Community discussions

MikroTik App
 
lbenalcazar
just joined
Topic Author
Posts: 8
Joined: Wed Dec 01, 2021 4:36 pm
Location: Ecuador
Contact:

CCR2216 L3 HW OFFLOADING

Mon Jul 25, 2022 2:24 am

Kind regards, could you please help me solve the following.

I've been using a ccr2216 with about 10 gigabits of internet traffic, and I was very happy with its performance as the processor didn't go above 3%, and I like this knowing that consumers can surf the internet faster.

A few days ago it started to present a strange problem, I see that the processor went up to approximately 30% and the traffic that in winbox before was not seen through the VLANs can already be seen but only in the TX, in the RX no you can still see it, which means to me that the L3HW is now working only with the traffic that the router receives, but when it has to send it to the other interface, it uses the CPU to do so.

I have checked, the bridge is configured well, hosting the interfaces, both with DH flag, activated vlans filtering, and in Switch added the interfaces to L3 and activated L3HWoffloading, I have about 800 routes installed in the routing table, some static and others OSPF

I tried rebooting the router, and update to version 7.4Stable, but still the same problem.

There is a way to verify which routes the CPU is sending to the Switch, because apparently all the DACH routes are not being used by the Switch.

I attach configuration images and the change in the CPU usage graphs.
Captura de Pantalla 2022-07-21 a la(s) 21.48.36.png
Captura de Pantalla 2022-07-24 a la(s) 18.12.54.png
Captura de Pantalla 2022-07-24 a la(s) 18.14.19.png
Captura de Pantalla 2022-07-24 a la(s) 18.14.32.png
Captura de Pantalla 2022-07-24 a la(s) 18.15.01.png
Captura de Pantalla 2022-07-24 a la(s) 18.22.14.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CCR2216 L3 HW OFFLOADING

Mon Jul 25, 2022 2:53 am

tools profile show something useful?
 
lbenalcazar
just joined
Topic Author
Posts: 8
Joined: Wed Dec 01, 2021 4:36 pm
Location: Ecuador
Contact:

Re: CCR2216 L3 HW OFFLOADING

Mon Jul 25, 2022 5:45 am

tools profile show something useful?
Thanks
Captura de Pantalla 2022-07-24 a la(s) 21.41.18.png
That the CPU is doing the routing work and not the L3 switch
You do not have the required permissions to view the files attached to this post.
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 267
Joined: Mon Apr 27, 2020 10:14 am

Re: CCR2216 L3 HW OFFLOADING

Wed Jul 27, 2022 8:37 am

Hi,

Please type the following commands in the terminal and show us the output:
/interface export
/ip export
 
lbenalcazar
just joined
Topic Author
Posts: 8
Joined: Wed Dec 01, 2021 4:36 pm
Location: Ecuador
Contact:

Re: CCR2216 L3 HW OFFLOADING

Wed Jul 27, 2022 8:24 pm

Hi,

Please type the following commands in the terminal and show us the output:
/interface export
/ip export
Hi, thanks for you interest.

I also have an OSPF instance running on vlan2600 to advertise the networks connected to this router.

I have a question after studying the mikrotik documentation, is there a way to tell the router which routes to pass to the L3HW instead of everything passing to the L3HW when it is activated, something like (accept these routes and not the one not accepted.)
It is for example so that certain IPs that you want to block by firewall can go out to the processor and be blocked efficiently.
/interface bridge
add fast-forward=no frame-types=admit-only-vlan-tagged ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=qsfp28-1-1 ] auto-negotiation=no comment=TO_NEXUX_P53 speed=40Gbps
set [ find default-name=qsfp28-1-3 ] fec-mode=fec91
set [ find default-name=qsfp28-1-4 ] fec-mode=fec91
set [ find default-name=qsfp28-2-1 ] auto-negotiation=no disabled=yes speed=40Gbps
set [ find default-name=qsfp28-2-2 ] disabled=yes speed=40Gbps
set [ find default-name=qsfp28-2-3 ] disabled=yes speed=40Gbps
set [ find default-name=qsfp28-2-4 ] disabled=yes speed=40Gbps
set [ find default-name=sfp28-1 ] auto-negotiation=no comment=TO_OLT01-ESFUERZO-MPU9-P0 speed=10Gbps
/interface vlan
add arp=reply-only interface=bridge1 name="VLAN6-ADMIN - CONEXIONES" vlan-id=6
add interface=bridge1 name=VLAN260SL13-P0 vlan-id=260
add interface=bridge1 name=VLAN261SL13-P1 vlan-id=261
add interface=bridge1 name=VLAN262SL13-P2 vlan-id=262
add interface=bridge1 name=VLAN263SL13-P3 vlan-id=263
add interface=bridge1 name=VLAN264SL13-P4 vlan-id=264
add interface=bridge1 name=VLAN265SL13-P5 vlan-id=265
add interface=bridge1 name=VLAN266SL13-P6 vlan-id=266
add interface=bridge1 name=VLAN267SL13-P7 vlan-id=267
add interface=bridge1 name=VLAN268SL13-P8 vlan-id=268
add interface=bridge1 name=VLAN269SL13-P9 vlan-id=269
add interface=bridge1 name=VLAN270SL13-P10 vlan-id=270
add interface=bridge1 name=VLAN271SL13-P11 vlan-id=271
add interface=bridge1 name=VLAN272SL13-P12 vlan-id=272
add interface=bridge1 name=VLAN273SL13-P13 vlan-id=273
add interface=bridge1 name=VLAN274SL13-P14 vlan-id=274
add interface=bridge1 name=VLAN275SL13-P15 vlan-id=275
add interface=bridge1 name=VLAN276SL14-P0 vlan-id=276
add interface=bridge1 name=VLAN277SL14-P1 vlan-id=277
add interface=bridge1 name=VLAN278SL14-P2 vlan-id=278
add interface=bridge1 name=VLAN279SL14-P3 vlan-id=279
add interface=bridge1 name=VLAN280SL14-P4 vlan-id=280
add interface=bridge1 name=VLAN281SL14-P5 vlan-id=281
add interface=bridge1 name=VLAN282SL14-P6 vlan-id=282
add interface=bridge1 name=VLAN283SL14-P7 vlan-id=283
add interface=bridge1 name=VLAN284SL14-P8 vlan-id=284
add interface=bridge1 name=VLAN285SL14-P9 vlan-id=285
add interface=bridge1 name=VLAN286SL14-P10 vlan-id=286
add interface=bridge1 name=VLAN287SL14-P11 vlan-id=287
add interface=bridge1 name=VLAN288SL14-P12 vlan-id=288
add interface=bridge1 name=VLAN289SL14-P13 vlan-id=289
add interface=bridge1 name=VLAN290SL14-P14 vlan-id=290
add interface=bridge1 name=VLAN291SL14-P15 vlan-id=291
add interface=bridge1 name=VLAN292SL15-P0 vlan-id=292
add interface=bridge1 name=VLAN293SL15-P1 vlan-id=293
add interface=bridge1 name=VLAN294SL15-P2 vlan-id=294
add interface=bridge1 name=VLAN295SL15-P3 vlan-id=295
add interface=bridge1 name=VLAN296SL15-P4 vlan-id=296
add interface=bridge1 name=VLAN297SL15-P5 vlan-id=297
add interface=bridge1 name=VLAN298SL15-P6 vlan-id=298
add interface=bridge1 name=VLAN299SL15-P7 vlan-id=299
add interface=bridge1 name=VLAN300SL15-P8 vlan-id=300
add interface=bridge1 name=VLAN301SL15-P9 vlan-id=301
add interface=bridge1 name=VLAN302SL15-P10 vlan-id=302
add interface=bridge1 name=VLAN303SL15-P11 vlan-id=303
add interface=bridge1 name=VLAN304SL15-P12 vlan-id=304
add interface=bridge1 name=VLAN305SL15-P13 vlan-id=305
add interface=bridge1 name=VLAN306SL15-P14 vlan-id=306
add interface=bridge1 name=VLAN307SL15-P15 vlan-id=307
add interface=bridge1 name=VLAN308SL16-P0 vlan-id=308
add interface=bridge1 name=VLAN309SL16-P1 vlan-id=309
add interface=bridge1 name=VLAN310SL16-P2 vlan-id=310
add interface=bridge1 name=VLAN311SL16-P3 vlan-id=311
add interface=bridge1 name=VLAN312SL16-P4 vlan-id=312
add interface=bridge1 name=VLAN313SL16-P5 vlan-id=313
add interface=bridge1 name=VLAN314SL16-P6 vlan-id=314
add interface=bridge1 name=VLAN315SL16-P7 vlan-id=315
add interface=bridge1 name=VLAN316SL16-P8 vlan-id=316
add interface=bridge1 name=VLAN317SL16-P9 vlan-id=317
add interface=bridge1 name=VLAN318SL16-P10 vlan-id=318
add interface=bridge1 name=VLAN319SL16-P11 vlan-id=319
add interface=bridge1 name=VLAN320SL16-P12 vlan-id=320
add interface=bridge1 name=VLAN321SL16-P13 vlan-id=321
add interface=bridge1 name=VLAN322SL16-P14 vlan-id=322
add interface=bridge1 name=VLAN323SL16-P15 vlan-id=323
add interface=bridge1 name=VLAN324SL17-P0 vlan-id=324
add interface=bridge1 name=VLAN325SL17-P1 vlan-id=325
add interface=bridge1 name=VLAN326SL17-P2 vlan-id=326
add interface=bridge1 name=VLAN327SL17-P3 vlan-id=327
add interface=bridge1 name=VLAN328SL17-P4 vlan-id=328
add interface=bridge1 name=VLAN329SL17-P5 vlan-id=329
add interface=bridge1 name=VLAN330SL17-P6 vlan-id=330
add interface=bridge1 name=VLAN331SL17-P7 vlan-id=331
add interface=bridge1 name=VLAN332SL17-P8 vlan-id=332
add interface=bridge1 name=VLAN333SL17-P9 vlan-id=333
add interface=bridge1 name=VLAN334SL17-P10 vlan-id=334
add interface=bridge1 name=VLAN335SL17-P11 vlan-id=335
add interface=bridge1 name=VLAN336SL17-P12 vlan-id=336
add interface=bridge1 name=VLAN337SL17-P13 vlan-id=337
add interface=bridge1 name=VLAN338SL17-P14 vlan-id=338
add interface=bridge1 name=VLAN339SL17-P15 vlan-id=339
add interface=bridge1 name=VLAN500 vlan-id=500
add interface=bridge1 name=VLAN501 vlan-id=501
add interface=bridge1 name=VLAN502 vlan-id=502
add interface=bridge1 name=VLAN503 vlan-id=503
add interface=bridge1 name=VLAN504 vlan-id=504
add interface=bridge1 name=VLAN505 vlan-id=505
add interface=bridge1 name=VLAN3500-TR069 vlan-id=3500
add interface=bridge1 name=vlan2600 vlan-id=2600
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=LAN
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/interface bridge vlan
add bridge=bridge1 tagged=sfp28-1,bridge1 vlan-ids=260-339
add bridge=bridge1 tagged=sfp28-1,bridge1 vlan-ids=500-505
add bridge=bridge1 tagged=bridge1 vlan-ids=3201
add bridge=bridge1 tagged=sfp28-1,bridge1 vlan-ids=6
add bridge=bridge1 tagged=qsfp28-1-1,bridge1 vlan-ids=2600
/interface list member
add interface=bridge1 list=LAN
add interface=sfp28-1 list=LAN
add interface=qsfp28-1-1 list=LAN

# model = CCR2216-1G-12XS-2XQ
/ip dhcp-server
add add-arp=yes interface=VLAN500- lease-time=5m name=DHCP-VLAN500
add add-arp=yes interface=VLAN501- lease-time=5m name=DHCP-VLAN501
add add-arp=yes interface=VLAN502-OLT01-ONT-BRIDGE lease-time=5m \
    name=DHCP-VLAN502
add add-arp=yes interface=VLAN503- lease-time=5m name=DHCP-VLAN503
add add-arp=yes interface=VLAN504--BRIDGE lease-time=5m name=\
    dhcp-vlan504
add add-arp=yes interface=VLAN505- lease-time=5m name=DHCP-VLAN505
add add-arp=yes interface=VLAN27714-P1 name=DHCP-vlan277
add add-arp=yes interface=VLAN27814-P2 name=DHCP-vlan278
add add-arp=yes interface=VLAN27914-P3 name=DHCP-vlan279
add add-arp=yes interface=VLAN28014-P4 name=DHCP-vlan280
add add-arp=yes interface=VLAN28114-P5 name=DHCP-vlan281
add add-arp=yes interface=VLAN28214-P6 name=DHCP-vlan282
add add-arp=yes interface=VLAN28314-P7 name=DHCP-vlan283
add add-arp=yes interface=VLAN28414-P8 name=DHCP-vlan284
add add-arp=yes interface=VLAN28514-P9 name=DHCP-vlan285
add add-arp=yes interface=VLAN28614-P10 name=DHCP-vlan286
add add-arp=yes interface=VLAN28714-P11 name=DHCP-vlan287
add add-arp=yes interface=VLAN28814-P12 name=DHCP-vlan288
add add-arp=yes interface=VLAN28914-P13 name=DHCP-vlan289
add add-arp=yes interface=VLAN29014-P14 name=DHCP-vlan290
add add-arp=yes interface=VLAN29114-P15 name=DHCP-vlan291
add add-arp=yes interface=VLAN29215-P0 name=DHCP-vlan292
add add-arp=yes interface=VLAN29315-P1 name=DHCP-vlan293
add add-arp=yes interface=VLAN29415-P2 name=DHCP-vlan294
add add-arp=yes interface=VLAN29515-P3 name=DHCP-vlan295
add add-arp=yes interface=VLAN29615-P4 name=DHCP-vlan296
add add-arp=yes interface=VLAN29715-P5 name=DHCP-vlan297
add add-arp=yes interface=VLAN29815-P6 name=DHCP-vlan298
add add-arp=yes interface=VLAN29915-P7 name=DHCP-vlan299
add add-arp=yes interface=VLAN30015-P8 name=DHCP-vlan300
add add-arp=yes interface=VLAN30115-P9 name=DHCP-vlan301
add add-arp=yes interface=VLAN30215-P10 name=DHCP-vlan302
add add-arp=yes interface=VLAN30315-P11 name=DHCP-vlan303
add add-arp=yes interface=VLAN30415-P12 name=DHCP-vlan304
add add-arp=yes interface=VLAN30515-P13 name=DHCP-vlan305
add add-arp=yes interface=VLAN30615-P14 name=DHCP-vlan306
add add-arp=yes interface=VLAN30715-P15 name=DHCP-vlan307
add add-arp=yes interface=VLAN30816-P0 name=DHCP-vlan308
add add-arp=yes interface=VLAN30916-P1 name=DHCP-vlan309
add add-arp=yes interface=VLAN31016-P2 name=DHCP-vlan310
add add-arp=yes interface=VLAN31116-P3 name=DHCP-vlan311
add add-arp=yes interface=VLAN31216-P4 name=DHCP-vlan312
add add-arp=yes interface=VLAN31316-P5 name=DHCP-vlan313
add add-arp=yes interface=VLAN31416-P6 name=DHCP-vlan314
add add-arp=yes interface=VLAN31516-P7 name=DHCP-vlan315
add add-arp=yes interface=VLAN31616-P8 name=DHCP-vlan316
add add-arp=yes interface=VLAN31716-P9 name=DHCP-vlan317
add add-arp=yes interface=VLAN31816-P10 name=DHCP-vlan318
add add-arp=yes interface=VLAN31916-P11 name=DHCP-vlan319
add add-arp=yes interface=VLAN32016-P12 name=DHCP-vlan320
add add-arp=yes interface=VLAN32116-P13 name=DHCP-vlan321
add add-arp=yes interface=VLAN32216-P14 name=DHCP-vlan322
add add-arp=yes interface=VLAN32316-P15 name=DHCP-vlan323
add add-arp=yes interface=VLAN32417-P0 name=DHCP-vlan324
add add-arp=yes interface=VLAN32517-P1 name=DHCP-vlan325
add add-arp=yes interface=VLAN32617-P2 name=DHCP-vlan326
add add-arp=yes interface=VLAN32717-P3 name=DHCP-vlan327
add add-arp=yes interface=VLAN32817-P4 name=DHCP-vlan328
add add-arp=yes interface=VLAN32917-P5 name=DHCP-vlan329
add add-arp=yes interface=VLAN33017-P6 name=DHCP-vlan330
add add-arp=yes interface=VLAN33117-P7 name=DHCP-vlan331
add add-arp=yes interface=VLAN33217-P8 name=DHCP-vlan332
add add-arp=yes interface=VLAN33317-P9 name=DHCP-vlan333
add add-arp=yes interface=VLAN33417-P10 name=DHCP-vlan334
add add-arp=yes interface=VLAN33517-P11 name=DHCP-vlan335
add add-arp=yes interface=VLAN33617-P12 name=DHCP-vlan336
add add-arp=yes interface=VLAN33717-P13 name=DHCP-vlan337
add add-arp=yes interface=VLAN33817-P14 name=DHCP-vlan338
add add-arp=yes interface=VLAN33917-P15 name=DHCP-vlan339
add add-arp=yes interface=VLAN26113-P1 name=DHCP-vlan261
add add-arp=yes interface=VLAN27614-P0 name=DHCP-vlan276
add add-arp=yes interface=VLAN26013-P0 name=DHCP-vlan260
add add-arp=yes interface=VLAN26313-P3 name=DHCP-vlan263
add add-arp=yes interface=VLAN26513-P5 name=DHCP-vlan265
add add-arp=yes interface=VLAN26213-P2 name=DHCP-vlan262
add add-arp=yes interface=VLAN26413-P4 name=DHCP-vlan264
add add-arp=yes interface=VLAN26613-P6 name=DHCP-vlan266
add add-arp=yes interface=VLAN26713-P7 name=DHCP-vlan267
add add-arp=yes interface=VLAN26813-P8 name=DHCP-vlan268
add add-arp=yes interface=VLAN26913-P9 name=DHCP-vlan269
add add-arp=yes interface=VLAN27013-P10 name=DHCP-vlan270
add add-arp=yes interface=VLAN27113-P11 name=DHCP-vlan271
add add-arp=yes interface=VLAN27213-P12 name=DHCP-vlan272
add add-arp=yes interface=VLAN27313-P13 name=DHCP-vlan273
add add-arp=yes interface=VLAN27413-P14 name=DHCP-vlan274
add add-arp=yes interface=VLAN27513-P15 name=DHCP-vlan275
/ip pool
add name=dhcp_pool3 ranges=10.250.6.2-10.250.7.254
add name=dhcp_pool1 ranges=172.16.255.161-172.16.255.177
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool3 interface=VLAN3500-TR069 lease-time=\
    5m name=DHCP-TR069
add address-pool=dhcp_pool1 interface=ether1 name=dhcp1
/ip address
add address=172.16.246.9/24 interface=vlan2600 network=172.16.246.0
add address=10.5.1.1/24 interface=VLAN500- network=10.5.1.0
add address=10.5.2.1/24 interface=VLAN501- network=10.5.2.0
add address=10.254.0.1/27 interface="VLAN6-ADMIN - CONEXIONES" network=\
    10.254.0.0
add address=10.1.1.5/30 interface="VLAN6-ADMIN - CONEXIONES" network=10.1.1.4
add address=10.5.4.1/24 interface=VLAN502-OLT01-ONT-BRIDGE network=\
    10.5.4.0
add address=10.5.3.1/24 interface=VLAN501- network=10.5.3.0
add address=10.5.5.1/24 interface=VLAN502-OLT01-ONT-BRIDGE network=\
    10.5.5.0
add address=10.5.6.1/24 interface=VLAN503- network=10.5.6.0
add address=10.5.7.1/24 interface=VLAN503- network=10.5.7.0
add address=10.5.8.1/23 interface=VLAN504--BRIDGE network=10.5.8.0
add address=10.5.0.1/24 interface=VLAN500- network=10.5.0.0
add address=10.250.0.1/21 comment=TR069 interface=VLAN3500-TR069 network=\
    10.250.0.0
add address=10.75.0.1/24 interface=VLAN3201_CLIENTES_OLT_IPV6 network=\
    10.75.0.0
add address=10.5.10.1/23 interface=VLAN505- network=10.5.10.0
add address=10.5.192.1/24 interface=VLAN27714-P1 network=\
    10.5.192.0
add address=10.5.193.1/24 interface=VLAN27814-P2 network=\
    10.5.193.0
add address=10.5.194.1/24 interface=VLAN27914-P3 network=\
    10.5.194.0
add address=10.5.195.1/24 interface=VLAN28014-P4 network=\
    10.5.195.0
add address=10.5.196.1/24 interface=VLAN28114-P5 network=\
    10.5.196.0
add address=10.5.197.1/24 interface=VLAN28214-P6 network=\
    10.5.197.0
add address=10.5.198.1/24 interface=VLAN28314-P7 network=\
    10.5.198.0
add address=10.5.199.1/24 interface=VLAN28414-P8 network=\
    10.5.199.0
add address=10.5.200.1/24 interface=VLAN28514-P9 network=\
    10.5.200.0
add address=10.5.201.1/24 interface=VLAN28614-P10 network=\
    10.5.201.0
add address=10.5.202.1/24 interface=VLAN28714-P11 network=\
    10.5.202.0
add address=10.5.203.1/24 interface=VLAN28814-P12 network=\
    10.5.203.0
add address=10.5.204.1/24 interface=VLAN28914-P13 network=\
    10.5.204.0
add address=10.5.205.1/24 interface=VLAN29014-P14 network=\
    10.5.205.0
add address=10.5.206.1/24 interface=VLAN29114-P15 network=\
    10.5.206.0
add address=10.5.207.1/24 interface=VLAN29215-P0 network=\
    10.5.207.0
add address=10.5.208.1/24 interface=VLAN29315-P1 network=\
    10.5.208.0
add address=10.5.209.1/24 interface=VLAN29415-P2 network=\
    10.5.209.0
add address=10.5.210.1/24 interface=VLAN29515-P3 network=\
    10.5.210.0
add address=10.5.211.1/24 interface=VLAN29615-P4 network=\
    10.5.211.0
add address=10.5.212.1/24 interface=VLAN29715-P5 network=\
    10.5.212.0
add address=10.5.213.1/24 interface=VLAN29815-P6 network=\
    10.5.213.0
add address=10.5.214.1/24 interface=VLAN29915-P7 network=\
    10.5.214.0
add address=10.5.215.1/24 interface=VLAN30015-P8 network=\
    10.5.215.0
add address=10.5.216.1/24 interface=VLAN30115-P9 network=\
    10.5.216.0
add address=10.5.217.1/24 interface=VLAN30215-P10 network=\
    10.5.217.0
add address=10.5.218.1/24 interface=VLAN30315-P11 network=\
    10.5.218.0
add address=10.5.219.1/24 interface=VLAN30415-P12 network=\
    10.5.219.0
add address=10.5.220.1/24 interface=VLAN30515-P13 network=\
    10.5.220.0
add address=10.5.221.1/24 interface=VLAN30615-P14 network=\
    10.5.221.0
add address=10.5.222.1/24 interface=VLAN30715-P15 network=\
    10.5.222.0
add address=10.5.223.1/24 interface=VLAN30816-P0 network=\
    10.5.223.0
add address=10.5.224.1/24 interface=VLAN30916-P1 network=\
    10.5.224.0
add address=10.5.225.1/24 interface=VLAN31016-P2 network=\
    10.5.225.0
add address=10.5.226.1/24 interface=VLAN31116-P3 network=\
    10.5.226.0
add address=10.5.227.1/24 interface=VLAN31216-P4 network=\
    10.5.227.0
add address=10.5.228.1/24 interface=VLAN31316-P5 network=\
    10.5.228.0
add address=10.5.229.1/24 interface=VLAN31416-P6 network=\
    10.5.229.0
add address=10.5.230.1/24 interface=VLAN31516-P7 network=\
    10.5.230.0
add address=10.5.231.1/24 interface=VLAN31616-P8 network=\
    10.5.231.0
add address=10.5.232.1/24 interface=VLAN31716-P9 network=\
    10.5.232.0
add address=10.5.233.1/24 interface=VLAN31816-P10 network=\
    10.5.233.0
add address=10.5.234.1/24 interface=VLAN31916-P11 network=\
    10.5.234.0
add address=10.5.235.1/24 interface=VLAN32016-P12 network=\
    10.5.235.0
add address=10.5.236.1/24 interface=VLAN32116-P13 network=\
    10.5.236.0
add address=10.5.237.1/24 interface=VLAN32216-P14 network=\
    10.5.237.0
add address=10.5.238.1/24 interface=VLAN32316-P15 network=\
    10.5.238.0
add address=10.5.239.1/24 interface=VLAN32417-P0 network=\
    10.5.239.0
add address=10.5.240.1/24 interface=VLAN32517-P1 network=\
    10.5.240.0
add address=10.5.241.1/24 interface=VLAN32617-P2 network=\
    10.5.241.0
add address=10.5.242.1/24 interface=VLAN32717-P3 network=\
    10.5.242.0
add address=10.5.243.1/24 interface=VLAN32817-P4 network=\
    10.5.243.0
add address=10.5.244.1/24 interface=VLAN32917-P5 network=\
    10.5.244.0
add address=10.5.245.1/24 interface=VLAN33017-P6 network=\
    10.5.245.0
add address=10.5.246.1/24 interface=VLAN33117-P7 network=\
    10.5.246.0
add address=10.5.247.1/24 interface=VLAN33217-P8 network=\
    10.5.247.0
add address=10.5.248.1/24 interface=VLAN33317-P9 network=\
    10.5.248.0
add address=10.5.249.1/24 interface=VLAN33417-P10 network=\
    10.5.249.0
add address=10.5.250.1/24 interface=VLAN33517-P11 network=\
    10.5.250.0
add address=10.5.251.1/24 interface=VLAN33617-P12 network=\
    10.5.251.0
add address=10.5.252.1/24 interface=VLAN33717-P13 network=\
    10.5.252.0
add address=10.5.253.1/24 interface=VLAN33817-P14 network=\
    10.5.253.0
add address=10.5.254.1/24 interface=VLAN33917-P15 network=\
    10.5.254.0
add address=10.5.176.1/24 interface=VLAN26113-P1 network=\
    10.5.176.0
add address=10.5.191.1/24 interface=VLAN27614-P0 network=\
    10.5.191.0
add address=10.5.175.1/24 interface=VLAN26013-P0 network=\
    10.5.175.0
add address=10.5.178.1/24 interface=VLAN26313-P3 network=\
    10.5.178.0
add address=10.5.180.1/24 interface=VLAN26513-P5 network=\
    10.5.180.0
add address=10.5.177.1/24 interface=VLAN26213-P2 network=\
    10.5.177.0
add address=10.5.179.1/24 interface=VLAN26413-P4 network=\
    10.5.179.0
add address=10.5.181.1/24 interface=VLAN26613-P6 network=\
    10.5.181.0
add address=10.5.182.1/24 interface=VLAN26713-P7 network=\
    10.5.182.0
add address=10.5.183.1/24 interface=VLAN26813-P8 network=\
    10.5.183.0
add address=10.5.184.1/24 interface=VLAN26913-P9 network=\
    10.5.184.0
add address=10.5.185.1/24 interface=VLAN27013-P10 network=\
    10.5.185.0
add address=10.5.186.1/24 interface=VLAN27113-P11 network=\
    10.5.186.0
add address=10.5.187.1/24 interface=VLAN27213-P12 network=\
    10.5.187.0
add address=10.5.188.1/24 interface=VLAN27313-P13 network=\
    10.5.188.0
add address=10.5.189.1/24 interface=VLAN27413-P14 network=\
    10.5.189.0
add address=10.5.190.1/24 interface=VLAN27513-P15 network=\
    10.5.190.0
add address=172.16.255.178/27 interface=ether1 network=172.16.255.160
/ip arp

/ip dhcp-server lease

/ip neighbor discovery-settings
set discover-interface-list=all

/ip settings
set tcp-syncookies=yes
/ip firewall filter

/ip proxy
set port=999
/ip proxy access
add action=redirect action-data=172.16.255.14/
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.246.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CCR2216 L3 HW OFFLOADING

Wed Jul 27, 2022 10:22 pm

have you tried disabling this ?
/interface bridge settings
set use-ip-firewall-for-vlan=yes
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CCR2216 L3 HW OFFLOADING

Wed Jul 27, 2022 10:24 pm

i dont see lines enabling L3 offload on ports
/interface/ethernet/switch/port set [find] l3-hw-offloading=yes
 
lbenalcazar
just joined
Topic Author
Posts: 8
Joined: Wed Dec 01, 2021 4:36 pm
Location: Ecuador
Contact:

Re: CCR2216 L3 HW OFFLOADING

Wed Jul 27, 2022 11:02 pm

have you tried disabling this ?
/interface bridge settings
set use-ip-firewall-for-vlan=yes
Hi thanks

If you are referring to my question about blocking IP, yes I have tried but when the connections go to L3HW the CPU can no longer see them and it is not that useful, so I was asking if there is a way to classify what I do want and what I don't I wish it would go to L3HW.
 
lbenalcazar
just joined
Topic Author
Posts: 8
Joined: Wed Dec 01, 2021 4:36 pm
Location: Ecuador
Contact:

Re: CCR2216 L3 HW OFFLOADING

Wed Jul 27, 2022 11:06 pm

i dont see lines enabling L3 offload on ports
/interface/ethernet/switch/port set [find] l3-hw-offloading=yes

When you enable this, all ports are added to the switch.
Captura de Pantalla 2022-07-27 a la(s) 15.04.18.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 267
Joined: Mon Apr 27, 2020 10:14 am

Re: CCR2216 L3 HW OFFLOADING

Thu Jul 28, 2022 5:26 pm

Hi,

Your configuration looks fine on the first look, but it is hard to tell due to its size - maybe I have missed something.

Here are some remarks:
  • Check the Route Configuration for controlling which routes to offload.
  • Do NOT enable use-ip-firewall or use-ip-firewall-for-vlan in bridge settings unless you want to mess up hardware offloading. Use Switch Rules (ACL) instead. ACL rules are hw-offloaded and, therefore, cause no performance drawback.
  • For Inter-VLAN routing, make sure that the bridge interface itself is a tagged member of the VLANs. In your case VLAN3500-TR069 is missing that option, I'm not sure if it's intended.

Who is online

Users browsing this forum: No registered users and 18 guests