Devices: CCR1036-8G-2S
I had a production VxLAN tunnel running with 2 CCR1036-8G-2S Cloud Core Routers. The tunnel was for a k12 school district and I would often get complaints about web traffic being painfully slow. If left alone the issue would resolve itself but repeat several times throughout the day. I finally had to pull the Mikrotiks and put the district back on our Aruba VxLAN tunnel, which resolved the issue for them. My 1st choice is to use the Mikrotiks but I need to resolve the issue before implementing again.
In duplicating the setup, with 2 cloud routers directly connected, I discovered the following:
1. With a VxLAN configuration, a laptop pulled a 3Gb ISO down at 19MBs
2. With the same configuration a laptop and PC pulled the same file down at 11MBs, each
3. Removing VXLAN and configuring the devices with only L2 VLANs, the laptop pulled the file down at 34MBs.
4. The laptop and PC pulled the file down at the same time at 34MBs, each.
Obviously, there is a major degrade in performance when using VxLAN, especially when more than 1 client is downloading a file.
I have contacted support concerning this but have not received instruction on how to remedy the problem yet, outside of a recommendation to change the mss to 1300, but that rule did not have any hits, regardless of the interface used. Ideas??
Attaching all configs:
VxLAN:
Master:
Code: Select all
# apr/13/2022 12:29:37 by RouterOS 7.1.3
# software id = IHD4-H4MR
#
# model = CCR1036-8G-2S+
/interface bridge
add ingress-filtering=no name=BRIDGE-VxLAN-VNI-102 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=8000
set [ find default-name=ether2 ] l2mtu=8000
set [ find default-name=ether4 ] l2mtu=8000
/interface vxlan
add group=224.0.0.1 interface=ether1 mtu=1400 name=vxlan-vni-102 port=8473 \
vni=102
/interface vlan
add interface=ether1 name=vlan703 vlan-id=703
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=172.169.0.10-172.169.0.30
/ip dhcp-server
add address-pool=dhcp_pool0 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=BRIDGE-VxLAN-VNI-102 interface=ether2
add bridge=BRIDGE-VxLAN-VNI-102 interface=vxlan-vni-102
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=BRIDGE-VxLAN-VNI-102 tagged=vxlan-vni-102,ether2 vlan-ids=703
add bridge=BRIDGE-VxLAN-VNI-102 tagged=vxlan-vni-102,ether2 vlan-ids=704
/interface vxlan vteps
add interface=vxlan-vni-102 port=8572 remote-ip=172.169.0.2
/ip address
add address=172.169.0.1/24 interface=ether1 network=172.169.0.0
/ip dhcp-client
add interface=ether8
/ip dhcp-server network
add address=172.169.0.0/24 gateway=172.169.0.1
/ip firewall mangle
add action=change-mss chain=forward log=yes new-mss=1300 out-interface=\
BRIDGE-VxLAN-VNI-102 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=\
1301-65535
/system clock
set time-zone-name=America/Chicago
/system identity
set name=VxLAN-Master
Code: Select all
# apr/14/2022 10:20:18 by RouterOS 7.1.3
# software id = MPIL-B0WN
#
# model = CCR1036-8G-2S+
/interface bridge
add ingress-filtering=no name=BRIDGE-VxLAN-VNI-102 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=8000
set [ find default-name=ether2 ] l2mtu=8000
set [ find default-name=ether4 ] l2mtu=8000
/interface vxlan
add group=224.0.0.1 interface=ether1 mtu=1400 name=vxlan-vni-102 port=8473 \
vni=102
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=172.168.0.10-172.168.0.30
/ip dhcp-server
add address-pool=dhcp_pool0 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=BRIDGE-VxLAN-VNI-102 interface=vxlan-vni-102
add bridge=BRIDGE-VxLAN-VNI-102 interface=ether2
add bridge=BRIDGE-VxLAN-VNI-102 interface=ether4 pvid=703
/interface bridge vlan
add bridge=BRIDGE-VxLAN-VNI-102 tagged=vxlan-vni-102,ether2 vlan-ids=703
/ip address
add address=172.169.0.2/24 interface=ether1 network=172.169.0.0
/ip dhcp-client
add interface=ether8
/ip firewall mangle
add action=change-mss chain=forward new-mss=1300 out-interface=\
BRIDGE-VxLAN-VNI-102 protocol=tcp tcp-flags=syn tcp-mss=1301-65535
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=172.168.0.1 routing-table=main \
suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=172.169.0.1 routing-table=main \
suppress-hw-offload=no
/system clock
set time-zone-name=America/Chicago
/system identity
set name=LCTN-Rm424
/tool sniffer
set filter-interface=ether1
Master:
Code: Select all
# jan/02/1970 00:54:26 by RouterOS 7.1.3
# software id = IHD4-H4MR
#
# model = CCR1036-8G-2S+
/interface bridge
add ingress-filtering=no name=B703 vlan-filtering=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=B703 interface=ether1
add bridge=B703 interface=ether2
add bridge=B703 interface=ether3 pvid=703
add bridge=B703 interface=ether4 pvid=703
/interface bridge vlan
add bridge=B703 tagged=ether1,ether2 vlan-ids=703
add bridge=B703 tagged=ether1,ether2 vlan-ids=704
/ip address
add address=172.169.0.1/24 interface=ether1 network=172.169.0.0
add address=10.7.3.99/24 interface=ether2 network=10.7.3.0
Code: Select all
# apr/14/2022 13:40:15 by RouterOS 7.1.3
# software id = MPIL-B0WN
#
# model = CCR1036-8G-2S+
/interface bridge
add ingress-filtering=no name=B703 vlan-filtering=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=B703 interface=ether1
add bridge=B703 interface=ether3 pvid=703
add bridge=B703 interface=ether4 pvid=703
/interface bridge vlan
add bridge=B703 tagged=ether1 untagged=ether3 vlan-ids=703
/ip address
add address=172.169.0.2/24 interface=ether1 network=172.169.0.0
add address=10.7.3.100/24 interface=B703 network=10.7.3.0
/ip dhcp-client
add interface=ether8
/system clock
set time-zone-name=America/Chicago