MikroTik

Community discussions
https://forum.mikrotik.com/

Configuration Summer cleaning l3hw

https://forum.mikrotik.com/viewtopic.php?t=209346

Page 1 of 1

Configuration Summer cleaning l3hw

Posted: Wed Jul 17, 2024 4:24 pm
by cyayon
Hi,

I am currently doing some summer cleaning on my configs.

I have found that on my CCR2116 (internet router/firewall), that the L3HW is disabled on switch level but enable on switch port level.

Is there any mistake to enable on both level (switch and switch port) ?

The CCR2116 (7.13.5) is connected to my ISP with dhcp client (ipv4 and ipv6). I have also found there is a L3HW for ipv6 (HW setting button). Do I need / must to enable ?

I also found that the default route (acquired by the dhcp client) I do not contain H that means it is NOT hardware-offloaded.
I would like to enable L3HW but be sure that firewall rules are not bypassed…


Thanks.

Re: Configuration Summer cleaning l3hw

Posted: Wed Jul 17, 2024 5:31 pm
by Apachez
Perhaps someone from Mikrotik can enlighten us but to my knowledge the setting on switchchip level is the global on/off switch.

Then when you have that at on you can disable individual interfaces with an on/off at port-level.

So if the switchchip have this off and port X have this on the result is off.

Global=off, Port=on = Result=off

If switchchip have this on and port X have this off then the result is off.

Global=on, Port=off = Result=off

If switchchip have this on and port X have this on then the result is on.

Global=on, Port=on = Result=on

Then when it comes to L3HW offloading some features such as using the device in a MLAG or with VRF needs the L3HW offloading to be off for the MLAG (and VRF) to work.

The "L2HW offloading" will still work (switching) but not routing.

Which gives if you want L3HW offloading (to get a boost in performance like from half a gigabit to tens or hundreds of gigabit in routing) you cant use some features such as MLAG and VRF at the same time (depending on model I assume).

Here is a list of conflicting features when it comes to L3HW offloading:

https://help.mikrotik.com/docs/display/ ... Offloading

Re: Configuration Summer cleaning l3hw

Posted: Wed Jul 17, 2024 5:56 pm
by cyayon
Hi thanks for your answer.
On a firewall device (which is my case), is it a mistake to enable it ?

Re: Configuration Summer cleaning l3hw

Posted: Wed Jul 17, 2024 6:34 pm
by Apachez
According to the feature support list over at https://help.mikrotik.com/docs/display/ ... ureSupport the answer is yes and no.

Fasttrack connections will be offloaded but everything else will go to the CPU.

Re: Configuration Summer cleaning l3hw

Posted: Wed Jul 17, 2024 9:51 pm
by cyayon
let me try to reformulate my question.

If I enable L3HW, will my firewall rules be bypassed ?

Also, there is an ipv6 HW option in switch>switch>L3 HW settings>IPv6 HW
does this params have an effect on defined ipv6 firewall rules ?

thanks
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/