hi all, i have some questions about the forwarding in mikrotik routers
in some devices with 2 switch-chips such as RB4011iGS, although HW offload is enabled by default, the flow between two ports which lays in different switch chips has to walk through cpu.
in such case, how to improve the throughout ? can it reach the wire-speed?
I am clear about the “Hardware offloading” and “Slow Path”, but not clear about the concept of “Fast Forward” and “Fast Path”, what the speed distance between these two forwarding path?
in the manual , it says : “fast forward require Bridge has only 2 running ports”, I think the condition is too strict; bridge ports usually have more than two ports
When traffic is bridged between both switch chip port groups, there are two bottlenecks:
2.5Gbps interconnect between switch chip and CPU … if cumulative traffic between ether ports of single switch chip and the rest of RB4011 would exceed 2.5Gbps, then this will slow things down
CPU processing power … RB4011 has a pretty powerful CPU, it can shuffle quite some traffic. However, bridging does use some of CPU cycles, leaving less for other tasks (routing, firewalling, encryption for any tunnels, etc.). So while CPU speed might not be directly bottleneck for bridging, CPU power needed for high-speed bridging might bring whole device to its knees
I’ve never really understood the “fast path” concept … to me it seems that the benefits (when enabled and working) are not so great on relatively recent devices (where CPU is much faster than on devices, produced say 20 years ago). So I can’t comment on benefits. Not sure what function you’re referring to when writing “Fast Forward”.
I guess that manual about fast path is largely obsolete … due to reasons stated in bullet #2 above
as to the quesion 1: what confuse me is the statement as the following from manual :“For devices that have multiple switch chips (for example, RB2011, RB3011, RB1100), each switch chip is only able to switch VLAN traffic between ports that are on the same switch chip, VLAN filtering will not work on a hardware level between ports that are on different switch chips, this means you should not add all ports to a single bridge if you are intending to use VLAN filtering using the switch chip, VLANs between switch chips will not get filtered. You can connect a single cable between both switch chips to work around this hardware limitation, another option is to use Bridge VLAN Filtering, but it disables hardware offloading (and lowers the total throughput).”
In order to verify it, I made a test on device of RB4011 which has two switch chips, when i plug two cable in ether1 and ehter6 which lays in switch1 and switch2 , packets can flow from ether1 to ehter6, no matter I set “/interface bridge set bridge vlan-filtering=” yes or no。
So I wonder in what condition packets only travel in a single switch chip?
as to the question 2,3: the original describtion from manual is like this :“Fast Forward is disabled when hardware offloading is enabled. Hardware offloading can achieve full write-speed performance when it is active since it will use the built-in switch chip (if such exists on your device), fast forward uses the CPU to forward packets. When comparing throughput results, you would get such results: Hardware offloading > Fast Forward > Fast Path > Slow Path.”, I guess “fast forward” is supplied by switch chip vendors, but not sure about it.
I don’t know which exactly manual you’re reading. But: RB4011 doesn’t really belong in the group of devices mentioned. It’s using RTL8367 switch chips and it didn’t support VLAN switching configured by switch configuration (under /interface/ethernet/switch), the menu didn’t exist. One could only use bridge with VLAN filtering enabled. Since ROS v7.2 (or something equally old), it is able to HW offload bridge with VLAN filtering.
Meaning that the text you quoted, never applied to RB4011 (it only applies to devices with Qualcomm switch chips - ARxxxx).
2.,3. I’m still confused as to what “fast forward” really does. But since it’s done by CPU, it is (as you already quoted) slower (or more CPU-intensive) than switch chip forwarding.
Possibly it applies to traffic being forwarded by bridge between ports, belonging to different switch chips … but I don’t really know (and I don’t particularly care).
I got the manual from here “https://help.mikrotik.com/docs/spaces/ROS/pages/328059/RouterOS” Also available in the documentation in PDF format for offline use (updated monthly).
this seems to be a combination of all products, I dont know if mikrotik provide user manual seperately by product , just like cisco or juniper,
MT doesn’t provide separate documentation for particular device models. Several documents do include sections, which only apply to particular hardware, but often this is indicated in a way not really obvious to users not intimately familiar with devices (e.g. often they indicate that some section applies to certain switch chip types … and user has to find out which device model is affected … or something like that). Some documents are also outdated … if we point it out to MT support, then they fix documentation quickly but fact remains that it’s possible to see outdated document sections.