Community discussions

MikroTik App
 
P00HB33R
just joined
Topic Author
Posts: 21
Joined: Tue Aug 10, 2021 4:20 pm

VLAN Between 2 Bridges (With Hardware Offloading)

Thu Aug 11, 2022 11:34 am

Hi All,

I am struggling a bit to get to get my head around a VLAN setup I need to implement.

At our datacenter we have a CCR1036 (router A), with no bridge.
At another location we have a CRS317 (in RouterOS Router B) that is bridging all ports.
These two routers are connected via a MetroNet Fiber link.
I need to link these two routers via a VLAN eg. vlan id 12.

Now just creating the VLAN interface on each side, and adding the vlan interface to the bridge of Router B works fine, but then I see there is no Hardware offloading.
What would be the correct way to configure the stated link, that would allow hardware offloading on the VLAN interfaces?
CPU usage on Router B is quite high (25%) and thats with only around 150Mbps worth of traffic over VLAN.

Any help would be greatly appreciated
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: VLAN Between 2 Bridges (With Hardware Offloading)

Thu Aug 11, 2022 12:03 pm

How did you add the VLAN to the bridge? Can you please supply the config (without any personal information)?
I think VLAN filtering should be handled by the bridge, perhaps have a look at this topic:
viewtopic.php?t=143620
 
P00HB33R
just joined
Topic Author
Posts: 21
Joined: Tue Aug 10, 2021 4:20 pm

Re: VLAN Between 2 Bridges (With Hardware Offloading)

Thu Aug 11, 2022 2:04 pm

Thanks for the info so far. Below is the config of the 2 routers.
I basically just added an vlan on each router under interface
Then on router B I added the vlan interface to the bridge ports.

But on the bridge I am not getting the H flag on vlan interface, and router A does not have a bridge.

Router A
# aug/11/2022 12:58:52 by RouterOS 7.2.1
# software id = I3CR-EP9C
#
# model = CCR1036-8G-2S+
# serial number = D83A0D827F76
/interface wireguard
add listen-port=9515 mtu=1420 name=wireguard1
/interface vlan
add comment="METRO/DFA -> CJ/NEUHOFF" interface=sfp-sfpplus2 name=VLAN:11 \
    vlan-id=11
add comment="MONITORING VLAN" interface=sfp-sfpplus2 name=vlan10 vlan-id=10
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-192,aes-128,3des
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1
/ip pool
add name=dhcp_pool0 ranges=192.168.253.10-192.168.253.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=VLAN:11 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
set *0 change-tcp-mss=no local-address=100.64.0.1
add local-address=192.168.250.1 name=management-prof remote-address=\
    dhcp_pool0
add change-tcp-mss=yes name=dcpppoeProfile
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=::/0,192.168.250.1/32
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,rest-api"
/interface bridge filter
add action=drop chain=forward disabled=yes dst-port=67-68 ip-protocol=udp \
    mac-protocol=ip
/interface bridge settings
set use-ip-firewall-for-pppoe=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set caller-id-type=number use-ipsec=yes
/interface list member
add interface=sfp-sfpplus1 list=WAN
add list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface pppoe-server server
add service-name=VLAN11_PPPOE
add disabled=no interface=VLAN:11 service-name=VLAN10_PPPOE
/ip address
add address=100.64.0.1/18 comment=defconf interface=ether1 network=100.64.0.0
add address=154.72.6.54/30 interface=sfp-sfpplus1 network=154.72.6.52
add address=192.168.250.1/23 interface=VLAN:11 network=192.168.250.0
add address=192.168.252.1/23 interface=VLAN:11 network=192.168.252.0
add address=192.168.248.1/24 interface=wireguard1 network=192.168.248.0
add address=192.168.254.1/24 interface=vlan10 network=192.168.254.0
/ip dhcp-server network
add address=192.168.252.0/23 gateway=192.168.252.1 netmask=23

Router B
# aug/11/2022 12:57:11 by RouterOS 7.2.1
# software id = SBUJ-R6RJ
#
# model = CRS309-1G-8S+
# serial number = CB790CE2D700
/interface bridge
add admin-mac=48:8F:5A:10:1A:85 auto-mac=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1592
set [ find default-name=sfp-sfpplus1 ] l2mtu=1592
set [ find default-name=sfp-sfpplus2 ] comment=Airfiber l2mtu=1592 speed=\
    100Mbps
set [ find default-name=sfp-sfpplus3 ] advertise=\
    10M-half,100M-half,100M-full,1000M-half,1000M-full comment="Sec 1" l2mtu=\
    1592
set [ find default-name=sfp-sfpplus4 ] comment="Sec 2" l2mtu=1592 speed=\
    10Mbps
set [ find default-name=sfp-sfpplus5 ] comment="AHA ptp" l2mtu=1592
set [ find default-name=sfp-sfpplus6 ] auto-negotiation=no comment=\
    "Neuhoff Fiber" l2mtu=1592
set [ find default-name=sfp-sfpplus7 ] full-duplex=no l2mtu=1592 speed=\
    100Mbps
set [ find default-name=sfp-sfpplus8 ] l2mtu=1592 rx-flow-control=auto \
    tx-flow-control=auto
/interface vlan
add disabled=yes interface=sfp-sfpplus1 name=vlan10-reflex vlan-id=10
add interface=sfp-sfpplus1 name=vlan11-reflex vlan-id=11
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,rest-api"
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether1
add bridge=bridge1 ingress-filtering=no interface=sfp-sfpplus2
add bridge=bridge1 ingress-filtering=no interface=sfp-sfpplus3
add bridge=bridge1 ingress-filtering=no interface=sfp-sfpplus4
add bridge=bridge1 ingress-filtering=no interface=sfp-sfpplus5
add bridge=bridge1 ingress-filtering=no interface=sfp-sfpplus6
add bridge=bridge1 ingress-filtering=no interface=sfp-sfpplus7
add bridge=bridge1 ingress-filtering=no interface=sfp-sfpplus8
add bridge=bridge1 ingress-filtering=no interface=vlan10-reflex
add bridge=bridge1 ingress-filtering=no interface=vlan11-reflex
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=ether1 list=WAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
add interface=sfp-sfpplus5 list=LAN
add interface=sfp-sfpplus6 list=LAN
add interface=sfp-sfpplus7 list=LAN
add interface=sfp-sfpplus8 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.252.55/23 interface=bridge1 network=192.168.252.0
/ip dhcp-client
add add-default-route=no disabled=yes interface=bridge1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.252.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
/snmp
set enabled=yes
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=DC-Neuhoff-Switch
/system ntp client
set enabled=yes
/system ntp client servers
add address=162.159.200.123
/system routerboard settings
set boot-os=router-os boot-protocol=dhcp
/system swos
set address-acquisition-mode=static allow-from-ports=\
    p1,p2,p3,p4,p5,p6,p7,p8,p9 identity=DC-Neuhoff-Switc static-ip-address=\
    192.168.250.88
/tool bandwidth-server
set authenticate=no

Who is online

Users browsing this forum: FlowerShopGuy, johnson73, loloski and 84 guests