CRS326 high cpu

davidvanrensburg · May 7, 2024, 1:27pm

Hello everyone.
Im hoping I can get some help here.
We implemented this CRS326-24S-2Q+ switch today and added only 5 fibre based customers to it. The cpu seems pretty high especially considering its supposed to be doing hardware bridging and that the switch is only doing around 50mbps. The cpu is fluctuating between 30 - 60%. Under tools - profile it shows the high process as “management”. (but everything is forwarding and working as required)
Im concerned when we add more clients the CPU gets too busy.

We have a simple setup of a single bridge with vlan filtering and 1 management vlan on the bridge.

[admin@79r-cpt-01-sw01] > /interface/bridge/port print 
Flags: I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, HORIZON
 #    INTERFACE                BRIDGE         HW   PVID  PRIORITY  HORIZON
 0  H sfp-sfpplus1-access03    bridge-single  yes     3  0x80      none   
 1  H sfp-sfpplus2-75R-cpt-01  bridge-single  yes     4  0x80      none   
 2 IH sfp-sfpplus3             bridge-single  yes     1  0x80      none   
 3 IH sfp-sfpplus4             bridge-single  yes     1  0x80      none   
 4 IH sfp-sfpplus5             bridge-single  yes     1  0x80      none   
 5 IH sfp-sfpplus6             bridge-single  yes     1  0x80      none   
 6 IH sfp-sfpplus7             bridge-single  yes     1  0x80      none   
 7 IH sfp-sfpplus8             bridge-single  yes     1  0x80      none   
 8 IH sfp-sfpplus9             bridge-single  yes     1  0x80      none   
 9  H sfp-sfpplus10-shapiro    bridge-single  yes   300  0x80      none   
10  H sfp-sfpplus11-planB      bridge-single  yes   300  0x80      none   
11  H sfp-sfpplus12-IBTC       bridge-single  yes   300  0x80      none   
12  H sfp-sfpplus13-MYGym      bridge-single  yes   300  0x80      none   
13  H sfp-sfpplus14-Safegate   bridge-single  yes   300  0x80      none   
14 IH sfp-sfpplus15            bridge-single  yes     1  0x80      none   
15 IH sfp-sfpplus16            bridge-single  yes     1  0x80      none   
16 IH sfp-sfpplus17            bridge-single  yes     1  0x80      none   
17 IH sfp-sfpplus18            bridge-single  yes     1  0x80      none   
18 IH sfp-sfpplus19            bridge-single  yes     1  0x80      none   
19 IH sfp-sfpplus20            bridge-single  yes     1  0x80      none   
20 IH sfp-sfpplus21            bridge-single  yes     1  0x80      none   
21 IH sfp-sfpplus22            bridge-single  yes     1  0x80      none   
22 IH sfp-sfpplus23            bridge-single  yes     1  0x80      none   
23 IH sfp-sfpplus24            bridge-single  yes     1  0x80      none   
[admin@79r-cpt-01-sw01] >

Our config is as follows:

[admin@79r-cpt-01-sw01] > /export
# 1970-01-02 06:58:53 by RouterOS 7.14.3
# software id = RBL7-VQT4
#
# model = CRS326-24S+2Q+
# serial number = HCG08B1R3W8
/interface bridge
add name=bridge-single vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name="ether1-local MGMT"
set [ find default-name=qsfpplus1-1 ] disabled=yes
set [ find default-name=qsfpplus1-2 ] disabled=yes
set [ find default-name=qsfpplus1-3 ] disabled=yes
set [ find default-name=qsfpplus1-4 ] disabled=yes
set [ find default-name=qsfpplus2-1 ] disabled=yes
set [ find default-name=qsfpplus2-2 ] disabled=yes
set [ find default-name=qsfpplus2-3 ] disabled=yes
set [ find default-name=qsfpplus2-4 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no name=sfp-sfpplus1-access03 speed=1G-baseT-full
set [ find default-name=sfp-sfpplus2 ] name=sfp-sfpplus2-75R-cpt-01
set [ find default-name=sfp-sfpplus10 ] name=sfp-sfpplus10-shapiro
set [ find default-name=sfp-sfpplus11 ] name=sfp-sfpplus11-planB
set [ find default-name=sfp-sfpplus12 ] name=sfp-sfpplus12-IBTC
set [ find default-name=sfp-sfpplus13 ] name=sfp-sfpplus13-MYGym
set [ find default-name=sfp-sfpplus14 ] name=sfp-sfpplus14-Safegate
/interface vlan
add interface=bridge-single name=vlan251-management vlan-id=251
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge-single interface=sfp-sfpplus1-access03 pvid=3
add bridge=bridge-single interface=sfp-sfpplus2-75R-cpt-01 pvid=4
add bridge=bridge-single interface=sfp-sfpplus3
add bridge=bridge-single interface=sfp-sfpplus4
add bridge=bridge-single interface=sfp-sfpplus5
add bridge=bridge-single interface=sfp-sfpplus6
add bridge=bridge-single interface=sfp-sfpplus7
add bridge=bridge-single interface=sfp-sfpplus8
add bridge=bridge-single interface=sfp-sfpplus9
add bridge=bridge-single interface=sfp-sfpplus10-shapiro pvid=300
add bridge=bridge-single interface=sfp-sfpplus11-planB pvid=300
add bridge=bridge-single interface=sfp-sfpplus12-IBTC pvid=300
add bridge=bridge-single interface=sfp-sfpplus13-MYGym pvid=300
add bridge=bridge-single interface=sfp-sfpplus14-Safegate pvid=300
add bridge=bridge-single interface=sfp-sfpplus15
add bridge=bridge-single interface=sfp-sfpplus16
add bridge=bridge-single interface=sfp-sfpplus17
add bridge=bridge-single interface=sfp-sfpplus18
add bridge=bridge-single interface=sfp-sfpplus19
add bridge=bridge-single interface=sfp-sfpplus20
add bridge=bridge-single interface=sfp-sfpplus21
add bridge=bridge-single interface=sfp-sfpplus22
add bridge=bridge-single interface=sfp-sfpplus23
add bridge=bridge-single interface=sfp-sfpplus24
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge-single tagged=bridge-single,sfp-sfpplus2-75R-cpt-01 vlan-ids=251
add bridge=bridge-single tagged=sfp-sfpplus1-access03 untagged=sfp-sfpplus10-shapiro,sfp-sfpplus11-planB,sfp-sfpplus12-IBTC,sfp-sfpplus13-MYGym,sfp-sfpplus14-Safegate vlan-ids=300
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.10.30.20/24 interface=vlan251-management network=10.10.30.0
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=10.10.30.1 routing-table=main suppress-hw-offload=no
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system identity
set name=79r-cpt-01-sw01
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os
[admin@79r-cpt-01-sw01] >

biomesh · May 7, 2024, 1:59pm

My guess is on having BFD enabled.

If using winbox, close all windows and open a terminal and see if the /tool/profile output is any different.

erlinden · May 7, 2024, 2:09pm

Check this link, here the VLAN configuration is done on the switch:

https://help.mikrotik.com/docs/display/ROS/CRS3xx%2C+CRS5xx%2C+CCR2116%2C+CCR2216+switch+chip+features#CRS3xx,CRS5xx,CCR2116,CCR2216switchchipfeatures-VLANFiltering

davidvanrensburg · May 7, 2024, 5:31pm

hi
bfd works with routing protocols ?
we not running routing protocols on this switch.

tools profile in terminal via ssh and no winbox open still shows high load under management.

any other ideas ?

davidvanrensburg · May 7, 2024, 5:34pm

this seems like how ive done it?
i did show the export.
is there something im missing ?

thank you. david.

biomesh · May 7, 2024, 7:52pm

You have bfd enabled - if you don’t need it, then disable it.

davidvanrensburg · May 8, 2024, 6:36am

Thanks for picking that up. Seems like a default.
I disabled it - still high CPU. Made no difference. CPU still between 40 - 60% with around 80mbps of L2 traffic.
Any other ideas ?

davidvanrensburg · May 8, 2024, 7:05am

Hi All

Ive sorted it out and thanks to the 1 poster. It seems there was another winbox session open. As soon as I closed that the CPU went down to 3%.
It seems that a winbox session with interfaces window open uses around 30% of CPU.

Thank you.

biomesh · May 8, 2024, 11:19am

Some of the lower end mips cpus on switches will have this issue - the arm based devices don’t.

Just something to be aware of when you are looking at hardware options.