VLAN - CRS112 - Slow

dima1002 · January 3, 2023, 12:52pm

Hello,

my switch is very slow. CPU is always at 70-100% why?

# jan/02/1970 00:40:44 by RouterOS 7.6
# software id = X7HI-QAK7
#
# model = CRS112-8P-4S
# serial number = HBB07S30KDM
/interface bridge
add name=BRIDGE protocol-mode=none
/interface vlan
add comment=MGT interface=BRIDGE name=VLAN_99 vlan-id=99
add comment=COMPANY interface=BRIDGE name=VLAN_100 vlan-id=100
add comment=GUEST interface=BRIDGE name=VLAN_200 vlan-id=200
add comment=DMZ interface=BRIDGE name=VLAN_300 vlan-id=300
add comment=HOTSPOT interface=BRIDGE name=VLAN_400 vlan-id=400
add comment=PRIVAT interface=BRIDGE name=VLAN_500 vlan-id=500
add comment=LTE interface=BRIDGE name=VLAN_600 vlan-id=600
add comment=BACKUP1 interface=BRIDGE name=VLAN_700 vlan-id=700
add comment=BACKUP2 interface=BRIDGE name=VLAN_800 vlan-id=800
add comment=BACKUP3 interface=BRIDGE name=VLAN_900 vlan-id=900
add comment=IOT1 interface=BRIDGE name=VLAN_1000 vlan-id=1000
add comment=IOT2 interface=BRIDGE name=VLAN_1100 vlan-id=1100
add comment=IOT3 interface=BRIDGE name=VLAN_1200 vlan-id=1200
add comment=IOT4 interface=BRIDGE name=VLAN_1300 vlan-id=1300
add comment=HOTSPOT01 interface=BRIDGE name=VLAN_1400 vlan-id=1400
add comment=HOTSPOT02 interface=BRIDGE name=VLAN_1500 vlan-id=1500
add comment=HOTSPOT03 interface=BRIDGE name=VLAN_1600 vlan-id=1600
add comment=HOTSPOT04 interface=BRIDGE name=VLAN_1700 vlan-id=1700
add comment=HOTSPOT05 interface=BRIDGE name=VLAN_1800 vlan-id=1800
add comment=HOTSPOT06 interface=BRIDGE name=VLAN_1900 vlan-id=1900
add comment=HOTSPOT07 interface=BRIDGE name=VLAN_2000 vlan-id=2000
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=BRIDGE interface=ether1
add bridge=BRIDGE interface=ether2
add bridge=BRIDGE interface=ether3
add bridge=BRIDGE interface=ether4
add bridge=BRIDGE interface=ether5
add bridge=BRIDGE interface=ether6
add bridge=BRIDGE interface=ether7
add bridge=BRIDGE interface=ether8
add bridge=BRIDGE interface=sfp9
add bridge=BRIDGE interface=sfp10
add bridge=BRIDGE interface=sfp11
add bridge=BRIDGE interface=sfp12
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=99
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=100
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=200
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=300
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=400
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=500
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=600
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=700
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=800
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=900
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1000
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1100
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1200
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1300
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1400
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1500
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1600
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1700
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1800
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1900
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=2000
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=100 ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7
/interface ethernet switch vlan
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=99
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=100
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=200
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=300
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=400
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=500
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=600
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=700
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=800
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=900
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1000
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1100
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1200
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1300
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1400
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1500
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1600
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1700
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1800
/ip dhcp-client
add interface=VLAN_99
/system identity
set name=TEST
/tool romon
set enabled=yes

SPKA16 · January 6, 2023, 8:14pm

Yes the CRS1xx are special ones with switchchips which need more loving in the /switch menu. We use them only for simple desktop switch with normal birdge config with hw=no. CPU is not a bottleneck for our use but I can imagine it will be with so many vlans and high load of them.

https://help.mikrotik.com/docs/pages/viewpage.action?pageId=103841836#CRS1xx/2xxseriesswitchesexamples-Example1(TrunkandAccessports)
I dont have one to test with but according to that help page you seem to be doing it correct but you are simply missing hw=yes on all ports on the all bridge ports?

dima1002 · January 12, 2023, 2:46pm

HW is on for all ports. The script was wrong there.
Yes, then I also think that it may be the many VLANs.
It’s really a pity, although hardly any data is flowing, the CPU is always at 40-60%
Thanks for the analysis

mkx · January 12, 2023, 8:31pm

If you run /tool profile, which process(es) use most CPU cycles?

andkar · January 12, 2023, 8:50pm

Hi,

Why all bridge vlan interfaces? Only mangement is needed.
Try removing all bridge vlan interfaces except the management interface VLAN_99 and test again.

dima1002 · January 13, 2023, 8:54am

Here:

Try removing all bridge vlan interfaces except the management interface VLAN_99 and test again.

where do i do that?

andkar · January 13, 2023, 9:49am

Sorry I meant VLAN interfaces, not “bridge VLAN interfaces”.

Here is an example where VLAN1010 is mangement VLAN.

mkx · January 13, 2023, 12:20pm

A very considerable portion of CPU cycles (roughly half) is consumed by management … which is your winbox connection requesting lots of stat counters updates. Try to disconnect winbox, sonnect to router via CLI (ssh) and observe CPU utilization (/system resource print and /tool profile).

Yes, some load (the process “networking”) can be due to fact you configured device to be part of all VLANs … CRS as switch can push VLAN traffic between ports, but switch1-cpu interface doesn’t have to be member of such VLAN (settings under /interface ethernet switch). If not other things, switch chip will push broadcast and multicast frames towards CPU and then CPU will have to discard them. Ditto for frames with dst-mac-address missing from FDB.

andkar · January 13, 2023, 1:21pm

Yes, managment though winbox can easily consume 25% CPU on this device. This load should not affect swiching performance (provided cpu does not take part in swiching, see below).

switch-1 cpu should only be member of VLAN 99
2.
Only one VLAN interface needed:
/interface vlan
add comment=MGT interface=BRIDGE name=VLAN_99 vlan-id=99

dima1002 · January 13, 2023, 6:47pm

Yes, it looks better there. Is that normal?

mkx · January 13, 2023, 9:13pm

Well, management still consumes between 5% and 10%. I don’t have a CRS112 so I can’t say. But on my (other) devices, management is normally nowhere to be seen if I’m connected via CLI.