We have 2 CRS326-24S+2Q+
The configuration works OK. It has 1 brige only and the needed ports added there with the corresponding VLAN rules per port (PVID, tagged/untagged).
But the matter is when a server conected reboots, or if you take down a port in Winbox, the CPU spickes to 100% and the problem acording to "profile tool" is that "bridging" takes all the CPU.
The port role in Bridge (RSTP) takes time to be set (don't know it it could be the cause or an effect of the CPU spike).
We first thought that could be MLAG the origin of the problem. We removed MLAG and the related LACP links. Then removed the LACP that was with the 40G ports to connect both switches.
So now is no bonding at all, just standard ports.
When all is fine:
If you take down a port in winbox, cpu spikes for a while (could be 20-30s easily) and the switch freezes basically on this moment
You do it on one switch, but creates a similar reaction in the other switch connected with some seconds of delay.
So maybe is RSTP related
Doing an "interface bridge export":
Code: Select all
/interface bridge
add ingress-filtering=no name=bridge-main vlan-filtering=yes
/interface bridge port
add bridge=bridge-main interface=qsfpplus1-1 pvid=2
add bridge=bridge-main interface=sfp-sfpplus1-ceph-px1 pvid=2
add bridge=bridge-main interface=sfp-sfpplus2-ceph-px2 pvid=2
add bridge=bridge-main interface=sfp-sfpplus3-ceph-px3 pvid=2
add bridge=bridge-main interface=sfp-sfpplus4-ceph-px4 pvid=2
add bridge=bridge-main interface=sfp-sfpplus9-int-px1 pvid=3
add bridge=bridge-main interface=sfp-sfpplus10-int-px2 pvid=3
add bridge=bridge-main interface=sfp-sfpplus11-int-px3 pvid=3
add bridge=bridge-main interface=sfp-sfpplus12-int-px4 pvid=3
add bridge=bridge-main interface=sfp-sfpplus17-pub-px1 pvid=4
add bridge=bridge-main interface=sfp-sfpplus18-pub-px2 pvid=4
add bridge=bridge-main interface=sfp-sfpplus19-pub-px3 pvid=4
add bridge=bridge-main interface=sfp-sfpplus20-pub-px4 pvid=4
add bridge=bridge-main interface=sfp-sfpplus22 pvid=3
add bridge=bridge-main interface=qsfpplus2-1 internal-path-cost=15 path-cost=15 \
pvid=2
/interface bridge vlan
add bridge=bridge-main tagged=sfp-sfpplus22 untagged="sfp-sfpplus1-ceph-px1,sfp-\
sfpplus2-ceph-px2,sfp-sfpplus3-ceph-px3,sfp-sfpplus4-ceph-px4,qsfpplus1-1,qs\
fpplus2-1" vlan-ids=2
add bridge=bridge-main tagged=qsfpplus1-1,qsfpplus1-4,sfp-sfpplus22 untagged="sf\
p-sfpplus17-pub-px1,sfp-sfpplus18-pub-px2,sfp-sfpplus19-pub-px3,sfp-sfpplus2\
0-pub-px4" vlan-ids=4
add bridge=bridge-main tagged=qsfpplus1-1,qsfpplus2-1 untagged="sfp-sfpplus9-int\
-px1,sfp-sfpplus10-int-px2,sfp-sfpplus11-int-px3,sfp-sfpplus12-int-px4,sfp-s\
fpplus22" vlan-ids=3
add bridge=bridge-main tagged="qsfpplus1-1,qsfpplus2-2,sfp-sfpplus17-pub-px1,sfp\
-sfpplus18-pub-px2,sfp-sfpplus19-pub-px3,sfp-sfpplus20-pub-px4,sfp-sfpplus22\
" vlan-ids=5
add bridge=bridge-main tagged="qsfpplus1-1,qsfpplus2-1,sfp-sfpplus1-ceph-px1,sfp\
-sfpplus2-ceph-px2,sfp-sfpplus3-ceph-px3,sfp-sfpplus4-ceph-px4,sfp-sfpplus17\
-pub-px1,sfp-sfpplus18-pub-px2,sfp-sfpplus19-pub-px3,sfp-sfpplus20-pub-px4,s\
fp-sfpplus9-int-px1,sfp-sfpplus10-int-px2,sfp-sfpplus11-int-px3,sfp-sfpplus1\
2-int-px4,sfp-sfpplus22" vlan-ids=7-4094
It has RouterOS 7.7 on both switches.
L3 HW Offlloading isn't active, as no L3 is in use.
Management is connected to the 100Mps Ethernet management port, where DHCP Client is active.
Similar (mirrored) conf is in both switches
Doing an export of the conf is painfully slow and the CPU spikes to 100%. In profile is "management" the one using the CPU basically.
When i say slow is that an export could take 4 min easily.
Code: Select all
/interface bridge
add ingress-filtering=no name=bridge-main vlan-filtering=yes
/interface ethernet
set [ find default-name=qsfpplus1-1 ] l2mtu=10218 mtu=9000
set [ find default-name=qsfpplus1-2 ] l2mtu=10218
set [ find default-name=qsfpplus1-3 ] l2mtu=10218
set [ find default-name=qsfpplus1-4 ] l2mtu=10218
set [ find default-name=qsfpplus2-1 ] l2mtu=10218 mtu=9000
set [ find default-name=qsfpplus2-2 ] l2mtu=10218
set [ find default-name=qsfpplus2-3 ] l2mtu=10218
set [ find default-name=qsfpplus2-4 ] l2mtu=10218
set [ find default-name=sfp-sfpplus1 ] l2mtu=10218 mtu=9000 name=sfp-sfpplus1-ceph-px1
set [ find default-name=sfp-sfpplus2 ] l2mtu=10218 mtu=9000 name=sfp-sfpplus2-ceph-px2
set [ find default-name=sfp-sfpplus3 ] l2mtu=10218 mtu=9000 name=sfp-sfpplus3-ceph-px3
set [ find default-name=sfp-sfpplus4 ] l2mtu=10218 mtu=9000 name=sfp-sfpplus4-ceph-px4
set [ find default-name=sfp-sfpplus9 ] name=sfp-sfpplus9-int-px1
set [ find default-name=sfp-sfpplus10 ] name=sfp-sfpplus10-int-px2
set [ find default-name=sfp-sfpplus11 ] name=sfp-sfpplus11-int-px3
set [ find default-name=sfp-sfpplus12 ] name=sfp-sfpplus12-int-px4
set [ find default-name=sfp-sfpplus17 ] name=sfp-sfpplus17-pub-px1
set [ find default-name=sfp-sfpplus18 ] name=sfp-sfpplus18-pub-px2
set [ find default-name=sfp-sfpplus19 ] name=sfp-sfpplus19-pub-px3
set [ find default-name=sfp-sfpplus20 ] name=sfp-sfpplus20-pub-px4
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge-main interface=qsfpplus1-1 pvid=2
add bridge=bridge-main interface=sfp-sfpplus1-ceph-px1 pvid=2
add bridge=bridge-main interface=sfp-sfpplus2-ceph-px2 pvid=2
add bridge=bridge-main interface=sfp-sfpplus3-ceph-px3 pvid=2
add bridge=bridge-main interface=sfp-sfpplus4-ceph-px4 pvid=2
add bridge=bridge-main interface=sfp-sfpplus9-int-px1 pvid=3
add bridge=bridge-main interface=sfp-sfpplus10-int-px2 pvid=3
add bridge=bridge-main interface=sfp-sfpplus11-int-px3 pvid=3
add bridge=bridge-main interface=sfp-sfpplus12-int-px4 pvid=3
add bridge=bridge-main interface=sfp-sfpplus17-pub-px1 pvid=4
add bridge=bridge-main interface=sfp-sfpplus18-pub-px2 pvid=4
add bridge=bridge-main interface=sfp-sfpplus19-pub-px3 pvid=4
add bridge=bridge-main interface=sfp-sfpplus20-pub-px4 pvid=4
add bridge=bridge-main interface=sfp-sfpplus22 pvid=3
add bridge=bridge-main interface=qsfpplus2-1 internal-path-cost=15 path-cost=15 pvid=2
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge-main tagged=sfp-sfpplus22 untagged="sfp-sfpplus1-ceph-px1,sfp-sfpplus2-ceph-px2,sfp-\
sfpplus3-ceph-px3,sfp-sfpplus4-ceph-px4,qsfpplus1-1,qsfpplus2-1" vlan-ids=2
add bridge=bridge-main tagged=qsfpplus1-1,qsfpplus1-4,sfp-sfpplus22 untagged=\
sfp-sfpplus17-pub-px1,sfp-sfpplus18-pub-px2,sfp-sfpplus19-pub-px3,sfp-sfpplus20-pub-px4 vlan-ids=\
4
add bridge=bridge-main tagged=qsfpplus1-1,qsfpplus2-1 untagged="sfp-sfpplus9-int-px1,sfp-sfpplus10-int\
-px2,sfp-sfpplus11-int-px3,sfp-sfpplus12-int-px4,sfp-sfpplus22" vlan-ids=3
add bridge=bridge-main tagged="qsfpplus1-1,qsfpplus2-2,sfp-sfpplus17-pub-px1,sfp-sfpplus18-pub-px2,sfp\
-sfpplus19-pub-px3,sfp-sfpplus20-pub-px4,sfp-sfpplus22" vlan-ids=5
add bridge=bridge-main tagged="qsfpplus1-1,qsfpplus2-1,sfp-sfpplus1-ceph-px1,sfp-sfpplus2-ceph-px2,sfp\
-sfpplus3-ceph-px3,sfp-sfpplus4-ceph-px4,sfp-sfpplus17-pub-px1,sfp-sfpplus18-pub-px2,sfp-sfpplus19\
-pub-px3,sfp-sfpplus20-pub-px4,sfp-sfpplus9-int-px1,sfp-sfpplus10-int-px2,sfp-sfpplus11-int-px3,sf\
p-sfpplus12-int-px4,sfp-sfpplus22" vlan-ids=7-4094
/interface ovpn-server server
set auth=sha1,md5
/ip dhcp-client
add interface=ether1
/ip dns
set servers=9.9.9.9,1.1.1.1
/ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=XX.XX.XX.XXX routing-table=main \
suppress-hw-offload=no
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=RouterOS2
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/system routerboard settings
set boot-os=router-os