I got my first couple of CRS3xx devices and playing around with them in my lab.

I ran into the first problem. Following setup
CRS317

Using a bridge, as you need to with the CRS3xx series, with vlan-filtering.

vlan inteface on top of the bridge

simple Fast track configured.

When traffic is flowing from vlan13 ( host at port sfp-sfpplus3 ) towards the network on sfp-sfpplus1 ( not bridged, no vlan ) it's not fasttracked
Although the connection is marked as fasttracked. But the bytecounter of the fasttrack dummy rule is not increasing.
The CPU is hitting 100% ( one core ) at ~500mbit/s

Traffic the other way around is fasttracked as expected. 1Gbit/s linespeed and CPU Is far away from 100%

It seems the problem is traffic coming in on a vlan interface on top of a bridge.

Is this a known limitation? And if so, why?

You say sfp-sfpplus1 is not a member of bridge1 and no vlan on it, but it is configured as untagged for vlan-id = 123?

CRS s a switch

the better way to do what you want to do is using a router + switch

You say sfp-sfpplus1 is not a member of bridge1 and no vlan on it, but it is configured as untagged for vlan-id = 123?

that's just a left from previous tests.

CRS s a switch

the better way to do what you want to do is using a router + switch

I know that it's main purpose is switching. But with fasttrack the cpu has no problem to route 1Gbps. So why using a separate device for that? And it's an CRS not a CCS

CRS s a switch

the better way to do what you want to do is using a router + switch

I know that it's main purpose is switching. But with fasttrack the cpu has no problem to route 1Gbps. So why using a separate device for that? And it's an CRS not a CCS

fast-track is for routing, if you are bridging check fast-path counters and status on bridge (i dont see any ip address in your config)


check using tools->profile the culprit of CPU usage

CRS s a switch

the better way to do what you want to do is using a router + switch

I know that it's main purpose is switching. But with fasttrack the cpu has no problem to route 1Gbps. So why using a separate device for that? And it's an CRS not a CCS

fast-track is for routing, if you are bridging check fast-path counters and status on bridge (i dont see any ip address in your config)


check using tools->profile the culprit of CPU usage

Yes i'm routing here. The routeros receives the traffic on a VLAN interface that is on top of the bridge. I'm talking about the routed traffic not the bridged traffic. The bridged ( switched) traffic works fine, it's hardware offloaded as it should be.

i think mikrotik will end killing CRS line because of situations like this

I think The fact CRS switch have routeros dont imply you have to do routing on it, i think a switch is a switch, and must be used like that, the advantages of having routeros on it comes from management perspective, you have a very powerfull and versatile winbox graphical user interface, integrated graphs...

that's my personal opinion

i think mikrotik will end killing CRS line because of situations like this

I think The fact CRS switch have routeros dont imply you have to do routing on it, i think a switch is a switch, and must be used like that, the advantages of having routeros on it comes from management perspective, you have a very powerfull and versatile winbox graphical user interface, integrated graphs...

that's my personal opinion

it's called cloud router switch. That does not imply that it's a switch only either. I'm fully aware that it has not the CPU power for line speed routing. But for the 3xx series they have a CPU that has more power than some of the "routers". And why not utilize those CPU cycles? whats the point of a 2core cpu if you use only the hardware offloaded switching function and the cpu idles at 1%?

Those switches fit perfect where you have a need for a fast local network and you have a somewhat slower internet connection. Putting an OLD RB2011 next to a CRS317 just to route 500Mbps internet connection ( with fasttrack ) is somehow stupid as the CPU much slower.

that's my opinion. What i would like to know is whether the limitation i run into has a technical reason or they just forgot of the scenario of a vlan on top of the (hardware offloaded) bridge and that they need to add a few lines of code to get such traffic handled by the fast-tracked path.

Can you post full config, there might be a misconfigured rule creating unexpected symptoms that we might not think about, but seeing the config might ring some bells

Can you post full config, there might be a misconfigured rule creating unexpected symptoms that we might not think about, but seeing the config might ring some bells

yes very difficult to help with incomplete config access

I'm seeing the same thing on a CCR1009. Did you get any resolution to this?