Community discussions

 
RalfG
just joined
Topic Author
Posts: 7
Joined: Thu Feb 21, 2019 10:42 am

The "bridge"

Wed Mar 06, 2019 5:33 pm

Hi,

after testing RB4011iGS+ I ended up buying some for ourself and our customers. Really a nice piece of h/w and a mighty OS.
I've been able to test several VPN scenarios with different h/w vendors, speedtests, advanced routing features, netflow monitoring etc. all of that is working like a charm at speeds that I didn't expect in that price range.

But when it comes to the term "bridge" I'm not sure how this has to be handled:

if I've just 3 segments, e.g. DMZ, WAN, LAN in different networks, so none of them is bridged, why is there always a "bridge" involved? Or can I simply switch off that bridge doing just the routing with simple interfaces bound to dedicated port (no WLAN or other non Ethernet medium used, no VLAN).

AND:

the RB4011 has 2 switches. Is there any advice regarding speed increase or decrease when seperating ethernet segments assigning specific ports to each of them?

thx for any reply,

regards,

Ralf
 
User avatar
pukkita
Trainer
Trainer
Posts: 2982
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: The "bridge"

Wed Mar 06, 2019 6:41 pm

if I've just 3 segments, e.g. DMZ, WAN, LAN in different networks, so none of them is bridged, why is there always a "bridge" involved?
Because that's the way you build the "segments".

Before 6.42 you had the option of either build a L2 segment by creating a bridge (by software, using CPU) or by using the switch chip if present (hardware).

From 6.42 onwards, this has been "consolidated", now when you create a bridge and add ports to it with "hardware offload" enabled, ROS will enable the switch chip hardware acceleration features if possible.
Or can I simply switch off that bridge doing just the routing with simple interfaces bound to dedicated port (no WLAN or other non Ethernet medium used, no VLAN).
Post your config (use export.
the RB4011 has 2 switches. Is there any advice regarding speed increase or decrease when seperating ethernet segments assigning specific ports to each of them?
As explained before, Routerboards with switch chips use hardware acceleration for switching/bridging given the appropiate conditions. So grouping ports that will be "talking between them" under the same switch chip will get the benefit of hardware acceleration, just as a regular X port switch.

So a sound approach to leverage switch acceleration on a 4011 could be: use some of the remaining ports from switch chip 1 (ether3-5 for example) to build a bridge for the DMZ, and use all LAN ports on switch2 (ether6-10) for LAN.

I'm guessing 4011 is the only device on the LAN; if there are more devices (switches) then the approach would be different.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
RalfG
just joined
Topic Author
Posts: 7
Joined: Thu Feb 21, 2019 10:42 am

Re: The "bridge"

Sun Mar 17, 2019 9:42 pm

Pukkita,

thx for the explanation, after some hours “in the lab” trying different scenarios, the way it’s done in RouterOS is much more logical and comprehensive.

Ralf

Who is online

Users browsing this forum: No registered users and 103 guests