CRS317 - Hardware Switch configuration

pkelly1603 · October 12, 2022, 9:09pm

Hello,

I’m having trouble finding documentation on how to do this configuration so that this works at hardware speed.

Here is a simple example, how do I accomplish this?

Two circuits are communicating with switch through sfp1
Circuit 1 has vlan tags: inner vlan 10, outter vlan 100
Circuit 2 has vlan tags: inner vlan 20, outter vlan 200
I want to hand off the inner vlan 10 to sfp2 with just the inner tag

Of course vice versa as well (vlan 10 traffic from sfp2 would receive additional outer tag of 200 out sfp1; vlan 20 in sfp2 would get an additional outer tag of 200 out sfp1)

In the “old” way in software, I could add vlan interfaces and bridge like this:

#Add vlan interfaces for outer and inner vlans on sfp1, setup same tags as inner tags on sfp2
/interface vlan
add interface=sfp-sfpplus1 name=sfp1.vlan100 vlan-id=100
add interface=sfp1.vlan100 name=sfp1.vlan100.vlan10 vlan-id=10
add interface=sfp-sfpplus1 name=sfp1.vlan200 vlan-id=200
add interface=sfp1.vlan200 name=sfp1.vlan200.vlan20 vlan-id=20
add interface=sfp-sfpplus2 name=sfp2.vlan10 vlan-id=10
add interface=sfp-sfpplus2 name=sfp2.vlan20 vlan-id=20

#Bridge sfp1 inner vlans to same vlan IDs on sfp2
/interface bridge
add name=bridge10 protocol-mode=none
add name=bridge20
/interface bridge port
add bridge=bridge10 interface=sfp1.vlan100.vlan10
add bridge=bridge10 interface=sfp2.vlan10
add bridge=bridge20 interface=sfp1.vlan200.vlan20
add bridge=bridge20 interface=sfp2.vlan20

mkx · October 13, 2022, 6:22am

Brdige, when configured with VLAN functionality, will deal only with outer 802.1q tag (in Q-in-Q). So what you’re after might be achieved line this:

/interface bridge
add name=bridge vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=sfp1
add bridge=bridge interface=sfp2 pvid=100
/interface bridge vlan
add bridge=bridge tagged=sfp1 untagged=sfp2 vlan-ids=100

The example above covers the functionality you described with words. However the code example adds similar but for VLAN 200 … and both can not be done at the same time using simple VLAN-aware bridge.

pkelly1603 · October 14, 2022, 3:34pm

So are you saying this is not possible in a wire speed configuration? Or is there a different way to do it rather than a simple VLAN-aware bridge configuration?

chechito · October 16, 2022, 2:18am

Maybe you are interested in Layer 3 Hardware Offload

https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading

pkelly1603 · October 24, 2022, 4:32pm

Thank you for the response but unfortunately that does not accomplish what we need either. It seems there is no current Mikrotik hardware that supports the required features at wire speed.

Splash · October 24, 2022, 4:43pm

You could have a look at changing the bridge type to 0x88a8.

/interface bridge
add ether-type=0x88a8 frame-types=admit-only-vlan-tagged name=bridge1 vlan-filtering=yes

https://networkengineering.stackexchange.com/questions/19287/whats-the-difference-between-tpid-of-0x88a8-or-0x8100