Community discussions

MikroTik App
 
ourplan
newbie
Topic Author
Posts: 28
Joined: Mon Oct 23, 2017 10:42 am

CCR2216 CPU Problem

Wed Mar 01, 2023 12:36 pm

Hello friends.
We have a CCR2216 device and Bonding, BGP is used in our device. Fasttrack is active. Our active traffic is around 15Gbps and CPU is over 70%. I'm posting the main settings on the device below. Can you help with the cause and solution?
/interface bridge
add name=NASBridge
/interface ethernet
set [ find default-name=sfp28-1 ] auto-negotiation=no name=sfp-sfpplus1 \
    speed=10Gbps
set [ find default-name=sfp28-2 ] auto-negotiation=no comment=CCR02 name=\
    sfp-sfpplus2 speed=10Gbps
set [ find default-name=sfp28-3 ] auto-negotiation=no comment=CCR03 \
    speed=10Gbps
set [ find default-name=sfp28-4 ] auto-negotiation=no comment=CCR04 \
    speed=10Gbps
set [ find default-name=sfp28-5 ] auto-negotiation=no comment=CCR05 \
    speed=10Gbps
set [ find default-name=sfp28-6 ] auto-negotiation=no comment=CCR06 \
    speed=10Gbps
set [ find default-name=sfp28-7 ] auto-negotiation=no comment=CCR07 \
    speed=10Gbps
set [ find default-name=sfp28-11 ] auto-negotiation=no comment=\
    Internet1_Bonding speed=10Gbps
set [ find default-name=sfp28-12 ] auto-negotiation=no comment=\
    Internet2_Bonding speed=10Gbps
/interface vlan
add interface=sfp-sfpplus2 name=NasVlan2 vlan-id=301
add interface=sfp28-3 name=NasVlan3 vlan-id=301
add interface=sfp28-4 name=NasVlan4 vlan-id=301
add interface=sfp28-5 name=NasVlan5 vlan-id=301
add interface=sfp28-6 name=NasVlan6 vlan-id=301
add interface=sfp28-7 name=NasVlan7 vlan-id=301
/interface bonding
add mode=802.3ad name=TT_Bonding slaves=sfp28-12,sfp28-11 \
    transmit-hash-policy=layer-2-and-3
/interface vlan
add interface=TT_Bonding name=TT_VlanBonding vlan-id=302
/interface ethernet switch
set 0 l3-hw-offloading=yes
/routing bgp template
set default as=xxxxx disabled=no routing-table=main
/interface bridge port
add bridge=NASBridge interface=NasVlan3
add bridge=NASBridge interface=NasVlan4
add bridge=NASBridge interface=NasVlan5
add bridge=NASBridge interface=NasVlan6
add bridge=NASBridge interface=NasVlan7
add bridge=NASBridge interface=NasVlan2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set rp-filter=loose tcp-syncookies=yes
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/routing bgp connection
add address-families=ip as=xxxx connect=yes disabled=no listen=yes \
    local.address=x.x.x.x .role=ebgp multihop=yes name=BGP \
    output.network=bgp_network remote.address=x.x.x.x/32 .as=xxxx \
    router-id=x.x.x.x routing-table=main
/routing filter community-list
add communities=9121:666 disabled=no list=set1
/routing filter rule
add chain="" disabled=no rule=""
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: CCR2216 CPU Problem

Wed Mar 01, 2023 12:49 pm

Should look more closely...why don't you add the VLAN on the bridge? Or better, what is the purpose of the VLAN? Or even "more" better, can you draw a diagram of how this device is supposed to work?

For reference:
viewtopic.php?f=23&t=143620
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: CCR2216 CPU Problem

Wed Mar 01, 2023 2:49 pm

If you're doing fw offload (as opposed to hw offload) then all of the ports need to be disabled for hw offload in the switch menu and it doesn't look like that's configured.

Hw offload still needs to be enabled globally.
 
ourplan
newbie
Topic Author
Posts: 28
Joined: Mon Oct 23, 2017 10:42 am

Re: CCR2216 CPU Problem

Wed Mar 01, 2023 4:31 pm

Should look more closely...why don't you add the VLAN on the bridge? Or better, what is the purpose of the VLAN? Or even "more" better, can you draw a diagram of how this device is supposed to work?

For reference:
viewtopic.php?f=23&t=143620
Thanks for the answer.
First of all, 10Gbps two separate entrances are combined with bonding and the internet is covered with Vlan. There are sub-vlans defined on the provided internet, and we direct them to NAS. In addition, we meet our IP addresses defined with BGP. There is no other building. My guess is CPU spikes due to bonding, but I'm not entirely sure.
 
ourplan
newbie
Topic Author
Posts: 28
Joined: Mon Oct 23, 2017 10:42 am

Re: CCR2216 CPU Problem

Wed Mar 01, 2023 4:31 pm

If you're doing fw offload (as opposed to hw offload) then all of the ports need to be disabled for hw offload in the switch menu and it doesn't look like that's configured.

Hw offload still needs to be enabled globally.
Thanks for the answer.
As you stated, Hw offload is disabled. When we activate it, nothing changes on the CPU side.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: CCR2216 CPU Problem

Wed Mar 01, 2023 4:39 pm

Hw offload is disabled. When we activate it, nothing changes on the CPU side.

fw offload has some limitations that hw offload does not have - if you're trying to run connection tracking or NAT, then fw offload is what you're trying to do.

Here is more detailed info:

viewtopic.php?p=985578#p985555

@MikroTik any idea if the limitations in that thread from 7.6 are still relevant?
 
blacksnow
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Wed Feb 15, 2023 4:46 pm

Re: CCR2216 CPU Problem

Wed Mar 01, 2023 5:25 pm

L3HW Offload (FW - specific) doesn't work with VLANs. Submit a ticket, maybe we can get this pushed to high priority to get fixed.

viewtopic.php?t=193770
 
ourplan
newbie
Topic Author
Posts: 28
Joined: Mon Oct 23, 2017 10:42 am

Re: CCR2216 CPU Problem

Thu Mar 02, 2023 4:37 pm

L3HW Offload (FW - specific) doesn't work with VLANs. Submit a ticket, maybe we can get this pushed to high priority to get fixed.

viewtopic.php?t=193770
As you mentioned, there is hw operation with the bonding interface, but hw does not appear to be active for the vlan interface ports.
In fact, I think the main reason for this high cpu may be something other than l3hw. Networking and ethernet usage is high in CPU usage. In fact, it shouldn't be that low for 15Gbps traffic and less than 2 billion instant packets.
Screenshot_3.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CCR2216 CPU Problem

Thu Mar 02, 2023 5:38 pm

L3HW Offload (FW - specific) doesn't work with VLANs. Submit a ticket, maybe we can get this pushed to high priority to get fixed.

viewtopic.php?t=193770
As you mentioned, there is hw operation with the bonding interface, but hw does not appear to be active for the vlan interface ports.
In fact, I think the main reason for this high cpu may be something other than l3hw. Networking and ethernet usage is high in CPU usage. In fact, it shouldn't be that low for 15Gbps traffic and less than 2 billion instant packets.

Screenshot_3.jpg

looks like you are using vlan interfaces as ports inside the bridge, i am correct?
 
ourplan
newbie
Topic Author
Posts: 28
Joined: Mon Oct 23, 2017 10:42 am

Re: CCR2216 CPU Problem

Thu Mar 02, 2023 7:32 pm



As you mentioned, there is hw operation with the bonding interface, but hw does not appear to be active for the vlan interface ports.
In fact, I think the main reason for this high cpu may be something other than l3hw. Networking and ethernet usage is high in CPU usage. In fact, it shouldn't be that low for 15Gbps traffic and less than 2 billion instant packets.

Screenshot_3.jpg

looks like you are using vlan interfaces as ports inside the bridge, i am correct?
I direct the wan connection I get with bonding to the sub-devices with the bridge as a vlan.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CCR2216 CPU Problem

Thu Mar 02, 2023 9:19 pm

the point is that using vlan interfaces as ports inside the bridge since 6.41 are considered Layer2 misconfiguration

Similar to this
VLAN in a bridge with a physical interface
https://help.mikrotik.com/docs/display/ ... linterface


Solution
To avoid compatibility issues you should use bridge VLAN filtering
 
ourplan
newbie
Topic Author
Posts: 28
Joined: Mon Oct 23, 2017 10:42 am

Re: CCR2216 CPU Problem

Fri Mar 03, 2023 9:44 am

the point is that using vlan interfaces as ports inside the bridge since 6.41 are considered Layer2 misconfiguration

Similar to this
VLAN in a bridge with a physical interface
https://help.mikrotik.com/docs/display/ ... linterface


Solution
To avoid compatibility issues you should use bridge VLAN filtering
Thank you for the reply and information.
But as you mentioned, we also tried the vlan filtering process, but the cpu still seems to be at the same level.
 
blacksnow
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Wed Feb 15, 2023 4:46 pm

Re: CCR2216 CPU Problem

Fri Mar 03, 2023 3:58 pm

I recently solved my issue with VLAN filtering and it may be the same for you. Please check this thread -> viewtopic.php?t=193770
 
ourplan
newbie
Topic Author
Posts: 28
Joined: Mon Oct 23, 2017 10:42 am

Re: CCR2216 CPU Problem

Sat Mar 04, 2023 1:53 pm

I recently solved my issue with VLAN filtering and it may be the same for you. Please check this thread -> viewtopic.php?t=193770
Thanks for your reply and support. We have provided the controls as you stated, but the CPU usage is still high. If you can share your current settings, let's check if you see fit. In addition, can you see that l3hw is running on the bridge?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CCR2216 CPU Problem

Sat Mar 04, 2023 5:58 pm

Try using tools profile to obtain info About the CPU usage

Sometimes is better to use the setting "all" to see each core usage separately

Clicking on usage column header, allows You to sort by usage and see tasks with most usage at the top
 
ourplan
newbie
Topic Author
Posts: 28
Joined: Mon Oct 23, 2017 10:42 am

Re: CCR2216 CPU Problem

Sat Mar 04, 2023 8:47 pm

Try using tools profile to obtain info About the CPU usage

Sometimes is better to use the setting "all" to see each core usage separately

Clicking on usage column header, allows You to sort by usage and see tasks with most usage at the top
Thanks for your suggestion. I have previously informed that it is used by network and ethernet. In addition, I will send a screenshot of the CPU usage rates.
Screenshot_1.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CCR2216 CPU Problem

Mon Mar 06, 2023 6:10 pm

by the way your configuration is build it will only works running by CPU, you must reconfigure using only bridge vlan filtering to be able to have the benefits of offloading

if you already do that please post your "bridge vlan filtering" config and profile usage with it deployed

additionally if you dont do NAT you can do without FW offload, going straigth to L3 Offload (no fasttráck etc)

Who is online

Users browsing this forum: hatred, koer and 83 guests