Page 1 of 1

Switch VLANs Very High CPU

Posted: Fri May 31, 2019 1:05 pm
by jmginer
Hi, I have a CHR x86 for routing and peering at DECIX Madrid.

Additionally DECIX provides me with the same cable peering in Lisbon through a VLAN.

The DECIX cable, I have it connected to an intermediate CRS switch.

What I do is connect the CRS cable to the CHR with 2 VLANs, one for Lisbon (vlan11) and one for Madrid (vlan10).

The problem is that the CPU of the switch is very high, with only 50.000 PPS the CPU reaches +40%.

This is my configuration. Is something wrong?

Thank you!

# model = CRS317-1G-16S+

/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no name=sfp-sfpplus1-DECIX-IN
set [ find default-name=sfp-sfpplus2 ] name=sfp-sfpplus2-DECIX-OUT speed=10Gbps

/interface vlan
add interface=sfp-sfpplus1-DECIX-IN name=vlan-DECIX-Lisbon-IN vlan-id=11
add interface=sfp-sfpplus2-DECIX-OUT name=vlan-DECIX-Lisbon-OUT vlan-id=11
add interface=sfp-sfpplus2-DECIX-OUT name=vlan-DECIX-Madrid-OUT vlan-id=10

/interface bridge
add name=bridge-decix-lisbon protocol-mode=none
add name=bridge-decix-madrid protocol-mode=none

/interface bridge port
add bridge=bridge-decix-madrid interface=sfp-sfpplus1-DECIX-IN
add bridge=bridge-decix-madrid interface=vlan-DECIX-Madrid-OUT
add bridge=bridge-decix-lisbon interface=vlan-DECIX-Lisbon-IN
add bridge=bridge-decix-lisbon interface=vlan-DECIX-Lisbon-OUT

/ip firewall connection tracking
set enabled=no

Re: Switch VLANs Very High CPU

Posted: Fri May 31, 2019 3:07 pm
by mkx
Right now all packets between VLANs (and access ports towards your CHR) are passing CRS' weak CPU.

You should reconfigure CRS to use single bridge and vlan-filtering ... you can have a look at this fine tutorial.
Your CRS3xx will then deal with VLANs in hardware (switch chip).

Re: Switch VLANs Very High CPU

Posted: Tue Jun 04, 2019 1:56 pm
by jmginer
I think I've solved, at least is working and only using 2% CPU...
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes

/interface bridge port
add bridge=BR1 interface=sfp-sfpplus1-DECIX-IN
add bridge=BR1 interface=sfp-sfpplus2-DECIX-OUT

/interface bridge vlan
add bridge=BR1 tagged=sfp-sfpplus2-DECIX-OUT untagged=sfp-sfpplus1-DECIX-IN vlan-ids=10
add bridge=BR1 tagged=sfp-sfpplus1-DECIX-IN,sfp-sfpplus2-DECIX-OUT vlan-ids=11

/interface ethernet switch rule
add switch=switch1 ports=sfp-sfpplus1-DECIX-IN vlan-header=not-present new-vlan-id=10

Re: Switch VLANs Very High CPU  [SOLVED]

Posted: Tue Jun 04, 2019 6:53 pm
by mkx
Your latest config mixes bridge vlan concept and HW based concept. The last setting (/interface ethernet switch rule) can probably be replaced by
/interface bridge port
set [ find name=sfp-sfpplus1-DECIX-IN ] pvid=10

Re: Switch VLANs Very High CPU

Posted: Tue Jun 04, 2019 9:30 pm
by jmginer
You're right, fixed, thanks! :)

Now I have my transit upstreams connected directly to the CHR. Tomorrow I will try with one of them to pass it through the switch.
I suppose I can create a new bridge? Or do I have to use a single bridge to take advantage of HW acceleration?

Re: Switch VLANs Very High CPU

Posted: Tue Jun 04, 2019 10:07 pm
by mkx
Manual says that only single bridge can be HW offloaded ... so you better stick to single bridge and use whatever means available to partition switch (either use VLANs with access ports or port isolation ... the later being switch chip feature which brings you back to a mix of bridge and HW setup)

Re: Switch VLANs Very High CPU

Posted: Wed Jun 05, 2019 6:08 pm
by jmginer
Got it! :)

I've created the isolated ports and a unique bridge.
I've connected my upstreams (3 x FULL BGP) and all the traffic is working fine.
The bridge is returning "HW Offload" active on all ports.
And the CPU on the CRS is less 1-5% every time.

Many thanks! @mkx Please, send me a PM with your Paypal account to send you a gift.

Re: Switch VLANs Very High CPU

Posted: Wed Jun 05, 2019 7:13 pm
by mkx
No PM on this forum. So kindly pass the offered gift to a charity of your choice, thank you.

Re: Switch VLANs Very High CPU

Posted: Wed Jun 05, 2019 11:06 pm
by jmginer
No PM on this forum. So kindly pass the offered gift to a charity of your choice, thank you.


done!

Image

Re: Switch VLANs Very High CPU

Posted: Thu Jun 06, 2019 8:15 am
by mkx
@jmginer: topic outcomes like this make contributing to this forum specially worthwhile.