CRS354-48P-4S+2Q+RM Performance Issues with Light Load

wattev · November 10, 2024, 5:18pm

I’ve been experiencing performance issues with my CRS354-48P-4S+2Q+RM under a very light load. Only 5-10 clients are connected directly and approx 100 clients are in the local network. My ISP is 500 Mbps. However, the best speed I’ve managed to get on a LAN port is around 250 Mbps. When I connect directly to the gateway router, I get close to the full 500 Mbps, so the issue doesn’t seem to be related to my local network bandwidth consumption. The CPU load during the test peaks at 100%. During normal operation it’s 50-60% with the often ‘management’ service is consuming 20-30% of this.

The setup includes:

6 VLANs
A few basic firewall rules
RTSP and HW offloading enabled
No tunnels

Would appreciate any insights or advice on what might be causing this.

mkx · November 10, 2024, 8:12pm

CRS line of devices are switches … by running ROS they can route but at fairly low speed. If running recent versions of ROS v7, certain configurations can offload routing and some firewalling to switch chip, increasing routed throughput a lot. Have a look at documentation: https://help.mikrotik.com/docs/spaces/ROS/pages/62390319/L3+Hardware+Offloading

anav · November 11, 2024, 1:09am

Check out ethernet routing results 25 fiilter rules at 512byte in Mbps which is the closest to real world routing performance.

----> Whopping 169 Mbps, if you use less rules is probably why you can get around 250. With no rules expect around 300Mbps.

As MKX pointed out you got the wrong product for the routing part of this job… Cannot your upstream router handle DHCP

Suggest you look at sticking a 5009 in front of the switch…

wattev · November 11, 2024, 4:02pm

Thank you guys. It make sense. I was under impession that more ports = more performance. Also, it’s not quite obvious from Test Results

anav · November 11, 2024, 4:03pm

Agreed, best to seek advice prior to purchase, it should be on top of the MIKROTIK HOME PAGE.
DO NOT BUY< GO STRAIGHT TO FORUM FOR USEFUL INFORMATION< OUR WEBSITE SUCKS

rplant · November 12, 2024, 10:27pm

You do mention you have a gateway router.

So does this router do the firewalling from the internet that your network requires.

If so, the CRS354 may be ok. (Otherwise as @anav mentioned, a RB5009 in front might be good)

In switch settings, you can enable L3 HW Offload for the switch chip.

Then under switch rules you can add rules to isolate the vlans if required.
(I would use source and destination IP address ranges)
You will need to consider which physical ports the requests from each vlan can come in from.

Perhaps something like:

/interface ethernet switch rule

add comment=“.93.0/24 to .43.0/24 not allowed” dst-address=192.168.43.0/24
mac-protocol=ip new-dst-ports=“” ports=sfp-sfpplus1
src-address=192.168.93.0/24 switch=switch1
add comment=“.43.0/24 to .93.0/24 not allowed” dst-address=192.168.93.0/24
mac-protocol=ip new-dst-ports=“” ports=ether1 src-address=192.168.43.0/24
switch=switch1