So a shared LAN between network A, B and C. What I want to do is to separate these networks. I thought to do it using VLAN, so defining different VLANs on the router and using managed L2 switch ports configured with the properly VLAN. This is working and clear but I have a problem: data transfer between networks A and B before was direct, now it's routed through the router and so through the wifi link, that is the real bottleneck of the LAN (throughput is 70 Mbit agains 1 Gbit of the wired lan) with terrible performance, as well as improper use of the wifi connection that is unluckly the LAN "dorsal" for internet access).
There is a way to have logical isolation but at the same time no loss of performance? The only way I thought was adding a second router (router B) near STA, on wired LAN, so that the main router (router A) can manage VLAN for network C and router B for network A and B.
Obviously the 6 km wifi link has something to do with it, this is one of the reasons I need to separate networks, also for better broadcast management and also to operate best control on the network traffic (and to shape it if required)
For the link I use a couple of Ubiquiti Rocket 5AC PTP with channel bandwith of 40 MHz. Antennas are Ubiquiti parabolic of 30 dB (if I remember correctly), with radome, metallic shield on the radio and also the slant accessory to modify polarization to 45°, in order to reduce local interferences, in particular other 5 GHz devices in vertical one. It's an exceeding configuration for only 6 km but I have fresnel lightly obstacled (STA position is not particurly high). With this configuration I'm able to get also 100 Mbit with settings tuning, but in some conditions link becames instable so I prefer to maintain a lower bitrate. I started fifteen years ago with 2.4 Ghz and broadcom devices (WHR-HP-G54) because I live in a rural location in which there is no DSL possibility, in the years I got to experiment different solution in this p2p configuration, and the current is the most performant at the moment. I tried also Ubiquiti AirFiber hardware at 5 GHz but I had worse performance so I reverted to AC solution.
BATMAN is a mesh protocol, are you saying that BATMAN implements a sort of layer3 vlan switching? Anyway I don't think that is possible to use BATMAN in this scenario, because AP and STA have original AirOS firmware, for use BATMAN I have to pass to OpenWRT, I don't think that is hardware is supported but in any case I need AirOS because of the firmware optimization for long distance link (and also for management implementation in UNMS).
so, fundamentally there are two ways of attacking this, with some overlap...
purely physical ( wifi hardware / dual ptp non-overlapping vs alternate manu/freq/microwave etc ) in otherwords... diversify vs quantify...
L2/2.5 isolation / optimisation / 'bundling' within the physical circuits provided by the above / 'bundling' either within tunnels and/or end to end switch functionality i.e. LACP etc. )
honestly, I think your need is primarily driven by constraint one above... and as it dictates what you can do with option two above... it best to decide / alter / solidify this layer before messing with tunnels / LACP / mls etc. much having some level of dependancy on the above and/or auxillary equipment / os functionality )
for the average user on this forum... for simplicity sake, a secondary non-overlapping p-t-p link is probably the most practicable next step... ( albeit potentially costly or physically constrained / prohibited ) one could then choose whether to try to aggregate or isolate 2.5+ flows... and by what means ( isolate being the simplest albeit least efficient )
for the savvy network manager... one must make a hard and fast choice between potentially costly single / multiple quality link upgrades... vs time intesive often non-heterogeneous workarounds / 2.5 and up 'solutions' that provide better controls over traffic flows, isolation and aggregation.
for instance, just one random example... mtcp carrying vswitch tunnels to each end... etc. etc.
Any tunneling scheme you'd need an OpenWrt router on both ends to implement the tunnel / de-tunnel function. This is supposed to be possible (and fast) with the GRE tunnel drivers but I had problems with MTU issues and gave up on that.
Most of the VPN protocols have an option to not encrypt traffic, which saves a lot of CPU time. AirOS encrypts packets before going out on the air so you don't need to encrypt again for the tunnel.
apologies... @eduperez is absolutely right... ( after re-reading your question... )... the fact that your diagram shows one client per vlan... was a little off putting... and my responses have been geared towards aggregation and control over the singular wifi link... ( which will quickly become the primary issue once you multiply the number of clients per vlan )
fwiw... my L2-ish cisco sg-2600-16 will happily perform local gateway on a stick duties for an isolated segment... ( tho' @eduperez spot would be the common choice for most... the only thing my switch wont do is dhcp server ( will relay ) or nat...
