I just migrated from a CCR1036, to a CCR2116, for the single cpu core performances and play with containers.
All is working good, except cpu usage is pretty high when I'm using a lot of bandwitdh. If I do a speedtest, I hit my 8gb/sec no problem, but single core usage is higher than with my CCR1036. Both have fast track activated and working.
Now, I noticed that fast track hw offloading is not working (counter "Fasttrack HW Offloaded" at O) on my 2116, even with "hw offload" ticked in the fasttrack rule.
I Believe it's because I can't use a bridge in my case ?
The 2116 setup is pretty simple :
ISP => Vlan Interface tagged 100 => physical interace (sfp+ 2) with a DHCP client <=> LAN on interface sfp+1 (after that it’s going to a CRS309 for the lan). HW L3 offloading enabled on the switch (and the physical port, I tried on/off, same behaviour).
But I read that, for hw offloading to act, I need everything on the same bridge ? But a wan must be outside of the bridge right… So, am I missing something, or it is what it is ?
Yes, HW offload only works on the single HW offloaded bridge. (Only one bridge can be HW offloaded, and all ports between which you want HW offloaded routing or fasttrack must be part of it.)
This implies that all such routing is inter-vlan, so you will have to rearrange your configuration to this setup if you want to take advantage of the offloading. This means a vlan-filtered bridge.
To be a bit more philosophical: your device is fairly powerful and it already handles everything you want, there really isn't much point in changing things. It has plenty of cpu available for other uses too.
For testing l3hw offloaded fasttracked connections you don’t even need l3-hw-offloading=yes on the ports. But for sure you don’t need it on the WAN port, so at least:
But what bridge ? i don’t have one, and afaik, wan and lan port should not be on the same bridge. So I don’t get how have a bridge with only the wan port, and the vlan interfacce attached to this bridge, will help ?
Well I won’t guide you on how to add a bridge with bridge vlan-filtering enabled and two vlans tagged on your sfp1. Not the point of this topic. But for your own piece of mind, set an IP on an used port so that you can use that port if you get locked out of the router by mistake.
Of course. What I meant was, vlan 7 and 24 are not the point, I don’t care about that performances wise. My main lan is not behind a vlan interface for now. If I do a bridge with my lan ports (i’ve done that in the past), what do I do with the wan port ? And I have to attach a vlan interface (100) somewhere for my isp to work. I don’t see attaching it to the bridge since it for lan… I said beforce, I believe you can’t have LAN ports and WAN ports on the same bridge. Is that wrong ? And there is the constraint that I need a dhcp client runing on the vlan 100 interface too.
Then we have a vlan interface attached to a physical interface (vlan 100 to the wan port sfp2), and it won’t work If I understand the doc :
“Since L3HW depends on L2HW, and L2HW is the one that does VLAN processing, Inter-VLAN hardware routing requires a hardware bridge underneath. Even if a particular VLAN has only one tagged port member, the latter must be a bridge member. Do not assign a VLAN interface directly on a switch port! Otherwise, L3HW offloading fails and the traffic will get processed by the CPU:
Assign the VLAN interface to the bridge instead. This way, VLAN configuration gets offloaded to the hardware, and, with L3HW enabled, the traffic is subject to inter-VLAN hardware routing.”
