Hello,
Just wondering of I can use bridge filtering functionality (or IP firewall filtering on the bridge) without disabling HW offload on LAN interface.
Scenario:
1. Mangle rules created to mark packets between 2 LAN devices connected to eth2 and eth4
Bridge is configured to use IPfirewall rules
Simple queue created to manage traffic marked as per mangle rule
with this scenario, there is no traffic flow between interfaces
2. With above scenario, port4 configured with disabled HW offload. The traffic flow starts to show in mangle rules and in the queue
The consequence of the HW offload disabled on one port:
a. the traffic throughput decreases by like 3 times including the interfaces the should not be affected. So instead 1Gb speeds, I get 300-350mbps on average between other bridged LAN devices.
b. CPU usage usage spikes and holds at 100%
At the moment I'm using HAP AC as my main router. Wifi is disabled as I'm using other wifi6 solution, so Mikrotik acts as a pure router.
I also have HAP AC2 and WAP AC which I haven't tried in this scenario
So the question is if I can have bridge filtering working somehow without tremendous decrease of the router performance (hw offload stays enabled)