Hi,
I have a CRS317 running 7.1rc4 configured with L3 hardware routing. I have noticed that the src_mac used on routed packets changes when the HW offloading setting is changed:

• with l3-hw-offloading=yes, the src_mac address used for routed traffic is the MAC for the outgoing, physical port on the switch

• with l3-hw-offloading=no, the src_mac address used for routed traffic corresponds to the VLAN interface which has inherited its MAC from the bridge

Now, this is usually not too big of a problem since the host on the other end would just set the MAC it has learned through ARP as the destination when returning traffic. However, I'm running https://cilium.io (v1.11.0-rc0) in eBPF mode and it seems to be returning traffic to the MAC it saw in the initial packet. That creates an issue; the switch (with l3-hw-offloading=yes) receives the traffic with the physical interface's MAC as the destination rather than the VLAN interface's MAC, seems to be somewhat confused and decides to flood the packets. Needless to say, traffic never reaches its destination in a proper way (and flooding eats up bandwidth).

If l3-hw-offloading=no is set, the VLAN interface MAC is used as src_mac on traffic from the CRS317, Cilium returns traffic to that MAC and the CRS317 routes the traffic correctly.

Not sure who's at fault here. Is this a bug in Cilium? Mikrotik? A peculiarity with the L3 hardware offloading that cannot be changed? Please advise. I'm happy to provide configuration, etc. if needed.

For reference, I'm running the bridge with auto-mac=no and admin-mac configured.

Hi,

If a port is a bridge member, it should set the bridge's MAC as the source address in the routed packets.

We will investigate the issue.

Thanks for the feedback!

Hi,

If a port is a bridge member, it should set the bridge's MAC as the source address in the routed packets.

We will investigate the issue.

Thanks for the feedback!

Hi @raimondsp; I just reported the issue as SUP-63543. You can find the configuration and a supout.rif there in case you need it to reproduce the issue.

Hi @raimondsp; I just reported the issue as SUP-63543. You can find the configuration and a supout.rif there in case you need it to reproduce the issue.

Got it, thanks!

The issue has been fixed. Now, L3HW uses bridge/vlan's MAC for the source address of routed packets.

The fix will be included in the upcoming 7.1rc5.

The issue has been fixed. Now, L3HW uses bridge/vlan's MAC for the source address of routed packets.

The fix will be included in the upcoming 7.1rc5.

Awesome, that was extremely quick. Thanks a lot!

The issue has been fixed. Now, L3HW uses bridge/vlan's MAC for the source address of routed packets.

The fix will be included in the upcoming 7.1rc5.

Hi again, @raimondsp. I've just tried 7.1rc5 which is supposed to include the following fix:

*) l3hw - fixed source MAC address usage for routed packets;

however, the problem is still there. The source mac for routed traffic is still the outgoing interface and not the vlan/bridge interface.

I'm so sorry. The MAC src fix in the rc5 is for the DX2000/DX3000 switch chip series. However, CRS317 has a DX8216 chip. Currently, we are testing the fix for the DX8000 series.

If you wish, we may send you a private firmware build with the fix included after the testing is done. So you won't have to wait until rc6.

I'm so sorry. The MAC src fix in the rc5 is for the DX2000/DX3000 switch chip series. However, CRS317 has a DX8216 chip. Currently, we are testing the fix for the DX8000 series.

If you wish, we may send you a private firmware build with the fix included after the testing is done. So you won't have to wait until rc6.

Sure! You should have my contact details from the support ticket.

Fixed in 7.1rc6.