## Switch your RouterBoard

Daniel Starnowski

## Switch chip on MikroTik RouterBoard



## RouterBoard – just an example



#### OSI layers

- Switch operates on layer 2 and forwards ethernet frames between ports
- Router operates on layer 3 and forwards IP packets decapsulating them from frames

MAC header IP header Layer 4 + data CRC

## RouterBoard – the anatomy



#### RouterBoard – ports and interfaces



## RouterBoard – a routing scenario



## RouterBoard – a bridge



## RouterBoard – IP address on a bridge



#### RB2011 – the performance

- fast path:
  - ~1500 Mbps with 1500 B packets
  - ~150 Mbps with 64 B packets
- without fast path:
  - ~1000 Mbps with 1500 B packets
  - ~50 Mbps with 64 B packets

## RouterBoard – VLAN bridging



## RouterBoard – VLAN bridging config

- Create VLAN vlan33eth1 with tag
   33 on interface ether1
- Create VLAN vlan33eth2 on ether2
- Create bridge vlan33
- Add ports vlan33eth1, vlan33eth2
   and ether3 to the bridge vlan33

## RB2011 – VLAN bridging test

- 8 different streams
- Only 1500 B packets
- 8 x 122 Mbps 1% packet loss (total 976 Mbps)
- 8 x 60 Mbps 0,1% packet loss (total **480 Mbps**)

## The answer – the switch chip



## The switch chip

- Almost every new RouterBoard with multiple ethernet interfaces is equipped with a switch chip
- Hardware switch without using CPU
- From ROS v6 VLAN trunking is possible

#### Switch chips in MikroTik devices

• Atheros 8316



Atheros 8327





Atheros 8227



- Atheros 7240
- other





#### What chip does my RouterBoard have?



#### How to turn the switch chip on?



#### How to turn the switch chip on?



## Activating the switch chip

• If we set ,,master port" on ether2 to ,,ether1", we will activate the switch chip.

How many ports will be active on the chip?

## Connections without using the chip



## Activating the switch chip



## Switch chip – the master port

- Master port only in the same chip
- Only 1 master port possible for a chip
- The master and "slave" ports are equal for the switch chip
- Only one difference the interface,
   the chip will be visible on

## Switch chip – port names



## Switch chip – port names

- The same names:
  - interfaces seen from the CPU (ether1, ether2, ...)
  - physical ports seen from the chip (ether1, ether2, ...)
- Only one connection between the chip (the cpu port) and the CPU (master port)

## Default configuration of switch chip



## Default configuration of switch chip

- In RouterBoards like 2011 or 951
- ether1 gateway port (not included in the switch group)
- ether2-ether5 switched ports
- ether2 master port, used when configuring IP address, bridge, etc.

#### VLAN bridging – the software version



## VLAN bridging with the switch chip



## Switch chip – preparing the vlans



## Switch chip – preparing the vlans

- Vlan settings not important as long as
   VLAN Mode is disabled (default)
- Independent learning when some MACs can be visible on different ports in different vlans
  - -Keeps separate table for the VLAN

## Switch chip – the trunk port



## Switch chip – the access port



## Switch chip – trunk and access ports

- Trunk port:
  - -Mode: secure
  - -Header: add if missing
- Access port:
  - Mode: secure
  - -Header: always strip
  - -Default VLAN ID (a.k.a. PVID)
- No "hybrid" ports!

## Switch chip – the speed test



## Switch chip – the speed test

- With bridging more than 0.1% loss visible with 8\*60 = 480 Mbps (and CPU ~ 50%)
- Switch chip almost no loss with 8\*490 Mbps = 3920 Mbps (4 ports wire speed), CPU unchanged
- From ROS 6.5 port stats available

# Switch chip – port stats

• From ROS 6.5 stats available for the switch ports (traffic doesn't need to go through **CPU** 



## Switch chip – routing the VLANs



## Switch chip – routing the VLANs

- Include cpu in selected VLANs configuration on the switch chip
- Change VLAN Mode to secure (header can be leave as is)
- Add VLAN interfaces on the master port (in the example – ether1)

#### What if ether3 was the master port?



#### Hosts table



## Switch chip's limitations

| Feature        | Atheros8327  | Atheros8316  | Atheros8227  | Atheros7240  | ICPlus175D | Other |
|----------------|--------------|--------------|--------------|--------------|------------|-------|
| Port Switching | yes          | yes          | yes          | yes          | yes        | yes   |
| Port Mirroring | yes          | yes          | yes          | yes          | yes        | no    |
| Host table     | 2048 entries | 2048 entries | 1024 entries | 2048 entries | no         | no    |
| Vlan table     | 4096 entries | 4096 entries | 4096 entries | 16 entries   | no         | no    |
| Rule table     | 92 rules     | 32 rules     | no           | no           | no         | no    |

- Mirroring copies of all frames (in and out) from source sent to target
- Rules if we want to mirror or block (etc.) a selected packets

## Thank you!

• I told you it was easy!

