Community discussions

MikroTik App
 
marekm
Member
Member
Topic Author
Posts: 315
Joined: Tue Feb 01, 2011 11:27 pm

Bridge HW offloading on 2 different switch chips?

Thu Nov 03, 2022 11:51 pm

Now that RTL8367 got HW offload with VLAN filtering support in ROS 7, will this setup work properly on RB1100AHx4?
/interface bridge
add ingress-filtering=no name=bridge1 protocol-mode=none vlan-filtering=yes
add ingress-filtering=no name=bridge2 protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge2 interface=ether6
add bridge=bridge2 interface=ether7
add bridge=bridge2 interface=ether8
add bridge=bridge2 interface=ether9
add bridge=bridge2 interface=ether10
Can I use both switch groups as if they were completely independent switches with VLANs, with no CPU load?
Some time ago, there was a restriction that only the first bridge created could have HW offload, but I see the H flag in both.
RB1100AHx4 running ROS 7.6. Is this truly working, or H on second bridge wrongly shown?
Networks on bridge1 and bridge2 must be separated with no possibility to leak VLANs, cause bridge loops etc.
RB1100AHx4 block diagram suggests it shoud work, I'm just making sure before I make a more complex setup.
 
mkx
Forum Guru
Forum Guru
Posts: 8926
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge HW offloading on 2 different switch chips?

Fri Nov 04, 2022 12:20 pm

The restriction was always one bridge per switch chip. The gotcha is that only a few device models have more than one switch chip and even fewer of those had HW offload of non-trivial functions (AFAIK none before support for RTL8367). The config you're showing was offloaded even in v6 ... offload ceased if anything else was configured on bridge, such as VLAN filtering. You can try to force it by setting PVID on member ports (one value on two ports, another value on other ports) and set vlan-filtering=yes on corresponding bridge (you already did it). This would enable you to test a few things:
  • HW offload of simple VLAN operation - check if all ports still have H flag. Check wirespeed traffic forwarding between ports with same PVID - CPU load should remain at idle values
  • separation of ports with different PVID ... traffic should not pass between ports with different PVID
For the tests above - without setting up IP to avoid potential dusturbances by router -- you wouldn't set up vlan interfaces on bridge being tested. Which in turn means you have to set IP address on test computers manually.

Re inter-bridge separation: networks are separated on L2 (as much as it is between different VLANs). If device has IP addresses on those networks, then it's willing to route between those networks and you have to control traffic between different networks using firewall.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2541
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Bridge HW offloading on 2 different switch chips?

Fri Nov 04, 2022 5:32 pm

keep an eye on this

Layer2misconfiguration-VLANfilteringwithmultipleswitchchips

https://help.mikrotik.com/docs/display/ ... witchchips

Who is online

Users browsing this forum: No registered users and 3 guests