Problem with slow DHCP after migrating to Mikrotik switches

RouterOS General
1

Hi,

I’m trying to figure out what is going on.
After migrating whole network infrastructure to Mikrotik switches (CRS354 & CRS326) I am observing extremely slow DHCP performance.
It takes over 30-40 seconds to obtain an address - so long, that computers often initially report “no internet connection is available” and get the APIPA address (169.254.0.0/16) just to finally get the desired LAN address few seconds later.

The network itself works perfectly - pings between any nodes are minimal, transfer rates are going near GbE capabilities, even internet transfers are very high (three network operators, each one about 600-700 Mbps).

I was observing it in the simulated environment, when I connected new infrastructure to original - LANs and WANs connected to edge switch. Getting IP address from DHCP always took ages comparing to situation when I connected the device directly to any of the original LANs. I assumed that it might have been caused by some STP protocols on other switches (it was a mixed environment, mostly Netgear switches, some TPLinks, some HPs) but unfortunately after removing everything else there are no improvements.

I don’t think it is the issue of DHCP server(s), after connecting directly to routers (some LANs are handled by Stormshield, some by Mikrotik router) DHCP works as charm. The network holds 6 LANs, all are well separated physically and with VLANs. Of course all connectivity between Mikrotik switches (4 CRS354 and 2 CRS326) goes via trunk SFP or QSFP links (each link contains only VLANs required in the network that is needed in specific location). No loops are created, all switches are set to MSTP protocol, I have checked LANs with sniffing to ensure that there are no leaks between LANs.

No DHCP snooping option is set on any of the switches - but I don’t think that it would make any change (or maybe I am wrong?). No rogue DHCP servers are present (as observed and sniffed) - and even if there were any it is very unlikely to have them in all six LANs.

Any idea what might be wrong? Where should I start? The only thing I didn’t check yet was sniffing exact DHCP procedure just at the DHCP server and behind first Mikrotik router - but after working on site for 19 hours while reconfiguring the network, replacing patchcords and checking if everything works as planned I wasn’t able to spend there any more time :zany_face:

What would you do to determine the source of problem?

Greetings and Happy Easter to Everyone! :heart:

2

Of course not!
The problem seems to be not having a concrete plan and understanding of the requirements before implementing
No idea of your topology, network diagram not provided. ( gives us a visual feel for the plan )
No clue as to where internet comes from, which device is routing etc etc…
Finally no configs… (which one can derive traffic requirements but better stated up front as clear statements)

3

Of course I’m providing the diagram. Just wanted to know whether there is some typical thing that I should have checked first.

Quite a wide network, yet simple. Internet comes from three ISPs and is handled by two routers, Stormshield and RB3011. These will be replaced in following step by single RB1100AHX4 and it will change things a bit.

The diagram slightly differs from current config - some ports assignments are different in few places, but it doesn’t matter here.

The diagram:

And here is the config of the edge switch (SWITCH354-1):

# model = CRS354-48G-4S+2Q+
# serial number = HF209CSJ9S2
/interface bridge
add comment=defconf name=switch354-1 protocol-mode=mstp vlan-filtering=yes
/interface vlan
add interface=switch354-1 name=management vlan-id=251
add interface=switch354-1 name=park vlan-id=102
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=switch354-1 comment="LAN Park" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether1 pvid=102
add bridge=switch354-1 comment="LAN Kosiba" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether2 pvid=106
add bridge=switch354-1 comment="ZSZ VIP" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether3 pvid=108
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether4 pvid=109
add bridge=switch354-1 comment=External frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether5 pvid=118
add bridge=switch354-1 comment=Bistro frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether6 pvid=119
add bridge=switch354-1 comment="WAN FIBERLINK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether7 pvid=111
add bridge=switch354-1 comment="WAN Fiberway" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether8 pvid=112
add bridge=switch354-1 comment="WAN FIBERLINK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether9 pvid=111
add bridge=switch354-1 comment="WAN Fiberway" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether10 pvid=112
add bridge=switch354-1 comment="WAN FIBERLINK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether11 pvid=111
add bridge=switch354-1 comment="WAN Fiberway" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether12 pvid=112
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether13 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether14 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether15 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether16 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether17 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether18 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether19 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether20 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether21 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether22 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether23 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether24 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether25 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether26 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether27 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether28 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether29 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether30 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether31 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether32 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether33 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether34 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether35 pvid=109
add bridge=switch354-1 comment="ZSZ INF" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether36 pvid=109
add bridge=switch354-1 comment="WAN FIBERLINK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether37 pvid=111
add bridge=switch354-1 comment="WAN Fiberway" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether38 pvid=112
add bridge=switch354-1 comment="WAN FIBERLINK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether39 pvid=111
add bridge=switch354-1 comment="WAN Fiberway" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether40 pvid=112
add bridge=switch354-1 comment="LAN PARK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether41 pvid=102
add bridge=switch354-1 comment="LAN PARK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether42 pvid=102
add bridge=switch354-1 comment="LAN PARK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether43 pvid=102
add bridge=switch354-1 comment="LAN PARK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether44 pvid=102
add bridge=switch354-1 comment="LAN PARK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether45 pvid=102
add bridge=switch354-1 comment="LAN PARK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether46 pvid=102
add bridge=switch354-1 comment="LAN PARK" frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether47 pvid=102
add bridge=switch354-1 comment="TEST VLANS" frame-types=\
    admit-only-vlan-tagged interface=ether48
add bridge=switch354-1 comment=defconf interface=ether49 pvid=251
add bridge=switch354-1 comment=defconf interface=qsfpplus1-1
add bridge=switch354-1 comment=defconf interface=qsfpplus1-2
add bridge=switch354-1 comment=defconf interface=qsfpplus1-3
add bridge=switch354-1 comment=defconf interface=qsfpplus1-4
add bridge=switch354-1 comment=defconf interface=qsfpplus2-1
add bridge=switch354-1 comment=defconf interface=qsfpplus2-2
add bridge=switch354-1 comment=defconf interface=qsfpplus2-3
add bridge=switch354-1 comment=defconf interface=qsfpplus2-4
add bridge=switch354-1 comment=defconf interface=sfp-sfpplus1
add bridge=switch354-1 comment=defconf interface=sfp-sfpplus2
add bridge=switch354-1 comment=defconf interface=sfp-sfpplus3
add bridge=switch354-1 comment=defconf interface=sfp-sfpplus4
/interface bridge vlan
add bridge=switch354-1 comment="LAN Park" tagged="ether48,switch354-1,sfp-sfpp\
    lus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,qsfpplus1-1" untagged=\
    ether1,ether41,ether42,ether43,ether44,ether45,ether46,ether47 vlan-ids=\
    102
add bridge=switch354-1 comment="LAN Kosiba" tagged=\
    ether48,sfp-sfpplus1,sfp-sfpplus3,sfp-sfpplus4,qsfpplus1-1 untagged=\
    ether2 vlan-ids=106
add bridge=switch354-1 comment="LAN ZSZ VIP" tagged=\
    ether48,sfp-sfpplus1,qsfpplus1-1 untagged=ether3 vlan-ids=108
add bridge=switch354-1 comment="LAN ZSZ INF" tagged=\
    ether48,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,qsfpplus1-1 \
    untagged="ether4,ether13,ether14,ether15,ether16,ether17,ether18,ether19,e\
    ther20,ether21,ether22,ether23,ether24,ether25,ether26,ether27,ether28,eth\
    er29,ether30,ether31,ether32,ether33,ether34,ether35,ether36" vlan-ids=\
    109
add bridge=switch354-1 comment="LAN External" tagged=\
    ether48,sfp-sfpplus2,qsfpplus1-1 untagged=ether5 vlan-ids=118
add bridge=switch354-1 comment="LAN Bistro" tagged=\
    ether48,sfp-sfpplus3,qsfpplus1-1 untagged=ether6 vlan-ids=119
add bridge=switch354-1 comment="WAN FIBERLINK" tagged=\
    sfp-sfpplus1,qsfpplus1-1,ether48 untagged=\
    ether7,ether9,ether11,ether37,ether39 vlan-ids=111
add bridge=switch354-1 comment="WAN Fiberway" tagged=\
    sfp-sfpplus2,qsfpplus1-1,ether48 untagged=\
    ether8,ether10,ether12,ether38,ether40 vlan-ids=112
add bridge=switch354-1 comment=Management tagged=\
    switch354-1,sfp-sfpplus1,qsfpplus1-1 untagged=ether49 vlan-ids=251
/ip address
add address=192.168.251.1/24 comment=defconf interface=management network=\
    192.168.251.0
add address=10.0.2.11/24 interface=park network=10.0.2.0
/system identity
set name=Switch354-1
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os enter-setup-on=delete-key