CRS305 - Egress bandwidth limiting broken?

Hello! I recently acquired a couple CRS305s for testing as CPE devices and I’ve found that when I set an ingress and egress rate-limit for switch ports, ingress limiting (policing) works correctly but egress limiting (shaping) is way off. For example, if I set a 500 Mbps egress rate on a port, I will actually get ~2600 Mbps throughput out the port. If I change egress rate to 50 Mbps, I’ll observe ~300 Mbps throughput out the port. Has anyone else seen this behavior? I’m using RouterOS v6.45.1 for my testing.

Relevent bits of config:

# jul/09/2019 14:37:19 by RouterOS 6.45.1
# software id = TN5M-RBC8
#
# model = CRS305-1G-4S+
# serial number = REDACTED
/interface ethernet switch port
set 1 egress-rate=50.0Mbps limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=10
set 2 limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=10
set 3 limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=10
set 4 limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=10
set 5 limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=10
---------------------------------
/interface bridge
add admin-mac=74:4D:28:89:58:33 auto-mac=no comment=defconf fast-forward=no frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether1 pvid=10
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp-sfpplus1 pvid=100 unknown-multicast-flood=no unknown-unicast-flood=no
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp-sfpplus2 pvid=100 unknown-multicast-flood=no unknown-unicast-flood=no
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp-sfpplus3 pvid=100 unknown-multicast-flood=no unknown-unicast-flood=no
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus4 unknown-multicast-flood=no unknown-unicast-flood=no
/interface bridge settings
set allow-fast-path=no
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus4 untagged=ether1 vlan-ids=10
add bridge=bridge tagged=sfp-sfpplus4 untagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=100

Anyone have any idea if this is a bug or am I doing something wrong? My goal is to be able to set an ingress and egress limiter per port so that I can deliver multiple services on a CRS305.

Thanks in advance!

Thank you for sharing!
Tried to repeat the behavior but to no avail. In case you did not manage to figure this out yet, I would suggest reporting to support@mikrotik.com.

Thanks. I like the 10Gb ports on this unit. Thinking about buying one.

Hi EdPa, thank you for responding to my post! I set my CRS305 lab back up to verify the behavior still exists before e-mailing in to MikroTik support as you suggested and was surprised to find that both ingress and egress rate-limiting had started working normally. However, after some further experimentation I discovered the key to reproducing the problem is using jumbo frames with your test traffic. If I specify frame sizes greater than 1518 bytes, the egress shaper exhibits the behavior described in my original post. Would you be willing to test again, this time being sure to use larger frame sized traffic, as well as being sure to increase the L2 MTU size for sfp-sfpplus1 and sfp-sfpplus2 to 9216 bytes? What I’ve found is that the larger the test traffic frame, the greater the degree of traffic in excess of your defined egress rate-limiter that will get through. For example, I’m currently transmitting 10 Gbps of test traffic to port sfp-sfpplus2, which is then egressing out port sfp-sfpplus1 because both ports are members of vlan 100. Port sfp-sfpplus1 has a 75 Mbps egress rate-limiter applied. If I set my test traffic frame size to 1518 bytes, I see 75 Mbps egressing port sfp-sfpplus1 right on the dot. If I set my test traffic frame size to 2000 bytes, the observed output rate from sfp-sfpplus1 becomes ~90 Mbps. If I set my test traffic frame size to 9000 bytes, the observed output rate at port sfp-sfpplus1 jumps up to ~500 Mbps. Again, this is all happening while there is a 75 Mbps egress rate-limit applied to sfp-sfpplus1. If you experiment with different egress rate-limit sizes for sfp-sfpplus1 you will see different numbers, especially the larger the rate-limit size you apply.

I hope that’s enough detail to help you replicate the problem but let me know if there’s anything else I can provide that would be useful to you. Also, would you still like me to report this problem to MikroTik support via e-mail?

Best regards,

Selto

They really are nice devices, and a steal at their current price point.