Cloud Router Switch CPU usage 100%

RouterOS General
1

Hi
It’s my first time using a Mikrotik switch, and i’m facing a big problem with it.
Our company usually uses HP1920 as a router switch but since HP1920 was designed for 256 arp routing, we decided to use Mikrotik CRS226-24G-25+RM. The issue i’m currently having is that the cpu hits high load levels quickly in cases where it shouldn’t and network becomes less responsive. Users aren’t able to use full speed, but only about 40% of the speed they had when we were using the CRS as a router switch. I assume that there is something wrong with the configuration or the switch itself.


\

jun/23/2016 20:36:42 by RouterOS 6.35.2

software id = SEWU-KWKF

/interface ethernet
set [ find default-name=ether19 ] master-port=ether18
set [ find default-name=ether20 ] master-port=ether18
/interface vlan
add interface=ether24 name=Hallstahem vlan-id=788
add interface=ether21 name=Larm vlan-id=212
add interface=ether18 name=UC vlan-id=99
/interface ethernet
set [ find default-name=ether1 ] master-port=ether24
set [ find default-name=ether2 ] master-port=ether24
set [ find default-name=ether3 ] master-port=ether24
set [ find default-name=ether4 ] master-port=ether24
set [ find default-name=ether5 ] master-port=ether24
set [ find default-name=ether6 ] master-port=ether24
set [ find default-name=ether7 ] master-port=ether24
set [ find default-name=ether8 ] master-port=ether24
set [ find default-name=ether9 ] master-port=ether24
set [ find default-name=ether10 ] master-port=ether24
set [ find default-name=ether11 ] master-port=ether24
set [ find default-name=ether12 ] master-port=ether24
set [ find default-name=ether13 ] master-port=ether24
set [ find default-name=ether14 ] master-port=ether24
set [ find default-name=ether15 ] master-port=ether24
set [ find default-name=ether16 ] master-port=ether24
set [ find default-name=ether17 ] master-port=ether24
set [ find default-name=ether22 ] master-port=ether24
set [ find default-name=ether23 ] master-port=ether24
/ip pool
add name=dhcp_pool1 ranges=192.168.111.1-192.168.111.252,192.168.111.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=Hallstahem name=dhcp1
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=788
add tagged-ports=switch1-cpu vlan-id=99
add tagged-ports=switch1-cpu vlan-id=212
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=788 ports=“ether1,ether2,ether3,ether4,ether
5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether1
5,ether16,ether17,ether22,ether23,ether24”
add customer-vid=0 new-customer-vid=99 ports=ether19,ether20,ether18
add new-customer-vid=212 ports=ether21 sa-learning=no
/interface ethernet switch port
set 0 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 1 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 2 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 3 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 4 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 5 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 6 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 7 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 8 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 9 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,
wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 10 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 11 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 12 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 13 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 14 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 15 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 16 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 17 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 18 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 19 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 20 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 21 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 22 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 23 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 24 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 25 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
set 26 per-queue-scheduling=“wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8
,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128”
/ip address
add address=192.168.111.254/24 interface=Hallstahem network=192.168.111.0
add address=10.10.10.254/24 interface=UC network=10.10.10.0
add address=10.10.11.254/24 interface=Larm network=10.10.11.0
/ip dhcp-server lease
add address=192.168.111.2 always-broadcast=yes client-id=1:d8:9d:67:97:e1:97
mac-address=D8:9D:67:97:E1:97 server=dhcp1
/ip dhcp-server network
add address=192.168.111.0/24 dns-server=8.8.8.8,172.23.123.2 gateway=
192.168.111.254
/ip dns
set servers=8.8.8.8
/ip firewall address-list
add address=10.10.10.0/24 list=bogons
add address=10.10.11.0/24 list=bogons
add address=192.168.111.0/24 list=bogons
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=!Hallstahem
add action=masquerade chain=srcnat disabled=yes out-interface=!Larm
add action=masquerade chain=srcnat disabled=yes out-interface=!UC
/ip route
add distance=1 gateway=192.168.111.253 pref-src=192.168.111.254
add distance=1 dst-address=172.23.123.0/24 gateway=192.168.111.1
/lcd interface pages
set 0 interfaces=ether1,ether2,ether3,ether4,ether5,ether6
/routing ospf interface
add
/system clock
set time-zone-name=Europe/Stockholm
/system routerboard settings
set protected-routerboot=disabled
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add

2

Hi,

Try going to tool → Profile to see what is eating your CPU.

I suspect its the natting causing the issues

3

Hi,
Thanks for your replay,
Yes it think so too natting causing the issues,
Fierwall 54%
networking 32%
ethernet 12%
:confused: :? :? :frowning: :frowning: :frowning:

4

aside forwarding overhead and tranfer overhead itself - qqueues would consume CONSIDERABLE portion of CPU in routers.
if thats you case - try shift to more streamlined/lighter from present. PCQ remain popular so far for that reason generally.

5

You’re using a CRS, which is intended to be used as a switch. It has a very weak CPU, so layer 3 capabilities are minimal - mostly just there for management purposes. If you run bandwidth tests between two endpoints on the same subnet, you should see wire-speed as that never goes to the CPU. Depending on your needs, you may be better served getting a dedicated router (like one of the CCR’s) and running some VLAN trunks between the router and switch.

6

He is using a CRS226, which has a much weaker CPU than the CRS109 or CRS125.

7

Hello all..
I wold like to thank you for helping me.
I’ve just found a perfect solution and get a perfect result in speed test:
it was just to add:

/ip firewall filter

add action=fasttrack-connection chain=forward

And my new configuration look like this:

/interface ethernet
set [ find default-name=ether18 ] mac-address=4C:5E:0C:1D:60:45
set [ find default-name=ether19 ] mac-address=4C:5E:0C:1D:60:46 master-port=\
    ether18
set [ find default-name=ether20 ] mac-address=4C:5E:0C:1D:60:47 master-port=\
    ether18
set [ find default-name=ether21 ] mac-address=4C:5E:0C:1D:60:48
set [ find default-name=ether24 ] mac-address=4C:5E:0C:1D:60:4B
set [ find default-name=sfp-sfpplus1 ] mac-address=4C:5E:0C:1D:60:4C
set [ find default-name=sfpplus2 ] mac-address=4C:5E:0C:1D:60:4D
/interface vlan
add interface=ether24 name=Hallstahem vlan-id=214
add interface=ether21 name=Larm vlan-id=212
add interface=ether18 name=UC vlan-id=215
/interface ethernet
set [ find default-name=ether1 ] mac-address=4C:5E:0C:1D:60:34 master-port=\
    ether24
set [ find default-name=ether2 ] mac-address=4C:5E:0C:1D:60:35 master-port=\
    ether24
set [ find default-name=ether3 ] mac-address=4C:5E:0C:1D:60:36 master-port=\
    ether24
set [ find default-name=ether4 ] mac-address=4C:5E:0C:1D:60:37 master-port=\
    ether24
set [ find default-name=ether5 ] mac-address=4C:5E:0C:1D:60:38 master-port=\
    ether24
set [ find default-name=ether6 ] mac-address=4C:5E:0C:1D:60:39 master-port=\
    ether24
set [ find default-name=ether7 ] mac-address=4C:5E:0C:1D:60:3A master-port=\
    ether24
set [ find default-name=ether8 ] mac-address=4C:5E:0C:1D:60:3B master-port=\
    ether24
set [ find default-name=ether9 ] mac-address=4C:5E:0C:1D:60:3C master-port=\
    ether24
set [ find default-name=ether10 ] mac-address=4C:5E:0C:1D:60:3D master-port=\
    ether24
set [ find default-name=ether11 ] mac-address=4C:5E:0C:1D:60:3E master-port=\
    ether24
set [ find default-name=ether12 ] mac-address=4C:5E:0C:1D:60:3F master-port=\
    ether24
set [ find default-name=ether13 ] mac-address=4C:5E:0C:1D:60:40 master-port=\
    ether24
set [ find default-name=ether14 ] mac-address=4C:5E:0C:1D:60:41 master-port=\
    ether24
set [ find default-name=ether15 ] mac-address=4C:5E:0C:1D:60:42 master-port=\
    ether24
set [ find default-name=ether16 ] mac-address=4C:5E:0C:1D:60:43 master-port=\
    ether24
set [ find default-name=ether17 ] mac-address=4C:5E:0C:1D:60:44 master-port=\
    ether24
set [ find default-name=ether22 ] mac-address=4C:5E:0C:1D:60:49 master-port=\
    ether24
set [ find default-name=ether23 ] mac-address=4C:5E:0C:1D:60:4A master-port=\
    ether24
/ip pool
add name=dhcp_pool1 ranges=192.168.111.1-192.168.111.252,192.168.111.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=Hallstahem name=dhcp1
/routing bgp instance
set default disabled=yes
/routing ospf area
set [ find default=yes ] disabled=yes
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=214
add tagged-ports=switch1-cpu vlan-id=215
add tagged-ports=switch1-cpu vlan-id=212
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=214 ports="ether1,ether2,ether3,ether4,eth\
    er5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,et\
    her15,ether16,ether17,ether22,ether23,ether24"
add customer-vid=0 new-customer-vid=215 ports=ether19,ether20,ether18
add new-customer-vid=212 ports=ether21 sa-learning=no
/interface ethernet switch port
set 0 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 1 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 2 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 3 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 4 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 5 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 6 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 7 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 8 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 9 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 10 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 11 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 12 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 13 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 14 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 15 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 16 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 17 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 18 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 19 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 20 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 21 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 22 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 23 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 24 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 25 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 26 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
/ip address
add address=192.168.111.254/24 interface=Hallstahem network=192.168.111.0
add address=10.10.10.254/24 interface=UC network=10.10.10.0
add address=10.10.11.254/24 interface=Larm network=10.10.11.0
/ip dhcp-server lease
add address=192.168.111.2 always-broadcast=yes client-id=1:d8:9d:67:97:e1:97 \
    mac-address=D8:9D:67:97:E1:97 server=dhcp1
/ip dhcp-server network
add address=192.168.111.0/24 dns-server=8.8.8.8,172.23.123.2 gateway=\
    192.168.111.254
/ip dns
set servers=8.8.8.8
/ip firewall address-list
add address=10.10.10.0/24 list=bogons
add address=10.10.11.0/24 list=bogons
add address=192.168.111.0/24 list=bogons
/ip firewall filter
add action=fasttrack-connection chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Hallstahem
add action=masquerade chain=srcnat out-interface=Larm
add action=masquerade chain=srcnat out-interface=UC
/ip route
add distance=1 gateway=192.168.111.253
add distance=1 dst-address=172.23.123.0/24 gateway=192.168.111.1
/lcd interface pages
set 0 interfaces=ether1,ether2,ether3,ether4,ether5,ether6
/routing ospf interface
add disabled=yes
/system clock
set time-zone-name=Europe/Stockholm
/system routerboard settings
set protected-routerboot=disabled
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
8

Yes, fasttrack is a wonderful thing. Keep in mind though, that not all connections can use fasttrack, so depending on the specific connections that end up getting routed through your CRS, they may or may not get fasttracked, so user speeds can vary significantly.