"real switch" being a relative term I think. Setting the port "master" to another port sort of makes it into a hardware based hub more than a switch. While the traffic does not go "through" the Tik, it doesn't use all of the intelligence of a true switch.... More like aggregated port mirroring.
We experimented with that at our tower vs. bridging ports.... Bridging them got about 50% of the throughput of their "switch" function, but with the compromise of traffic showing up on all "switched ports" vs. just the one the traffic was "supposed" to go to based on the function of a real switch Paul From: [email protected] [mailto:[email protected]] On Behalf Of Bill Prince Sent: Thursday, January 20, 2011 6:39 PM To: [email protected] Subject: Re: [Mikrotik] p2p firewall rule There are a few boxes (RB450x, RB493, RB1100) that can do a real switch operation on selected ports. bp On 1/20/2011 2:57 PM, Robert Haas wrote: > I wonder if Butch can hear me cussing? > > Thanks for that little tidbit. I think I may have found the proverbial straw > for my traffic shaping attempt. > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Scott Reed > Sent: Thursday, January 20, 2011 3:50 PM > To: Mikrotik discussions > Subject: Re: [Mikrotik] ***SPAM*** Re: p2p firewall rule > > AH, bridged. That is a software operation as well, so it adds to the > processor utilization. Not sure what their algorithms are, but routing > takes less processor than bridging. Or it least it did in 3.x and > earlier. I doubt that has changed. > > On 1/20/2011 4:44 PM, Robert Haas wrote: >> I knew layer 7 could potentially be an issue, but I've been running > similar >> rules on the network for quite some time now on older machines. For some >> reason this combo of rules caused an issue.. You're right though, it's the >> PPS not the aggregate traffic flow. Even the PPS isn't high enough to > cause >> an issue IMO. >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Butch Evans >> Sent: Thursday, January 20, 2011 3:15 PM >> To: Mikrotik discussions >> Subject: Re: [Mikrotik] ***SPAM*** Re: p2p firewall rule >> >> On 01/20/2011 02:38 PM, Robert Haas wrote: >>> The layer 7 rule is still active and I'm back to 40-50% cpu load. >>> I wouldn't have thought connection limiting would cause an issue, but >> could >>> it be a combination of the two - layer 7& connection limiting? >> Layer 7 is certainly a high cpu cost. Connection limiting is not >> usually that much of a cpu intensive rule, but it is certainly more than >> inspecting tcp headers or whatever. Most (not all) stateful matchers >> are relatively low cpu requirements. >> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ________________________________ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1191 / Virus Database: 1435/3392 - Release Date: 01/20/11 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20110121/79c67322/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
