routeros on crs326 it cause any difference on speed performance?
thanks
i think routeros gives you more functionality, no performance difference


very important to use switching done by hardware to get wirespeed performance
Last edited by chechito on Thu Jun 21, 2018 9:42 pm, edited 1 time in total.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: crs326-24g-2s+rm traffic storm

Thu Jun 21, 2018 9:41 pm

Hello,
i want buy a crs326-24g-2s+rm but i need to limit known/unknown unicast,multicast,broadcast traffic to X% and if exceed more than this limit or drop it,
i see some article on wiki.mikrotik.com but it seems it can only limit unknown unicast, can anyone help me regarding this?
thanks
in routeros 6.43rc32 you can to this by hardware switching at wire speed:

disable unknown unicast, and unknown multicast on a per port basis

limit unknown unicast, and unknown multicast and broadcast to 1% of actual port speed

isolate ports
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

Re: crs326-24g-2s+rm traffic storm

Fri Jun 22, 2018 8:43 am

but when i send an email to support@mikrotik.com and ask them what performance do i get if i add 4-5 firewall rules,
they told me i should expect ethernet result on datasheet so its too much low , so are you sure there is no difference in performance between routeros and swos ?
because i need to use switching feature only and add 4-5 firewall rules or acl,
thanks
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: crs326-24g-2s+rm traffic storm

Fri Jun 22, 2018 9:24 am

but when i send an email to support@mikrotik.com and ask them what performance do i get if i add 4-5 firewall rules,
they told me i should expect ethernet result on datasheet so its too much low , so are you sure there is no difference in performance between routeros and swos ?
because i need to use switching feature only and add 4-5 firewall rules or acl,
thanks
firewall rules and switch ACL are not the same
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

Re: crs326-24g-2s+rm traffic storm

Fri Jun 22, 2018 9:27 am

understood,
so if i use routeros and use only switch tab i have full performance and if i use firewall rules or etc my performance will degree, right?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: crs326-24g-2s+rm traffic storm

Fri Jun 22, 2018 10:02 pm

understood,
so if i use routeros and use only switch tab i have full performance and if i use firewall rules or etc my performance will degree, right?
yes

to limit storms to 1 % of link speed make this

https://wiki.mikrotik.com/wiki/Manual:C ... rm_Control

you can try "unknown unicast flood" and "unknow multicast flood" bridge port options, they work without loosing hardware acceleration and help to reduce storms

with RouterOS v6.43rc32 you can do port isolation

https://wiki.mikrotik.com/wiki/Manual:C ... _isolation

Who is online

Users browsing this forum: No registered users and 82 guests