Community discussions

MikroTik App
 
User avatar
granite
just joined
Topic Author
Posts: 2
Joined: Sun Jul 10, 2022 1:47 pm

CRS317 and CSS326 stop forwarding on some ports

Mon Jul 11, 2022 9:44 pm

Hello,

I have a CRS317 as my core switch at home. Additionally there are two CS326s connected via bonding interfaces on ports 1,2 (850nm transceivers) and 15,16 (0,5m DAC) respectively.
The CRS317 bonds are configured to use LACP and the CSS326s are in passive LAG mode.
After some time there always seems to be a hiccup between the CRS317 and the CSS326 connected via bonding2(15,16) as traffic stops forwarding on some ports until one of the units is rebooted.
I found https://help.mikrotik.com/docs/display/ ... figuration but could not make out any mistake in particular.
I also experienced the issue running SwOS 2.13p on the CRS317 so this does not seem to be a ROS exclusive problem.
I now have configured a watchdog timer on the CRS317 to ping my perimeter firewall (IPFire on Port5 on the affected CSS326) and that triggered again today at around 15:00h.
After setting up crude SNMP/Grafana monitoring on the CSS326 yesterday I was able to graph the issue:
grafana_css326.png
Besides SFP1 and 2 the following ports on the CSS326 are affected: 2 5 6 13 14 15 18. 1 and 3 seem to work normally.
grafana_css326_detail.png
I will also attach the CSS326 config / stats as screenshots and the CRS317 config as text below
I have three supout.rif files at hand at the moment. One during a hang. One immediately after the first one was created because the cpu usage remained constantly at 95% for 5 minutes until I rebooted the CSS326 and the last one created after the watchdog timer was triggered today.
As I'm new the the forum, should I open a ticket with support in parallel or should I try to get some advice here first?

Thanks in advance and best regards!

CRS317 config:
[admin@CRS317] > /export hide-sensitive 
# jul/11/2022 19:41:42 by RouterOS 7.3.1
# software id = XXXXXXXX
#
# model = CRS317-1G-16S+
# serial number = XXXXXXXX
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface bonding
add mode=802.3ad name=bonding1 slaves=sfp-sfpplus1,sfp-sfpplus2 transmit-hash-policy=layer-2-and-3
add mode=802.3ad name=bonding2 slaves=sfp-sfpplus15,sfp-sfpplus16 transmit-hash-policy=layer-2-and-3
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus3
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus4
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus5
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus6
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus7
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus8
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus9
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus10
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus11
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus12
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus13
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus14
add bridge=bridge interface=bonding1
add bridge=bridge interface=bonding2
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether1 list=WAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
add interface=sfp-sfpplus5 list=LAN
add interface=sfp-sfpplus6 list=LAN
add interface=sfp-sfpplus7 list=LAN
add interface=sfp-sfpplus8 list=LAN
add interface=sfp-sfpplus9 list=LAN
add interface=sfp-sfpplus10 list=LAN
add interface=sfp-sfpplus11 list=LAN
add interface=sfp-sfpplus12 list=LAN
add interface=sfp-sfpplus13 list=LAN
add interface=sfp-sfpplus14 list=LAN
add interface=sfp-sfpplus15 list=LAN
add interface=sfp-sfpplus16 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.0.2/24 comment=defconf interface=bridge network=192.168.0.0
/ip dns
set servers=192.168.0.1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name=CRS317
/system routerboard settings
set boot-os=router-os
/system swos
set address-acquisition-mode=static identity=Core static-ip-address=192.168.0.2
/system watchdog
set ping-timeout=3m watch-address=192.168.0.1
You do not have the required permissions to view the files attached to this post.
 
User avatar
granite
just joined
Topic Author
Posts: 2
Joined: Sun Jul 10, 2022 1:47 pm

Re: CRS317 and CSS326 stop forwarding on some ports  [SOLVED]

Tue Aug 02, 2022 11:32 pm

After narrowing down the issue (tcpdump to the rescue) it turned out to be a DHCP packet flood.
According to Support (SUP-86916) this is a confirmed bug in SwOS:
The problem is related to LAG and DHCP packet handling with enabled Add Information Option. The switch might flood these packets and cause a broadcast storm.
Disabling "Add Information Option" under the "System" tab of SwOS is a suitable workaround for me. Hopefully a complete fix will be released soon.
Thanks again to the MT Support Team (especially V.A.)!
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CRS317 and CSS326 stop forwarding on some ports

Wed Aug 03, 2022 1:07 am

thank you for sharing

Who is online

Users browsing this forum: Ahrefs [Bot] and 47 guests