MikroTik

hello
I have replaced a 1072 with a CRS317 for pure routing purposes bgp v4+v6
I route about 1000 ipv4 routes and 900 ipv6.
I have replaced the 1072 to the 317 to have more ports, hardware lacp, and hardware routing. no other services on it.

I have seen the following.
on the network, at 6 hop distance from the 317, I have a router 2004 with 7.5 working OK.
It has 3 redundant path through our network, then they reach the crs317, wich uplink is towards the border routers, from where it receive the default route.
If I shut down just one path on this router 2004 (he receives the default on the three links with bgp), it cannot reach the internet, the traceroute stops at the 317.
The 2004 receives correctly the default route, everything as expected, but the traceroute stops at the 317.
If on the 317 I disable then re-enable the l3-hw forwarding, it works immediately.
I can reproduce it if I shut down any of the redundant link on the 2004.

I have seen is on the 7.5 and on the 7.6rc3

Obviously I cannot stay with l3-hw disabled since the 317 is not enough to route 6+ Gbps.
The very same identical conf, worked perfectly on a 1072 with fastpath and 7.5

I opened the ticket with no answer from MT.

It happens every 1-2 days that some routes stop working... if I traceroute to them, there is a loop at the CRS317..
The solution is that I made a script that disables L3-hw, delay 5 seconds, then turns it again ON.
In this way the issue got resolved.

I scheduled a daily stop/start l3-hw... and till now it works.

Hello
some updates.
I have seen that on heavy traffic (mixed) about 6-7Gbps, in routing, some random routes stop responding.
If we do traceroute we se the packet bouncing ont he crs317 ip...

stop and start again l3-hw is the solution.
We have scheduled 2 daily restart (in the early morning and in the late afternoon) and we stay alive.
Support ticket opened but no answer yet.

Did you get this issue reolved?
I had the same issue with a new CRS309 doing L3HW FT/NAT offload; after an hour or so new connections got blocked. Workaround same like you: every hour reset the L3HW switch setting. Mikrotik support was not able to reproduce my issue.
Eventually using my CRS only as plain L2 switch at the moment.

I had issues with L3HW offload with 7.6 on my BGP border CCR2116's, so I backed them all to 7.4.1. They've been running great in that configuration since 7.4.1 came out.

I do have 2116's running 7.6 for container support. Both of them serve as firewall/NAT devices, so L3HW offload is enabled only the switch, not the individual switch ports, for the reasons outlined above.

We are experiencing the same issue with 317 in L3HW on v7.4.1

We have not upgraded to higher versions due to other issues with theose versions which would break our setup. Our current setup is pure L3HW with OSPF and iBGP running on the 317.

Has any mikrotik response been received yet?

Hello
I have got the answer from support that they have been able to reproduce the issue, but at the moment there is no fix.
the workaround is to schedule the l3-hw off and on, and to clear the arp.
we have 7.6 with no drawbacks than 7.4.1

I had issues with L3HW offload with 7.6 on my BGP border CCR2116's, so I backed them all to 7.4.1. They've been running great in that configuration since 7.4.1 came out.

I do have 2116's running 7.6 for container support. Both of them serve as firewall/NAT devices, so L3HW offload is enabled only the switch, not the individual switch ports, for the reasons outlined above.

Can you please describe it in detail? Wich is the benefit to have l3-hw on the global switch settings, and not on the individual ports?

Yup, we had same issue here since 7.3.1.
Already answered by support and there still no fix for this.
We only got 300 prefixes for local networks with ebgp private AS.

The issue is when your direct p2p links got rto or unreachable, there the problem started.

Sometimes disable enable l3hwoffload doesnt start correctly. So we move to another script.
/ip arp remove [f]
It work like dis/en l3hwoffload. But not working if ipv6 got stuck. So we have schedulers for clear arp + netwatch if rto 3x and do clear arp + dis/en l3hw 3 times (to make sure) for once a day.

Can you please describe it in detail? Wich is the benefit to have l3-hw on the global switch settings, and not on the individual ports?

Devices that support Firewall and NAT hardware offload will load fast-tracked connections into the ASIC, so the CPU only has to handle the initial handshake.

When turning hardware offload on for internal ports, at least with my configurations, it broke NAT.

On my 317, I set the disable/enable script to run every two hours.

Using v7.7 on CRS.
issue still here