Direction mismatch in ingress/egress traffic rate limiting?

mutluit · May 18, 2020, 7:58am

Our WAN link is 1000/50 Mbps. For testing purposes I have limited the ingress and egress rates for interface ether9 on a CRS326 switch with RouterOS 7.0beta5, i.e.:

/interface ethernet switch port print
Columns: NAME, SWITCH, INGRESS-RATE, EGRESS-RATE, STORM-RATE

NAME SWITCH INGRESS- EGRESS- STO

0 ether1 switch1 100
1 ether2 switch1 100
2 ether3 switch1 100
3 ether4 switch1 100
4 ether5 switch1 100
5 ether6 switch1 100
6 ether7 switch1 100
7 ether8 switch1 100
8 ether9 switch1 20.0Mbps 2.0Mbps 100
...

>

Then on the PC attached to ether9 I performed a traffic test to our own traffic server in WAN:

> ```text
$ iperf -e -c $SERVER_IN_WAN -p 8459 -P 3 -t 60
------------------------------------------------------------
Client connecting to XXXXXX, TCP port 8459 with pid 4643
Write buffer size:  128 KByte
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[  4] local 192.168.30.1 port 56928 connected with 195.X.X.X port 8459 (ct=42.18 ms)
[  5] local 192.168.30.1 port 56930 connected with 195.X.X.X port 8459 (ct=45.10 ms)
[  3] local 192.168.30.1 port 56926 connected with 195.X.X.X port 8459 (ct=35.95 ms)
[ ID] Interval        Transfer    Bandwidth       Write/Err  Rtry     Cwnd/RTT        NetPwr
[  4] 0.00-60.05 sec  36.2 MBytes  5.06 Mbits/sec  290/0          3       -1K/18726 us  33.80
[  5] 0.00-60.05 sec  39.2 MBytes  5.48 Mbits/sec  314/0          3       -1K/9534 us  71.89
[  3] 0.00-60.22 sec  37.9 MBytes  5.28 Mbits/sec  303/0         10       -1K/6359 us  103.71
[SUM] 0.00-60.22 sec   113 MBytes  15.8 Mbits/sec  907/0        16

Question:
IMO it is the iperf client that sends data to the iperf server,
ie. in this case the egress traffic should be rate-limited at 2Mbps.
But as the iperf throughput numbers indicate, it rather seems that the ingress traffic gets rate-limited at the defined 20Mbps.

Has someone an explanation for this IMO illogical behavior or discrepancy in the direction?

Or does perhaps MikroTik view/define "ingress" and "egress" from a different point of view?
Or have they possibly interchanged/mixed-up these two directions internally in the RouterOS software?

bpwl · May 18, 2020, 8:38pm

Direction mismatch in ingress/egress traffic rate limiting?

Our WAN link is 1000/50 Mbps. For testing purposes I have limited the ingress and egress rates for interface ether9 on a CRS326 switch with RouterOS 7.0beta5, i.e.:

8 ether9 switch1 20.0Mbps 2.0Mbps 100
…

Then on the PC attached to ether9 I performed a traffic test to our own traffic server in WAN:

Question:
IMO it is the iperf client that sends data to the iperf server,
ie. in this case the egress traffic should be rate-limited at 2Mbps.
But as the iperf throughput numbers indicate, it rather seems that the ingress traffic gets rate-limited at the defined 20Mbps.

Has someone an explanation for this IMO illogical behavior or discrepancy in the direction?

Or does perhaps MikroTik view/define “ingress” and “egress” from a different point of view?
Or have they possibly interchanged/mixed-up these two directions internally in the RouterOS software?

To my knowledge, for a switch , ingress is incoming in that device , egress is outgoing for that device.
So for the Mikrotik data coming from the PC or coming from the server is ingress. Data going to the PC or going to the server is egress
I don’t assume iperf is running on the router/switch.

A switch has no knowledge of the higher level network, such as internet versus internal network, where ingress/egress is defined differently.

Everything is relative, that’s why a mirror in front of you is not changing left and right, but front and back.

https://community.cisco.com/t5/switching/what-is-ingress-and-egress-port/td-p/916293