separate trunks CSS610 <-> RB3011 weirdness

leopardus2 · January 12, 2021, 8:49pm

I have found that for some unknown reason, bonding between my CSS610 and my RB3011 will cut the upload band in half or worse.
Since I am a bit tired of troubleshooting CSS610 bugs I decided to replace bonding with per-VLAN trunks, i.e. I decided to set up
two separate 1G trunks, in one trunk I am sending VLAN 88 and VLAN 166 and in the other trunk VLAN7.

To my dismay, this very simple configuration doesn’t work properly: there is no ingress traffic in VLAN7, while the other trunk works just fine.
I am suspecting yet another CSS610 bug… below the relevant RB3011 config, the CSS610 has the two ports in trunk mode (default).
Please note that a separate all-vlan trunk, on ether7, works just fine…

# model = RB3011UiAS
# serial number = B8950C9801E6
/interface bridge
add admin-mac=48:8F:5A:8A:27:66 auto-mac=no name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="do not enable, MAC stolen for bridge use" disabled=yes
/interface vlan
add interface=bridge1 name=VLAN7 vlan-id=7
add interface=bridge1 name=VLAN88 vlan-id=88
add interface=bridge1 name=VLAN166 vlan-id=166
/interface list
add name=WAN
add name=LAN
add name=VPN
/ip vrf
add list=all name=main
/port
set 1 name=usb2
/routing table
add fib name=vpn
/interface bridge port
add bridge=bridge1 interface=ether2 pvid=166
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether8
/ip neighbor discovery-settings
set discover-interface-list=none
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether5,ether7 untagged=ether2 vlan-ids=166
add bridge=bridge1 tagged=bridge1,ether7,ether5 vlan-ids=88
add bridge=bridge1 tagged=bridge1,ether7,ether8 vlan-ids=7
/interface list member
add list=WAN
add comment=defconf interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add list=VPN
add list=LAN
add list=LAN
add interface=VLAN166 list=LAN
add interface=VLAN7 list=LAN
add interface=VLAN88 list=LAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.1.5/24 interface=ether1 network=192.168.1.0
add address=192.168.69.253/24 interface=wireguard1 network=192.168.69.0
add address=192.168.166.254/24 interface=VLAN166 network=192.168.166.0
add address=192.168.7.254/24 interface=VLAN7 network=192.168.7.0
add address=192.168.88.254/24 interface=VLAN88 network=192.168.88.0
/ip dns
set servers=8.8.8.8

sindy · January 12, 2021, 9:11pm

At the CSS610, is VLAN 7 also permitted only on the trunk port connected to ether8 of the 3011, and VLANs 88 and 166 only on the trunk port connected to ether5 of the 3011?

Is the ether7 of the 3011 connected to the CSS610 or somewhere else?

sindy · January 12, 2021, 9:18pm

Actually I spoke too fast, the explanation is at the CSS610 manual page:

The main differences compared to CSS3xx series switches are:

unsupported Independent VLAN Learning;

So the switch uses MAC addresses alone to populate the “MAC to port” mapping table, ignoring the VLAN IDs. Hence it is not able to send frames to the MAC address of the 3011 via different ports depending on VLAN ID. So it learns the MAC of the 3011 to be accessible via the 88+166 port, and then sends also frames with VID 7 through there, and the 3011 drops them as VLAN 7 is not allowed on that port at its end.

leopardus2 · January 12, 2021, 9:30pm

correct. I wanted to have two separate physical paths for the two vlan groups…

leopardus2 · January 12, 2021, 9:31pm

This is very unfortunate…

leopardus2 · January 13, 2021, 11:22am

OK, so this thing called “SWOS lite” is ridiculous. A great switch with a terrible OS.
I will be replacing the CSS610 with an RB4011 and will retry the bonding thing with a “real” OS.

sindy · January 13, 2021, 11:48am

I’m not sure its a SWOS limitation as it doesn’t exist on CRS3xx, and as the independent VLAN learning needs to be supported by the switch chip itself. So I guess it’s rather the target price tag (a 10 Gbit/s switch for less than $100) which has led to choice of a switch chip lacking that capability.

leopardus2 · January 13, 2021, 12:06pm

it does not run SWOS. it runs “SWOS lite”. I am not sure if the limitation is in hardware but seems quite a serious one for a switch considering
that for $40 more you get a full-fledged CSS326 with more ports and more pps

leopardus2 · January 14, 2021, 11:18pm

I have replaced the CSS610 with an RB4011 and the bonding now behaves properly, and speed is proper.
I think the CSS610 is a flawed product and recommend to stay away from it for the time being.