...
Since Fasttrack HW Offloading offers near-the-wire-speed performance at zero configuration overhead, the users tempt to use it as the default solution. However, the number of HW Fasttrack connections is very limited, leaving the other traffic for the CPU. Try using the hardware routing as much as possible, reduce the CPU traffic to the minimum via switch ACL rules, and then fine-tune which Fasttrack connections to offload with firewall filter rules.
Trying to offload slow-path connections
Using certain configuration (e.g. enabling bridge "use-ip-firewall" setting, creating bridge nat/filter rules) or running specific features like sniffer or torch can disable RouterOS FastPath, which will affect the ability to properly FastTrack and HW offload connections. If HW offloaded Fasttrack is required, make sure that there are no settings that disable the FastPath and verify that connections are getting the "H" flag or use the L3HW monitor command to see the amount of HW offloaded connections.
L3HW Feature Support
- HW - the feature is supported and offloaded to the hardware.
- CPU - the feature is supported but performed by software (CPU)
- N/A - the feature is not available together with L3HW. Layer 3 hardware offloading must be completely disabled (switch
l3-hw-offloading=no) to make this feature work. - FW - the feature requires
l3-hw-offloading=nofor a given switch port. On the switch level,l3-hw-offloading=yes.
...
| Feature | Support | Comments | Release |
|---|---|---|---|
| IPv4 Unicast Routing | HW | 7.1 | |
| IPv6 Unicast Routing | HW | /interface/ethernet/switch/l3hw-settings/set ipv6-hw=yes | 7.6 |
| IPv4 Multicast Routing | CPU | ||
| IPv6 Multicast Routing | CPU | ||
| ECMP | HW | Multipath routing | 7.1 |
| Blackholes | HW | /ip/route add dst-address=10.0.99.0/24 blackhole | 7.1 |
| gateway=<interface_name> | CPU/HW | /ip/route add dst-address=10.0.0.0/24 gateway=ether1 This works only for directly connected networks. Since HW does not know how to send ARP requests, | 7.1 |
| BRIDGE | HW | IP Routing from/to hardware-offloaded bridge interface. | 7.1 |
| VLAN | HW | Routing between VLAN interfaces that are created on hardware-offloaded bridge interface with vlan-filtering. | 7.1 |
| Bonding | HW | /interface/bonding | 7.1 |
| IPv4 Firewall | FW | Users must choose either HW-accelerated routing or firewall. Firewall rules get processed by the CPU. Fasttrack connections get offloaded to HW. | 7.1 |
| IPv4 NAT | FW | NAT rules applied to the offloaded Fasttrack connections get processed by HW too. | 7.1 |
| MLAG | N/A | ||
| VRF | N/A | Only the main routing table gets offloaded. | |
| VRRP | N/A | ||
| VXLAN | CPU | ||
| MTU | HW | The hardware supports up to 8 MTU profiles. | 7.1 |
| QinQ and tag-stacking | CPU | Stacked VLAN interfaces will lose HW offloading, while other VLANs created directly on the bridge interface can still use HW offloading. |
Only the devices listed in the table below support L3 HW Offloading.
...