Community discussions

 
User avatar
Raf
Member Candidate
Member Candidate
Topic Author
Posts: 171
Joined: Thu May 07, 2009 4:26 pm
Location: Olesnica, Poland
Contact:

hEX NAT performance

Tue Oct 03, 2017 8:25 am

Hi,

I just bought RB hEX to use it as a router at my home for FTTH ONT which works in bridge mode. hEX acts as home router and it's configured in this way:
LAN1 -> WAN
LAN2 -> master port
LAN-3-5 -> slave ports
There is also DHCP server and Masquerade. No filter rules in firewall, no queues. Really simple configuration.

This config was used with latest stable ROS v6.40.3 and after upgrading to newest rc version which has hw-offload in bridge it was also tested.

My question is about actual NAT performance between WAN<->LAN ports. How hEX should really perform? Because I cannot achieve more than 560-600 Mbps and I think this is a bit to small value for a two core 880 MHz CPU. Or am I wrong? :?
And yes – I also tested it bypassing the hEX and plugging in my computer just after FTTH ONT and then I'm nearly saturating GbE port achieving ~930 Mbps.

Is hEX really that slow?
Rafał Wójcik from AWB-NET
High Definition enthusiast
 
darkprocess
Member Candidate
Member Candidate
Posts: 253
Joined: Fri Mar 20, 2015 1:16 pm

Re: hEX NAT performance

Tue Oct 03, 2017 9:02 am

Is fasttrack activated? If no you need to put the fw rules
 
User avatar
Raf
Member Candidate
Member Candidate
Topic Author
Posts: 171
Joined: Thu May 07, 2009 4:26 pm
Location: Olesnica, Poland
Contact:

Re: hEX NAT performance

Tue Oct 03, 2017 9:16 am

Oh. Totally forgot about Fasttrack. I've activated it and yes the performance hit nearly 2X. Now it works like it should.

BTW – MT Wiki says:
Fasttracked packets bypass firewall, connection tracking
So now with Fasttrack conntrack works or not?
Rafał Wójcik from AWB-NET
High Definition enthusiast
 
User avatar
vadimbn
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Sun Aug 25, 2013 6:41 pm
Location: Russia, Berdsk
Contact:

Re: hEX NAT performance

Tue Oct 03, 2017 7:13 pm

MT7621A include the PPE (Packet Processing Engine) but RouterOS can not work with it. So yes, hEX will limit of speed of network without fast tracking. And speed will be more limited if you will use any tunnels or many firewall rules. Ubiquiti ER-X will be better for network address translation on gigabyte speed - its EdgeOS can use HW_NAT (PPE) and CryptoEngine simultaneously. RouterOS can use only CryptoEngine for IPsec tunnels (and it is also great, but...).

So I have question for Mikrotik's developers and managers - is there any chance that HW_NAT will be used by RouterOS in the future?
Veni. Vidi. Feci.
RBSXTLTE3-7, CRS326-24G-2S+RM, RB850Gx2, RBMRTG, RB1100AHx4, RB750Gr3, RBD52G-5HacD2HnD-TC, Woobm-USB
 
troffasky
Member
Member
Posts: 395
Joined: Wed Mar 26, 2014 4:37 pm

Re: hEX NAT performance

Sun Oct 08, 2017 1:25 pm

BTW – MT Wiki says:
Fasttracked packets bypass firewall, connection tracking
So now with Fasttrack conntrack works or not?
Connection tracking is essential for NAT, so either that page is wrong, or there is a subtlety to the phrase "connection tracking" as they use it.
 
andriys
Forum Guru
Forum Guru
Posts: 1143
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: hEX NAT performance

Sun Oct 08, 2017 1:44 pm

Connection tracking is essential for NAT, so either that page is wrong, or there is a subtlety to the phrase "connection tracking" as they use it.
Fasttrack is, essentially, FastPath + connection tracking. But since fasttracked packets bypass firewall almost entirely, connection tracking becomes barely usable for anything except NAT and fasttrack itself.

Who is online

Users browsing this forum: No registered users and 7 guests