Community discussions

MikroTik App
 
LunaticRv
newbie
Topic Author
Posts: 40
Joined: Mon Dec 31, 2018 8:50 am

Using Traffic Flow with L3 HW Offloading, Suggestions?

Sat Jun 03, 2023 12:13 pm

Hello,

I am (was) using Traffic Flow for DDoS Detection and Graphing for some part of my network. It looks like Traffic Flow does not work when the traffic is offloaded. I tried several ACL rules to atleast copy specific amount of packets to CPU but it does not seem to work.

For logging and graphing I switched back to SNMP but for DDoS detection I am looking for workarounds or alternative solutions. Is there any workaround or method you would suggest?

I was planning to mirror switch port to another and capture flow from here as a workaround but since I use LACP (1x100 and 4x25G link) for uplink I don't know what to do.

Thanks in advance for suggestions.

*Edit: Some details about my network;

65-70 Gbps of traffic in peak times
2 x 100G Uplink to my CCR2216 -- 1x100G, 4x25 Gbps bonded using LACP mode. Entire traffic is offloaded, no NAT/Firewall. Only several BGP sessions are up. 1x100G traffic goes to my CRS518 that handles distribution to other part of my network (to my enterprise customers, to my internal network (firewall, bng etc). So I have no chance to mirror my traffic as workaround :/
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Using Traffic Flow with L3 HW Offloading, Suggestions?

Sat Jun 03, 2023 4:20 pm

When traffic is offloaded to hardware (ASIC), either L2 or L3, then none of software functionality apply, only ASIC (switch chip) features do. Which essentially means that one has to choose between high performance and wide packet processing options. Both is not possible ... not in MT hardware.
 
LunaticRv
newbie
Topic Author
Posts: 40
Joined: Mon Dec 31, 2018 8:50 am

Re: Using Traffic Flow with L3 HW Offloading, Suggestions?

Mon Jun 05, 2023 1:49 pm

When traffic is offloaded to hardware (ASIC), either L2 or L3, then none of software functionality apply, only ASIC (switch chip) features do. Which essentially means that one has to choose between high performance and wide packet processing options. Both is not possible ... not in MT hardware.

I see, it would be amazing to implement hardware-based version of "traffic flow"; interesting too see almost no demand for this feature.
 
petkodmitriy
just joined
Posts: 12
Joined: Mon Apr 23, 2018 8:44 am

Re: Using Traffic Flow with L3 HW Offloading, Suggestions?

Thu Jul 13, 2023 11:03 am

When traffic is offloaded to hardware (ASIC), either L2 or L3, then none of software functionality apply, only ASIC (switch chip) features do. Which essentially means that one has to choose between high performance and wide packet processing options. Both is not possible ... not in MT hardware.

I see, it would be amazing to implement hardware-based version of "traffic flow"; interesting too see almost no demand for this feature.
Hardware version of "traffic flow" called Sflow. it would be amazing to implement this/

Who is online

Users browsing this forum: Bing [Bot], loloski and 78 guests