CRS317 VLAN

powiadamiacz · July 16, 2020, 9:04am

Hello
i have some performance problem with my lab env … i have

host ↔ CCR1036-8G-2S+ ↔ CRS317-1G-16S+ ↔ CCR1036-8G-2S+ ↔ host
on my performance test i have issue that my transfer is to low → all path is connected on 10Gb/s link but between ccr ans ccs (on both sides) i have two vlans . i asked mikrotic support and they said:
"
On the CRS317 VLANs are not correctly configured. Currently they use CPU resources and I assume during your tests the CRS317 CPU load is 100%? Please reconfigure VLANs for CRS317 so they will go trough the switch chip
"

can you help me modify the config because i dont understand how to change vlan definition … (also include routers config - because vlans was created exactly the same as on the switch)
many thanks for helping

router1

/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=1800 mtu=1800
/interface gre
add keepalive=2s,2 local-address=172.32.20.2 name=gre-tunnel1 remote-address=172.32.2.2
add keepalive=2s,2 local-address=172.32.20.6 name=gre-tunnel2 remote-address=172.32.2.6
/interface vlan
add interface=sfp-sfpplus1 mtu=1700 name=vlan100 vlan-id=100
add interface=sfp-sfpplus1 mtu=1700 name=vlan200 vlan-id=200
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=ether8 network=192.168.88.0
add address=172.31.19.250/24 interface=sfp-sfpplus2 network=172.31.19.0
add address=10.16.20.145/24 interface=ether2 network=10.16.20.0
add address=172.32.20.2/30 interface=vlan100 network=172.32.20.0
add address=172.32.20.6/30 interface=vlan200 network=172.32.20.4
add address=1.1.1.1/30 interface=gre-tunnel1 network=1.1.1.0
add address=1.1.1.5/30 interface=gre-tunnel2 network=1.1.1.4
/ip firewall address-list
add address=172.31.19.0/24 list=LAN
/ip firewall mangle
add action=mark-connection chain=prerouting comment="PCC rules" connection-mark=no-mark dst-address-list=!LAN dst-address-type=!local new-connection-mark=\
    LAN-to-WAN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address-list=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!LAN dst-address-type=!local new-connection-mark=LAN-to-WAN2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=LAN
add action=mark-routing chain=prerouting comment="Mark routing for upload packets from marked connections" connection-mark=LAN-to-WAN1 dst-address-list=!LAN \
    new-routing-mark=WAN1 passthrough=no src-address-list=LAN
add action=mark-routing chain=prerouting connection-mark=LAN-to-WAN2 dst-address-list=!LAN new-routing-mark=WAN2 passthrough=no src-address-list=LAN
/ip route
add distance=1 dst-address=172.31.0.0/24 gateway=1.1.1.2 routing-mark=WAN1
add distance=1 dst-address=172.31.0.0/24 gateway=1.1.1.6 routing-mark=WAN2
add distance=1 dst-address=10.16.0.0/16 gateway=10.16.20.254
add distance=1 dst-address=10.31.98.0/24 gateway=10.16.20.254
add check-gateway=ping distance=1 dst-address=172.31.0.0/24 gateway=1.1.1.2,1.1.1.6
add distance=1 dst-address=172.32.2.0/30 gateway=172.32.20.1
add distance=1 dst-address=172.32.2.4/30 gateway=172.32.20.5
/system identity
set name=Router_123

switch (with routing)

/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=1800 mtu=1800
set [ find default-name=sfp-sfpplus16 ] l2mtu=1800 mtu=1800
/interface vlan
add interface=sfp-sfpplus1 mtu=1700 name=vlan100 vlan-id=100
add interface=sfp-sfpplus1 mtu=1700 name=vlan200 vlan-id=200
add interface=sfp-sfpplus16 mtu=1700 name=vlan800 vlan-id=800
add interface=sfp-sfpplus16 mtu=1700 name=vlan900 vlan-id=900
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
add bridge=bridge comment=defconf interface=sfp-sfpplus5
add bridge=bridge comment=defconf interface=sfp-sfpplus6
add bridge=bridge comment=defconf interface=sfp-sfpplus7
add bridge=bridge comment=defconf interface=sfp-sfpplus8
add bridge=bridge comment=defconf interface=sfp-sfpplus9
add bridge=bridge comment=defconf interface=sfp-sfpplus10
add bridge=bridge comment=defconf interface=sfp-sfpplus11
add bridge=bridge comment=defconf interface=sfp-sfpplus12
add bridge=bridge comment=defconf interface=sfp-sfpplus13
add bridge=bridge comment=defconf interface=sfp-sfpplus14
add bridge=bridge comment=defconf interface=sfp-sfpplus15
add bridge=bridge comment=defconf interface=sfp-sfpplus16
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge network=192.168.88.0
add address=172.32.20.1/30 interface=vlan100 network=172.32.20.0
add address=172.32.20.5/30 interface=vlan200 network=172.32.20.4
add address=172.32.2.1/30 interface=vlan800 network=172.32.2.0
add address=172.32.2.5/30 interface=vlan900 network=172.32.2.4
add address=10.16.20.148/24 interface=sfp-sfpplus1 network=10.16.20.0
/ip route
add distance=1 dst-address=10.16.0.0/16 gateway=10.16.20.254
add distance=1 dst-address=10.31.98.0/24 gateway=10.16.20.254
/system identity
set name=RoutingSwitch
/system routerboard settings
set boot-os=router-os

Router2

/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=1800 mtu=1800
/interface gre
add keepalive=2s,2 local-address=172.32.2.2 name=gre-tunnel1 remote-address=172.32.20.2
add keepalive=2s,2 local-address=172.32.2.6 name=gre-tunnel2 remote-address=172.32.20.6
/interface vlan
add interface=sfp-sfpplus1 mtu=1700 name=vlan800 vlan-id=800
add interface=sfp-sfpplus1 mtu=1700 name=vlan900 vlan-id=900
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=ether7 network=192.168.88.0
add address=172.31.0.250/24 interface=sfp-sfpplus2 network=172.31.0.0
add address=10.16.20.146/24 interface=ether2 network=10.16.20.0
add address=172.32.2.2/30 interface=vlan800 network=172.32.2.0
add address=172.32.2.6/30 interface=vlan900 network=172.32.2.4
add address=1.1.1.2/30 interface=gre-tunnel1 network=1.1.1.0
add address=1.1.1.6/30 interface=gre-tunnel2 network=1.1.1.4
/ip firewall address-list
add address=172.31.0.0/24 list=LAN
/ip firewall mangle
add action=mark-connection chain=prerouting comment="PCC rules" connection-mark=no-mark dst-address-list=!LAN dst-address-type=!local new-connection-mark=\
    LAN-to-WAN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address-list=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!LAN dst-address-type=!local new-connection-mark=LAN-to-WAN2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=LAN
add action=mark-routing chain=prerouting comment="Mark routing for upload packets from marked connections" connection-mark=LAN-to-WAN1 dst-address-list=!LAN \
    new-routing-mark=WAN1 passthrough=no src-address-list=LAN
add action=mark-routing chain=prerouting connection-mark=LAN-to-WAN2 dst-address-list=!LAN new-routing-mark=WAN2 passthrough=no src-address-list=LAN
/ip route
add distance=1 dst-address=172.31.19.0/24 gateway=1.1.1.1 routing-mark=WAN1
add distance=1 dst-address=172.31.19.0/24 gateway=1.1.1.5 routing-mark=WAN2
add distance=1 dst-address=10.16.0.0/16 gateway=10.16.20.254
add distance=1 dst-address=10.31.98.0/24 gateway=10.16.20.254
add check-gateway=ping distance=1 dst-address=172.31.19.0/24 gateway=1.1.1.5,1.1.1.1
add distance=1 dst-address=172.32.20.0/30 gateway=172.32.2.1
add distance=1 dst-address=172.32.20.4/30 gateway=172.32.2.5
/system identity
set name=RouterZdalny

mkx · July 16, 2020, 1:50pm

You’re using CRS317 as router and CRS317 as router sucks … throughput maxes at around 400Mbps.

If you’d user CRS317 as a switch, then it would be able wirespeed transfers.

So think about the reason why you use CRS317 in routing mode and how you can avoid doing that.

mbovenka · July 16, 2020, 2:41pm

Upgrading the CRS317 to ROS 7b8 and enabling L3 offload would do the trick as well, if the OP is up to running beta software; it looks like he’s doing simple routing, which the L3 offload will handle. But agreed, having switches switch and routers route (aka the old adage ‘switch when you can, route when you must’) is still the best option in the MikroTik universe, as long as ROS 7 and CRS3xx/PresteraDX L3 offloading aren’t mainstream yet.