I am trying to mangle packets (for later proecessing in queue) on a CRS112-8P04S . All ports are bridged with “Use-IP-Firewall” and “Allow Fastpath” enabled.
It appears the packets are not processed by the mangling logic.
The only way I succeeded to mangle was after I disabled the "Hardware Offload"on the bridge port. This killed perforrmance by nearly a factor of 10.
The set up works fine on a simple hEx router. I must be missing something.
Could someone shed light on this please?
I am testing on a very based configuration. test3a.rsc (1.35 KB)
That is correct…
You need to enable the IP firewall in the Bridge Settings and disable hardware offload…
Sure the performance will not be good… CRS112 is a switch…
If you need to process packets, apply queues etc. you should get a Router… https://mikrotik.com/products/group/ethernet-routers
Thank you for your quick reply. It is clear.
I looked at the QOS using the switch chip, but I don’t see immediately how I can use that to prioritise traffic to a few IP addresses.
I was planning to replace an existing Ubiquiti EdgeSwitch by the CRS112 - I provides power to a number of radios using POE.
Instead it seems better to put a hEx in tandem with that switch with the sole purpose to regulate the traffic.
I intend to measure some performance first in a lab setup and post the results here.
I’ve done a few measurements with the CRS112 and the hEx in a lab setting. See diagram below.
The ports of the Mikrotik were connected via a bridge and iperf3 measurements were run between two PowerEdge systems.
Without any mangling or queues both the CRS112 and hEx indicated about 940 Mbps.
With hardware offload disabled the CRS112 dropped to about 25 Mbps.
With only mangling active the hEx indicated 590 Mbps.
When queues were activated as well I measured about 400 Mbps.
