Hi to all.
I wish all the best for all of you for year 2023.
Now back to the business.
I bought ccr2216 for main router of our company.
Here is my problem.
I am using qsfp ports (1 and 2), which are connected with DAC XQ+DA0001 to CRS326 units. One port to one crs326. Disabled auto negotiation. Rate is manually choosed 40Gbps.
To point of my problem. If I am transferring data between QSFP1 and QSFP2 ports, my CPU have hight utilization. One core is always (at least ) utilized around 95%. Speed of this data transfer is around 2.5Gbps which is NOTHING for this unit.
If I make FIRST firewall rule for forward of these two ports with action fasttrack connection, utilization of cpu is much lover and speed of data transfer much higher. 1 CPU core it around 60% (around 35% better than before) and speed of transfer is around 5Gbps.
Still, It should be around 10Gbps (at least) and that cpu utilization is pretty high for my taste.
Update :
I managed to perform test where I was reaching around 10Gbps rate of data transfer.
Which is ok, server is connected via SFP+ 10Gbps link.
During this data transfer with speed around 10Gbps (about 1GB/s) between port qsfp1 and qsfp2 is ONE CORE of CPU (on CCR2216 unit ) ulitilzed around 91-95%.
Is this real performance ?
It is normal to have utilize one core to maximum value and have max performance around 10Gbps forwarding between ports qsfp 1 and 2 ?
Btw. I am transferring data with samba between two Windows 2019 servers.
I was also testing it with two NAS Synology servers.
Sorry, I just can’t. The main story is on each qsfp port is running one subnet.
Between these two ports (subnets) is required full forward without any restriction.
What batters me is relatively low speed of this forward and also one core cpu load.
I was trying to prevent all of that traffic going through all of firewall rules with fasttrack firewall rule on first position but it was not solved that problem entirely.
No, I am not. I am just not allowed to do that. There are some very strict rules in our company so it is cannot be done.
But I appreciate you hostility.
What kind of secret sauce are you building using MikroTik? You’re not using any proprietary protocol that everyone cannot use as well. Export or don’t expect help from anyone here.
A bridge supports VLAN filtering, meaning you’re supposed to tag each QSFP port in a unique VLAN on layer 2, which you then map on layer 3 to whatever IP subnet you want. The whole point of DSA in Linux and that means RouterOS is to migrate away from traditional per interface configuration for downstream interfaces or redundant intra-AS interfaces such as LACP bonding, VRRP etc.
Other than typical Cisco or Juniper all modern day network OSes supports bridge configuration with ASIC offloading (depending on hardware model and vendor) and it is preferred over the Cisco style configuration.
You are clearly not very well informed in Linux networking, tries to outsmart official MikroTik documentation regarding bridge + bridge hardware offloading and expecting line rate performance, and overall a moron.
I’ve given you the solution to your performance issue. Take it or don’t.
hi, just use something like “/ip firewall filter add action=fasttrack-connection chain=forward hw-offload=yes in-interface=qsfp28-1-1 out-interface=qsfp28-2-1” for forwarding between these interfaces…