Layer 3 Hardware Offloading Mikrotik - Deep Dive

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
are you ready to bring the routing process to the next level we can do it by using layer three Hardware uploading in router os7 in this video I will go over the different approaches to perform the routing process the traditional way by using the device CPU and the new way by using IP switching or layer three Hardware of fling welcome to the network trip [Music] performance but what exactly is this thing of layer three Hardware of loading so when we talk about ler three Hardware of loading basically we are talking about accelerating and optimizing the routing process now instead of using the devic CPU is going to use a specializ chip that is in most of the new models of Myro devices so we're going to talk about Which models will be a able to offer this new featuring router os7 in traditional software based routing basically everything is handled by the device CPU so now that's completely different and we are going to see the difference in our lab so we're going to have two different scenarios the first one using the traditional approach the next one using layer three Hardware of loading and then we're going to compare those two technologies and which one is going to offer the greatest performance in general when we are using layer three Hardware of loading we're going to have two big benefits the first one improve performance so we're going to increase the routing speed we'll be able to get what is called wire speed so that means that you have an interface that is giving you a connection of 1 GB per second you will be able to get that you get 10 gigb per second you will be able to reach the speed on your physical interface and that's only accomplish if we're using layer three Hardware of loading and obviously the second Advantage is scalability so now you can have routers handling five gigs 10 gigs 20 gigs of traffic and more because layer three Hardware of loading is going to be performing that routing process at the cheap level now it comes the question which models are going to support these features so basically most of the CRS 300 series 500 series will support that and also all the ccrs from the 2000 series like the 2116 or the 2216 in these two table that you see now on the screen we can see some of those models what is the different features that those devices will support the number of entries they will allow because that is going to change depending on the specific model so here you can see some of the C s 300 and 500 Series so you can see that we have here the switch cheet model we have the number of ipv4 routes we can go from something like 16,000 up to 240,000 we can have a bunch of n entry rules so you can see with some devices it's a little bit more than 2,000 but we can get up to 4,000 n entries so basically the idea here is that we are going to have different interfaces those interfaces will be connected to a switch chip and then we are going to have the devices CPU somewhere else but basically all the IP routing process going to happen at that level at the chip or Hardware level so basically the CPU is still going to process all the different um services that are running but then is going to send a copy of the routing table not entries to that switch chip and then when we have traffic that is is coming from the interfaces that belong or are connected to the switch chip then this is going to perform the routing process so we're going to see this in action just in a bit if you want to get the specific models that are supporting this feature now that you are watching this video you can go to this link that basically is the help. my.com website so the docs section and then here you can simply go to bridging and switching and then you'll find this section for layer three Hardware floting then you browse on the different menu options here you'll find one that is L3 Hardware feature support then if we go there you're going to get here all the different features that are supported and then underneath that you're going to get the tables with the different models different feature that are supported but if you go to the second table here you can see that basically all the 300 and 500 series with those switch models that will support most of the features and at the bottom of the page we're going to get the 2,000 series that basically the 2116 and the 226 so now let's go to the action and let's see how this is going to work and then we'll be able to compare different approaches so now we're going to see this feature in action to complete this lab I'm going to use physical devices because we need to use the switch chip and that is possible only on a physical device so let's start analyzing the topology we're going to test what is going to happen if we use the traditional approach of Performing the routing process using the device CPU and then we are going to go a step by step over the configuration of layer three Hardware of loading so let's go to the topology to analyze what we are going to be working on so we can see here now that we have two routers so I have a CCR 204 I have a CRS 309 they are just two regular routers even though that this is a CRS that is working as a router as a layer three device and then here at the top I have an RB 411 that basically is simulating a client so in this case this is an rv411 but that can be a computer that can be a server so basically any end device so now when we have more than one router so we need a mechanis to exchange the routing information and that can be via static routes or that can be via o fpf or bgp or rip so in this case I have OPF running so between those two devices here we have OPF running and they are able to exchange the routing information so that mean that this CCR 204 is able to reach that IP address in that end device the 101001 100.2 and here between the CCR 204 and the CRS 309 I have a villain actually the villan 50 that is using the network 10.50 50.0 sl24 and we have the ip1 or the CCR the ip2 on the SFP plus one on that CRS 309 and then we have the network 101001 100.24 that basically is providing the connectivity to that device the rb4011 and in this case this can be like a CPE device that you have installed in your uh customer location so at this point still I'm not using the Vang 100 so I have this IP directly on the SFP plus two later once we configure the IP switching feature we are going to move that into a villan interface so let's see what we have now we are going to inject some traffic from this CCR 204 we're going to send traffic to that device by using a tool in router that is called the traffic generator that basically is going to simulate actual traffic going from this router to the end device so initially I'm going to send 500 megabits per second if we are using the device CPU in that CRS 309 we're going to see that this is going to be pretty high pretty close to 100% but once we implement the layer three Hardware of loading feature our goal is to reach 10 GBS per second and having a CPU usage between 1 to 5% that means that all the IP routing process going to happen at the cheap level we are using the devices CPU so let's see what we have now in that CCR 204 CRS 309 and that RB 4011 so we're going to start with the router at the bottom the ccrr 204 so if I come here IP addresses we can see that I have an IP 10 of 50 of 501 of V 50 that basically it just a v interface that is created on sfp+ one and additionally I have uspf running so if I go to routing ORF instances you will see here that I have an instance I have the backbone area and I have enable or fpf on that vm50 interface so basically everything that I have here in this CCR 204 then the CRS 309 so the device has the interface plus one connected to the the router to a CCR the plus two is connected to the client in this K 411 at this point I don't have any Bridges this is basically acting as a router like the traditional routing configuration that we have performed in the past so we have one IP on V 50 we have another IP on the SFP plus 2 interface and also I have fpf running on this device so I have the instance the area and interface templates remember if you are not familiar with OPF I have a full series OPF from Zero to Hero here at the channel check the link above so now I have OPF here and if I check the neighbors so we're going to see that we have a neighbor adjacency between the CRS 309 and CCR 204 and then we have the 411 that is just a client this is a regular client and the interface s FP plus1 has the IP 10.1 100002 that basically facing this CRS 309 and I have a default route I don't need to SPF here because this is a client's device and then from here I able to Ping the C CR 204 you can see we have IP connectivity and if I go with a trace route we're going to see that the first hop is going to be the CRS 39 the next hop is the CCR 204 that mean that this CRS is working as a router a layer three device not like a switch so now what we need to simulate is traffic and we are going to send traffic from this device to the client by using a tool that is called traffic generator so let's go back to the CCR 204 if I go here to tools traffic generator basically this tool in router allow us to create different packet templates then we're going to create streams and we'll be able to inject traffic and that traffic is going to have actual packets with all the different headers for the Mac header the IP header the layer 4 header and then the device that is receiving pack will be able to perform the routing process overd those I'm going to include a video about traffic the traffic generator tool here in the channel to go with very specific details about this awesome feature that we have available in this operating system so if I come here to packet templates so you see that now I have a packet template is a UDP 53 this is just a name you see that the is going to have three different headers the header IP header UDP header and this is going to be using the inter B 50 because we need to send the traffic out of the B 50 interface and the destination Mac is going to be the Mac of the CRS 309 and then the IP is going to be the destination of the client that in this case is going to be 10 100 100.2 and the Gateway is going to be the CRS 309 so basically we're simply creating a packet that is simulating how packet from real traffic will look like and then on the layer forhe header we are going to send this to the P 53 now okay we have this template and then we need to create what is called streams so if I come here to streams so basically here we can Define different properties in that stream like the bang width that is going to use for example this one going to be using 500 megabits per second and using that packet template that mean that we're going to have a stream that is going to consume 500 megabits per second and also I have created another one that is for 10 gigabits per second also using the same packet template so now that I have that ready I can simply start injecting traffic so if I come now to this device and I check the V 50 you can see that this is basically idle there is no traffic going out of that bill and 50 so I'm going to start generating some traffic traffic generator start I pick that stream UDP 500 start and now this CCR 204 is going to start injecting 500 megabits per second and that is going to have this IP as the destination so basically those packet will come to the CRS the CRS is going to perform the routing process using the CPU and then those packet will be sent to that client but let's see what is going to happen in that device with the CPU usage because now it's not going to be using the switch chip so let's come to the CRS 309 so if I check the CPU you can see that I'm using about 73% 64% 69% so you can see here is is receiving the traffic on band 5050 and then he sending the traffic to the RB 4011 so this is using the CPU we are limited it's basically impossible to reach wire speed because once we get around 1 gabit per second that CPU is going to be in 100% And even though that these interfaces have a maximum speed of 10 gbits per second we won't be able to get that of with real traff so let's analyze how we're are going to go with the configuration process so I'm going to stop this the generation of the traffic so I will simply come back to traffic generator stop and now this is going to stop sending the traffic if I go back to the switch you can see the CPU now is just 1% because it's just the greenbox traffic that is going to that device so how are we going to go from that traditional approach to the layer three hard Weare of loading feature and basically we're going to follow this process here on the screen so first of all we need to create a bridge interface so before doing that also my recommendation is to connect your device the device that you're using to configure that CRS to one port that is going to be out of the bridge so in that case we are preventing to lose the access to the configuration of the device so now we'll come to thiss 309 and the step number one is to create one bridge and this is important because in all those crs's we must have only one bridge if we create more than one bridge then only one bridge is going to be using the switch chip so I'm going to create a bridge so let's call it simply Bridge one and then we click okay so that mean that this step number one has been completed the next step add Bridge ports so we check the diagram so basically here we have two interfaces we have sfp+ one and we have SFP plus two so we need to add those two Bridge ports to the bridge one that we have just created so I will come back to to that device basically I will go here to ports and I will add sfp+ one and also I'm going to add sfp+ 2 The Next Step this is also quite important we need to create the Vang table we need to Define tag ports we need to Define on tag ports if we go back to the topology we can see here that we need to build that V and table this device is connected to the CCR 204 using V 50 so we need to have an entry in that villan table for V 50 and we need to add all the interfaces that will send the traffic including the V and header and that is SFP plus one because all the traffic that is going to a CCR 204 will be using the F and header and also we need to add the bridge interface because initially we need to provide access to the CP to that but later we're going to enable layer 3 hard of loading and actually we're not going to use the CPU but still we need to simulate that because we are going to be performing the routing process and that going to be required and then router is going to send a copy of that forwarding table to the switch chip to be able to perform that forwarding process and then we have the villan 100 so you can see here that this traffic here is going to be on tag so that mean that this client is simply going to send frames is going to receive frame without a vent header and that's why I'm adding the SFP plus two under the on TCT section and basically we are just adding a stag the bridge interface itself so remember you're going to be using layer three Hardware of loading you must add the bridge interface to the tag section for every villain or network that you need to be performing the routing process if I don't add that bridge to the tag section basically that billan 100 won't be able to perform routing in that device so now that we have cleared that process we are going to go back to the CRS and we're going to configure that table and that is here under villance we're going to add an entry so the first one is 50 remember we're going to give access to the CPU Bridge one and also this traffic here is going to leave with a villan header so we need to add SFP plus one under the tag section and then for the next one we need the villan 100 again we must add a bridge to the tag section but now the traffic going to the client is going to be without a vill and header so this is going to be on the on TP and in this case is SFP plus two additionally we need to go to Ports and under this SFP plus two we are going to add the PV ID and this is going to be the port villan identifier that is also going to be 100 so now we have completed the next step in the process now we have ready the vant table the step number four we need to add the villan interfaces and IP addresses so this is also important because we are going to use something that is called villan filtering and basically we don't need to have IPS on physical interfaces all the IPS will be on villain interfaces So currently you can see that I have villan 50 if I come here to interfaces and then villan I have the V 50 that is talking to a CCR 204 so I need to move that VIN to the bridge itself so all the V and interfaces will be created on the bridge interface not on top of the physical interfaces and then I need the next villain 100 that is also going to be on the bridge so basically the idea here is that all the villain that we have added to the villain table will have a virtual interface and the parent is going to be the bridge itself I'm going to add also the IP addresses to those interfaces so we'll come to IP addresses and now you can see that the V 50 already have the IP but the client's network is on SFP plus2 so now this is not going to be there it's going to be on villan 100 so all the IPS will be on ban interfaces not on physical interfaces so once we have completed that step we are ready to go to the next one and that is the configuration of the OPF or static routing so in this case I have two routers so we need a mechanism to exchange routing information if you only have one router this step is optional because you don't need OPF or a static routing if you only have connected networks and now we need to check the OPF process so routing OPF I have an instance so it's going to remain the same areas I have the backbone area but now on interface templates we are going to be running OPF on villan 50 so here we are going to wait for a neighbor adjacency but also we want to advertise the network that is on F and 100 but here we are not expecting neighbors so I will set this as passive so if I go to neighbors I have a full adjacency and that mean that OPF is working so now we have completed the fifth step and finally we simply need to enable V and filtering and to do that we simply need to go to bridge and then to the bridge tab the first going on the left we double click on the bridge and then we go to villan and we're going to enable VM filtering and here in this pvid we're going to set a value that is on use something that is not in your network diag say something like 9.99 and okay and also we'll go to Ports and if we have if we have a port that has a pvid of one we can change that value to something different as well so now we are going to get disconnected from the CRS for a second but then we need to access that device again and now you can see that I have recovered the access to the device I will come here to the sfp+ one and I will set this value something random so the pvid we won't have any pvid with one this is just a security uh best practice it's not mandatory but it's a good practice now if I go to Vance you will see here that we have under current tag for ban 50 the bridge itself and the plus one interface and for ban 100 we have the bridge itself and untack the plus two interface so basically V filtering is working but it's still this device is not going to be using the the chip for the routing process we need to complete the last step we need to enable layer three Hardware uploading so before completing that step if I go to IP routes you see here that I have those entries and they are DAC this mean Dynamic active and connected so let's see what happened after enabling layer three Hardware of loading how we're going to do that simply by going to the switch menu and then here you will pick the switch chip in this case this is the switch one and you see here the model marble 98 DX 88 28 so if I double click on that and I go a little bit down you will see this option layer three Hardware of loading I will simply check that option okay and now after enabling that feature you can see here that now I got an additional flag and that is for layer three Hardware of looing so I mean that those entries now have been copied to the Swit chip and when this device is going to receive packets it's going to perform the routing process just at the cheap level without going to the devices CPU that's a great advantage and now we are ready to repeat the test that we have performed before so now we'll come back to the CCR 204 Tool traffic generator stream and I will pick the one for 500 megabits per second I will go to to traffic generator start I going to pick the stream for UDP 500 megabit per second so we're going to see here this is sending 500 megabits per second out of the V 50 and if I come back to the switch you can see that the CPU usage is 1% because all that traffic is not going to the CPU if I go to the interfaces we are going to see that this traffic is there so you can see here we have the TX we're going to move these columns here to the left just to have full visibility over that so you can see here we have the villan 50 and 100 they're not showing anything because everything happened at the chip happening at the chip level so you see the traffic is coming in SFP plus one and it's leaving out of SFP plus two and the CPU usage is just 1% so now let's increase the amount of traffic so let's go back to the CCR 204 we're going to stop this and we're going to go with the second stream so it's going to be sending 10,000 megabits per second that is equal to 10 gigabits per second so now start and we're going to pick the second stream and we go to the interfaces now we can see that this CCR 204 is sending almost 10 GBS per second to that 411 but it's sending that to the next hop that in this case is the CRS 309 and let's see what the CPU usage in that CRS 309 so if I go to the device so we can see that this is receiving the traffic on the plus one and send it that out of plus two almost 10 gbits per second but in this case the CPU usage is just 2% so if I come here to system resources we're going to see here the CPU load is between 1 2 0% so basically everything is happening at the cheap level and we can validate that by going to the routing table but you see that this is hardware of LED so basically this rs290 getting packets going to the IP 101001 1002 it's checking the routing table but this is going to happen at the cheap level and then you're going to deliver those packets to that device on the path and this is how we are going to take advantage of this feature in router os7 at the end the idea is to improve the performance to increase the scalability into offer a better experience to our users so I hope that this video has been informative for you and I hope to see you on the next one thank you [Music]
Info
Channel: Wilmer Almazan / The Network Trip
Views: 8,551
Rating: undefined out of 5
Keywords: mikrotik, layer-3-hardware-offloading, l3hwoffloading, routeros7, mikrotiktutorial, learn mikrotik, l3 hardware offloading, mtcna, mtcre, switching mikrotik, mikrotik trainer, ip switching mikrotik, intervlan routing mikrotik
Id: c2sAA6jMjCY
Channel Id: undefined
Length: 30min 44sec (1844 seconds)
Published: Mon Oct 16 2023
Related Videos
MLAG With Mikrotik - High Availability (Full Lab)
Wilmer Almazan / The Network Trip
6.7K
Mikrotik VLANs - CRS3XX Step by Step - Mikrotik Tutorial
Wilmer Almazan / The Network Trip
147K
The Computer Has Rebooted From a Bugcheck [Fixed]
MDTechVideos
21
Port Knocking & Scanner Detection - Mikrotik Firewall Ep 3
Wilmer Almazan / The Network Trip
3.6K
Router on a stick vs Layer 3 switching
Willie Howe
2.9K
Security Best Practices - Firewall Filtering with MikroTik Marc
Admiral Platform (RemoteWinBox)
2.6K
Diving deep into RouterOS: Switching
MikroTik
36K
DO NOT design your network like this!! // FREE CCNA // EP 6
NetworkChuck
3.1M
MACVLAN Mikrotik - Multiple MACs, One Interface
Wilmer Almazan / The Network Trip
3.4K
Layer 2 vs Layer 3 Switches
PowerCert Animated Videos
534K
Exploring Proxmox from a VMware User's Perspective
2GuysTek
104K
AI Leader Reveals The Future of AI AGENTS (LangChain CEO)
Matthew Berman
24K
Set up a Full Network using OPNsense (Part 2: OPNsense)
Home Network Guy
68K
Why I’d Build a PC Now (50% Price Drops)
Graphically Challenged
14K
16-Port 10Gb Managed Switch for under $400???
Craft Computing
130K
How To Configure InterVLAN Routing On Layer 3 Switches
Cisco Community
274K
Ubiquiti UniFi Layer 3 Switches and pfSense Revisited - One L3 Switch
777 or 404
4.7K
VXLAN Mikrotik - RouterOS v7
Wilmer Almazan / The Network Trip
14K
MikroTik Bridging Fundamentals: Optimizing Your Network Connectivity
Network Wander
2.2K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.