Community discussions

MikroTik App
 
kolbyr
just joined
Topic Author
Posts: 11
Joined: Thu Oct 27, 2022 10:57 pm

Bridge Interface and CPU Relationship for RB4011iGS+

Fri Nov 04, 2022 12:33 am

I've heard talk about MikroTik routing devices using the CPU to process packets (ingress and or egress?) that arrive/leave bridge interfaces. I've been unsuccessful with finding an answer, so I want to know if anyone here can tell me if this is true and how so.

If you're curious of what I'm trying to do, I have three Ubiquiti APs that connect to a port each on a RB4011iGS+. Customers will send untagged traffic through the AP and arrive ingress on each interface, and management traffic for the APs (tagged with VLAN 80) will also arrive on them ingress. I'm keeping scaling and IP conservation in-mind, so I'd like to make it so that each RB4011iGS+ only has 1 IP gateway for the VLAN80 traffic, and 1 IP gateway for the untagged customer traffic.

I've gotten it to work by having the sector management terminate on a VLAN interface [vlan80], and customer traffic on a bridge interface [bridge80] with this config here:
/interface bridge
add name=bridge80 vlan-filtering=yes

/interface bridge port
add bridge=bridge80 interface=ether1
add bridge=bridge80 interface=ether2
add bridge=bridge80 interface=ether3

/interface vlan
add interface=bridge80 name=vlan80 vlan-id=80

/interface bridge vlan
add bridge=bridge80 tagged=ether1,bridge80 vlan-ids=80

/ip address
add address=10.0.80.1/24 interface=vlan80 network=10.0.80.0
add address=10.0.0.1/24 interface=bridge80 network=10.0.0.0
This seems ideal from an IP subnet conservation and consolidation perspective, but if logical interfaces are not hardware-handled, that doesn't sound ideal for my situation since I'd rather not impact customer traffic.

What do you think? Any redesigns are fully welcomed.
Last edited by kolbyr on Fri Nov 04, 2022 6:07 pm, edited 1 time in total.
 
tangent
Forum Guru
Forum Guru
Posts: 1330
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Bridge Interface and CPU Relationship for RB4011iGS+

Fri Nov 04, 2022 2:01 am

I think you'll find this article enlightening even though it doesn't have anything specifically to do with your problem. Simply seeing the options for how to solve a problem with bridges vs VLANs vs both under RouterOS should help you to put that other "talk" into context, then begin to evaluate who's talking sense and who's talking from their nether orifices.

As to your particular configuration, it looks like you've avoided the single biggest trap, which is partitioning your traffic across the three routing domains in the 4011: the SFP+ stands alone, and the two groups of 5 ports each stand alone. The linked article explains why.

The only error I see is a typo, "braidge80".
 
kolbyr
just joined
Topic Author
Posts: 11
Joined: Thu Oct 27, 2022 10:57 pm

Re: Bridge Interface and CPU Relationship for RB4011iGS+

Fri Nov 04, 2022 6:08 pm

Many thanks! I've corrected that typo (thankfully only a typo in this post and not my lab where I'm testing this :D )

Great to know about those routing domains, too. MikroTik, like other vendors I've worked on, has their quirks to remember about deploying environments. I'll go through this article you gave. Thank you kindly for it.
Last edited by BartoszP on Sun Nov 06, 2022 12:03 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post
 
kolbyr
just joined
Topic Author
Posts: 11
Joined: Thu Oct 27, 2022 10:57 pm

Re: Bridge Interface and CPU Relationship for RB4011iGS+

Fri Nov 04, 2022 6:24 pm

I think you'll find this article enlightening even though it doesn't have anything specifically to do with your problem. Simply seeing the options for how to solve a problem with bridges vs VLANs vs both under RouterOS should help you to put that other "talk" into context, then begin to evaluate who's talking sense and who's talking from their nether orifices.

As to your particular configuration, it looks like you've avoided the single biggest trap, which is partitioning your traffic across the three routing domains in the 4011: the SFP+ stands alone, and the two groups of 5 ports each stand alone. The linked article explains why.

The only error I see is a typo, "braidge80".
Can I ask: Is it true what I'm reading about routing, in general, being CPU processed? Like, no matter if an IP address lives on an ether interface, bridge, or VLAN, the CPU processes the packet routing between differing subnets no matter what?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bridge Interface and CPU Relationship for RB4011iGS+  [SOLVED]

Fri Nov 04, 2022 8:04 pm

In devices like the RB4011, all ROUTING is done by the CPU. But there is also SWITCHING that can be done by the hardware.
When running RouterOS v7 (not with v6) and configuring VLANs on the bridge, you can SWITCH traffic between ports (tagged or untagged) inside the same VLAN and on the same switch chip (ports 1-5 or ports 6-10) without loading the CPU.
But any traffic you send to the gateway (IP address of the router) will always leave the bridge via the CPU.

There are newer models that can do limited IP routing in the switch hardware. But not the 4011.
 
kolbyr
just joined
Topic Author
Posts: 11
Joined: Thu Oct 27, 2022 10:57 pm

Re: Bridge Interface and CPU Relationship for RB4011iGS+

Fri Nov 04, 2022 9:36 pm

Goootchya. That's perfect. As a consultant, I can go with this answer and look into deploying it.

Thank you very much for the assistance!

Who is online

Users browsing this forum: Google [Bot] and 8 guests