Recently bought a CRS328-24P-4S+RM and I upgraded to RouterOS 7.6.
This is the only network equipment I have (no router).
I'm trying to achieve inter-VLAN routing but I'm a bit frustrated.
- I start using VLANs because I want to segregate L2.
- I don't have other equipment, so I use this switch as DHCP server. I need to setup a DHCP for some VLANs.
- But to do this, I need to create an SVI for each VLAN, and give an IP to it.
- The fact to this already makes my VLAN not "watertight" anymore. => Because routing is then immediately possible, because of the scope link routes in the switch.
(Well to be more precise, my VLANs are watertight as far as L2 is concerned, but they can communicate in L3 if both ends have the proper routes set up, nothing prevents them to do so)
- So the logical step now is to prevent VLANs from talking to each other (or at least allow only some precise traffic)
- But everything breaks down because filtering is not hardware offloaded and everything has to be done in the small CPU. Of course the small ARM will never be able to cope with 10G routing.
It's frustrating, because, all those L3 hardware offload are really cool to see on a switch. So we want to use it as an L3 switch.
But at the same time, I feel we can't really do that. Because what's the point to offload routing if we don't offload filtering?
Routing without associated filtering makes no sense to me.
I created VLANs in the first place to isolate. If it's to allow open bar L3 traffic between all VLANs, things are not isolated anymore.
With Mikrotik CRS like the one I have, is the only viable solution to inter-VLAN routing the router on a stick? Am I forced to use an additional device (router)?
I would have liked to only go up to router if it's not to go down again, everything is local to the switch after all...
I thought CRS meant that the switch was a real L3 switch.
I've read the Inter VLAN routing use case in the doc, but the doc, when talking about inter VLAN, doesn't mention that L3 filtering will not really be possible.
=> When I say not really possible, I mean, it's possible, but we will be sooo far from line rate, that it defeat any serious use.
Also, my device doesn't support Fast Track...
Could this be added later in a next release? Or will it never be possible due to switch chip that will never be able to support that?