I have a CCR2216 configured as an edge router with three eBGP sessions. The router is receiving full routing tables from its BGP peers. Peak traffic is around 3-4 Gbps. There are no queues or firewall filters configured, and no NAT is being performed. Only a few raw rules are in place. All three BGP sessions are connected to a CRS switch via VLAN using DAC cables.
I am observing an average CPU usage of 25-35%. Is this normal?
I have not made any changes to the BGP peers. Do you think changing the affinity.input and affinity.output to “alone” will reduce the CPU usage?
Other than BGP affinity, that’s a good question. Many people try their best to avoid HW offloading because they are scared of single bridge configuration and the L3 offloading docs. Strange people man.
average CPU load is not really helpful, this device has 16 threads so make sure you’re looking at individual thread load and none is reaching close to 100% (there’s always one thread with way higher load than the others).
regarding your question, yes, make sure your bgp peers use affinity=alone for both input and output, this will significantly speed-up convergence time and avoid 1-thread bottlenecks.
other than that, i’d strongly advise reconfiguring the device to properly make use of the incredible ASIC to accelerate routing (l3hw). follow the documentation to one-by-one add all interfaces to a single bridge interface with proper vlan tagging for L2, add the vlan interfaces for L3, do that until every interface seems to be working and finally enable l3hw (beware MAC-based functions such as MAC-telnet and MAC-winbox will stop working when you enable it, but you can use this and this script to keep compatibility with those functions).
we use l3hw on the ccr2216 on a production environment and it works fine, however our use-case does not overflow the ASIC’s memory, which your use-case (full bgp routes) would. i’ve heard from others that it works fine though, and there might be ways to optimize the acceleration for prefixes where you see the most traffic if you understand it well enough.
after you have l3hw setup and running, replace the firewall raw rules with switch rules.