Community discussions

MikroTik App
 
mrjule80
just joined
Topic Author
Posts: 4
Joined: Thu Jun 23, 2022 3:40 pm

Hex S VLAN Routing Speed

Fri Jun 24, 2022 4:13 pm

Hello everyone,

i'm truly new to the Mikrotik Topic and Hardware and maybe I have some understandig issues.
I have a Mikrotik Hex S as my main router. There I have configuried several VLANs and put them into a Bridge. But when I try to copy data from, let's say, my client VLAN to my server VLAN I only get at max. 176 Mbit/s transfer rate. The offical test results say that the routing speed is around 2 Gbit/s. I don't use the SFP Port so it should be capable of the 2 Gbit/s.
When I look at the CPU Load I can see that one Core is around 90% and the other 3 only around 10 % or less. I thought the Hex S supports HW Offload and on the Bridge Ports it is ticked.

Has anybody a advice or have I some understanding issues right here? Has the Hex S not enough performance to route 1 Gbit between VLANs?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Hex S VLAN Routing Speed

Fri Jun 24, 2022 9:31 pm

Export config, clean for sensitive / private data.

Probably something not correctly done when setting up vlans meaning you are not using switch chip, only software.
I have hex and using hap ac3 as ap, I can easily reach 500mb over wifi across vlans with wireless being the bottleneck there.
 
mrjule80
just joined
Topic Author
Posts: 4
Joined: Thu Jun 23, 2022 3:40 pm

Re: Hex S VLAN Routing Speed

Fri Jun 24, 2022 10:12 pm

Hi,

here ist my config:
I removed the IPs and the Firewall config, I think they are not relevant.

[admin@router-buero] > export compact
# jun/24/2022 21:03:09 by RouterOS 7.3.1
# software id = 7Z4Z-JSMQ
#
# model = RB760iGS
# serial number = A36A0CC5070C
/interface bridge
add ingress-filtering=no name=bridgeVLANs protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add interface=bridgeVLANs name=vlan001-admin vlan-id=1
add interface=bridgeVLANs name=vlan020-server vlan-id=20
add interface=bridgeVLANs name=vlan040-clients vlan-id=40
add interface=bridgeVLANs name=vlan050-guest vlan-id=50
add interface=bridgeVLANs name=vlan060-iot vlan-id=60
/interface list
add name=all-vlans
add name=all-vlans-without-iot
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vlan020-server-pool ranges=xxx-xxx
add name=vlan040-clients-pool ranges=xxx-xxx
add name=vlan050-guest-pool ranges=xxx-xxx
add name=vlan060-iot-pool ranges=xxx-xxx
/ip dhcp-server
add address-pool=vlan040-clients-pool interface=vlan040-clients lease-time=3d name=vlan040-clients-dhcp
add address-pool=vlan050-guest-pool interface=vlan050-guest lease-time=1d name=vlan050-guest-dhcp
add address-pool=vlan060-iot-pool interface=vlan060-iot lease-time=3d name=vlan060-iot-dhcp
/port
set 0 name=serial0
/interface bridge port
add bridge=bridgeVLANs ingress-filtering=no interface=ether2
add bridge=bridgeVLANs ingress-filtering=no interface=ether3
add bridge=bridgeVLANs ingress-filtering=no interface=ether4
add bridge=bridgeVLANs ingress-filtering=no interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridgeVLANs tagged=bridgeVLANs,ether2 vlan-ids=20
add bridge=bridgeVLANs tagged=bridgeVLANs,ether2 vlan-ids=40
add bridge=bridgeVLANs tagged=bridgeVLANs,ether2 vlan-ids=50
add bridge=bridgeVLANs tagged=bridgeVLANs,ether2 vlan-ids=60
add bridge=bridgeVLANs tagged=bridgeVLANs,ether2 vlan-ids=1
/interface list member
add interface=vlan020-server list=all-vlans
add interface=vlan040-clients list=all-vlans
add interface=vlan050-guest list=all-vlans
add interface=vlan060-iot list=all-vlans
add interface=vlan020-server list=all-vlans-without-iot
add interface=vlan040-clients list=all-vlans-without-iot
add interface=vlan050-guest list=all-vlans-without-iot
add interface=vlan001-admin list=all-vlans-without-iot
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=xxx.xxx.xxx.xxx/xx interface=vlan001-admin network=xxx.xxx.xxx.xxx
add address=xxx.xxx.xxx.xxx/xx interface=WAN network=xxx.xxx.xxx.xxx
add address=xxx.xxx.xxx.xxx/xx interface=vlan020-server network=xxx.xxx.xxx.xxx
add address=xxx.xxx.xxx.xxx/xx interface=vlan040-clients network=xxx.xxx.xxx.xxx
add address=xxx.xxx.xxx.xxx/xx interface=vlan050-guest network=xxx.xxx.xxx.xxx
add address=xxx.xxx.xxx.xxx/xx interface=vlan060-iot network=xxx.xxx.xxx.xxx
/ip dhcp-server lease
add address=xxx.xxx.xxx.xxx mac-address=::::: server=vlan060-iot-dhcp
/ip dhcp-server network
add address=xxx.xxx.xxx.xxx/xx dns-server=xxx.xxx.xxx.xxx domain=home gateway=xxx.xxx.xxx.xxx
add address=xxx.xxx.xxx.xxx/xx dns-server=9.9.9.9 gateway=xxx.xxx.xxx.xxx
add address=xxx.xxx.xxx.xxx/xx dns-server=xxx.xxx.xxx.xxx domain=home gateway=xxx.xxx.xxx.xxx
/ip dns
set allow-remote-requests=yes servers=9.9.9.9,149.112.112.112
/ip firewall nat
add action=masquerade chain=srcnat comment="default nat" out-interface=WAN
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx/xx pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=router-buero
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=192.53.103.108
add address=212.7.128.162
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 3:09 pm

i'm truly new to the Mikrotik Topic and Hardware and maybe I have some understandig issues.
I have a Mikrotik Hex S as my main router. There I have configuried several VLANs and put them into a Bridge. But when I try to copy data from, let's say, my client VLAN to my server VLAN I only get at max. 176 Mbit/s transfer rate. The offical test results say that the routing speed is around 2 Gbit/s. I don't use the SFP Port so it should be capable of the 2 Gbit/s.

hEX S can do wirespeed switching of intra-VLAN traffic between ether ports (SFP port is not part of this equation). However hEX S can not do wirespeed routing between different IP networks regardless the topology (VLANs, LAN per port, etc.).

So yes, it does seem to be issue of understanding ...

BTW, when looking at official test results, one has to keep in mind they're synthetic, over all ports and with multiple concurrent connections. Many forum members find figure put in "routing 25 ip filter rules, 512 byte [packet size]" to reflect typical real-life performance pretty well. For hEX S that number is 385Mbps and in certain conditions (e.g. single stream SMB connection over TCP) even that can be hard to achieve. In some other conditions (multiple concurrent connections, optimally configured firewall) device can achieve more combined throughput than that number.
And this rule of thumb is applicable for all mikrotik devices.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 3:17 pm

Now I'm confused.
Surely I am going to test when back home but how come I am able to get close to wifiwave2 limit using inter- vlan and using different subnets on my hex ?
Hex s is basically the same except for sfp port, no ?
 
mrjule80
just joined
Topic Author
Posts: 4
Joined: Thu Jun 23, 2022 3:40 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 3:28 pm

I‘m confused too.
Even with an old TP Link Router with OpenWRT and Software Offload I’ve managed to get around 500 Mbit/s when transferring from one VLAN to another.
And what is the purpose of the MT7621 chip? I thought this is the one that is used for hardware offloading?
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 3:40 pm

For the OP, you are only using two ports (wan and lan) so the bridge is not really necessary. I know on a ccr1009 the routing speed and cpu doesn't really differ with or without a bridge, but it might on your device.

Are you using iperf for some of these tests btw? That would be the best way to test.
 
mrjule80
just joined
Topic Author
Posts: 4
Joined: Thu Jun 23, 2022 3:40 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 4:00 pm

But I thought the bridge is necessary to put all the VLANs in?

No, I use a test file and copy it to my server. But that is not the bottleneck. When I use a Fortigate 30E with nearly the same configuration as the Mikrotik I get nearly 950 Mbit/s transfer rate.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 4:12 pm

A bridge is only necessary if you have to extend a network across multiple interfaces. If you only use one lan port (even with multiple vlan interfaces) you don't need to use a bridge.

I was just mentioning it as something to consider testing.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 4:16 pm

You don't have any firewall rules (only nat) and that also includes fasttrack. Perhaps look at enabling fasttrack to see if that helps.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 4:27 pm

I removed the IPs and the Firewall config, I think they are not relevant.
The firewall config is VERY relevant! it will make or break such setups.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 5:18 pm

And what is the purpose of the MT7621 chip? I thought this is the one that is used for hardware offloading?

MT7621 is a low-endish switch chip that doesn't support any of L3 (IP) functions. So it doesn't help with routing in any possible way.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 5:37 pm

And what is the purpose of the MT7621 chip? I thought this is the one that is used for hardware offloading?

MT7621 is a low-endish switch chip that doesn't support any of L3 (IP) functions. So it doesn't help with routing in any possible way.
But since ROS7.something it does support hw vlan offload ?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 5:42 pm

try tools profile at the moment of test when you see core at 90% to see source of cpu usage
cpu-usage-profile.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 5:49 pm




MT7621 is a low-endish switch chip that doesn't support any of L3 (IP) functions. So it doesn't help with routing in any possible way.
But since ROS7.something it does support hw vlan offload ?

It does ... for switching between attached ports with proper support for VLANs (it's offloading bridge vlan-filtering). That's not routing.
Don't mix hw vlan offload with L3HW support on high-end line of MT switches (CRS3xx) and some most recent high-end routers.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 6:08 pm

Probably I am mixing things up. I'm still learning lots and lots...

But how can it be then that using iperf3 towards internal iperf server I get 500 mb ?

Samsung s20- wifi 5ghz - hap ac3 vlan20 subnet 192.168.20.x - hex - vlan2 subnet 192.168.2.y - hap ac3 ( other one) - iperf3 server 192.168.2.90

That's hw offloading or routing ?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Hex S VLAN Routing Speed

Sat Jun 25, 2022 10:39 pm

That's routing per definition (between two different IP subnets). And as per official test results, hEX S can route in real life scenarios at 380Mbps, give or take. So this device can do 500Mbps for a simple iperf3 test (I guess a multiple connection one and with fasttrack enabled).

If this was switching or L3HW offloaded routing, you'd see 980Mbps ...

Who is online

Users browsing this forum: Guntis, rarlup, Rox169 and 36 guests