AH, bridged. That is a software operation as well, so it adds to the
processor utilization. Not sure what their algorithms are, but routing
takes less processor than bridging. Or it least it did in 3.x and
earlier. I doubt that has changed.
On 1/20/2011 4:44 PM, Robert Haas wrote:
I knew layer 7 could potentially be an issue, but I've been running similar
rules on the network for quite some time now on older machines. For some
reason this combo of rules caused an issue.. You're right though, it's the
PPS not the aggregate traffic flow. Even the PPS isn't high enough to cause
an issue IMO.
-----Original Message-----
From: mikrotik-boun...@mail.butchevans.com
[mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Butch Evans
Sent: Thursday, January 20, 2011 3:15 PM
To: Mikrotik discussions
Subject: Re: [Mikrotik] ***SPAM*** Re: p2p firewall rule
On 01/20/2011 02:38 PM, Robert Haas wrote:
The layer 7 rule is still active and I'm back to 40-50% cpu load.
I wouldn't have thought connection limiting would cause an issue, but
could
it be a combination of the two - layer 7& connection limiting?
Layer 7 is certainly a high cpu cost. Connection limiting is not
usually that much of a cpu intensive rule, but it is certainly more than
inspecting tcp headers or whatever. Most (not all) stateful matchers
are relatively low cpu requirements.
--
Scott Reed
Owner
NewWays Networking, LLC
Wireless Networking
Network Design, Installation and Administration
Mikrotik Advanced Certified
www.nwwnet.net
(765) 855-1060
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
