CRS510-8XS-2XQ Network & CPU Issues

mjezierski · February 3, 2025, 7:58pm

Previous Thread concerning CRS518 Performance

ROS is 7.17.1

Have a network where I bring in trunk networks with up to 30 VLANs into a CRS520 switch. It is then distributed to CRS518 switches and those switches break the VLANs out for end user access.

The end users will use CRS510-8XS-2XQ as a router with a NAT for their local LAN.

When I run a large amount of traffic through the CRS510, such as iperf3, I am maxing out the CPU and getting at most 200 MBit, where I get gigabit upstream from the CRS510.

smitas3400 · February 3, 2025, 9:03pm

CRS510-8XS-2XQ is not i rauter dont used it for nat

smitas3400 · February 3, 2025, 9:08pm

I have 20 vlan and passing around 20-30gbs wihoud isuses cpu sits around 10proc, cpu is used only for manigment purpuses, if u see cpu large cpu usage u dont using hardware offload

mjezierski · February 4, 2025, 7:19pm

I am using hardware offload on all of the CRS switches. That helped some but not enough.

I removed the firewall rules and no change. I removed the NAT configuration on the CRS510, and the CPU utilization went way down.

I attached two RB4011’s (ROS 6.49.13) using the SFP+ ports to the CRS510 and did the built in bandwidth test between the two and saw 3 Gigabit between the two, just limited by the RB4011 CPU. Bugger.

Now to explain this to a boss who bought all this looking at “Cloud Router Switch” and “Router OS” claiming it would function as a high end router as well as a switch (not on my recommendation this was on his own).

chechito · February 4, 2025, 8:18pm

is a plague, some form of overgeneralizing around network solutions leading to this kind of consequences
That being said
CRS510-8XS-2XQ-IN switching ASIC supports fast-track connection offloading, properly configured that can help to mitigate the limited CPU processing up to a point, especially if serving a small number of users

L3 Hardware Offloading

be aware of limitations: only up to 4.000 connections can be hardware offloaded

is not a substitute to a real router but in this case can help a little to improve up to certain point the situation**:**

Relying on Fasttrack HW Offloading too much
Since Fasttrack HW Offloading offers near-the-wire-speed performance at zero configuration overhead, the users are tempted to use it as the default solution. However, the number of HW Fasttrack connections is very limited, leaving the other traffic for the CPU. Try using the hardware routing as much as possible, reduce the CPU traffic to the minimum via switch ACL rules, and then fine-tune which Fasttrack connections to offload with firewall filter rules.

also be aware configuring L3 hw offload with fastrack connection offloading can be tricky especially the first time, so be prepared to make the due diligence reading the documentation and making several attemps and testing before you can make it work