CRS518-16XS-2XQ - pure VLAN switch with very high cpu usage

cos · August 10, 2023, 9:05am

Dear All,
we have a brand new CRS518-16XS-2XQ at the moment connected to other 14 server and switches using only sfp28 ports. The traffic is very low in these days but the cpu on the switch is very high (usually over 70-80%). All interfaces are “Native VLAN” configured (no trunking, only untagged traffic on the interfaces).
We tried to setup the device properly to work only with the integrated switch (Marvell 98DX8525), trying not to use the main CPU. But, as we are not very experienced MikroTik administrators, the doubt is that we have mistaken something in the configuration.
I just ask your help to check this (simple, IMO) config. I report the output of the “export” command.

# 2023-08-10 10:38:48 by RouterOS 7.10.2
# software id = **ELIDED**
# model = CRS518-16XS-2XQ

/interface bridge
add admin-mac=48:A9:8A:XX:XX:XX auto-mac=no comment=defconf name=bridge protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp28-1 ] auto-negotiation=no speed=1Gbps
set [ find default-name=sfp28-2 ] auto-negotiation=no speed=1Gbps
set [ find default-name=sfp28-14 ] disabled=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=qsfp28-1-1
add bridge=bridge comment=defconf interface=qsfp28-1-2
add bridge=bridge comment=defconf interface=qsfp28-1-3
add bridge=bridge comment=defconf interface=qsfp28-1-4
add bridge=bridge comment=defconf interface=qsfp28-2-1
add bridge=bridge comment=defconf interface=qsfp28-2-2
add bridge=bridge comment=defconf interface=qsfp28-2-3
add bridge=bridge comment=defconf interface=qsfp28-2-4
add bridge=bridge comment=defconf interface=sfp28-1 pvid=2
add bridge=bridge comment=defconf interface=sfp28-2
add bridge=bridge comment=defconf interface=sfp28-3 pvid=2
add bridge=bridge comment=defconf interface=sfp28-4
add bridge=bridge comment=defconf interface=sfp28-5 pvid=2
add bridge=bridge comment=defconf interface=sfp28-6
add bridge=bridge comment=defconf interface=sfp28-7 pvid=2
add bridge=bridge comment=defconf interface=sfp28-8
add bridge=bridge comment=defconf interface=sfp28-9 pvid=2
add bridge=bridge comment=defconf interface=sfp28-10
add bridge=bridge comment=defconf interface=sfp28-11
add bridge=bridge comment=defconf interface=sfp28-12
add bridge=bridge comment=defconf interface=sfp28-13
add bridge=bridge comment=defconf interface=sfp28-14
add bridge=bridge comment=defconf interface=sfp28-15
add bridge=bridge comment=defconf interface=sfp28-16
/interface bridge vlan
add bridge=bridge comment=LAN untagged=sfp28-2,sfp28-4,sfp28-6,sfp28-8,sfp28-10,sfp28-11,sfp28-12,sfp28-13,sfp28-14,sfp28-15,sfp28-16 vlan-ids=1
add bridge=bridge comment=ESX untagged=sfp28-1,sfp28-3,sfp28-5,sfp28-7,sfp28-9 vlan-ids=2
/ip address
add address=192.168.XX.YY/24 comment=defconf interface=bridge network=192.168.XX.0
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Rome
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.xx.zz
add address=ntp.pool.org
/system routerboard settings
set enter-setup-on=delete-key

Do you see something wrong?

Thanks a lot for your help.

erlinden · August 10, 2023, 9:55am

Though I’m not the most experienced VLAN user, I do know that it is best practice not to use VLAN id 1. You might want to change that (i.e. to 10 and the other id to 20) and see if that helps.

Furthermore, though you might already have found it, herewith the documentation:
https://help.mikrotik.com/docs/display/ROS/CRS3xx%2C+CRS5xx%2C+CCR2116%2C+CCR2216+VLANs+with+Bonds

After some additional reading:

All interfaces can be added to the brdige port with a pvid. Then there is no necessity to configure untagged ports (which will be added by setting the pvid). Something like underneath (but haven’t tested it!).

/interface bridge port
add bridge=bridge comment=defconf interface=qsfp28-1-1 pvid=10
add bridge=bridge comment=defconf interface=qsfp28-1-2 pvid=10
add bridge=bridge comment=defconf interface=qsfp28-1-3 pvid=10
add bridge=bridge comment=defconf interface=qsfp28-1-4 pvid=10
add bridge=bridge comment=defconf interface=qsfp28-2-1 pvid=10
add bridge=bridge comment=defconf interface=qsfp28-2-2 pvid=10
add bridge=bridge comment=defconf interface=qsfp28-2-3 pvid=10
add bridge=bridge comment=defconf interface=qsfp28-2-4 pvid=10
add bridge=bridge comment=defconf interface=sfp28-1 pvid=20
add bridge=bridge comment=defconf interface=sfp28-2 pvid=10
add bridge=bridge comment=defconf interface=sfp28-3 pvid=20
add bridge=bridge comment=defconf interface=sfp28-4 pvid=10
add bridge=bridge comment=defconf interface=sfp28-5 pvid=20
add bridge=bridge comment=defconf interface=sfp28-6 pvid=10
add bridge=bridge comment=defconf interface=sfp28-7 pvid=20
add bridge=bridge comment=defconf interface=sfp28-8 pvid=10
add bridge=bridge comment=defconf interface=sfp28-9 pvid=20
add bridge=bridge comment=defconf interface=sfp28-10 pvid=10
add bridge=bridge comment=defconf interface=sfp28-11 pvid=10
add bridge=bridge comment=defconf interface=sfp28-12 pvid=10
add bridge=bridge comment=defconf interface=sfp28-13 pvid=10
add bridge=bridge comment=defconf interface=sfp28-14 pvid=10
add bridge=bridge comment=defconf interface=sfp28-15 pvid=10
add bridge=bridge comment=defconf interface=sfp28-16 pvid=10
/interface bridge vlan
add bridge=bridge comment=LAN vlan-ids=10
add bridge=bridge comment=ESX vlan-ids=20
/ip address
add address=192.168.XX.YY/24 comment=defconf interface=LAN network=192.168.XX.0

loloski · August 10, 2023, 10:54am

Please turn on RSTP unless you have a valid reason to turn it off and also turn on auto neg on interface as much as possible
for those untagged/access port ensure you have frame-types=admit-only-untagged-and-priority-tagged

Please export the whole configuration and attach it here so that other people can help you and chime in

/export file=config hide-sensitive

cos · August 11, 2023, 7:02am

Hi! First of all, thanks for your replies.
@erlinden thanks for your suggestions; I’ve readed the documentation. I will simplify furthermore my configuration (without “untagged” config, using only PVID, but I I thought it was needed)

@loloski, thanks!

Unfortunately I can not enable RSTP; again I cannot enable auto negotiation because on the other side we have a switch with supports our SFP modules only without autoneg;
Thanks for the suggestion about admit only untagged frames.

My previously posted configuration is complete.

At the end I’m starting to think that the problem could be bounded to this change that is currently in testing in ROS release 7.11rc3

*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)

What do you think about it?

cos · August 18, 2023, 6:40am

Hi!
I have installed two days ago the 7.11 version of RouterOS (issued on august 15th) and the CPU went down to 5-6%. So this solved my problem.
Thankyou again for your suggestions, they helped me to better understand ROS.
Bye