Community discussions

MikroTik App
 
atus42
just joined
Topic Author
Posts: 1
Joined: Thu Mar 25, 2021 1:27 pm

bad bond+bridge+vlan performace on CCR1016-12S-1S+

Thu Mar 25, 2021 5:14 pm

Hello All!

We have several CCR1016-12S-1S+ Mikrotik devices. We started to investigate a performance issue, where the throughput between two 1GB sfp port is as low as 250Mbit/sec.
We face this degraded throughput only, when the the two machine are on different vlan. To investigate the cause deeper, we set up a test network on a cold backup hardware, upgraded to the latest stable firmware (tile-6.48.1).
On this test environment I configure the firewall to allow all traffic (input and forward), and did the following tests:

- vlan only
put two sfp port to two different vlan, connect them to a (hp 1910) switch where I put these ports to the corresponding vlan (untagged), and connect two win10 workstation to these ports.
PC_A -> HP port1 (vlan1, untagged) -> HP port2 (vlan1, tagged) -> MT port1 (vlan1, tagged) -> MT port2 (vlan2, tagged) -> -> HP port3 (vlan2, tagged) -> HP port4 (vlan2, untagged) -> PC_B
the throughput between PC_A and PC_B was around 920Mbit/sec. I can hear that the fans in the MT spins up while testing, and saw the traffic on the vlans in winbox.

- bridge only
put two sfp port to two differently named bridge (one port only to test), connect them to a (hp 1910) switch where I put these ports to the corresponding vlan (untagged) (named after the bridge), and connect two win10 workstation to these ports.
PC_A -> HP port1 (vlan1, untagged) -> HP port2 (vlan1, untagged) -> MT port1 (bridge1) -> MT port2 (bridge2) -> -> HP port3 (vlan2, untagged) -> HP port4 (vlan2, untagged) -> PC_B
the throughput between PC_A and PC_B went down to around 900Mbit/sec. I can hear that the fans in the MT spins up while testing, and saw the traffic on the bridges in winbox.

- vlan on bridge
I defined one bridge and added the two sfp ports to it. I define two vlans, and added them to the bridge. I added two separate address range to the vlans. packet folow should be as follows:
PC_A -> HP port1 (vlan1, untagged) -> HP port2 (vlan1, tagged) -> MT port1 (vlan1 on bridge, tagged) -> MT port2 (vlan2 on bridge, tagged) -> HP port3 (vlan2, tagged) -> HP port4 (vlan2, untagged) -> PC_B
the throughput between PC_A and PC_B went down to around 650Mbit/sec. I can hear that the fans in the MT spins up while testing, and saw the traffic on the bridges in winbox.

On the production environment we also have lacp bonds. These bonds are connected with one brige, and there are the vlans also. A real life packet flow is somethimg like this:
PC_A -> HP1 port1 (vlan1, untagged) -> HP1 port2 (vlan1, tagged, bonded(802.3ad)) -> MT port1 (vlan1 on bridge on bond, tagged) -> MT port2 (vlan2 on bridge on 10G sfp, tagged) -> Unifi 10G SW port3 (vlan2, tagged) -> Unifi 10G SW port4 (vlan2, untagged) -> SRV
This connection is of course paralel to other connections / packet flows as the SRV is our main storage device.

how can we 'boost' this throughput?
we separate our PC-s to wlans because of security reasons, so it is a must. We use bonds to increase throughput/bandwidth to the switches. They serve about 50 pc, so we need bonds also. By buying a lot of high speed stp ports we may work this around, but it is a financial question/decision.
Can we do this better? If yes, how.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], anav, kub1x, tuckerdog, VinceKalloe and 82 guests