Hi folks, hoping someone can help shed a light on some speed issues.
I have a relatively simple setup, where a machine from a vlan (bridge) runs a speed test to the internet and loads the CPU to 100% on the CRS312, leading to poor performance. Download caps at around 350MBit/s, while internet is provisioned and tested at 1Gbit/s (link is 2.5Gbit/s) (tested when the same machine is connected directly to the modem).
WAN <--(2.5Gbit/s)--> CRS312 <--(10Gbit/s)--> CRS310 <--(2.5Gbit/s)--> desktop machine
Note that I can do full 2.5Gbit/s from that desktop machine to another one connected directly to the CRS312, so the bridge is operating at maximum line speed. It’s when we exit the bridge and enter back that the CPU gets overloaded.
As far as I understand, RouterOS 7.12.1, which I’m running, should be able to hardware offload/fasttrack everything that comes back from the WAN to a vlan machine on the bridge, but it doesn’t look like it’s the case. I assume I made some configuration error so here’s the relevant config:
/interface> print detail
4 R ;;; Internet
name="ether1" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1584 max-l2mtu=10218 mac-address=78:9A:18:5D:FA:96
ifname="eth1" ifindex=9 id=2 last-link-up-time=2023-12-17 13:07:34 link-downs=0
13 R name="DESKTOP" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1580 mac-address=78:9A:18:5D:FA:9E ifname="vlan18" ifindex=25 id=18
last-link-up-time=2023-12-17 13:07:26 link-downs=0
18 R name="bridge" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1584 mac-address=78:9A:18:5D:FA:9E ifname="br0" ifindex=21 id=14
last-link-up-time=2023-12-17 13:07:26 link-downs=0
/ip/firewall/filter> print
Flags: X - disabled, I - invalid; D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; Hardware fasttrack for established connections
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related log=no log-prefix=""
2 ;;; Forward established connections
chain=forward action=accept connection-state=established,related log=no log-prefix=""
3 ;;; Accept established connections
chain=input action=accept connection-state=established,related,untracked log=no log-prefix=""
4 ;;; Drop invalid packets
chain=input action=drop connection-state=invalid log=no log-prefix=""
5 ;;; Drop packets from the Internet
chain=input action=drop in-interface=ether1 log=no log-prefix=""
/ip/firewall/nat> print
Flags: X - disabled, I - invalid; D - dynamic
0 chain=srcnat action=masquerade log=no log-prefix=""
/ip/firewall/mangle> print
Flags: X - disabled, I - invalid; D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough
/interface/bridge> print
Flags: X - disabled, R - running
0 R name="bridge" mtu=auto actual-mtu=1500 l2mtu=1584 arp=enabled arp-timeout=auto mac-address=78:9A:18:5D:FA:9E protocol-mode=rstp fast-forward=yes
igmp-snooping=no auto-mac=no admin-mac=78:9A:18:5D:FA:9E ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s
transmit-hold-count=6 vlan-filtering=yes ether-type=0x8100 pvid=1 frame-types=admit-only-vlan-tagged ingress-filtering=yes dhcp-snooping=no
/interface/bridge/port> print detail
Flags: X - disabled, I - inactive; D - dynamic; H - hw-offload
1 H interface=ether3 bridge=bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none hw=yes
auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-only-vlan-tagged ingress-filtering=yes unknown-unicast-flood=yes
unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no trusted=no multicast-router=temporary-query fast-leave=no
Please let me know if you see anything obvious or if it would be useful to post more configuration details!
