HW Offload on LAN ports not working

densukke · January 5, 2023, 11:53am

Hello fellow MK users! i have one that might be very silly and escapes my monkey brain, or a complex one depends on what im missing here..

My config before any more talk..

# jan/05/2023 12:39:28 by RouterOS 6.49.7
# software id = LPE0-URXN
#
# model = RBD52G-5HacD2HnD
# serial number = ************
/interface bridge
add admin-mac=18:FD:74:2B:XX:XX auto-mac=no name=Bridge-lan
add admin-mac=18:FD:74:2B:XX:XX auto-mac=no name=Bridge-wan
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-full comment="Internet 1G"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
    name=CASA supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2422 \
    mode=ap-bridge security-profile=CASA ssid="Fibertel 2.4GHZ"
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-eC \
    disabled=no frequency=5560 mode=ap-bridge security-profile=CASA ssid=\
    "Fibertel 5GHZ"
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Bridge-lan lease-time=4d3h \
    name=dhcp1
/queue type
add kind=pcq name=DOWN pcq-classifier=dst-address
add kind=pcq name=UP pcq-classifier=src-address
add kind=sfq name=defaultsfq
/queue simple
add disabled=yes max-limit=5M/5M name=defaultwfq queue=defaultsfq/defaultsfq \
    target=ether1 total-queue=defaultsfq
/queue tree
add name="QoS DOWN" parent=Bridge-lan queue=DOWN
add name="QoS UP" parent=Bridge-wan queue=UP
add limit-at=64k max-limit=128k name="Ping Down" packet-mark=icmp parent=\
    "QoS DOWN" priority=1 queue=DOWN
add limit-at=64k max-limit=128k name="DNS Down" packet-mark=dns parent=\
    "QoS DOWN" priority=2 queue=DOWN
add name="QUIC Down" packet-mark=quic parent="QoS DOWN" priority=5 queue=DOWN
add name="WEB Down" packet-mark=web parent="QoS DOWN" priority=3 queue=DOWN
add name="Resto Down" packet-mark=resto parent="QoS DOWN" queue=DOWN
add limit-at=64k max-limit=128k name="PING Up" packet-mark=icmp parent="QoS UP" \
    priority=1
add limit-at=64k max-limit=128k name="DNS Up" packet-mark=dns parent="QoS UP" \
    priority=2 queue=UP
add name="QUIC Up" packet-mark=quic parent="QoS UP" priority=5 queue=UP
add name="WEB Up" packet-mark=web parent="QoS UP" priority=3 queue=UP
add name="RESTO Up" packet-mark=resto parent="QoS UP" queue=UP
/interface bridge port
add bridge=Bridge-wan interface=ether1
add bridge=Bridge-lan interface=ether2
add bridge=Bridge-lan interface=ether3
add bridge=Bridge-lan interface=ether4
add bridge=Bridge-lan interface=ether5
add bridge=Bridge-lan interface=wlan1
add bridge=Bridge-lan interface=wlan2
/interface bridge settings
set use-ip-firewall=yes
/interface detect-internet
set detect-interface-list=all wan-interface-list=all
/ip address
add address=192.168.1.1/24 interface=Bridge-lan network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=no interface=Bridge-wan use-peer-dns=no
/ip dhcp-server lease
add address=192.168.1.10 client-id=1:4c:cc:6a:8d:ab:4 mac-address=\
    4C:CC:6A:8D:AB:04 server=dhcp1
add address=192.168.1.23 client-id=1:5c:62:5a:d7:32:10 mac-address=\
    5C:62:5A:D7:32:10 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 query-server-timeout=1s \
    servers=8.8.4.4,1.1.1.1
/ip firewall address-list
add address=192.168.1.0/24 list=localan
/ip firewall filter
add action=accept chain=input comment="Allow DDNS" dst-port=8291 protocol=tcp
add action=accept chain=input comment="Allow access to Router from LAN" \
    src-address-list=localan
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow conn from Lan" connection-state=\
    new in-interface=Bridge-lan
add action=accept chain=forward comment="Allow established conn" \
    connection-state=established
add action=accept chain=forward comment="Allow related conn" connection-state=\
    related
add action=drop chain=forward comment="Dropp all"
add action=accept chain=input comment="Allow Related conn to Router" \
    connection-state=related
add action=accept chain=input comment="Allow established conn to Router" \
    connection-state=established
add action=drop chain=input comment="Drop all Traffic to router"
/ip firewall mangle
add action=mark-connection chain=prerouting comment=ICMP new-connection-mark=\
    icmp_conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp_conn \
    new-packet-mark=icmp passthrough=no
add action=mark-connection chain=prerouting comment=DNS new-connection-mark=\
    dns_conn passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=dns_conn \
    new-packet-mark=dns passthrough=no
add action=mark-connection chain=prerouting comment=QUIC new-connection-mark=\
    quic_conn passthrough=yes port=443 protocol=udp
add action=mark-packet chain=prerouting connection-mark=quic_conn \
    new-packet-mark=quic passthrough=no
add action=mark-connection chain=prerouting comment=WEB new-connection-mark=\
    web_conn passthrough=yes port=80,443 protocol=tcp
add action=mark-packet chain=prerouting connection-mark=web_conn \
    new-packet-mark=web passthrough=no
add action=mark-connection chain=prerouting comment=RESTO new-connection-mark=\
    resto_conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=resto_conn \
    new-packet-mark=resto passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Bridge-wan
/ip firewall raw
add action=accept chain=prerouting comment="DDoS - allow" limit=400,5:packet \
    protocol=tcp tcp-flags=syn
add action=drop chain=prerouting comment="DDoS - Deny" protocol=tcp tcp-flags=\
    syn
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=8228
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Bratislava
/system identity
set name=Valhalla2
/system logging
add action=disk topics=info
add topics=critical
add action=disk topics=critical
add action=disk topics=error
add topics=event
add action=disk topics=event
add topics=interface
add action=disk topics=interface
add topics=state
add action=disk topics=state
add action=disk topics=warning

recently got around to setting my home NAS , and saw that my MK seems to be throttling when going THROUGH the MK, and getting just a mere 40MB to the NAS. (all ports are 1G, to NAS and computers wired too) and here goes my question:

My eth1 going to my ISP shows the H for HwOffloading, but i can not for the life of me have the other 4 ports to make HWOFF to work… i know the chip supports it, but why is it only showing in port 1?

[densukke@Valhalla2] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE                               BRIDGE                              HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0   H ether1                                  Bridge-wan                          yes    1     0x80         10                 10       none
 1     ether2                                  Bridge-lan                          yes    1     0x80         10                 10       none
 2     ether3                                  Bridge-lan                          yes    1     0x80         10                 10       none
 3 I   ether4                                  Bridge-lan                          yes    1     0x80         10                 10       none
 4 I   ether5                                  Bridge-lan                          yes    1     0x80         10                 10       none
 5     wlan1                                   Bridge-lan                                 1     0x80         10                 10       none
 6     wlan2                                   Bridge-lan                                 1     0x80         10                 10       none
[densukke@Valhalla2] >

any help is apprecieated

DLC

biomesh · January 5, 2023, 12:02pm

You can only hardware offload on one bridge at a time. Remove the wan bridge, as it is not a bridged interface by default.

densukke · January 5, 2023, 12:17pm

thanks, but how can i choose what bridge is the HWOFF configured on? or only on the first created bridge is where HWOFF will work?

mkx · January 5, 2023, 12:28pm

If all ports of certain bridge are set with hw=no, then that bridge will not be HW offloaded (and another one can be).

densukke · January 5, 2023, 12:35pm

i thought that would be the case, what would be the terminal command to disable the HWOFF on the WAN bridge and enable on the LAN bridge? (i only want this for only for my lan and NASside of things) since i cant seem to find the WINBOX options everywhere i checked.

thanks!

erlinden · January 5, 2023, 12:36pm

Why do you have a bridge configured for WAN? There is only one interface (eth1) on the bridge!?

densukke · January 5, 2023, 12:38pm

i use that as other parts of my config show it, its not just sake of creating bridges aimlessly.

biomesh · January 5, 2023, 1:20pm

Use a command similar to

/interface/bridge/port set bridge=bridge-wan interface=ether1 hw=no

Repeat for all interfaces in the wan bridge.

densukke · January 5, 2023, 2:02pm

that did the trick

[densukke@Valhalla2] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE                               BRIDGE                              HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0     ether1                                  Bridge-wan                          no     1     0x80         10                 10       none
 1   H ether2                                  Bridge-lan                          yes    1     0x80         10                 10       none
 2   H ether3                                  Bridge-lan                          yes    1     0x80         10                 10       none
 3 I H ether4                                  Bridge-lan                          yes    1     0x80         10                 10       none
 4 I H ether5                                  Bridge-lan                          yes    1     0x80         10                 10       none
 5     wlan1                                   Bridge-lan                                 1     0x80         10                 10       none
 6     wlan2                                   Bridge-lan                                 1     0x80         10                 10       none
[densukke@Valhalla2] >

Thanks!!