Community discussions

MikroTik App
  4. RouterOS
  5. General

Not having wire speed transfer between same VLAN on CRS354!

Post Reply
 
kmp101
just joined
Topic Author
Posts: 9
Joined: Fri Feb 09, 2024 2:36 pm

Not having wire speed transfer between same VLAN on CRS354!

Sat Mar 09, 2024 3:11 pm

Hello everyone,
After struggling to find the right way to configure my RB4011 and CRS354 using VLANS with QoS and after everything seam to work well, I came to a point that connection, let's say from PC1-VLAN10 to PC2-VLAN10 not reaching the wire speed when copying between these two PCs while both PCs have Gigabit Interfaces!!
To be honest, the configuration might be a mess and I'm not sure if I did setup correctly but I think that something is going wrong with the hardware offload!!!


This is the configuration at the Router side:
Code: Select all
# 2024-03-09 13:38:44 by RouterOS 7.14
# software id = XXXX-XX2C
#
# model = RB4011iGS+
# serial number = XXXXXXXXVH2
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-ISP1
set [ find default-name=ether6 ] name=ether6-ISP2
set [ find default-name=ether10 ] name=ether10-Management
set [ find default-name=sfp-sfpplus1 ] comment="Link to Switch" name=\
    sfp-sfpplus1-TRUNK
/interface vlan
add interface=sfp-sfpplus1-TRUNK name=vlan10-PC vlan-id=10
add interface=sfp-sfpplus1-TRUNK name=vlan20-PS vlan-id=20
add interface=sfp-sfpplus1-TRUNK name=vlan30-CCTV vlan-id=30
add interface=sfp-sfpplus1-TRUNK name=vlan40-AP vlan-id=40
add interface=sfp-sfpplus1-TRUNK name=vlan50-SHPIA vlan-id=50
add interface=sfp-sfpplus1-TRUNK name=vlan99-MGMT vlan-id=99
/interface list
add name=WAN
add name=LAN
add name=DISCOVERY
/ip pool
add name=dhcp_pool-Management ranges=192.168.99.5-192.168.99.254
add name=dhcp_pool-PC ranges=192.168.10.26-192.168.10.254
add name=dhcp_pool-PS ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool-CCTV ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool-WIFI ranges=192.168.40.2-192.168.40.254
add name=dhcp_pool5 ranges=192.168.50.2-192.168.50.254
/ip dhcp-server
add address-pool=dhcp_pool-Management interface=bridge1 name=dhcp-Management
add address-pool=dhcp_pool-PC interface=vlan10-PC name=dhcp-PC
add address-pool=dhcp_pool-PS interface=vlan20-PS name=dhcp-PS
add address-pool=dhcp_pool-CCTV interface=vlan30-CCTV name=dhcp-CCTV
add address-pool=dhcp_pool-WIFI interface=vlan40-AP name=dhcp-WIFI
add address-pool=dhcp_pool5 interface=vlan50-SHPIA name=dhcp-SHPIA
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
set 1 name=serial1
/queue tree
add max-limit=56M name="All Bandwidth" parent=global
/queue type
add kind=pcq name=PCQ-Download pcq-classifier=dst-address
add kind=pcq name=PCQ-UIpload pcq-classifier=src-address
add kind=fq-codel name=FQ-CODEL
add kind=sfq name=WIFI-SFQ
/queue tree
add max-limit=56M name=Dwonload parent="All Bandwidth" queue=PCQ-Download
add max-limit=27M name=Upload parent="All Bandwidth" queue=PCQ-UIpload
add max-limit=50M name=VLAN10-PC-Down packet-mark=DOWN_PACKET_VLAN10 parent=\
    Dwonload queue=FQ-CODEL
add max-limit=50M name=VLAN20-PS-Down packet-mark=DOWN_PACKET_VLAN20 parent=\
    Dwonload queue=FQ-CODEL
add limit-at=5M max-limit=10M name=VLAN30-CCTV-Down packet-mark=\
    DOWN_PACKET_VLAN30 parent=Dwonload queue=FQ-CODEL
add limit-at=10M max-limit=20M name=VLAN40-WIFI-Down packet-mark=\
    DOWN_PACKET_VLAN40 parent=Dwonload queue=WIFI-SFQ
add limit-at=10M max-limit=20M name=VLAN50-SHPIA-Down packet-mark=\
    DOWN_PACKET_VLAN50 parent=Dwonload queue=FQ-CODEL
add max-limit=20M name=VLAN10-PC-Up packet-mark=UP_PACKET_VLAN10 parent=\
    Upload queue=FQ-CODEL
add max-limit=20M name=VLAN20-PS-Up packet-mark=UP_PACKET_VLAN20 parent=\
    Upload queue=FQ-CODEL
add limit-at=5M max-limit=10M name=VLAN30-CCTV-Up packet-mark=\
    UP_PACKET_VLAN30 parent=Upload queue=FQ-CODEL
add limit-at=5M max-limit=10M name=VLAN40-WIFI-Up packet-mark=\
    UP_PACKET_VLAN40 parent=Upload queue=FQ-CODEL
add limit-at=5M max-limit=10M name=VLAN50-SHPIA-Up packet-mark=\
    UP_PACKET_VLAN50 parent=Upload queue=FQ-CODEL
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1-TRUNK
add bridge=bridge1 interface=ether10-Management
add bridge=bridge1 interface=vlan99-MGMT
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=DISCOVERY
/ipv6 settings
set disable-ipv6=yes forward=no
/interface list member
add interface=ether1-ISP1 list=WAN
add interface=ether6-ISP2 list=WAN
add interface=bridge1 list=LAN
add interface=vlan10-PC list=LAN
add interface=vlan20-PS list=LAN
add interface=vlan30-CCTV list=LAN
add interface=vlan40-AP list=LAN
add interface=vlan50-SHPIA list=LAN
add interface=bridge1 list=DISCOVERY
/ip address
add address=192.168.99.1/24 interface=bridge1 network=192.168.99.0
add address=192.168.10.1/24 interface=vlan10-PC network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20-PS network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30-CCTV network=192.168.30.0
add address=192.168.40.1/24 interface=vlan40-AP network=192.168.40.0
add address=192.168.50.1/24 interface=vlan50-SHPIA network=192.168.50.0
/ip arp
add address=192.168.99.2 interface=bridge1 mac-address=D4:01:C3:32:B6:F2
add address=192.168.99.3 interface=bridge1 mac-address=CC:2D:E0:19:C8:F2
/ip dhcp-client
add interface=ether1-ISP1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.30.0/24 gateway=192.168.30.1
add address=192.168.40.0/24 gateway=192.168.40.1
add address=192.168.50.0/24 gateway=192.168.50.1
add address=192.168.99.0/24 gateway=192.168.99.1
/ip dns
set servers=8.8.8.8,8.8.4.4,1.1.1.1
/ip firewall address-list
add address=192.168.99.0/24 list=Management
add address=192.168.10.0/24 list=PC
add address=192.168.20.0/24 list=PS
add address=192.168.30.0/24 list=CCTV
add address=192.168.40.0/24 list=AP
add address=192.168.50.0/24 list=Shpia
/ip firewall filter
add action=drop chain=input comment=\
    "Winbox Access Allowed Only Management Range" protocol=tcp \
    src-address-list=!Management src-port=8291
/ip firewall mangle
add action=mark-connection chain=prerouting comment=UP-VLAN10 \
    new-connection-mark=UP-Conn-VLAN10 passthrough=yes src-address=\
    192.168.10.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN10 \
    new-packet-mark=UP_PACKET_VLAN10 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN10 dst-address=\
    192.168.10.0/24 new-connection-mark=DOWN-Conn-VLAN10 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN10 \
    new-packet-mark=DOWN_PACKET_VLAN10 passthrough=yes
add action=mark-connection chain=prerouting comment=UP-VLAN20 \
    new-connection-mark=UP-Conn-VLAN20 passthrough=yes src-address=\
    192.168.20.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN20 \
    new-packet-mark=UP_PACKET_VLAN20 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN20 dst-address=\
    192.168.20.0/24 new-connection-mark=DOWN-Conn-VLAN20 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN20 \
    new-packet-mark=DOWN_PACKET_VLAN20 passthrough=yes
add action=mark-connection chain=prerouting comment=UP-VLAN30 \
    new-connection-mark=UP-Conn-VLAN30 passthrough=yes src-address=\
    192.168.30.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN30 \
    new-packet-mark=UP_PACKET_VLAN30 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN30 dst-address=\
    192.168.30.0/24 new-connection-mark=DOWN-Conn-VLAN30 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN30 \
    new-packet-mark=DOWN_PACKET_VLAN30 passthrough=yes
add action=mark-connection chain=prerouting comment=UP-VLAN40 \
    new-connection-mark=UP-Conn-VLAN40 passthrough=yes src-address=\
    192.168.40.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN40 \
    new-packet-mark=UP_PACKET_VLAN40 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN40 dst-address=\
    192.168.40.0/24 new-connection-mark=DOWN-Conn-VLAN40 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN40 \
    new-packet-mark=DOWN_PACKET_VLAN40 passthrough=yes
add action=mark-connection chain=prerouting comment=UP-VLAN50 \
    new-connection-mark=UP-Conn-VLAN50 passthrough=yes src-address=\
    192.168.50.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN50 \
    new-packet-mark=UP_PACKET_VLAN50 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN50 dst-address=\
    192.168.50.0/24 new-connection-mark=DOWN-Conn-VLAN50 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN50 \
    new-packet-mark=DOWN_PACKET_VLAN50 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-ISP1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/system clock
set time-zone-name=Europe/Tirane
/system identity
set name=Router
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.0
add address=129.250.35.250
/system routerboard settings
set enter-setup-on=delete-key
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=DISCOVERY
/tool mac-server mac-winbox
set allowed-interface-list=DISCOVERY
/tool romon
set enabled=yes
this is the configuration at the Switch side:
Code: Select all
# 2024-03-09 13:44:20 by RouterOS 7.14
# software id = XXXX-XXTA
#
# model = CRS354-48G-4S+2Q+
# serial number = XXXXXXXXW8V
/interface bridge
add dhcp-snooping=yes name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether36 ] comment="Link to AP" name=ether36-TRUNK
set [ find default-name=ether38 ] comment="Link to Shpia" name=ether38-TRUNK
set [ find default-name=ether48 ] comment="Management Port"
set [ find default-name=sfp-sfpplus1 ] comment="Link to Router" name=\
    sfp-sfpplus1-TRUNK
/interface list
add name=DISCOVERY
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1-TRUNK trusted=yes
add bridge=bridge1 interface=ether1 pvid=10
add bridge=bridge1 interface=ether2 pvid=20
add bridge=bridge1 interface=ether3 pvid=10
add bridge=bridge1 interface=ether4 pvid=20
add bridge=bridge1 interface=ether5 pvid=10
add bridge=bridge1 interface=ether6 pvid=20
add bridge=bridge1 interface=ether7 pvid=10
add bridge=bridge1 interface=ether8 pvid=20
add bridge=bridge1 interface=ether9 pvid=10
add bridge=bridge1 interface=ether10 pvid=20
add bridge=bridge1 interface=ether11 pvid=10
add bridge=bridge1 interface=ether12 pvid=20
add bridge=bridge1 interface=ether13 pvid=10
add bridge=bridge1 interface=ether14 pvid=20
add bridge=bridge1 interface=ether15 pvid=10
add bridge=bridge1 interface=ether16 pvid=20
add bridge=bridge1 interface=ether17 pvid=10
add bridge=bridge1 interface=ether18 pvid=20
add bridge=bridge1 interface=ether19 pvid=10
add bridge=bridge1 interface=ether20 pvid=20
add bridge=bridge1 interface=ether21 pvid=10
add bridge=bridge1 interface=ether22 pvid=20
add bridge=bridge1 interface=ether23 pvid=10
add bridge=bridge1 interface=ether24 pvid=20
add bridge=bridge1 interface=ether25 pvid=10
add bridge=bridge1 interface=ether26 pvid=20
add bridge=bridge1 interface=ether27 pvid=10
add bridge=bridge1 interface=ether28 pvid=20
add bridge=bridge1 interface=ether29 pvid=10
add bridge=bridge1 interface=ether30 pvid=20
add bridge=bridge1 interface=ether31 pvid=10
add bridge=bridge1 interface=ether32 pvid=20
add bridge=bridge1 interface=ether33 pvid=10
add bridge=bridge1 comment=vlan30-CCTV interface=ether34 pvid=30
add bridge=bridge1 interface=ether35 pvid=10
add bridge=bridge1 comment=vlan40-AP interface=ether36-TRUNK
add bridge=bridge1 interface=ether37 pvid=10
add bridge=bridge1 comment=vlan50-SHPIA interface=ether38-TRUNK
add bridge=bridge1 interface=ether39 pvid=10
add bridge=bridge1 interface=ether40
add bridge=bridge1 interface=ether41 pvid=10
add bridge=bridge1 interface=ether42
add bridge=bridge1 interface=ether43 pvid=10
add bridge=bridge1 interface=ether44
add bridge=bridge1 interface=ether45 pvid=10
add bridge=bridge1 interface=ether46
add bridge=bridge1 interface=ether47 pvid=10
add bridge=bridge1 comment=vlan99-Management interface=ether48 pvid=99
/ip firewall connection tracking
set enabled=no udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=DISCOVERY
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether1,ether3,ether5,et\
    her7,ether9,ether11,ether13,ether15,ether17,ether19,ether21,ether23,ether2\
    5,ether27,ether29,ether31,ether33,ether35,ether37,ether39,ether41,ether43,\
    ether45,ether47" vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether2,ether4,ether6,et\
    her8,ether10,ether12,ether14,ether16,ether18,ether20,ether22,ether24,ether\
    26,ether28,ether30,ether32" vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged=ether34 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK,ether36-TRUNK vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged=ether48 vlan-ids=99
/interface list member
add interface=sfp-sfpplus1-TRUNK list=DISCOVERY
add interface=bridge1 list=DISCOVERY
/ip address
add address=192.168.99.2/24 interface=bridge1 network=192.168.99.0
/ip dns
set servers=8.8.8.8,8.8.4.4,1.1.1.1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.99.1 routing-table=main \
    suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/system clock
set time-zone-name=Europe/Tirane
/system identity
set name=Switch
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.0
add address=129.250.35.250
/system routerboard settings
set boot-os=router-os enter-setup-on=delete-key
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=DISCOVERY
/tool mac-server mac-winbox
set allowed-interface-list=DISCOVERY
/tool romon
set enabled=yes
and this is the configuration of "RB951Ui-2HnD" which is acting as a temporary AP because I am going to use a "cAP ax" AP instead:
Code: Select all
# 2024-03-09 13:47:32 by RouterOS 7.13.5
# software id = XXXX-XX1G
#
# model = RB951Ui-2HnD
# serial number = XXXXXXXXDA7
/interface bridge
add dhcp-snooping=yes name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="Link to Switch" name=ether1-TRUNK
set [ find default-name=ether2 ] comment="Management Port"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n disabled=no installation=indoor \
    mode=ap-bridge ssid=MikroTik wps-mode=disabled
/interface list
add name=DISCOVERY
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 comment="Link to Switch" interface=ether1-TRUNK trusted=\
    yes
add bridge=bridge1 interface=wlan1 pvid=40
/ip firewall connection tracking
set enabled=no
/ip neighbor discovery-settings
set discover-interface-list=DISCOVERY
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=bridge1 tagged=ether1-TRUNK vlan-ids=99
add bridge=bridge1 tagged=ether1-TRUNK untagged=wlan1 vlan-ids=40
/interface ethernet switch vlan
add ports=ether1-TRUNK switch=switch1 vlan-id=40
/interface list member
add interface=ether1-TRUNK list=DISCOVERY
add interface=bridge1 list=DISCOVERY
/ip address
add address=192.168.99.3/24 interface=bridge1 network=192.168.99.0
/ip dns
set servers=8.8.8.8,8.8.4.4,1.1.1.1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.99.1 routing-table=main \
    suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Tirane
/system identity
set name=AP
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.0
add address=129.250.35.250
/tool mac-server
set allowed-interface-list=DISCOVERY
/tool mac-server mac-winbox
set allowed-interface-list=DISCOVERY
/tool romon
set enabled=yes
Just to note that everything works well until now, DHCP server, QoS, VLAN connectivity etc EXCEPT THE WIRE TRANSFER BETWEEN PCs WITHIN THE SAME VLAN and a 20-30 seconds delay at the DORA/DHCP PROCESS WHEN THE ARP TABLE IS CLEANED!
transfer.png
I really need some HELP!
Thanks in Advance!
You do not have the required permissions to view the files attached to this post.
Last edited by holvoetn on Sat Mar 09, 2024 9:50 pm, edited 2 times in total.
Reason: Clarified title
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11646
Joined: Thu Mar 03, 2016 10:23 pm

Re: Not having wire speed stransfer between same VLAN!

Sat Mar 09, 2024 3:43 pm

I'm guessing that the bottleneck is RB4011 since it's used as router. You better verify that by running CPU profile (preferably in CLI to avoid excessive burden which winbox/webfig tend to throw at device being monitored). Don't just observe general CPU load, some functions are single-threaded and in such cases single CPU core becomes bottleneck.

Although RB4011 is supposed to ge able to route at speeds exceeding 2Gbps it's probably not going to happen with your config. Your config is heavily using mangle and queues, all of this is very resource demanding. Maximum speeds are achievable on most devices only if fasttrack is effective, but mangling is not compatibke with it.
Besides, using multiple concurrent data streams does help to achieve better overall throughput. This is also the way devices are benchmarked (all ports used, traffic going in all possible directions)..
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Not having wire speed stransfer between same VLAN!

Sat Mar 09, 2024 3:48 pm

Guessing is for cats, sane animals work with facts! ;-PP

Both PCs are behind the CRS354 Switch?? If so, yes there is something wrong with the config and likely on the switch.
So lets start there.......

(1) I dont like your name DISCOVERY ( meaningless) , should be more akin to BASE or better MGMT ( management ).

/interface list
add name=MGMT

2. Minor details...............
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1-TRUNK trusted=yes ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge1 interface=ether1 pvid=10 ingress-filtering=yes frame-types=admit-priority-and-untagged
etc.........

3. To match change:
/ip neighbor discovery-settings
set discover-interface-list=MGMT

4. MAIN PROBLEMS with SWitch COnfig

a. need to tag bridge for management vlan
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether1,ether3,ether5,et\
her7,ether9,ether11,ether13,ether15,ether17,ether19,ether21,ether23,ether2\
5,ether27,ether29,ether31,ether33,ether35,ether37,ether39,ether41,ether43,\
ether45,ether47" vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether2,ether4,ether6,et\
her8,ether10,ether12,ether14,ether16,ether18,ether20,ether22,ether24,ether\
26,ether28,ether30,ether32" vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged=ether34 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK,ether36-TRUNK vlan-ids=40
add bridge=bridge1 tagged=bridge1,sfp-sfpplus1-TRUNK untagged=ether48 vlan-ids=99

b. Need to define management VLAN.
/interface vlan
add interface=bridge1 name=vlan99-MGMT vlan-id=99

c. Fix list members should be one liner:
/interface list member
add interface=vlan99-MGMT list=MGMT

d. IP ADDRESS WRONG................. should be:
/ip address
add address=192.168.99.2/24 interface=vlan99-MGMT network=192.168.99.0

e. Would also change IP DNS to:
/ip dns
set allow-remote-requests=yes servers=192.168.99.1

f. would set NTP Client Server TO:
/system ntp client servers
add address=192.168.99.1

g. Last change..................... TO:
/tool mac-server
set allowed-interface-list=NONE
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
Last edited by anav on Sat Mar 09, 2024 4:42 pm, edited 1 time in total.
Top
 
kmp101
just joined
Topic Author
Posts: 9
Joined: Fri Feb 09, 2024 2:36 pm

Re: Not having wire speed stransfer between same VLAN!

Sat Mar 09, 2024 4:32 pm

I'm guessing that the bottleneck is RB4011 since it's used as router. You better verify that by running CPU profile (preferably in CLI to avoid excessive burden which winbox/webfig tend to throw at device being monitored). Don't just observe general CPU load, some functions are single-threaded and in such cases single CPU core becomes bottleneck.

Although RB4011 is supposed to ge able to route at speeds exceeding 2Gbps it's probably not going to happen with your config. Your config is heavily using mangle and queues, all of this is very resource demanding. Maximum speeds are achievable on most devices only if fasttrack is effective, but mangling is not compatibke with it.
Besides, using multiple concurrent data streams does help to achieve better overall throughput. This is also the way devices are benchmarked (all ports used, traffic going in all possible directions)..
I think, the CPU on the RB4011 is not affected that much while copying/transferring from PC1 to PC2!
cpu profile cli.png
cpu profile winbox.png
You do not have the required permissions to view the files attached to this post.
Top
 
kmp101
just joined
Topic Author
Posts: 9
Joined: Fri Feb 09, 2024 2:36 pm

Re: Not having wire speed stransfer between same VLAN!

Sat Mar 09, 2024 5:20 pm

Both PCs are behind the CRS354 Switch?? If so, yes there is something wrong with the config and likely on the switch.
So lets start there.......
If you mean are they connected to the switch, then yes..! Both connected to the Switch accessing router via Trunk Ports for InterVLAN routing!
This is the topology!
topologyNEW.png
(1) I dont like your name DISCOVERY ( meaningless) , should be more akin to BASE or better MGMT ( management ).

/interface list
add name=MGMT
:) Yes, probably you're right... just a matter of choices!
2. Minor details...............
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1-TRUNK trusted=yes ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge1 interface=ether1 pvid=10 ingress-filtering=yes frame-types=admit-priority-and-untagged
etc.........
Regarding to the Mikrotik documentation for Bridge VLAN table, admit-all is same as admit-only-untagged-and-priority-tagged! Anyways, I appreciate your recomandation!
3. To match change:
/ip neighbor discovery-settings
set discover-interface-list=MGMT
Agree with this!
4. MAIN PROBLEMS with SWitch COnfig
I think, something is not going well with Router as well!
a. need to tag bridge for management vlan
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether1,ether3,ether5,et\
her7,ether9,ether11,ether13,ether15,ether17,ether19,ether21,ether23,ether2\
5,ether27,ether29,ether31,ether33,ether35,ether37,ether39,ether41,ether43,\
ether45,ether47" vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether2,ether4,ether6,et\
her8,ether10,ether12,ether14,ether16,ether18,ether20,ether22,ether24,ether\
26,ether28,ether30,ether32" vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged=ether34 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK,ether36-TRUNK vlan-ids=40
add bridge=bridge1 tagged=bridge1,sfp-sfpplus1-TRUNK untagged=ether48 vlan-ids=99
Agree with this as well!
b. Need to define management VLAN.
/interface vlan
add interface=bridge1 name=vlan99-MGMT vlan-id=99

c. Fix list members should be one liner:
/interface list member
add interface=vlan99-MGMT list=MGMT

d. IP ADDRESS WRONG................. should be:
/ip address
add address=192.168.99.2/24 interface=vlan99-MGMT network=192.168.99.0
I used to have this kind of setup in the switch and all of a sudden, I've noticed some High CPU LOAD, around 50-75%!!!
e. Would also change IP DNS to:
/ip dns
set allow-remote-requests=yes servers=192.168.99.1

f. would set NTP Client Server TO:
/system ntp client servers
add address=192.168.99.1

g. Last change..................... TO:
/tool mac-server
set allowed-interface-list=NONE
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
Yes, agree as well. Do you think that these changes affect the transfer rate from PCs within the SAME VLAN?
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Not having wire speed stransfer between same VLAN!

Sat Mar 09, 2024 5:54 pm

1. Yes admit all includes both vlan tagged and untagged which, by the way, is a setting I would only use and is required for hybrid ports.
If its a trunk port only vlan tagged is appproriate
If its an access port, priority and untagged is appropriate.
Up to you

2. Whether the changes or not affect performance is for you to find out. I see whats wrong obviously and fix it.
The network will behave better, but unless we remove known errors its much harder to spot other errors or bugs.
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 5500
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Not having wire speed stransfer between same VLAN!

Sat Mar 09, 2024 6:09 pm

Since both PCs are in the same VLAN, there should be no traffic at all towards RB4011.

How is CPU usage on CRS354 during copy ? I am going to guess it will be rather high and that it will be your bottleneck.
In that case something is off on the switch config but I don't see right away what it might be.
Top
 
kmp101
just joined
Topic Author
Posts: 9
Joined: Fri Feb 09, 2024 2:36 pm

Re: Not having wire speed stransfer between same VLAN!

Sat Mar 09, 2024 6:27 pm

Since both PCs are in the same VLAN, there should be no traffic at all towards RB4011.

How is CPU usage on CRS354 during copy ? I am going to guess it will be rather high and that it will be your bottleneck.
In that case something is off on the switch config but I don't see right away what it might be.
switch_cpu_usage.png
You do not have the required permissions to view the files attached to this post.
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 5500
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Not having wire speed stransfer between same VLAN!

Sat Mar 09, 2024 9:41 pm

If I do intra-VLAN transfer between 2 devices across e.g. CSS610 or CRS326 (both simple switches), I get nicely 950-ish Mbps speed. And that's to be expected for Gb links.
So I still think something is not right.

Wild idea ...

Make binary backup of that CRS. Store it away from your device.
Make export with show-sensitive. Move it away as well.
Reset to default config.

Test between those 2 PCs, don't touch config of that switch yet. What's the result ?
Gradually adjust config again to how you want it (don't restore).
Test between each step.
Where does it break ?
Top
 
kmp101
just joined
Topic Author
Posts: 9
Joined: Fri Feb 09, 2024 2:36 pm

Re: Not having wire speed transfer between same VLAN on CRS354!

Mon Mar 11, 2024 7:45 pm

Updates…

I have reset all the configuration to its default configuration for both (router and switch) and to no default as well and I have tested using bandwidth test which I think this is a L3 test from router to switch and the throughput did not exceed 300-400Mbps which is really strange because these devices are supposed to provide gigabits interfaces!!!

I have tested using file sharing from one pc to another and results are the same 30-50MB/s

Does anyone from mikrotik can explain this!?

Maybe I tried a wrong way of testing but if this is the correct way then it makes me think that Mikrotik does not provide good quality devices!

Note: If the cable category affects somehow, then this might be the issue because I’ve used cat5 utp!
Last edited by kmp101 on Mon Mar 11, 2024 7:48 pm, edited 1 time in total.
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 5500
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Not having wire speed transfer between same VLAN on CRS354!

Mon Mar 11, 2024 7:47 pm

You need to test switch to switch at first.
2 pcs connected to switch, test between both pcs.

Even on a stupid Hex i can get 950ish between ether ports in switch mode.
Top
 
kmp101
just joined
Topic Author
Posts: 9
Joined: Fri Feb 09, 2024 2:36 pm

Re: Not having wire speed transfer between same VLAN on CRS354!

Mon Mar 11, 2024 7:49 pm

You need to test switch to switch at first.
2 pcs connected to switch, test between both pcs.

Even on a stupid Hex i can get 950ish between ether ports in switch mode.
That’s what I did but same results!
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Not having wire speed transfer between same VLAN on CRS354!

Mon Mar 11, 2024 7:50 pm

Yup, sounds more like cable or PC issues at this point.
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 5500
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Not having wire speed transfer between same VLAN on CRS354!

Mon Mar 11, 2024 7:52 pm

Gb = cat5e at least...
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11646
Joined: Thu Mar 03, 2016 10:23 pm

Re: Not having wire speed transfer between same VLAN on CRS354!

Mon Mar 11, 2024 8:00 pm

I have tested using file sharing from one pc to another and results are the same 30-50MB/s

Samba / CIFS comes with lots of constraints. If you want to assess raw network speed, then use appropriate tools, such as iperf3 ...
When testing through a router, you nay find out tgat single-threaded performance if not as grest as you want it ... so multiple concurrent connections while testing are a must.
Top
 
kmp101
just joined
Topic Author
Posts: 9
Joined: Fri Feb 09, 2024 2:36 pm

Re: Not having wire speed transfer between same VLAN on CRS354!

Mon Mar 11, 2024 8:21 pm

Yup, sounds more like cable or PC issues at this point.
One of the computers was freshly installed and to the other I haven't done any nasty tests, just their default firewall! Yes, I had few cat5 patch cords and probably that's the case!!

I have plugged in and light it up and till now everything seams to work great! Let see the results on heavy duty work while playing online games...!!!! Until now there are12 high end PC and 16 Play Station 5! Router must have a bit hard work isn't it!?
RRDW2595.JPG
DYSDE9503.JPG
Samba / CIFS comes with lots of constraints. If you want to assess raw network speed, then use appropriate tools, such as iperf3 ...
When testing through a router, you nay find out tgat single-threaded performance if not as grest as you want it ... so multiple concurrent connections while testing are a must.
While in the hurry, even us get some Packet Loss! Let's not talk about certificates because would be shame on me! :D

I still had a small issue on BASE/MANAGEMENT VLAN and i still don't understand very well! :?

Anyways, thanks for your help m8s!

God Bless You ALL
You do not have the required permissions to view the files attached to this post.
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot] and 16 guests
  4. RouterOS
  5. General