CRS326-24S+2Q+RM FastTrack HW-offload配置测试(视频)
CRS326-24S+2Q+RM升级到RouterOSv7.2.1,测试FastTrack HW-offload,即nat硬件加速,先看下测试视频:
相关介绍和要求,请参阅 :硬件加速 Fasttrack(Nat转发硬件加速)
这个视频的网络配置非常简单,一个单线的nat上网,具体配置如下:
- sfp-sfpplus1作为三层接口,不加入Bridge的交换分组,配置IP地址192.168.88.10/24,网关192.168.88.1
- sfp-sfpplus2加入bridge,并设置PVID 20,创建三层vlan 20,IP地址192.168.20.1/24,并配置DHCP服务
- 测试电脑接入sfp-sfpplus2口,自动获取IP地址上网
配置CRS326-24S+2Q+RM,通过MGMT(ether1)的管理口接入网线,winbox登录配置,但这里提供命令行配置(懒得截图)
首先创建桥接,开启vlan-filter,并固定bridge接口的MAC地址
/interface bridge add admin-mac=74:4D:26:F1:52:01 auto-mac=no comment=defconf name=bridge vlan-filtering=yes
进入bridge port,除sfp-sfpplus1和ether1端口外,其他端口都加入到bridge交换分组,设置sfp-sfpplus2的PVID为20(官方默认情况下,已经做了这些端口的交换配置,只需要把sfp-sfpplus1从bridge port禁用即可)
/interface bridge port add bridge=bridge comment=defconf interface=qsfpplus1-1 add bridge=bridge comment=defconf interface=qsfpplus1-2 add bridge=bridge comment=defconf interface=qsfpplus1-3 add bridge=bridge comment=defconf interface=qsfpplus1-4 add bridge=bridge comment=defconf interface=qsfpplus2-1 add bridge=bridge comment=defconf interface=qsfpplus2-2 add bridge=bridge comment=defconf interface=qsfpplus2-3 add bridge=bridge comment=defconf interface=qsfpplus2-4 add bridge=bridge comment=defconf interface=sfp-sfpplus2 pvid=20 add bridge=bridge comment=defconf interface=sfp-sfpplus3 add bridge=bridge comment=defconf interface=sfp-sfpplus4 add bridge=bridge comment=defconf interface=sfp-sfpplus5 add bridge=bridge comment=defconf interface=sfp-sfpplus6 add bridge=bridge comment=defconf interface=sfp-sfpplus7 add bridge=bridge comment=defconf interface=sfp-sfpplus8 add bridge=bridge comment=defconf interface=sfp-sfpplus9 add bridge=bridge comment=defconf interface=sfp-sfpplus10 add bridge=bridge comment=defconf interface=sfp-sfpplus11 add bridge=bridge comment=defconf interface=sfp-sfpplus12 add bridge=bridge comment=defconf interface=sfp-sfpplus13 add bridge=bridge comment=defconf interface=sfp-sfpplus14 add bridge=bridge comment=defconf interface=sfp-sfpplus15 add bridge=bridge comment=defconf interface=sfp-sfpplus16 add bridge=bridge comment=defconf interface=sfp-sfpplus17 add bridge=bridge comment=defconf interface=sfp-sfpplus18 add bridge=bridge comment=defconf interface=sfp-sfpplus19 add bridge=bridge comment=defconf interface=sfp-sfpplus20 add bridge=bridge comment=defconf interface=sfp-sfpplus21 add bridge=bridge comment=defconf interface=sfp-sfpplus22 add bridge=bridge comment=defconf interface=sfp-sfpplus23 add bridge=bridge comment=defconf interface=sfp-sfpplus24
配置vlan 20透传给Bridge(CPU处理)
/interface bridge vlan add bridge=bridge tagged=bridge vlan-ids=20
创建三层vlan 20,处理来至VLAN20的三层数据流
/interface vlan add interface=bridge name=vlan20 vlan-id=20
进入ip address配置接口IP地址
/ip address add address=192.168.88.10/24 interface=sfp-sfpplus1 add address=192.168.20.1/24 interface=vlan20
创建vlan20的地址池
/ip pool add name=pool1 ranges=192.168.20.10-192.168.20.100
创建vlan 20 的DHCP服务
/ip dhcp-server add address-pool=pool1 interface=vlan20 name=server1
分配DHCP服务的网关和DNS
/ip dhcp-server network add dns-server=114.114.114.114 gateway=192.168.20.1 netmask=24
配置RouterOS的DNS
/ip dns set servers=114.114.114.114
添加默认网关
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=192.168.88.1
启用交换芯片的l3-hw-offloading
/interface ethernet switch set 0 l3-hw-offloading=yes
启用sfp-sfpplus2端口的l3-hw-offloading,关闭掉sfp-sfpplus1的l3-hw-offloading(如果你的内网还有其他三层vlan,需要设置其他端口开启l3-hw-offloading,可以实现三层硬件加速)
/interface ethernet switch port set 1 l3-hw-offloading=no set 2 l3-hw-offloading=yes
设置filter的fasttrack和hw-offload
/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes add action=accept chain=forward connection-state=established,related
添加nat规则:
/ip firewall nat add action=masquerade chain=srcnat out-interface=sfp-sfpplus1
以上配置供大家参考!
感谢您的支持,我会继续努力的!
扫码打赏,你说多少就多少
打开支付宝扫一扫,即可进行扫码打赏哦
文章很值,打赏犒劳作者一下