Hardware is a big unknown with CHR, it really depends. But decent hardware, used to run hypervisors, tends to be much more capable for general processing (e.g. FW rules) than most of mikrotik's hardware. So I can imagine that CHR can outperform most (if not all) MT hardware routers/firewalls.Is it the hardware or am I missing something?
So you can't compare old and current setup after all.I also swapped masquerade with src-nat.
Anyway, what you observe (faster UL than DL) seems to point at firewall rules (in particular DST-NAT) which seem to be a bit non-optimal. If it was something else (e.g. MTU), it would either present in both directions (but you see decent performance in UL) or the effect would be very dire (MTU mismatch usually means effective throughput in order of kbps or even no communication at all).
So it would be necessary to see actual RB5009 communication to give you some better advice.
Statistics: Posted by mkx — Fri Mar 15, 2024 3:52 pm