Yeah, that's not going to work. Bridges drastically impact performance. On Jan 26, 2016 7:24 PM, "Brett A Mansfield" <[email protected]> wrote:
> My thought was to create router VLANs and I can put the CPE in any VLAN > that has available IPs. But I have to bridge the VLAN to the WAN of the > router which keeps hitting the CPU so hard that it brought everything to a > crawl. > > Thank you, > Brett A Mansfield > > On Jan 26, 2016, at 6:21 PM, Josh Reynolds <[email protected]> wrote: > > Yes, you can create /30 for each client, which which is fairly wasteful, > or you could allocate a subnet per vlan, which you can under/over estimate > during provisioning there. PPPoE is another option, and one I'm personally > not a fan of. You could 1:1 NAT them, but that scales very poorly. > > You could also simply get more IPv4, which is likely the easiest. > > At some point soon, you really need to be looking at IPv6 though. > On Jan 26, 2016 7:14 PM, "Brett A Mansfield" <[email protected]> > wrote: > >> I currently have a router with two ports that are not bridged to each >> other, but are statically routed. On each port I have the untagged Public >> LAN with Public IPs, and a tagged VLAN with internal IPs for management. >> But yes, after the router it is just a large bridged/switched network. Some >> of my older devices have run out of ram due to a large bridge table. The >> newer devices do not have that issue. >> >> I'm not really having any major issues. I did have each and every access >> point on their own dedicated port to the router with their own network. My >> issue with that was I had several ports running out of public IPs while >> others had more than enough to spare. I don't want to waste all of these >> IPs routing them like that, and I want to be able to move them around at >> will. PPPoE is not an option for me. >> >> Thank you, >> Brett A Mansfield >> >> > On Jan 26, 2016, at 5:38 PM, Josh Reynolds <[email protected]> >> wrote: >> > >> > So, if you tried to create a bunch of vlans and then bridged them all >> > together to terminate them on a single router interface/subnet/ip, >> > thats not going to work. What you just did didn't really segment >> > anything at all, and turned a fairly high performance (relatively >> > speaking) router into a kind of "hub". Remember hubs? Before swithces? >> > Terrible, terrible things. >> > >> > VLANs are not complicated constructs, and it drives me nuts that they >> > are so poorly understood. >> > >> > For you to segment your network, there are two ways to do it. You can >> > do it at layer2 with vlans, but those vlans will still terminate on >> > their own subnet at a router somewhere. The other way to do it is via >> > layer3, and route everything through your network. Both have >> > advantages, and the advantages of both depend on the network design, >> > transport medium used, etc. >> > >> > Are you currently running a large bridged/switch network and having >> issues? >> > >> > On Tue, Jan 26, 2016 at 6:06 PM, Brett A Mansfield >> > <[email protected]> wrote: >> >> What is a good router with FastPath. If I recall, the CCR had that, >> but I wasn't impressed with anything Mikrotik. >> >> >> >> I just want to segment my network into VLANs to limit the broadcast >> domain. I would also like to segregate services such as video and Internet. >> >> >> >> Thank you, >> >> Brett A Mansfield >> >> >> >>> On Jan 26, 2016, at 4:57 PM, Josh Reynolds <[email protected]> >> wrote: >> >>> >> >>> Okay, bridging a VLAN is where you are going wrong. Bridging is ALWAYS >> >>> going to send traffic to a low performance management CPU as opposed >> >>> to some type of FastPath hardware offloaded implementation. >> >>> >> >>> You need to attach a network diagram, and explain what you are trying >> to do. >> >>> >> >>> On Tue, Jan 26, 2016 at 5:54 PM, Brett A Mansfield >> >>> <[email protected]> wrote: >> >>>> I'm looking for the best router available to handle Internet over >> VLANs that doesn't peg the CPU. >> >>>> >> >>>> Currently I use a UBNT EdgeRouter Pro, but I cannot get more than >> 100Mb from a bridged VLAN and that pegs the CPU to 100%. I get the same >> issue on CCRs. >> >>>> >> >>>> Thank you, >> >>>> Brett A Mansfield >> >
