I have a RB4011iGS+ that has been configured with VLANs. On ports 1, 2, and 3 of the router, I have connected three switches with trunking enabled for all VLANs. On ports 4 and 5, there is a bond, and two switches are connected in an active/passive setup.
Although everything seems to be working fine with full speed (1Gbps), I have noticed that the speed drops to around 200Mbps when transferring data from one VLAN to another. I have already checked for any rules that could be limiting traffic and have fasttrack rule set in the first place.
However, when checking the resources being used, I have noticed that one CPU core is at 100%, and the “networking” process is using most of it. Can you suggest a solution to speed up inter-VLAN routing?
Make sure most of the traffic going from one VLAN to another is passing the same switch (since there are 2). You might want to consider reshuffling some of the ether ports to accomplish this.
Each time you cross the switch boundaries going from one to the other, it’s the CPU doing all the heavy lifting (and it’s not as good at it as a switch chip).
That should be the main reason why you see such slowdowns.
What ROS version are you using ?
Since ROS7 support has been added for RTL8367 HW offloading for VLAN filtering.
My understanding of inter-vlan (between vlans) means that it is going to be routed. And that’s only done by the CPU on the RB4011. So no matter if the vlans are hardware offloaded on not, it won’t make much difference to performance.
How do you have two switches connected to port 4 and 5 (if 4 and 5 are bonded)?
If you have traffic on the same vlan between two ports of a single switch, that traffic will never leave the switch to the RB4011. If you have traffic on the same vlan but between two devices that are attached to the switches connected to port 1 and 2, then the bridge will be used, but if you are using a recent version of v7, vlan-filtering should be offloaded to the RTL83677 switch ASIC, and shouldn’t involve the CPU.
If two or more ports are on same VLAN make a very big difference between the devices on same VLAN if the VLAN are directly on bridge (also v6 use hardware) or are CPU VLANs and then bridged toghether…
Bridge HW vlan-filtering was added in the RouterOS 7.1rc1 (for RTL8367) and 7.1rc5 (for MT7621) versions. The switch does not support other ether-type 0x88a8 or 0x9100 (only 0x8100 is supported) and no tag-stacking. Using these features will disable HW offload.
Guys, I’m sorry to interrupt your debate, but can you pull your heads out of VLAN HW offload bucket … OP is asking about routing speed (I’ve highlited it in following quote):
(which is done entirely by CPU on RB4011).
@OP: it’s impossible to say what might be the reason for slow routing speed between different VLANs without you showing configuration export. Also describe the traffic scenario (which shows slow routing) in more details.
No debate, just fact.
Regardles HW accelleration or not, CPU VLANs between SAME VLAN are slower than bridge VLANs between SAME VLAN, that’s what i’m trying to convey,
I don’t know how the user configured the device.