Hello
I’m experiencing some puzzling behavior on a CRS326-24S+2Q+ running RouterOS 7.12.1, and I hope someone here might have insights. It's a simple setup and shouldn't really cause any problems. It's more or less just like the 'VLAN Example - Trunk and Access Ports' example in the documentation found here. But there's obviously something at my end that's different but I cannot see it nor pinpoint it. Been at it for way to long and can't make sense of it.![😢]()
Any help is much appreciated.![🙏]()
Here’s the situation:
1. Setup Overview
Throughput on VLAN 475 (10GbE)
I’m experiencing some puzzling behavior on a CRS326-24S+2Q+ running RouterOS 7.12.1, and I hope someone here might have insights. It's a simple setup and shouldn't really cause any problems. It's more or less just like the 'VLAN Example - Trunk and Access Ports' example in the documentation found here. But there's obviously something at my end that's different but I cannot see it nor pinpoint it. Been at it for way to long and can't make sense of it.
Any help is much appreciated.
Here’s the situation:
1. Setup Overview
- One trunk with two vlans (vlan10 and vlan475) connects to the MikroTik
- VLAN filtering is enabled.
- Two VLANs are configured:
- VLAN 475: Main client VLAN, operating on a 10GbE interface.
- VLAN 10: Auxiliary management VLAN, operating on multiple 1GbE interfaces.
- Both VLANs are tagged on a trunk port (qsfpplus2-1) connecting to a Cisco switch.
Throughput on VLAN 475 (10GbE)
- Incoming traffic reaches near 10Gbps, but outgoing traffic caps at ~400Mbps.
- CPU usage spikes to 50% during outbound traffic; profiling shows high usage in “Networking” (42%), “Unclassified” (24%), and “Bridging” (5.5%).
- Hardware offloading (hw=yes) is enabled for all interfaces.
- Devices on VLAN 10 can communicate locally but cannot access upstream networks, even though the gateway (192.168.47.1) is reachable.
- Outbound pings from VLAN 10 fail with “host unreachable,” despite correct routes and ARP entries.
- Sniffer shows ICMP packets entering the bridge with VLAN 10 but exiting the trunk without a tag.
- Verified VLAN filtering and bridge port settings (pvid, ingress-filtering, frame-types) for all interfaces.
- Cleared ARP entries and ensured proper routes are set.
- Disabled IGMP snooping, checked firewall rules (none active), and ensured correct tagging on the Cisco trunk.
- Hardware offloading is active on all interfaces, but the CPU still processes traffic.
- Why does traffic on VLAN 475 cap at ~400Mbps outbound when hardware offloading is enabled?
- On VLAN 10, why do packets lose their tag on the trunk port and fail to reach the upstream gateway?
- Could there be additional steps to debug the high “Networking” CPU usage and ensure proper VLAN tagging on the trunk?
Code:
/ip route print 0 As 0.0.0.0/0 192.168.47.193 1 DAc 192.168.47.0/26 vlan10 0 DAc 192.168.47.192/27 vlan475 0 Code:
/interface bridge vlan print detailFlags: X - disabled, D - dynamic 0 bridge=bridge vlan-ids=475 tagged=qsfpplus2-1,bridge untagged="" current-tagged=bridge,qsfpplus2-1 current-untagged=sfp-sfpplus10 1 bridge=bridge vlan-ids=10 tagged=qsfpplus2-1,bridge untagged=sfp-sfpplus4,sfp-sfpplus2 current-tagged=bridge,qsfpplus2-1 current-untagged=sfp-sfpplus2,sfp-sfpplus4 2 D bridge=bridge vlan-ids=1 tagged="" untagged="" current-tagged="" current-untagged=bridgeCode:
/interface bridge port print detail where interface=qsfpplus2-1 interface=qsfpplus2-1 bridge=bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none hw=yes auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-only-vlan-tagged ingress-filtering=yes unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no trusted=no multicast-router=temporary-query fast-leave=noCode:
/tool sniffer quick interface=sfp-sfpplus2 ip-protocol=icmpColumns: INTERFACE, TIME, NUM, DIR, SRC-MAC, DST-MAC, VLAN, SRC-ADDRESS, DST-ADDRESS, PROTOCOL, SIZE, CPUINTERFACE TIME NUM DIR SRC-MAC DST-MAC VLAN SRC-ADDRESS DST-ADDRESS PROTOCOL SIZE CPUsfp-sfpplus2 7.235 1 -> 18:FD:74:49:FB:1E EC:71:DB:B7:7D:67 10 192.168.47.200 192.168.47.45 ip:icmp 102 0sfp-sfpplus2 7.236 2 <- EC:71:DB:B7:7D:67 18:FD:74:49:FB:1E 192.168.47.45 192.168.47.200 ip:icmp 98 0sfp-sfpplus2 8.241 3 -> 18:FD:74:49:FB:1E EC:71:DB:B7:7D:67 10 192.168.47.200 192.168.47.45 ip:icmp 102 0sfp-sfpplus2 8.241 4 <- EC:71:DB:B7:7D:67 18:FD:74:49:FB:1E 192.168.47.45 192.168.47.200 ip:icmp 98 0Statistics: Posted by neopike — Sun Jan 12, 2025 11:09 pm