I'm looking for a generic "explanation" on what to take into account to have a configuration that even though is complex, will not slow down the router too much.
I looked here and there, and google was not really specific on the found answers.
At the moment, when I max out my ADSL link ( 12Mbps/1Mbps private setup), my router has a cpu load going from 35% to 60%.
The implications of that is that I have my girls "screamin" "I can't watch Youtube anymore" as the WiFi links become slow.
Now - having checked my configuration - I know it is complex, but I have also lots in my lan.
A short setup explanation.
Router RB493G with 2 mini PCI cards providing 2 Wireless LAN's. 1 in 2.4Ghz (protected/limited for children and Multimedia LAN), 1 in 5Ghz MiMo - point to point to one other router for our Gaming LAN (2 computer connected to that Router).
All ports of the Router (9 ethernet + 2 WiFi) are used for 4 Subnet/Lan's;
1. World -> Internet.
2. Internal Lan bridges the 2 WiFi networks and some 4 Ethernet ports.
3. Office Lan using 2 Ports (also VOIP).
4. Service network (My internet server is on that one).
On top of that - all networks are separated from each other with specific rules.
Now - I have added some more gimmicks into its configuration:
- Lots of filtering
- Mangling is set
- Packet and connection marking - traffic priority and network lockdown for the kids between certain times
- Tarpit setup for the gaming systems
- dynamic and static blacklists. Dynamic are updated through different sources (Web, Mail, System attacks, as direct router attacks), static IP's by importing various blacklists from some known sites.
The thing is. I know that what I did, the way I programmed it - has grown over time. However, I have 180 Filter rules, 24 Nat rules, 23 Mangle rules, and usually around 800 Blacklisted IP & Subnets in the respective address lists.
What can I do to lower the load of my router ?
Is there an alternative router that would be more powerful I could use ? knowing that I need 2 Wireless LAN's and at least 9 Ethernet ports ?