...
Currently supported and unsupported feature list:
| Feature | Status | Description |
| IPv4 Unicast | HW | Depending on the complexity of routes in the routing table, the max HW accelerated route count could change (see hardware-specific limits below). Whole-byte IP prefixes (/8, /16, /24, etc.) occupy less HW space than others (e.g., /22). If the HW route limit is reached new routes will fall back to CPU, except cases when the newly added route overlaps with already existing routes processed by the hardware. In this case, destinations that were processed in hardware will continue to be processed in hardware. The user should choose the device with HW capability large-enough to store all the routes. |
| IPv6 Unicast | CPU | |
| IPv4 Multicast | CPU | |
| IPv6 Multicast | CPU | |
| ECMP | HW | See hardware-specific limits below |
| "blackhole" routes | HW | This feature enables the possibility to drop D/DOS attacks at wire speed |
| "prohibit" routes | CPU | |
| "unreachable" routes | CPU | |
| gateway=<interface_name> | HW/CPU | This works only for directly connected networks. Since HW does not know how to send ARP requests, CPU sends ARP request and waits for a reply to find out a DST MAC address on the first received packet of the connection that matches a DST IP address. After DST MAC is determined, HW entry is added and all further packets will be processed by the switch chip. |
| Bridge | HW | Routing from/to bridge interface |
| VLAN | HW | Routing between VLAN interfaces |
| LACP/Bonding | HW | |
| Firewall | FW | Only Fasttrack connections get processed by HW, which means that the CPU is processing packets until the connection gets fast-tracked. |
| NAT | FW | NAT rules applied to the offloaded Fasttrack connections are processed by HW. |
| QoS | N/A |
Where:
- CPU - feature is supported but processed by CPU
- HW - feature is supported and offloaded in hardware
- FW - feature is supported and offloaded in hardware (l3-hw-offloading=no for a specific switch port, l3-hw-offloading=yes must be enabled on switch level)
- N/A - feature is not available, meaning that L3 Hardware offloading MUST be disabled for these features to work
...
The devices below are based on Marvell 98DX8xxx switch chips or the 98DX3257 model.
| Release | Routes | Nexthops | ECMP Groups | Fasttrack connections1,2 | NAT enties2 | |
| CRS317-1G-16S+ | 7.1beta1 | 150K - 240K | 8K | 4K | 4500 / 3750 3 | 8K 4 |
| CRS309-1G-8S+ | 7.1beta2 | 50K - 80K | 8K | 4K | 4500 / 3750 | 8K |
| CRS312-4C+8XG | 7.1beta2 | 50K - 80K | 8K | 4K | 2250 / 1500 | 8K |
| CRS326-24S+2Q+ | 7.1beta2 | 50K - 80K | 8K | 4K | 2250 / 1500 | 8K |
| CRS354-48G-4S+2Q+ | 7.1beta4 | 50K - 80K | 8K | 4K | 2250 / 1500 | 8K |
*1 When the HW limit of Fasttrack or NAT entries is reached, other connections will fall back to the CPU. MikroTik's smart connection offload algorithm ensures that the connections with the most traffic are offloaded to the hardware.
...
These switch chips use different approach to offload IPv4 routes, instead of IP ranges used on DX8000 series chipsets, DX3000/2000 is using IP prefixes.
| Model | Release | IPv4 Route Prefixes1 | Nexthops | ECMP paths per prefix2 |
|---|---|---|---|---|
| CRS305-1G-4S+ | 7.1beta6 | 13312 | 4K | 8 |
| CRS318-1Fi-15Fr-2S | 7.1beta6 | 13312 | 4K | 8 |
| CRS318-16P-2S+ | 7.1beta6 | 13312 | 4K | 8 |
| CRS326-24G-2S+ | 7.1beta6 | 13312 | 4K | 8 |
| CRS328-24P-4S+ | 7.1beta6 | 13312 | 4K | 8 |
| CRS328-4C-20S-4S+ | 7.1beta6 | 13312 | 4K | 8 |
*1 Since total amount of routes that can be offloaded is very limited, prefixes with higher netmask are preferred to be forwarded by hardware (e.g /32 /30 /29 etc, last route is 0.0.0.0/0 always processed by CPU), any other prefix that does not fit in the HW table will be processed by the CPU.
...