I am building my lab with a full Mikrotik stack. Your videos have been instrumental in my training and understanding the ins and outs of the Mikrotik world. I do wish to give you a very big THANK YOU fo your help an dclear presintation of methods and configurations.
Great Tutorial!!! Do you always need a bridge created? if the CRS309 is acting as a router, Can I simply use L3HW-offload with IPs on the physical interfaces without using VLANs and without a bridge? Will L3HW-offload work that way?
@@TheNetworkTrip Thanks for the quick reply, with this setup(no bridge) I see all routes with H flag for HW-Offload but the CPU is actually very high. I guess I'll have to change the config to bridge/vlan like you showed on the video.
Would be great to have a step by step NAT - using Fasttrack and firewall using Fasttrack guide.. with these, it almost seems inconceivable but, might one completely eliminate CCR's for CRS devices for doing most deployments? BGP?
I have a crs326. Configured hw offload with single bridge only. I see the "H" in the route list. But when I pass traffic, cpu stay very high (93%). It doesn't seem like HW offload is working. When I look at the vlan under bridge on the interface screen, I see traffic on the vlan instead of physical interface. Any suggestion?
Hi, Nice example. Can this be enabled on a CCR2216 as a border router against the ISP? Taking into account that this router has active BPG that is published to the internet
As always very thanksful Mr.Wilmer..! it was very informative..! But Question to ask: why you use VLAN in your LAB..? i mean why you didn't just use the physical interface and assigning IP to it without creating any VLAN..?
You mention that we can only have a single bridge, but you are using ospf here as well. You recommend using a loopback bridge in OSPF. So don't we end up with two bridges here?
Just began exploring Mikrotik. Useful Vid! Heroic dose! Can you elaborate on HW offload for inter-vlan routing security? What performance penalty (CPU) on Switch ACLs vs IP firewall + Fastrack? I'm accustomed to L3 switch ACLs stateful TCP and stateless UDP. Can Mikrotik bridge / vlan int routing be full L4 stateful within the bridge / vlan interfaces. Or must go CPU? I have the packet flow documentation which I need to dive into more but the GNS3 routeros image lacks the switch chip / ACLs. Likely I need to buy switch to really demo Mikrotik L3 switching. Eyeing CRS326-24S+2Q+ vs CRS317-1G-16S+. CRS326-24S+2Q+ appears more designed toward L2 raw forwarding. CRS317-1G-16S+ appears more designed toward L3/4 given it has much more CPU.
@@TheNetworkTrip I noticed the introduction of lo interface somewhere in the last couple of releases, it seems any IP configured on this interface is not offloaded. and if that is the IP your traffic hits to go through the router, CPU baby! I by default install a loopback address and advertise it passively as broadcast on ospf.
Very good video, everything explained clearly, I have been using several CRS305 with Hardware Offloading for a couple of months now, they are installed in micro pops, they have a WAN interface (where there is BGP to announce our prefixes) and a LAN interface where simply with a DHCP delivers the service, but I have problems limiting the speed, I used the "rate" function in Switch>Rule and it worked well but until certain traffic, I have noticed that after 1.5Gbps it starts to cause problems, for example on the WAN port It reaches 1.5Gbps and only 1.2Gbps is coming out of the LAN port, I deactivate the rule and at that moment both interfaces start to have 1.5. Could you help me with an idea of how I could effectively limit the service? taking into account that it was done in switch>rule since, being hierarchical, it first had a rule allowing ICMP not to be affected by saturation and avoid high times and packet losses (at least in that protocol). Thank you so much.
Hi! Before enabling l3 hardware offloading, you must build the Vlan table and enable Vlan filtering as I explained in the video. Vlans should work without any problem.
@@AlejandroMartinezHernandez-f8u Removing the ports from the bridge will disable L3 hardware offloading in those interfaces. The ports should remain in the bridge, and manage all the IPs using vlan interfaces as I have shown in the video.
I have a question, in a scenario where you have multiple CRS310's and at the end of it a client device, assigning a /30 address on a vlan on the bridge in the last CRS310, tagging the vlan on the bridge and on the interface connected to a client mikrotik, and assigning a /31 IP address on the vlan and another on the customer mikrotik seems to break offload. Im getting 20% cpu on 65mbps. :-( am I missing something? ) all routes have the flag H in them.
your teaching is absolutely amazing. please don't stop creating great content like this one.
I am building my lab with a full Mikrotik stack. Your videos have been instrumental in my training and understanding the ins and outs of the Mikrotik world. I do wish to give you a very big THANK YOU fo your help an dclear presintation of methods and configurations.
You are simply the best Mikrotik trainer I have seen.
Network trip . Did really well in ospf . He did extremely well on ospf . Respect to him on ospf as aswell as other lecture
Thank you!
Thanks! this was exactly the fix I was looking for. CPU stays under 35% most of the time now and I learned how to VLAN better!
Great to hear!
Thank you. Really happy to see this today. You are the best!!!!
You are so welcome!
You are doing a great job on these videos, thank you.
Easy pace that I can follow and your points are memorable, meaning I can use them later!
Glad you like them!
all of your videoes are great and easy to understand ♥♥♥
Happy to hear that!
Great Tutorial!!! Do you always need a bridge created? if the CRS309 is acting as a router, Can I simply use L3HW-offload with IPs on the physical interfaces without using VLANs and without a bridge? Will L3HW-offload work that way?
Hello!
That approach won’t offer full L3 hardware offloading. You will need to use fast track to have some of the traffic with hardware acceleration
@@TheNetworkTrip Thanks for the quick reply, with this setup(no bridge) I see all routes with H flag for HW-Offload but the CPU is actually very high. I guess I'll have to change the config to bridge/vlan like you showed on the video.
Hi sir! Great tutorial.
Will it work if I have only one interface for both up and downstream traffic?
Would be great to have a step by step NAT - using Fasttrack and firewall using Fasttrack guide.. with these, it almost seems inconceivable but, might one completely eliminate CCR's for CRS devices for doing most deployments? BGP?
I have a crs326. Configured hw offload with single bridge only. I see the "H" in the route list. But when I pass traffic, cpu stay very high (93%). It doesn't seem like HW offload is working. When I look at the vlan under bridge on the interface screen, I see traffic on the vlan instead of physical interface. Any suggestion?
Very well structured and well explained video.
Thank you!
Your videos are awesome. Thanks!
Glad you like them!
amazing. if im going to use my ccr2216 to bgp peer with my upstream provider, do i need follow exactly the same procedure?
Hi, Nice example. Can this be enabled on a CCR2216 as a border router against the ISP? Taking into account that this router has active BPG that is published to the internet
Great tutorial !
Thanks Wilmer
As always very thanksful Mr.Wilmer..! it was very informative..!
But Question to ask: why you use VLAN in your LAB..? i mean why you didn't just use the physical interface and assigning IP to it without creating any VLAN..?
Hello Ali!
That will force to use the CPU, if we want to take advantage of L3 hardware offloading we must use a bridge and Vlan interfaces.
Great content as always. Thanks!
Much appreciated!
You mention that we can only have a single bridge, but you are using ospf here as well. You recommend using a loopback bridge in OSPF. So don't we end up with two bridges here?
Hello!
Only one bridge will be using hardware offloading. You can add a loopback interface without any problems.
Hi and great video! Is it possible to use L3HW Offloading without OSPF? (i know, the routing must then be done manually)..
Hello!
Yes, you can use static routing
Sir can explore more regarding mpls hardware offloading on mikrotik. I believe it only works on lates ccr 22xxx or 21xxx series
Thanks for the suggestion! I’ll create a class about it.
Just began exploring Mikrotik. Useful Vid! Heroic dose!
Can you elaborate on HW offload for inter-vlan routing security? What performance penalty (CPU) on Switch ACLs vs IP firewall + Fastrack?
I'm accustomed to L3 switch ACLs stateful TCP and stateless UDP. Can Mikrotik bridge / vlan int routing be full L4 stateful within the bridge / vlan interfaces. Or must go CPU?
I have the packet flow documentation which I need to dive into more but the GNS3 routeros image lacks the switch chip / ACLs. Likely I need to buy switch to really demo Mikrotik L3 switching. Eyeing CRS326-24S+2Q+ vs CRS317-1G-16S+. CRS326-24S+2Q+ appears more designed toward L2 raw forwarding. CRS317-1G-16S+ appears more designed toward L3/4 given it has much more CPU.
Many thanks sir
It’s a pleasure
Really good video
Glad you enjoyed it
excellent tutorial ! thanks
Glad you enjoyed it!
How would you add a Management VLAN as well as romon and MAC telnet to this setup?
Is this applicable for Mpls/Vpls with Ospf case?
Great! Is L3HW work on BGP routes?
Hello!
Yeah, it does, it will offload up to 240k entries (CCR2216).
It is worth activating it in a CCR 2116 acting as DHCP Server + CGNAT?
Hello! If you have high traffic and don't require mangle or VRFs, using it would be a great idea.
Would be interesting to see how those CPU counts look like when running tcp tests. UDP is very forgiving...
It should not impact the CPU because it does not it.
@@TheNetworkTrip I noticed the introduction of lo interface somewhere in the last couple of releases, it seems any IP configured on this interface is not offloaded. and if that is the IP your traffic hits to go through the router, CPU baby! I by default install a loopback address and advertise it passively as broadcast on ospf.
@@arebacollins All traffic going to the router will hit the CPU!! The traffic going to remote hosts will be offloaded
@@TheNetworkTrip then something must be amiss. I dont seem to be getting offloaded even with all the routes set up and marked as H
Very good video, everything explained clearly, I have been using several CRS305 with Hardware Offloading for a couple of months now, they are installed in micro pops, they have a WAN interface (where there is BGP to announce our prefixes) and a LAN interface where simply with a DHCP delivers the service, but I have problems limiting the speed, I used the "rate" function in Switch>Rule and it worked well but until certain traffic, I have noticed that after 1.5Gbps it starts to cause problems, for example on the WAN port It reaches 1.5Gbps and only 1.2Gbps is coming out of the LAN port, I deactivate the rule and at that moment both interfaces start to have 1.5. Could you help me with an idea of how I could effectively limit the service? taking into account that it was done in switch>rule since, being hierarchical, it first had a rule allowing ICMP not to be affected by saturation and avoid high times and packet losses (at least in that protocol). Thank you so much.
Hello!
I'll create some videos about rate limiting on CRSXXX devices.
Does this work with the rb750gr3?
Hello!
That model is not supported, just the ones shown on the video.
Would MPLS/VPLS work this way too?
Hi, i enable L3 Hw Offloading but this block navigation to internet on the vlans
Hi!
Before enabling l3 hardware offloading, you must build the Vlan table and enable Vlan filtering as I explained in the video.
Vlans should work without any problem.
Thanks!@@TheNetworkTrip in my case, get out ports with my "wans" of the bridge has the solved
@@AlejandroMartinezHernandez-f8u Removing the ports from the bridge will disable L3 hardware offloading in those interfaces. The ports should remain in the bridge, and manage all the IPs using vlan interfaces as I have shown in the video.
Thanks, yes! it was my mistake. Regarding this configuration, it is recommended to use ServerOpenVPN
is it possible to hardware offload MPLS on those devices? P PE function? if so, are you planning to make video about it?
I’ll complete some additional testing with MPLS VPNs and I’ll add a video about it
@@TheNetworkTrip while you're at it, could you check if it's possible to hardware offload macsec on these chips ?
I have a question, in a scenario where you have multiple CRS310's and at the end of it a client device, assigning a /30 address on a vlan on the bridge in the last CRS310, tagging the vlan on the bridge and on the interface connected to a client mikrotik, and assigning a /31 IP address on the vlan and another on the customer mikrotik seems to break offload. Im getting 20% cpu on 65mbps. :-( am I missing something? ) all routes have the flag H in them.
what happen with your blog - thenetworktrip ???
Coming soon!
ccr2004 -16G-2S+ ? does it have l3hw like the 2116 ? cant see anything in the literature
Hello, no,it doesn’t. At the moment, the CCR2116 and CCR2216 are the only CCRs that support it (plus CRS 3xx and 5xx)
In the case of having two operators and only receiving default routes, would it work well for the BGP border?
without a public IP on this BGP border
Hello!
If all the routes are in the main table, yes. If not, only the main table will be hardware offloaded.
mano esto mismo pero en español por favor!