MikroTik

Running a very small WISP with about 40 customers on PPPoE I can see that CPU load on the RB433AH border router/gateway easily reaches 50-70% on daytime, and even close to 100% when total throughput reaches 15-20Mbps.
My setup is pretty much according to the one presented by Lutz Kleemann, Meconet, at the '08 Krakow MUM: http://mum.mikrotik.com/presentations/E ... leeman.pdf
meaning one EOIP tunnel from each AP bridged together at the gateway, running PPPoE server on the bridge. One simple queue is created per connection.
In addition this RB takes care of an NStreme Dual link, feeding most of the APs.

The RB433AH thus handles the following:

-Firewalling
-PPPoE server
-Simple queues
-Logging
-NStreme2

As I started out small some while ago this was no problem, but now I have to do something.
But first I would like to hear your opinions: Which tasks are the most CPU demanding of these?
Will some kind of distributing the tasks between several RB433AHs do the trick ( for instance one for NStreme2, one for PPPoE/Queues and one for firewall), or is the best approach to throw in an RB1100 for everything (except NStreme2 of course)?
The NStreme2 I am anyway planning to move to a separate Jirous Dual Polarity with RB433AH embedded in the Gentlebox enclosure.
I have pretty much standarized on RB433AH and have quite a few of them laying around.

My backbone fiber connection is limited at 100 Mbps, so to increase ROI I am planning to double or triple my customer base in the near future
Cost is definetely an issue, but something has to be done rather soon and I would like a scalable solution if possible.

Is ROS version an issue? Due to the risk and possible night labour involved in upgrading I am still on 3.28 on this one.

So what do you recommend?

ROS 4.11 seems fairly stable to me. I'm running it on a number of units without issue.

Switch to Queue Tree instead of Simple Queue. It offers better performance.

http://mum.mikrotik.com/presentations/C ... _Megis.pdf
http://forum.mikrotik.com/viewtopic.php?f=13&t=43829

It may be possible to optimize your firewall rules and logging config. Also, Nstreme performs packet processing directly through the host CPU, not in hardware, so it is more CPU intensive. You may want to switch to full duplex links with OSPF. It has the added benefit that traffic will still forward if one of the wireless links goes down.

I gues nstreme2 cause cpu load. there nothing u can do, except replacing rb to powerpc

Thank you guys for your replies!

blake:
Actually I attended Janis' presentation in Prague myself, and (as usual) it was a very detailed and good one. However I haven't employed Queue trees yet.
As I understand, I will only omit "Rate Limit" in the PPP profiles and mangle based on address lists instead, right?

One question regarding Simple Queues being CPU demanding: According to Janis this is because for each packet the router works it way through all queues until it finds the right one.
Is this the case also for these automatically created queues related to PPPoE?

I too run 4.11 on newly deployed routers, and it works very good. Just wondered whether 3.28 has any known flaws might leading to excess CPU consumption.

The Full Duplex approach you are linking to looks very interesting! Until now I have stuck to static routes, but this is well worth trying.
But how do you decide that one link is RX and the other TX? Sorry for my ignorance, but I cannot immediately see how this is defined.

DannyZ:
As mentioned, I am planning to separate the NStreme2 handling from the rest anyway, but is it possible to estimate how much CPU Nstreme2 alone consumes?
Is PPC at a given CPU frequency more powerful than MIPS?

PPC is more powerful than a MIPS processor. And my apologies. I posted that link to the OSPF setup in haste. This is a much better link.

http://wiki.mikrotik.com/wiki/Dual_Setup_with_OSPF

You adjust which link is TX and RX by modifying the OSPF interface cost on each side of the link.

Hi Bomber67,

you could split up tasks between RB's, I would recomment to put the wirless connection on a separate board, only doing wireless backhaul / backbone whatever. if your cpu is at 100 %, wireless will suffer as well as your firewall throughput.

Perhaps a RBB 800 would do the trick for you, use your actual RB433AH as Wireless only, and do the other things on RB800. If you plan (or think about) segmentation of your Network, as you want to grow, or having more backbone links at that place where your AH433 is, perhaps it would be better to buy a RB1100, as you have much more ethernet ports to use. You could use a switch, of course, but with RB1100 you would have more options on Firewall, QOS, bandwith priority and other things.

With RB800 you will use one ether for Wireless AH433 connection, one for Internet access to your fiber, and you end up with one port left. Could be too few in a while....

btw: 100 Mbit Fiber for 40 Customers? Where the hell do you live and what does this fiber cost at your location?

Sincerely
Schnulch

dont think he needs rb800, coz rb433ah can run 800Mhz as well

I DO think he would need some serious power, because he now runs at nearly 100% of his rb433ah, and wants to double or triple his customers, hence his throughput, and that will not work out with 120 MHz more of processing power. And even with his atm not too large buisness, I would not recommend to "overclock" his equipment, from a mtbf / uptime point of view anyways...

Sincerely
Schnulch