Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

RB4011 RouterOnAStick with bridge slower than with sfpplus

Post Reply
 
ech1965
just joined
Topic Author
Posts: 24
Joined: Wed Mar 20, 2019 3:53 pm

RB4011 RouterOnAStick with bridge slower than with sfpplus

Sun Mar 21, 2021 11:24 am

Hi,

I've got an RB4011 and a CRS309.
I'm trying to replace my pfsense with a RB4011 and improve intervlan routing speed.

vlan:
1901 MGT 172.19.1.1/24
1902 WIFI 172.19.2.1/24

* RB4011 gets internet thanks to PPPOE ( modem connected to ether2)
* RB4011.SFP1 is connected to CRS309.SFP8
*. vlan MGT and WIFI are tagged on the "trunk" and vlan1 is untagged

on crs309, port 3 is configured as trunk and connected to a proxmox server hosting 2 vm
* vm1 on vlan 1901 with IP 172.19.1.199
* vm2 on vlan 1902 with IP 172.19.2.199
both vm. are running iperf3 -s

on crs309, port 7 is configured as access port on vlan 1901 and connected to a linux workstation ( where I run the iperf3 -c)

I first tried to use a "bridge" on rb4011 containing the sfpplus interface and the eth10 ( for future Access point connection)

With this setup, the iperf3 caps at +/- 1.5GIBITS ( when crossing subnets)

I then tried to configure the vlan directly on the sfpplus 1 on RB4011. like in (1)
And then, I have Almost 10GBITS even while crossing vlan


QUESTION:
How can I can get full perf while using a bridge ? ( else, I can't use POE out on eth10 to connect my access point.)
If I keep the config using SFPplus, will I be able to configure intervaln filtering ( DMZ like without any "surprise" ?)

Thanks a lot for your feedback and your help


(1) https://blog.kroy.io/2019/09/13/10-giga ... ik-rb4011/

RB4011 WITH BRIDGE
Code: Select all
# mar/21/2021 09:38:07 by RouterOS 7.1beta5
# software id = FDJ9-XPWG
#
# model = RB4011iGS+
# serial number = XXXXXXX
/interface bridge
add name=trunk vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether2 max-mtu=1480 name=\
    PROXIMUS user=xxxxxxxxxxxx
/interface vlan
add interface=trunk name=mgt vlan-id=1901
add interface=trunk name=wifi vlan-id=1902
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=MGT
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_1901 ranges=172.19.1.100-172.19.1.199
add name=dhcp_1902 ranges=172.19.2.100-172.19.2.199
/ip dhcp-server
add address-pool=dhcp_1901 disabled=no interface=mgt name=dhcp_1901
add address-pool=dhcp_1902 disabled=no interface=wifi name=dhcp_1902
/interface bridge port
add bridge=trunk interface=sfp-sfpplus1
add bridge=trunk interface=ether1 pvid=1901
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=trunk tagged=trunk,sfp-sfpplus1 vlan-ids=1901
add bridge=trunk tagged=trunk,sfp-sfpplus1 vlan-ids=1902
/interface list member
add interface=PROXIMUS list=WAN
add list=LAN
add list=MGT
add list=MGT
/ip address
add address=192.168.1.192/24 interface=ether2 network=192.168.1.0
add address=172.19.2.1/24 interface=wifi network=172.19.2.0
add address=172.19.1.1/24 interface=mgt network=172.19.1.0
/ip dhcp-server network
add address=172.19.1.0/24 dns-server=172.19.1.1 gateway=172.19.1.1
add address=172.19.2.0/24 dns-server=172.19.2.1 gateway=172.19.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip firewall address-list
add address=172.19.1.0/24 list=MGT
add address=172.19.2.0/24 list=LAN
/ip firewall filter
add action=fasttrack-connection chain=input comment=\
    "accept established,related" connection-state=established,related \
    hw-offload=yes
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="allow ICMP" in-interface=PROXIMUS \
    in-interface-list=WAN protocol=icmp
add action=drop chain=input in-interface=!mgt port=22 protocol=tcp \
    src-address-list=""
add action=drop chain=input comment="block everything else" in-interface=\
    PROXIMUS
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PROXIMUS
/ip service
set telnet disabled=yes
set api disabled=yes
/system clock
set time-zone-name=Europe/Brussels
/system identity
set name=RB-01
/system package update
set channel=development
OUTPUT

Code: Select all
4: enp1s0d1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:02:c9:52:29:ad brd ff:ff:ff:ff:ff:ff
    inet 172.19.1.252/24 brd 172.19.1.255 scope global noprefixroute enp1s0d1
       valid_lft forever preferred_lft forever
    inet6 fe80::1440:69be:8944:7821/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Connecting to host 172.19.1.199, port 5201
[  5] local 172.19.1.252 port 54888 connected to 172.19.1.199 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  1.07 GBytes  9.19 Gbits/sec   46   1.14 MBytes       
[  5]   1.00-2.00   sec  1.09 GBytes  9.35 Gbits/sec   23    409 KBytes       
[  5]   2.00-3.00   sec  1.09 GBytes  9.34 Gbits/sec   20    402 KBytes       
[  5]   3.00-4.00   sec  1.09 GBytes  9.36 Gbits/sec   17   1.24 MBytes       
[  5]   4.00-5.00   sec  1.09 GBytes  9.35 Gbits/sec   18   1.38 MBytes       
[  5]   5.00-6.00   sec  1.09 GBytes  9.36 Gbits/sec   17   1.15 MBytes       
[  5]   6.00-7.00   sec  1.09 GBytes  9.35 Gbits/sec   18   1.10 MBytes       
[  5]   7.00-8.00   sec  1.09 GBytes  9.35 Gbits/sec   11    795 KBytes       
[  5]   8.00-9.00   sec  1.09 GBytes  9.35 Gbits/sec   14    520 KBytes       
[  5]   9.00-10.00  sec  1.08 GBytes  9.31 Gbits/sec   18   1011 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  10.9 GBytes  9.33 Gbits/sec  202             sender
[  5]   0.00-10.01  sec  10.9 GBytes  9.32 Gbits/sec                  receiver

iperf Done.
Connecting to host 172.19.2.199, port 5201
[  5] local 172.19.1.252 port 45798 connected to 172.19.2.199 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   164 MBytes  1.38 Gbits/sec   36    370 KBytes       
[  5]   1.00-2.00   sec   166 MBytes  1.39 Gbits/sec    5    382 KBytes       
[  5]   2.00-3.00   sec   165 MBytes  1.38 Gbits/sec   17    368 KBytes       
[  5]   3.00-4.00   sec   164 MBytes  1.38 Gbits/sec   56    293 KBytes       
[  5]   4.00-5.00   sec   165 MBytes  1.38 Gbits/sec   23    400 KBytes       
[  5]   5.00-6.00   sec   164 MBytes  1.38 Gbits/sec   39    284 KBytes       
[  5]   6.00-7.00   sec   165 MBytes  1.38 Gbits/sec    2    410 KBytes       
[  5]   7.00-8.00   sec   163 MBytes  1.37 Gbits/sec   19    406 KBytes       
[  5]   8.00-9.00   sec   166 MBytes  1.39 Gbits/sec   18    389 KBytes       
[  5]   9.00-10.00  sec   164 MBytes  1.37 Gbits/sec   61    368 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.61 GBytes  1.38 Gbits/sec  276             sender
[  5]   0.00-10.01  sec  1.61 GBytes  1.38 Gbits/sec                  receiver

iperf Done.

WITH SFPPLUS

Code: Select all
# mar/21/2021 09:47:28 by RouterOS 7.1beta5
# software id = FDJ9-XPWG
#
# model = RB4011iGS+
# serial number = fdgsdfg
/interface bridge
add name=trunk vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether2 max-mtu=1480 name=\
    PROXIMUS user=xxxxxxx
/interface vlan
add interface=sfp-sfpplus1 name=mgt vlan-id=1901
add interface=sfp-sfpplus1 name=wifi vlan-id=1902
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=MGT
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_1901 ranges=172.19.1.100-172.19.1.199
add name=dhcp_1902 ranges=172.19.2.100-172.19.2.199
/ip dhcp-server
add address-pool=dhcp_1901 disabled=no interface=mgt name=dhcp_1901
add address-pool=dhcp_1902 disabled=no interface=wifi name=dhcp_1902
/interface bridge port
add bridge=trunk interface=ether1 pvid=1901
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=PROXIMUS list=WAN
add list=LAN
add list=MGT
add list=MGT
/ip address
add address=192.168.1.192/24 interface=ether2 network=192.168.1.0
add address=172.19.2.1/24 interface=wifi network=172.19.2.0
add address=172.19.1.1/24 interface=mgt network=172.19.1.0
/ip dhcp-server network
add address=172.19.1.0/24 dns-server=172.19.1.1 gateway=172.19.1.1
add address=172.19.2.0/24 dns-server=172.19.2.1 gateway=172.19.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip firewall address-list
add address=172.19.1.0/24 list=MGT
add address=172.19.2.0/24 list=LAN
/ip firewall filter
add action=fasttrack-connection chain=input comment=\
    "accept established,related" connection-state=established,related \
    hw-offload=yes
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="allow ICMP" in-interface=PROXIMUS \
    in-interface-list=WAN protocol=icmp
add action=drop chain=input in-interface=!mgt port=22 protocol=tcp \
    src-address-list=""
add action=drop chain=input comment="block everything else" in-interface=\
    PROXIMUS
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PROXIMUS
/ip service
set telnet disabled=yes
set api disabled=yes
/system clock
set time-zone-name=Europe/Brussels
/system identity
set name=RB-01
/system package update
set channel=development
-------------------------
OUTPUT

Code: Select all
4: enp1s0d1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:02:c9:52:29:ad brd ff:ff:ff:ff:ff:ff
    inet 172.19.1.252/24 brd 172.19.1.255 scope global noprefixroute enp1s0d1
       valid_lft forever preferred_lft forever
    inet6 fe80::1440:69be:8944:7821/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Connecting to host 172.19.1.199, port 5201
[  5] local 172.19.1.252 port 54936 connected to 172.19.1.199 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  1.05 GBytes  8.99 Gbits/sec   19   1.27 MBytes       
[  5]   1.00-2.00   sec  1.08 GBytes  9.30 Gbits/sec   17    607 KBytes       
[  5]   2.00-3.00   sec  1.09 GBytes  9.35 Gbits/sec    7   1.05 MBytes       
[  5]   3.00-4.00   sec  1.09 GBytes  9.32 Gbits/sec   14   1.07 MBytes       
[  5]   4.00-5.00   sec  1.09 GBytes  9.33 Gbits/sec   10    708 KBytes       
[  5]   5.00-6.00   sec  1.09 GBytes  9.32 Gbits/sec   10   1021 KBytes       
[  5]   6.00-7.00   sec  1.09 GBytes  9.32 Gbits/sec   11   1.14 MBytes       
[  5]   7.00-8.00   sec  1.09 GBytes  9.36 Gbits/sec   14   1.27 MBytes       
[  5]   8.00-9.00   sec  1.09 GBytes  9.35 Gbits/sec   15   1.15 MBytes       
[  5]   9.00-10.00  sec  1.08 GBytes  9.31 Gbits/sec   12   1.28 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  10.8 GBytes  9.30 Gbits/sec  129             sender
[  5]   0.00-10.01  sec  10.8 GBytes  9.29 Gbits/sec                  receiver

iperf Done.
Connecting to host 172.19.2.199, port 5201
[  5] local 172.19.1.252 port 45846 connected to 172.19.2.199 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  1.06 GBytes  9.10 Gbits/sec   60    468 KBytes       
[  5]   1.00-2.00   sec  1.08 GBytes  9.27 Gbits/sec   12    670 KBytes       
[  5]   2.00-3.00   sec  1.09 GBytes  9.34 Gbits/sec   16    658 KBytes       
[  5]   3.00-4.00   sec  1.09 GBytes  9.32 Gbits/sec   19    962 KBytes       
[  5]   4.00-5.00   sec  1.08 GBytes  9.30 Gbits/sec   49    913 KBytes       
[  5]   5.00-6.00   sec  1.08 GBytes  9.31 Gbits/sec   80    923 KBytes       
[  5]   6.00-7.00   sec  1.09 GBytes  9.35 Gbits/sec   53    928 KBytes       
[  5]   7.00-8.00   sec  1.09 GBytes  9.32 Gbits/sec   19    981 KBytes       
[  5]   8.00-9.00   sec  1.09 GBytes  9.35 Gbits/sec   83   1.08 MBytes       
[  5]   9.00-10.00  sec  1.09 GBytes  9.34 Gbits/sec   37   1.02 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  10.8 GBytes  9.30 Gbits/sec  428             sender
[  5]   0.00-10.01  sec  10.8 GBytes  9.29 Gbits/sec                  receiver

iperf Done.
Top
Post Reply

Who is online

Users browsing this forum: aLinux09, Amazon [Bot], Thechriss and 34 guests
  4. RouterOS
  5. Beginner Basics