CRS510-8XS-2XQ-IN High CPU Netwoking process

RouterOS General
1

Hello all,

I am in the middle of migrating my Cisco 10G Network to a Mikrotik 100 G. Actually I got less than a 3.5G of network traffic, 2 OSPF neigborhs (IPv4 / IPv4) and some SVI on the switch. Routing table has about 436 routes.
Yesterday night, I tried to replace the Cisco Layer 3 Switch to CRS510-8XS-2XQ-IN, but immediately the CPU went up to 100%. I check and the networking process was consuming entre 55 and 60% of the CPU.

Do you have any clue how to optimized the CPU consumption in my environment.

Regards,

Alejandro.

2

CRS devices are essentially switches … as in L2 devices. Yes, running ROS on them does add L3 (routing), but without careful configuration those functions will be done by (slow) CPU.

But: there’s L3HW offload and it might work for you. Further reading: https://help.mikrotik.com/docs/spaces/ROS/pages/62390319/L3+Hardware+Offloading

3

Hello mkx,

I tried activating the L3HW using the following commands:

Switch Configuration
/interface/ethernet/switch set 0 l3-hw-offloading=yes
Switch Port Configuration
/interface/ethernet/switch/port set sfp-sfpplus1 l3-hw-offloading=yes

But it didn’t have a positive impact on the cpu uitilization.

4

You have to enable it on all ports that are participating in routing.

Likewise, if you’re using IP addresses on VLAN interfaces, all ports with VLANs need to be a part of the bridge, with all VLANs with IP’s tagged to the bridge, along with any ports that need the traffic.

5

Hello sirbryan,
Exactly I enabled the L3HW over all active ports ( just only 4 ports). And the SVI and bridge config it’s exactly as you describe it.

Regards,

6

Are the MTU’s on all the interfaces the same.
The switch might fragment packets in software.
My CRS305 does that…

7

any Firewall rules or VRF configured?

8

Hello rplant.
The mtu values as default, do you suggest any other value?
Regards,

9

Hello jookraw,

No filter rules configured.

I thought that the switch would be able to handle my traffic but seems like not.

10

Post your config (sanitized) and one of us can possibly point to what’s happening.

11

Perhaps try the following commands to see if L3 offload is not present somewhere.
With 400+ routes, you might want to write it to a file, so you can examine it in a text editor or similar.

/ip route
print [file=somefilename]

Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, o - OSPF, d - DHCP; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
     DST-ADDRESS       GATEWAY                DISTANCE
DAdH 0.0.0.0/0         192.168.95.1                  1
DAcH 192.168.40.0/24   ether1                        0
DAc  192.168.41.0/24   vlan41                        0
DAcH 192.168.42.0/24   vlan42                        0

Doc mentions that larger prefixes (eg /32) are preferred by HW engine, so I assume this might mean that
0.0.0.0/0 might be the first to fall out of HW offload if too many routes.
(In this case vlan41 has no devices attached)

/interface/ethernet/switch/
print [file=…]

Columns: NAME, TYPE, L3-HW-OFFLOADING, QOS-HW-OFFLOADING
# NAME     TYPE              L3-HW-OFFLOADING  QOS-HW-OFFLOADING
0 switch1  Marvell-98DX3236  yes               yes

/interface/ethernet/switch port
print [file=…]

Columns: NAME, SWITCH, L3-HW-OFFLOADING, STORM-RATE
# NAME          SWITCH   L3-HW-OFFLOADING  STORM-RATE
0 ether1        switch1  yes                      100
1 sfp-sfpplus1  switch1  yes                      100
2 sfp-sfpplus2  switch1  yes                      100
3 sfp-sfpplus3  switch1  yes                      100
4 sfp-sfpplus4  switch1  yes                      100
5 switch1-cpu   switch1

You could put a passthrough firewall rule in the raw table and see if it is counting a lot.

12

One other thought

If you have an interface that is not part of the bridge, but has an IP address on it, it will route using hw offload.
However if you have a vlan on this interface with an IP address on it, the vlan will use the CPU.