Community discussions

MikroTik App
 
markeczzz
just joined
Topic Author
Posts: 6
Joined: Sun Jun 18, 2017 11:40 am

InterVLAN Routing

Wed Sep 28, 2022 2:52 pm

Hi!
I have RB4011iGS+ configured with vlans.

On Router ports 1,2 and 3 are connected 3 switches with trunking enabled for all vlans.
On ports 4,5 there is a bond and there are 2 switches connected (active/passive switch setup)

Everything is working ok, full speed (1Gbps), except when transfering data from one vlan to other.
In that case I get around 200Mbps.
I don't have any rules that are limiting traffic and there is fasttrack rule on first place.
If I check resources used, I can see 1CPU core is at 100% and "networking" process is utilizing most of that.

Any solution how to speedup intervlan routing?
/interface bridge
add name=Bridge

/interface vlan
add interface=Bridge name="VLAN 12 - VLAN12" vlan-id=12
add interface=Bridge name="VLAN 13 - VLAN13" vlan-id=13
add interface=Bridge name="VLAN 14 - MGMT" vlan-id=14

/interface bonding
add mode=active-backup name=BondSwitches primary=ether4 slaves=ether4,ether5

/interface bridge port
add bridge=Bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1 multicast-router=disabled
add bridge=Bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2 multicast-router=disabled
add bridge=Bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether3 multicast-router=disabled
add bridge=Bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=BondSwitches multicast-router=disabled

/interface bridge vlan
add bridge=Bridge tagged=Bridge,ether1,ether2,ether3,ether4,ether5,BondSwitches vlan-ids=12
add bridge=Bridge tagged=Bridge,ether1,ether2,ether3,ether4,ether5,BondSwitches vlan-ids=13
add bridge=Bridge tagged=Bridge,ether1,ether2,ether3,ether4,ether5,BondSwitches vlan-ids=14
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: InterVLAN Routing

Wed Sep 28, 2022 8:39 pm

Inter VLAN routing is routing nonetheless. And it's subject to all of its peculiarities, one is that packets belonging to same connection will be handled by same CPU and if one is testing throughput with single connection (e.g. single SMB/SFTP/... file transfer), then choking single CPU core is to be expected.

BTW, is the bond (active-backup) HW offloaded? If it isn't, then it'll consume excessive CPU resources also for intra-VLAN transfers (but will still allow wire speed).
 
markeczzz
just joined
Topic Author
Posts: 6
Joined: Sun Jun 18, 2017 11:40 am

Re: InterVLAN Routing

Thu Sep 29, 2022 9:31 am

So in that case, only solution to speed up single connection throughput would be to get router with better hardware? If yes, which one would you recommend?

Since rest of my network is 10Gbps, i was already thinking of buying router with SFP+ ports that supports 10Gbps, but I guess for that case I would need huge amount of cores that would support that kinda throughput im multiple connections.

Bond is HW offloaded as far as I can see:
/interface bridge port print 
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE                                    BRIDGE                                    HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0     ether1                                       Bridge                                    yes    1     0x80         10                 10       none
 1     ether2                                       Bridge                                    yes    1     0x80         10                 10       none
 2     ether3                                       Bridge                                    yes    1     0x80         10                 10       none
 3     BondSwitches                                 Bridge                                    yes    1     0x80         10                 10       none
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: InterVLAN Routing

Thu Sep 29, 2022 9:41 am

That but what also helps is to be careful about which device/connection you put on which VLAN.
Devices transferring frequently large amounts of data with each other, should be placed on the same VLAN.
Then this problem does not occur for that transfer.

I have a NAS which I mainly use to make nightly backups from my PC.
Those 2 are in the same VLAN. Parts of my network devices can access that NAS too but not at the same speeds.
Similar when I do Wifi testing. I have one SSID which is in the same VLAN as a local iPerf server I have running. Then I know the VLAN-handling is not the limiting factor when testing some settings.
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: InterVLAN Routing

Thu Sep 29, 2022 6:08 pm

You need to consider:

- Run ROSv 7.xx. If you are using version 6.xx you will not get the benefit of L3 HW off-load
- I didn't see that you have enabled vlan filtering on in your configuration.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: InterVLAN Routing

Thu Sep 29, 2022 6:52 pm

Bond is HW offloaded as far as I can see:

All ports have HW offload enabled (by configuration) but none have it active. If HW offload was active, you'd see a 'H' in the second column (first column is index and third column is interface name). We'd have to see full config to make educated guess about why HW offload seems not to be active.
 
markeczzz
just joined
Topic Author
Posts: 6
Joined: Sun Jun 18, 2017 11:40 am

Re: InterVLAN Routing

Fri Sep 30, 2022 12:26 pm

Sorry for late reply.
Yes, I do not see "H"
Also I am using version 6.49.

This is new configuration that I am testing with
add name=Bridge
/interface ethernet
set [ find default-name=ether10 ] comment=WAN
/interface vlan
add interface=Bridge name="VLAN 12 - VLAN12" vlan-id=12
add interface=Bridge name="VLAN 13 - VLAN13" vlan-id=13
add interface=Bridge name="VLAN 14 - MGMT" vlan-id=14
/interface bonding
add mode=active-backup name=BondSwitches primary=ether4 slaves=ether4,ether5
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0

/interface bridge port
add bridge=Bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1 multicast-router=disabled
add bridge=Bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2 multicast-router=disabled
add bridge=Bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether3 multicast-router=disabled
add bridge=Bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=BondSwitches multicast-router=disabled

/interface bridge vlan
add bridge=Bridge tagged=Bridge,ether1,ether2,ether3,ether4,ether5,BondSwitches vlan-ids=12
add bridge=Bridge tagged=Bridge,ether1,ether2,ether3,ether4,ether5,BondSwitches vlan-ids=13
add bridge=Bridge tagged=Bridge,ether1,ether2,ether3,ether4,ether5,BondSwitches vlan-ids=14


/ip address
add address=192.168.100.2/24 interface=ether10 network=192.168.100.0
add address=192.168.12.1/23 interface="VLAN 12 - VLAN12" network=192.168.12.0
add address=192.168.13.1/23 interface="VLAN 13 - VLAN13" network=192.168.13.0
add address=192.168.14.1/24 interface="VLAN 14 - MGMT" network=192.168.14.0


/ip firewall filter
add action=fasttrack-connection chain=forward comment="Fasttrack" connection-state=established,related log-prefix=fasttrack
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input protocol=icmp


add action=accept chain=forward  connection-nat-state=dstnat protocol=tcp
add action=accept chain=input connection-state=established,related
add action=accept chain=forward  connection-state=established,related,untracked

add action=drop chain=input connection-state=invalid
add action=drop chain=forward connection-state=invalid

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether10

/ip route
add distance=1 gateway=192.168.100.1

 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: InterVLAN Routing

Fri Sep 30, 2022 9:01 pm

There isn't anything obvious that would disable HW offload in the fraction of full config you chose to post. As I wrote: we would have to see full (that's complete) config. I'll refrain from posting anything else regarding this thread until you post it.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: InterVLAN Routing

Fri Sep 30, 2022 10:45 pm

It's pretty clear (even stated in the first post) that there's a bond configured, which disables hardware offload on RTL8367 chips.
Check the documentation provided:
https://help.mikrotik.com/docs/display/ ... Offloading
Cheers.
 
thomsen
newbie
Posts: 27
Joined: Wed Sep 28, 2016 10:50 am

Re: InterVLAN Routing

Thu Mar 30, 2023 1:09 pm

Hi all!
Did I understand correctly that in RouterOS v6 this problem (slow inter-VLANs speed) has not been fixed and i should to upgrade to RouterOS v7 ?

Who is online

Users browsing this forum: Ahrefs [Bot], GoogleOther [Bot], neki and 79 guests