Community discussions

MUM Europe 2020
 
syadnom
Member
Member
Topic Author
Posts: 407
Joined: Thu Jan 27, 2011 7:29 am

hardware acceleration on only one bridge?

Tue Oct 02, 2018 5:14 pm

I'm setting up a hEX PoE as a switch-on-a-stick set. RB850Gx2 as the router, hEX PoE off port 2. I've configured 4 vlans on the router into port 1 on the hEX. Then 4 bridges for ports 2,3,4,5. Added eth2 and e1v2 to bridge-port2, eth3 and e1v3 ot bridge-port2 and so on.

Problem is, only the first ethernet port shows up as hardware accelerated, port 2. If I disable port 2 then port 2 shows hardware accelerated and so on but only one port will show this.

If I put 2 ports into 1 bridge, they both show it.

Am I limited to a single bridge on this hardware for hardware acceleration?
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: hardware acceleration on only one bridge?

Tue Oct 02, 2018 5:42 pm

Only one bridge can use hardware acceleration at the same time.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1457
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: hardware acceleration on only one bridge?

Tue Oct 02, 2018 7:26 pm

It is called "Router on a Stick", not Switch on a stick.

Depending on the number of switch chips on the device, with the Hex POE you have only 1 switch chip, so only 1 bridge with HW Offload, but i.e. on 2011, you can have 2 bridges with HW Offload as it has 2 switch chips.
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 648
Joined: Fri Nov 10, 2017 8:19 am

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 12:18 am

I might be completely wrong, but it seems to me that you are trying to achieve typical trunk-edge scenario with VLANs. (port 1 as trunk with all VLANs tagged and ports 2,3,4 and 5 as edge, each having single specific untagged VLAN) . If that is true, then you can be achieve your setting directly in switch chip while keeping on your HW acceleration: https://wiki.mikrotik.com/wiki/Manual:S ... s_Ports.29 (this specific tutorial should be compatible with your device)
It can also be achieved using single bridge with vlan setting, but that will disable HW acceleration on your model.

I know that using VLAN interfaces in bridge is intuitive and looks simple (I started using it similar way) but there are also other not so obvious issues so it is better to avoid. this specific scenario is mentioned here: https://wiki.mikrotik.com/wiki/Manual:L ... _interface and it is recommended to avoid.
Last edited by vecernik87 on Wed Oct 03, 2018 1:01 am, edited 1 time in total.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1457
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 12:32 am

@vecernik, not totally correct in this case.

Each port will be on a separate vlan, then any comms between these ports (VLAN's) will need to be routed which will go via cpu so HW offload will be lost
MTCNA, MTCTCE, MTCRE & MTCINE
 
syadnom
Member
Member
Topic Author
Posts: 407
Joined: Thu Jan 27, 2011 7:29 am

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 1:19 am

vecernik87, I was able to configure this through the switch and bridge all the ports.
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 648
Joined: Fri Nov 10, 2017 8:19 am

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 1:23 am

@czfan: Based on provided description I expected that HEX is supposed to work only as L2 switch which will do the trunk-edge conversion. If he ended up with 4 vlans on Eth1, 4 Eth ports and 4 bridges (each bridge with one vlan and one port), then to me, it clearly signalizes that he wants to separate those L2 segments and only RB850 (not HEX) is supposed to handle this.

I agree that Syandom's idea is not completely clear, but thats why I tried to rephrase his idea and asked, if he agrees with it. Maybe he didn't considered it and he is trying to solve issue which wouldn't be there at first place with another config.
I know his question was about "more hw-accelerated bridges at the same time" and both yours and msatter's answers are technically precise. Yet, they don't help Syandom at all with his issue because you just state that it can't be done.

@syandom: hah, posted almost at the same time :) good to know you solved it! thanks for feedback
 
syadnom
Member
Member
Topic Author
Posts: 407
Joined: Thu Jan 27, 2011 7:29 am

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 1:35 am

vecernik87 was in fact correct.

Ultimately, the need is for
hEX-PoE-port2 to end up in RB850Gx2-Port1vlan12
hEX-PoE-port3 to end up in RB850Gx2-Port1vlan13
hEX-PoE-port4 to end up in RB850Gx2-Port1vlan14
hEX-PoE-port5 to end up in RB850Gx2-Port1vlan15

I've configured the switch on the hEX so that all ports are in a bridge.
added VLAN is the switch config for 12,13,14,15 and each has port 1, the switch, and the corresponding ports.
changed port 1 to secure/add if missing
changed switch1 cpu to secure/leave as is
changed each port to secure/always strip/default vlan as above.

Now all ports are hardware accelerated and when I run a bandwidth test across this switch to a vlan port, I get nearly 1G with 3% CPU on the hEX so I consider the functionality confirmed.

The RB850Gx2 handles these vlans as if they were physical interfaces. I'm using 2 hEX PoE here so essentially appears as 8 extra PoE ports which is exactly what I needed.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1457
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 12:39 pm

@syadnom, did you enable "Vlan Filtering" on the bridge?

Also do a test from vlan 12 to vlan 13 and at the same time from vlan 14 to vlan 15? I suspect your results might be different then.
MTCNA, MTCTCE, MTCRE & MTCINE
 
syadnom
Member
Member
Topic Author
Posts: 407
Joined: Thu Jan 27, 2011 7:29 am

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 5:32 pm

I'm not enabling vlan filtering on the bridge. The guides I found on using the switch chip dont suggest that.

Right now, port 5 and port 4 cannot see each other. If I assign a VLAN 14 interface on the hEX connected to port 5 (ie, PVID=15) it can't communicate with port 4. So Vlans are being properly isolated.

I put a dhcp server on each VLAN on the upstream router. As I move the 'client' hEX between ports, it gets an address from the correct VLAN.

So I believe this is 100% functional.
 
expert
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Sun Dec 04, 2016 1:22 pm

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 9:25 pm

Well, with old configuration with master ports, it was possible to have two or more master ports on a single switch chip, while still maintaining hw offload.

The new bridge implementation IMHO still uses master port internally, so it's questionable why that's not possible anymore.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1457
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: hardware acceleration on only one bridge?

Wed Oct 03, 2018 9:37 pm

I'm not enabling vlan filtering on the bridge. The guides I found on using the switch chip dont suggest that.

Right now, port 5 and port 4 cannot see each other. If I assign a VLAN 14 interface on the hEX connected to port 5 (ie, PVID=15) it can't communicate with port 4. So Vlans are being properly isolated.

I put a dhcp server on each VLAN on the upstream router. As I move the 'client' hEX between ports, it gets an address from the correct VLAN.

So I believe this is 100% functional.

As per your question in your very first post, "Am I limited to a single bridge on this hardware for hardware acceleration?" My understanding is that this is one of your requirements / concerns.

The point I was trying to make is that you will not get hardware offload / wire speed between your ports 2 - 5 / vlans 12 - 15 ... So with your config / requirements, it will make absolutely no difference in performance if you configured the Vlans on the Bridge or on the Switch.

Anyway, glad you came right
MTCNA, MTCTCE, MTCRE & MTCINE
 
syadnom
Member
Member
Topic Author
Posts: 407
Joined: Thu Jan 27, 2011 7:29 am

Re: hardware acceleration on only one bridge?

Thu Oct 04, 2018 3:09 am

Are you sure about this? I seem to be able to transfer at wire speed across all the ports without hitting the CPU. This is NOT the case through the bridging method. I was seeing <100Mbps that way.


I do have another issue. Now I can't add a VLAN to an interface including the bridge. I can't put the untagged trunk port in the bridge on the upstream router, and I can't add a VLAN to the bridge...
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1457
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: hardware acceleration on only one bridge?

Thu Oct 04, 2018 12:27 pm

Are you sure about this? I seem to be able to transfer at wire speed across all the ports without hitting the CPU. This is NOT the case through the bridging method. I was seeing <100Mbps that way.
...
Unless Mikrotik has made some design changes recently, very sure. When you go from one vlan to another, it will use routing for this and this has to go via CPU. The Hex POE has a shared 1Gb path to CPU for all ports, from my understanding you only tested one direction, i.e. from one port/vlan to another hence you got the full 1Gb performance as per 1Gb path to CPU, should you have done two, i.e.from Port 2 / Vlan 12 to Port 3 / Vlan 13 and at the same time another test from Port 4 / Vlan 14 to Port 5 / Vlan 15, these to transfer tests will share the 1Gb path to CPU and theoretically your transfer rate will half

The only time you will get HW Offload benefit, is when for example Ports 2 & 3 were in same Vlan, i.e. Vlan 12 as then it does not need to route between vlans via CPU and access directly on Layer 2 between devices, just being switched

Hope it make sense
...
I do have another issue. Now I can't add a VLAN to an interface including the bridge. I can't put the untagged trunk port in the bridge on the upstream router, and I can't add a VLAN to the bridge...
Can you post your config? i.e. export hide-sensitive
MTCNA, MTCTCE, MTCRE & MTCINE

Who is online

Users browsing this forum: No registered users and 100 guests