Hiya all. First time posting here.
I have had a heX-S and a hapAC for a bit over a year now a they have been great. I do a lot of virtualization with Proxmox off of a PowerEdge with two NICs and recently decided to implement VLANs to segment the network (as well as making a Guest Wi-Fi). Using what I think is a common setup with VLANs on a bridge (the only bridge), all seems to work as I desire. The exception is that when any connection streams data that crosses from one VLAN to another, there is a noticeable spike in the heX-S' CPU usage. If it is an inter-linked set of servers/containers where the data crosses a VLAN more than once, the spike can reach well into 70%.
I just updated to RouterOS 7.7, hoping to get the Hardware Offloading added in for the heX-s' switch chip. And while the ports indicate they are Hardware-Offloaded (same as in RouterOS 6.49), the CPU spike is still there.
Basic Network Map:
heX-S (PowerEdge T440 Proxmox node directly-attached to Ether 3 and 4, HP Laser printer on SFP1, hapAC on Ether 5) > hapAC for Wi-Fi devices. I use the Access List to VLAN tag certain devices.
I have NO dedicated switch as the heX-s provides enough ports - everything else is Wi-Fi.
VLAN 2
Not used yet. I was setting this one up for main LAN devices that are currently Untagged.
VLAN 5
Wi-Fi LAN - mostly IOT and Home Automation - The hapAC does not tag unless connected to the Guest Wi-Fi virtual SSID - I use the Access List to tag certain devices for this VLAN
VLAN 10
External - Internet-facing servers and containers such as a web server, Nextcloud, Minecraft and things like that. All Virtual and all coming from Ether 4
VLAN 20
Wi-Fi Guests - Tagged by a Virtual SSID on the hapAC.
Untagged/PVID 1
Everything else. By default even non-guest Wi-Fi devices end up here until I tag them in the hapAC
I imagine I am leaving something out. I will try to provide any information I can.
To reiterate, the VLAN itself is WORKING. Devices assigned to the VLANs IP addresses associated with them and firewall rules work. Just when streams (usually large ones like movies and such) cross VLANs, the CPU spikes.
Is it because not all traffic is tagged? Perhaps because this configuration existed before upgrading to RouterOS 7.7?