We recently replaced some older Netgear and Cisco switches in our office with two CRS226-24G-2S+ Routerboard switches. The switches are linked together via 1Gbps fiber via the SFP1 ports on both units. The fiber link has been provisioned to trunk 4 Vlans between the two switches by bridging untagged physical ports to their associated VLANs (i.e. using this example: http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment).
We basically need 4 Vlans, for Internal (101), Public DMZ (102), ISP A (103), and ISP B (104) to operate on selected ports on both switches. We have a small office with IP phones and user desktops on the Internal, 10+ Internet servers on the DMZ (email, web, databases, etc…), ISP A, and ISP B. We have a FortiGate routing traffic between the VLANs, so all the traffic passing through the switch is layer 2 Ethernet. We do have one IP addressed assigned exclusively for administration.
After upgrading from our old equipment to the new MikroTiks we are experiencing “small, but noticeable” performance concerns across our new LAN. Examples:
Between 2-4% packet loss while using standard ICMP pings directly between devices on the same VLAN, and between VLANs (routing though our router/FortiGate). This was specifically tested before the upgrade, and we were not experiencing this issue (i.e. <1% packet loss before).
Slight Video-over-IP degradation. We all have a small built-in camera on our Polycom IP phones that shares video of all internal calls, and external office-office communications.
We are not seeing any errors on the physical ports (i.e. no dropped packets, errors, etc…). The amount of traffic offered to the switch is realativly light (< 4Mbps average peak, < 100Mbps burst peak). CPU utilization hovers around 40% on both units.
I’ve attached the configs for the two switches for review. RouterOS v6.31 on both.
So… We looking for some ideas on what to check next.
You’re having performance issues because you’re configuration is sending every packet through the CPU on the CRS. You should not be using Bridging to accomplish this; rather, you should be using the switch-chip to accomplish this, else you’ll never get wire speeds. Take a look at the CRS switch info in the Wiki.
So, given the given the architecture of the CRS226-24G-2S+ and our requirements on this port layout on our first CRS:
Ports 1-12: Untagged port traffic for Vlan101
Ports 13-16: Untagged port traffic for Vlan102
Ports 17-20: Untagged port traffic for Vlan103
Ports 21-24: Untagged port traffic for Vlan104
Port SFP-SPFPLUS1: Trunk all four Vlans to second CRS
Is it correct to assign Ports 1 - 24 as slaves to SFP-SFPPLUS1?
Two things to look at after you fix your bridging issues…
Enable jumbo frames by raising the MTU. When I did lab performance testing, I had to raise the MTU to get the best results.
The default hardware queuing does not seem to be ideal in all Layer 2 switching setups. I’ve had to enter the following code at the direction of MikroTik support to prevent packet loss in L2 switching.
/queue type set ethernet-default pfifo-limit=100 /queue interface set [find] queue=ethernet-default
Ok… Changing the config to port switching made a huge improvement! I didn’t do too much testing before calling it a day, but the initial results look much better. Tomorrow I’ll look at tweaking it a little… (MTU settings, queue settings, etc..) Thanks for the help on that!
Now I have a problem establishing an IP address on our internal Vlan101 for management purposes. I’ve attached the config if you have a sec to review.
I need the ability to connect to the CRS from a workstation connected to port 1 - 12. Both the CRS and the workstation are in the same subnet (192.168.1.0/24).
