Community discussions

MikroTik App
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

HW offload bridging

Mon Sep 27, 2021 1:50 pm

Hi

Hardware: CRS326-24S+2Q2
Software: 6.48.4

I have added some bridges according to my earlier question here (bridging multiple VLANs together):
viewtopic.php?t=178614

But after setting it up on a CRS instead, throughput is really bad, as the packages reaches the CPU. I have tried setting hw=yes on the bridge port, and the CLI doesn't complain, but it doesn't make a difference.
How is it supposed to be configured?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: HW offload bridging

Mon Sep 27, 2021 1:55 pm

How is it supposed to be configured?
Only one bridge on a device can be hardware offloaded. As a result, you should avoid having multiple bridges on the same device. The default config for the CRS326 only has a single bridge, and you may want to revert to that to restore your original performance. The bridge VLAN filtering options negate the need to have multiple bridges on a single device.
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

Re: HW offload bridging

Mon Sep 27, 2021 2:42 pm

So the CRS is useless for the intended setup described in the linked topic? Or can it be achived some other way?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: HW offload bridging

Mon Sep 27, 2021 2:46 pm

So the CRS is useless for the intended setup described in the linked topic? Or can it be achived some other way?
No, the CRS can handle this just fine without having to use the CPU for bridging. The issue is certainly with your config, so yes it can be achieved another way. You need to use bridge VLAN filtering on a single bridge instead of creating multiple bridges - it allows similar controls to having multiple bridges, but the configuration is different.
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

Re: HW offload bridging

Mon Sep 27, 2021 3:09 pm

Can you supply me with an example then?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: HW offload bridging

Mon Sep 27, 2021 3:14 pm

Can you supply me with an example then?
I recommend the tutorials here:

viewtopic.php?f=23&t=143620
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

Re: HW offload bridging

Mon Sep 27, 2021 3:40 pm

I can only find basic VLAN setups in that link. I am trying to bridge multiple interfaces together. Have you seen my other post?
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: HW offload bridging

Mon Sep 27, 2021 3:46 pm

I can only find basic VLAN setups in that link. I am trying to bridge multiple interfaces together. Have you seen my other post?
Using those basic VLAN setups you can certainly create more complex ones...
You are using a CRS3xx device along with VLANS without using Bridge VLAN filtering, that is hardware offloaded for all the CRS3xx devices, instead you are using the CPU...
So performance issues are expected ...

Why do you want to Bridge all these VLAN interfaces in the first place ?

Can you draw a network diagram of the topology ?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: HW offload bridging

Mon Sep 27, 2021 3:55 pm

I can only find basic VLAN setups in that link. I am trying to bridge multiple interfaces together. Have you seen my other post?

Have a look at this document. Might hint you in the right direction.
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

Re: HW offload bridging

Mon Sep 27, 2021 4:27 pm

Drawing of the setup. I only control the VLANs coming from the GW router.
You do not have the required permissions to view the files attached to this post.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: HW offload bridging

Mon Sep 27, 2021 4:32 pm

The setup is simple...
I would apply Bridge VLAN filtering to the CRS and ingress VLAN translation as @mkx suggested ...
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: HW offload bridging

Mon Sep 27, 2021 6:46 pm

@Zacharias, the setup is not simple at all. According to the picture, @hmortensen wants the switch to translate VLAN tags - what comes tagged with VID 10 or VID 20 is expected to leave with VID 111, and what comes tagged with VID 30 or VID 40 is expected to leave with VID 222. Worse, in the opposite direction, what arrives from with VID111 is to leave with either VID 10 or VID 20 depending on... what? So he needs a series of bridges linked together to take care of this, and that's a complex thing.

@hmortensen, if you don't mind wasting some interfaces, and if the available bandwidth will be sufficient, you can achieve this in hardware using an ugly trick.
Create a single bridge with vlan-filtering=yes. Create two access ports per VLAN 111 and VLAN 112, and one access port per VLANs 10, 20, 30, 40. Either disable STP on the bridge completely, or at least set all the access ports as edge ones, and most likely also disable loop detection. Then connect the access ports of VLANs 10 and 20 to the two access ports of VLAN 111 and the two access ports of VLANs 30 and 40 to the two access ports of VLAN 112. Bear in mind that frames from VLAN 111 will be broadcast to both VLAN 10 and VLAN 20 until a response packet comes from either of the two.

To do this without hairpin cables, you'd need something like a CCR2004, and I can't guess what the throughput would be.

If you actually want to add the VID 111 and VID 112 as outer tags in the QinQ scheme, it's actually yet another task.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: HW offload bridging

Mon Sep 27, 2021 8:05 pm

in the opposite direction, what arrives from with VID111 is to leave with either VID 10 or VID 20 depending on... what?
Depending on the port it came through ...
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: HW offload bridging

Mon Sep 27, 2021 8:17 pm

Depending on the port it came through ...
Yes, but that only works if there is a separate port for each VLAN.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: HW offload bridging

Mon Sep 27, 2021 8:29 pm

Depending on the port it came through ...
Yes, but that only works if there is a separate port for each VLAN.
ok, i see...
I read again your previous post... what kind of connection do you mean (Then connect the access ports of VLANs 10 and 20 to the two access ports of VLAN 111) ?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: HW offload bridging

Mon Sep 27, 2021 8:52 pm

what kind of connection do you mean
An external patchcord. To "map" two VIDs to one in hardware, the only thing you can do on a CRS3xx is to untag the frame on one pass through the switch, and tag it again with the other VID on another pass. You can map a single VID to another single one using switch chip rules on a CRS3xx, but you can't map the same one (111) to one of the two (10 or 20) this way as you don't know in advance which one you need, and there are like tens of rules while there are hundreds of MAC addresses, so even dynamically creating these rules woudln't help as you'd run out of rules quickly. Plus it would only work if the first frame always came from the client, which may or may not be the case depending on how the clients get their IP addresses.
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

Re: HW offload bridging

Tue Sep 28, 2021 10:00 am

@hmortensen, if you don't mind wasting some interfaces, and if the available bandwidth will be sufficient, you can achieve this in hardware using an ugly trick.
Create a single bridge with vlan-filtering=yes. Create two access ports per VLAN 111 and VLAN 112, and one access port per VLANs 10, 20, 30, 40. Either disable STP on the bridge completely, or at least set all the access ports as edge ones, and most likely also disable loop detection. Then connect the access ports of VLANs 10 and 20 to the two access ports of VLAN 111 and the two access ports of VLANs 30 and 40 to the two access ports of VLAN 112. Bear in mind that frames from VLAN 111 will be broadcast to both VLAN 10 and VLAN 20 until a response packet comes from either of the two.

To do this without hairpin cables, you'd need something like a CCR2004, and I can't guess what the throughput would be.

If you actually want to add the VID 111 and VID 112 as outer tags in the QinQ scheme, it's actually yet another task.
There will be 500-1000 customers on one link. And the traffic will come as QinQ.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: HW offload bridging

Tue Sep 28, 2021 3:02 pm

OK, so show the complete tag stack coming from/expected to be sent to the customer-facing ports, and the complete tag stack coming from/expected to be sent to the server-facing ports. The drawing didn't suggest anything about QinQ.
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

Re: HW offload bridging

Wed Sep 29, 2021 11:19 am

New drawing with added doubletags.

The customer side has double tags, which I need to bridge into different VLANs/subnets.

Edit: The drawing has wrong VLAN id for Customer D in mapping table.
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: HW offload bridging

Wed Sep 29, 2021 2:34 pm

I understand the customer side part, but you haven't shown the complete tag stack at the GW side.

A frame that came with v600.10 from the customer should go to the GW as v111.600.10 or as v111.10?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: HW offload bridging

Thu Sep 30, 2021 3:06 am

on mt wiki regarding Tag Stacking, there is no clear explanation, i mean the e.g. itself.

https://wiki.mikrotik.com/wiki/Manual:B ... g_Stacking
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

Re: HW offload bridging

Thu Sep 30, 2021 9:54 am

I understand the customer side part, but you haven't shown the complete tag stack at the GW side.

A frame that came with v600.10 from the customer should go to the GW as v111.600.10 or as v111.10?
Tag should not be modified. It should bridge the interfaces together. GW side is only single tagged VLANs.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: HW offload bridging

Thu Sep 30, 2021 2:57 pm

Tag should not be modified. It should bridge the interfaces together. GW side is only single tagged VLANs.
So why does the picture indicate a trunk with VLANs 111 and 222 towards the GW?

Again - when a frame arrives as v600.10 from the customer trunk, how should it be sent to the GW trunk? v111.600.10, v111.10, v10, v111, something else?

Anyway, the CRS3xx can add/remove/translate a single tag at each hardware pass; more important, the outer tags must have the same ethertype (either 0x88a8 or 0x8100) on all trunks. So if what comes from the customer is S600.C10 (S=0x88a8, C=0x8100), and we need to send C111 to the GW, this cannot be done on a single CRS3xx in hardware.
 
hmortensen
just joined
Topic Author
Posts: 11
Joined: Fri Sep 17, 2021 11:53 am

Re: HW offload bridging

Fri Oct 01, 2021 2:48 pm

Tag should not be modified. It should bridge the interfaces together. GW side is only single tagged VLANs.
So why does the picture indicate a trunk with VLANs 111 and 222 towards the GW?
Because there are multiple tagged VLANs coming from the GW, which need to be bridged together with doubled tagged VLANs, not translated or transported into a new service VLAN..
Anyway, the CRS3xx can add/remove/translate a single tag at each hardware pass; more important, the outer tags must have the same ethertype (either 0x88a8 or 0x8100) on all trunks. So if what comes from the customer is S600.C10 (S=0x88a8, C=0x8100), and we need to send C111 to the GW, this cannot be done on a single CRS3xx in hardware.
The Customer side is QinQ 0x8100 on 0x8100.

I have a working solution using a CCR as discussed in the other thread, but thought the switch device could handle it better, as it's only L2
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: HW offload bridging

Sun Oct 03, 2021 4:21 pm

As said, CRS3xx can only add/remove a single tag on a single pass between ports. So provided the VLAN IDs never collide (you never get VLAN 10 in the inner tag from somewhere and VLAN 10 in the outer tag somewhere else), you can do the following to get the retagging done in hardware:

/interface bridge port
add bridge=bridge interface=sfp1 pvid=1
add bridge=bridge interface=sfp2 pvid=1
add bridge=bridge interface=sfp3 pvid=111
add bridge=bridge interface=sfp4 pvid=10
add bridge=bridge interface=sfp5 pvid=222
add bridge=bridge interface=sfp6 pvid=20
add bridge=bridge interface=sfp7 pvid=222
add bridge=bridge interface=sfp8 pvid=30
add bridge=bridge interface=sfp9 pvid=111
add bridge=bridge interface=sfp10 pvid=40
add bridge=bridge interface=sfp11 pvid=1
add bridge=bridge interface=sfp12 pvid=600
add bridge=bridge interface=sfp13 pvid=1
add bridge=bridge interface=sfp14 pvid=300
add bridge=bridge interface=sfp15 pvid=1
add bridge=bridge interface=sfp16 pvid=3943
add bridge=bridge interface=sfp17 pvid=1
add bridge=bridge interface=sfp18 pvid=1232

/interface bridge vlan
add bridge=bridge vlan-ids=111 tagged=sfp1
add bridge=bridge vlan-ids=222 tagged=sfp1
add bridge=bridge vlan-ids=600 tagged=sfp2
add bridge=bridge vlan-ids=300 tagged=sfp2
add bridge=bridge vlan-ids=3943 tagged=sfp2
add bridge=bridge vlan-ids=1232 tagged=sfp2
add bridge=bridge vlan-ids=10 tagged=sfp11
add bridge=bridge vlan-ids=20 tagged=sfp13
add bridge=bridge vlan-ids=30 tagged=sfp15
add bridge=bridge vlan-ids=40 tagged=sfp17


and connect each pair of adjacent odd an even ports together using an S+AO0005 "patchcord" (sfp3 with sfp4, sfp5 with sfp6 etc.).

So a frame from Customer A will ingress tagged with 600.10 at sfp2, the outer tag (600) will get stripped on egress via sfp12, the frame tagged with just 10 will ingress via sfp11, the tag 10 will be stripped on egress via sfp4, the tagless frame will get tagged with 111 on ingress via sfp3, and finally it will leave tagged with 111 via sfp1.

I assume this is not what you expected, but this kind of misuse of VLANs and QinQ is not what normal switch chip vendors have in mind when designing them.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], emunt6, GoogleOther [Bot] and 53 guests