CPU Problem with CRS112-8P-4S after Update to 7.17

RouterOS General
1

I have a problem with CRS112-8P-4S / 7.16.2 (stable) after installing the 7.17 update.

Since then, the CPU has been much more heavily utilised and accordingly there is a lot of hiccups when transferring data. I have tested it with a connected AccessPoint, a bridge with VLAN is configured. The SSID is in an extra subnet/VLAN.

Under 7.16.2 and previous versions there are no restrictions. With 7.17, for example, a YouTube video loads very slowly and is unusable.

I have reinstalled 7.16.2 and the problems are gone.

How can I provide support so that the problem can be found?

Sorry for my english.

2

Here my config. I have not configured the switch chip.

/interface bridge add ingress-filtering=no name=bridge_lan port-cost-mode=short vlan-filtering=yes
/interface bridge add disabled=yes ingress-filtering=no name=bridge_wlan port-cost-mode=short pvid=2 vlan-filtering=yes
/interface ethernet set [ find default-name=ether3 ] comment=
/interface ethernet set [ find default-name=ether5 ] comment=
/interface ethernet set [ find default-name=ether7 ] comment=
/interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/ip smb users set [ find default=yes ] disabled=yes
/port set 0 name=serial0
/routing bgp template set default disabled=no output.network=bgp-networks
/routing ospf instance add disabled=no name=default-v2
/routing ospf area add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=ether1 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 pvid=2
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=ether6 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=ether7 internal-path-cost=10 path-cost=10 pvid=2
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=ether8 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge_lan ingress-filtering=no interface=sfp11 internal-path-cost=10 path-cost=10
/ip firewall connection tracking set udp-timeout=10s
/ip neighbor discovery-settings set discover-interface-list=!dynamic
/ip settings set max-neighbor-entries=8192
/ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan add bridge=bridge_lan tagged=ether3,ether7,sfp11 vlan-ids=105,107
/interface bridge vlan add bridge=bridge_lan tagged=ether3,ether7,sfp11 vlan-ids=2
/interface ovpn-server server add auth=sha1,md5 mac-address=FE:5B:4B:9F:D8:7E name=ovpn-server1
/ip address add address=1.1.1.1/24 interface=bridge_lan network=1.1.1.0
/ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip smb shares set [ find default=yes ] directory=/flash/pub
/system identity set name=switch
/system note set show-at-login=no
/system ntp client set enabled=yes
/system ntp server set manycast=yes
/system ntp client servers add address=1.1.1.2

I have change IP address for this post.

3

You have vlan-filtering=yes on bridge and CRS1xx can’t offload such bridge to underlying switch chip. So all traffic passes CPU. This was the case since forever, nothing changed with 7.17 … so you can consider yourself lucky that it didn’t bite you earlier.

You have to configure VLAN stuff on switch chip directly. Use CRS1xx switch manual, some examples are in examples page.

4

looks like its a common issue..

something with switch chip and vlans need to be applied… we have bought a unit for testing even knowing its jut 1 cpu core 400mhz..

our small traffic around 200mbps and its already 100% cpu. on tools profiles it shows.. networking 25 to 30% max.. but the most cpu usage is on management nearly 40% link for attached picture below
management.png
Anyone has idea on what it could be?

only 3 firewall nat rules..

2 vlan

bridge on 4 ports..