The problem has a completely normal solution. The load on the central processor did not exceed 25% with uTP traffic of 400 Mbps in one direction. Higher speeds could not be tested due to the limitations of the routers that I used.
To test, I assembled the following kit:
- Mikrotik hAP ac2 router (mt-isp-router) was used as "ISP". To check the traffic flow, it was connected via WiFi to my home network.
- the Mikrotik CRS106-1C-5S switch (mt-isp-optic-switch) was connected with a copper cable to the router (mt-isp-router) and was used as an "ISP" end device to which clients were to connect
- the Mikrotik CRS106-1C-5S switch (mt-client-optic-switch) was connected with two optical cables to the "ISP" switch (mt-isp-optic-switch) to create a situation where the client has two independent connections to two ISPs
- a Mikrotik RB751G-2HnD router (mt-client-router) was used as a client router and was connected with two copper cables to an optical switch (mt-client-optic-switch)
SFP-2-RG45.png
Step4Net SFPd-03-1550-WDM-LC and Step4Net SFPd-03-1310-WDM-LC were used as optical modules.
Considering that the Mikrotik CRS106-1C-5S switch has only one port for connecting via a copper cable, I used Mikrotik S-RJ01.
The task of minimizing the load on the central processor of the client's switch was solved when connecting to several providers via several optical cables.
The client router is connected with several copper cables.
The client must be able to monitor their switch and router from their local network.
Below are the settings I made for each device. For both routers, these settings are not complete and are used only to show the principle of setting.
The Mikrotik CRS106-1C-5S switching chip showed quite "normal behavior" for a device in this price range.
--
ISP router (mt-isp-router)
--
# oct/13/2022 18:38:43 by RouterOS 7.5
# software id = QQ55-906W
#
# model = RBD52G-5HacD2HnD
# serial number =
### Main settings
/interface list add name=LAN
/interface list add name=WAN
/interface bridge add ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface vlan add interface=bridge1 name=vlan-ISP-LAN-100 vlan-id=100
/interface vlan add interface=bridge1 name=vlan-client-30 vlan-id=30
/interface vlan add interface=bridge1 name=vlan-client-31 vlan-id=31
/interface bridge port add bridge=bridge1 interface=ether1 pvid=100
/interface bridge port add bridge=bridge1 interface=ether2 pvid=100
/interface bridge port add bridge=bridge1 interface=ether3 pvid=100
/interface bridge port add bridge=bridge1 interface=ether4 pvid=100
/interface bridge port add bridge=bridge1 interface=ether5
/interface bridge vlan add bridge=bridge1 tagged=bridge1,ether5 untagged=ether1,ether2,ether3,ether4 vlan-ids=100
/interface bridge vlan add bridge=bridge1 tagged=bridge1,ether5 vlan-ids=30
/interface bridge vlan add bridge=bridge1 tagged=bridge1,ether5 vlan-ids=31
/interface list member add interface=wlan2 list=WAN
/interface list member add interface=vlan-ISP-LAN-100 list=LAN
/ip neighbor discovery-settings set discover-interface-list=LAN
### Other settings
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/interface wireless security-profiles add authentication-types=wpa2-psk mode=dynamic-keys name=profile-Test-ISP supplicant-identity="" wpa2-pre-shared-key=SuperSecretPassword
/interface wireless set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee comment=WAN country=ukraine disabled=no distance=indoors hw-protection-mode=rts-cts security-profile=profile-Test-ISP ssid=APTestISP wireless-protocol=802.11
/interface wireless nstreme set wlan2 comment=WAN
/interface wireless manual-tx-power-table set wlan2 comment=WAN
/ip pool add name=dhcp_pool_LAN_ISP ranges=10.10.100.1-10.10.100.253
/ip pool add name=dhcp_pool-client-30 ranges=10.10.30.1-10.10.30.253
/ip pool add name=dhcp_pool-client-31 ranges=10.10.31.1-10.10.31.253
/ip dhcp-server add address-pool=dhcp_pool_LAN_ISP interface=vlan-ISP-LAN-100 name=dhcp-LAN-ISP
/ip dhcp-server add address-pool=dhcp_pool-client-30 interface=vlan-client-30 name=dhcp-client-30
/ip dhcp-server add address-pool=dhcp_pool-client-31 interface=vlan-client-31 name=dhcp-client-31
/ipv6 settings set disable-ipv6=yes
/ip address add address=10.10.30.254/24 interface=vlan-client-30 network=10.10.30.0
/ip address add address=10.10.31.254/24 interface=vlan-client-31 network=10.10.31.0
/ip address add address=10.10.100.254/24 interface=vlan-ISP-LAN-100 network=10.10.100.0
/ip dhcp-client add interface=wlan2
/ip dhcp-server network add address=10.10.30.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.10.30.254
/ip dhcp-server network add address=10.10.31.0/24 dns-server=1.0.0.1,8.8.4.4 gateway=10.10.31.254
/ip dhcp-server network add address=10.10.100.0/24 dns-server=10.10.100.254 gateway=10.10.100.254
/ip dns set allow-remote-requests=yes cache-max-ttl=10m
/ip firewall nat add action=masquerade chain=srcnat comment="Access LAN to Internet" ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port set ftp disabled=yes
/ip firewall service-port set tftp disabled=yes
/ip firewall service-port set irc disabled=yes
/ip firewall service-port set h323 disabled=yes
/ip firewall service-port set sip disabled=yes
/ip firewall service-port set pptp disabled=yes
/ip service set www disabled=yes
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/system clock set time-zone-name=Europe/Kiev
/system identity set name=MT-ISP-Router
/system ntp client set enabled=yes
/system routerboard settings set auto-upgrade=yes
--
ISP switch (mt-isp-optic-switch)
--
# oct/13/2022 18:41:13 by RouterOS 7.5
# software id = WR66-JAP8
#
# model = CRS106-1C-5S
# serial number =
### Main settings
/interface list add name=LAN
/interface bridge add name=bridge1 protocol-mode=none
/interface vlan add interface=bridge1 name=ISP-LAN-VLAN-100 vlan-id=100
/interface bridge port add bridge=bridge1 interface=sfp1
/interface bridge port add bridge=bridge1 interface=sfp2
/interface bridge port add bridge=bridge1 interface=sfp3
/interface bridge port add bridge=bridge1 interface=sfp4
/interface bridge port add bridge=bridge1 interface=sfp5
/interface bridge port add bridge=bridge1 interface=combo1
/interface ethernet switch egress-vlan-tag add tagged-ports=combo1 vlan-id=30
/interface ethernet switch egress-vlan-tag add tagged-ports=combo1 vlan-id=31
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=30 ports=sfp1
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=31 ports=sfp2
/interface ethernet switch vlan add ports=sfp1,combo1 vlan-id=30
/interface ethernet switch vlan add ports=combo1,sfp2 vlan-id=31
/interface ethernet switch vlan add ports=switch1-cpu,combo1 vlan-id=100
/ip dhcp-client add interface=ISP-LAN-VLAN-100
/interface list member add interface=ISP-LAN-VLAN-100 list=LAN
/ip neighbor discovery-settings set discover-interface-list=LAN
### Other settings
/ipv6 settings set disable-ipv6=yes
/ip service set www disabled=yes
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/system clock set time-zone-name=Europe/Kiev
/system identity set name=MT-ISP-Optic
/system ntp client set enabled=yes
/system routerboard settings set auto-upgrade=yes
/tool bandwidth-server set enabled=no
--
Client switch (mt-client-optic-switch)
--
# oct/13/2022 18:35:45 by RouterOS 7.5
# software id = YWA1-ED7I
#
# model = CRS106-1C-5S
# serial number =
### Main settings
/interface list add name=LAN
/interface bridge add name=bridge1 protocol-mode=none
/interface vlan add interface=bridge1 name=Client-LAN-VLAN-101 vlan-id=101
/interface ethernet switch trunk add member-ports=sfp5,combo1 name=trunk-for-router
/interface bridge port add bridge=bridge1 interface=sfp1
/interface bridge port add bridge=bridge1 interface=sfp2
/interface bridge port add bridge=bridge1 interface=sfp3
/interface bridge port add bridge=bridge1 interface=sfp4
/interface bridge port add bridge=bridge1 interface=sfp5
/interface bridge port add bridge=bridge1 interface=combo1
/interface ethernet switch egress-vlan-tag add tagged-ports=trunk-for-router vlan-id=130
/interface ethernet switch egress-vlan-tag add tagged-ports=trunk-for-router vlan-id=131
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=130 ports=sfp1
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=131 ports=sfp2
/interface ethernet switch vlan add ports=trunk-for-router,sfp1 vlan-id=130
/interface ethernet switch vlan add ports=trunk-for-router,sfp2 vlan-id=131
/interface ethernet switch vlan add ports=trunk-for-router,switch1-cpu vlan-id=101
/ip dhcp-client add interface=Client-LAN-VLAN-101
/interface list member add interface=Client-LAN-VLAN-101 list=LAN
/ip neighbor discovery-settings set discover-interface-list=LAN
### Other settings
/ipv6 settings set disable-ipv6=yes
/ip service set www disabled=yes
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/system clock set time-zone-name=Europe/Kiev
/system identity set name=MT-Client-Optic
/system ntp client set enabled=yes
/system routerboard settings set auto-upgrade=yes
/tool bandwidth-server set enabled=no
--
Client router (mt-client-router)
--
# oct/13/2022 18:31:53 by RouterOS 7.5
# software id = Z3DJ-FCXD
#
# model = 751G-2HnD
# serial number =
### Main settings
/interface list add name=LAN
/interface list add name=WAN
/interface bridge add name=bridge1
/interface bonding add forced-mac-address=XX:XX:XX:XX:XX:XX mode=balance-xor name=bonding-2-switch slaves=ether1,ether2 transmit-hash-policy=layer-2-and-3
/interface vlan add interface=bonding-2-switch name=IP-ISP1-VLAN-130 vlan-id=130
/interface vlan add interface=bonding-2-switch name=IP-ISP2-VLAN-131 vlan-id=131
/interface vlan add interface=bonding-2-switch name=vlan-LAN-101 vlan-id=101
/interface bridge port add bridge=bridge1 interface=ether5
/interface bridge port add bridge=bridge1 interface=ether4
/interface bridge port add bridge=bridge1 interface=ether3
/interface bridge port add bridge=bridge1 interface=vlan-LAN-101
/interface list member add interface=IP-ISP1-VLAN-130 list=WAN
/interface list member add interface=IP-ISP2-VLAN-131 list=WAN
/interface list member add interface=bridge1 list=LAN
/ip neighbor discovery-settings set discover-interface-list=LAN
/ip dhcp-client add interface=IP-ISP1-VLAN-130
/ip dhcp-client add interface=IP-ISP2-VLAN-131
### Other settings
/ipv6 settings set disable-ipv6=yes
/ip pool add name=dhcp_pool-client-LAN ranges=192.168.190.1-192.168.190.253
/ip dhcp-server add address-pool=dhcp_pool-client-LAN interface=bridge1 name=dhcp-Client-LAN
/ip address add address=192.168.190.254/24 interface=bridge1 network=192.168.190.0
/ip dhcp-server network add address=192.168.190.0/24 dns-server=1.1.1.1,8.8.8.8,1.0.0.1,8.8.4.4 gateway=192.168.190.254
/ip dns set allow-remote-requests=yes cache-max-ttl=5m
/ip firewall nat add action=masquerade chain=srcnat comment="Access LAN to Internet" ipsec-policy=out,none out-interface-list=WAN
/system clock set time-zone-name=Europe/Kiev
/system identity set name=MT-Client-Router
/system ntp client set enabled=yes
/system routerboard settings set auto-upgrade=yes
You do not have the required permissions to view the files attached to this post.