RouterOS v7 vlan-filtering

雖然 RouterOS v7 啟動了對 MT7621 VLAN HW offloading 硬體加速的支援:
https://help.mikrotik.com/docs/display/ROS/Bridge#Bridge-BridgeHardwareOffloading

然而因為此 bug,若是你在 bridge 裡面對封包上 tag / 解 tag,依然還是會吃掉 CPU IRQ:
https://forum.mikrotik.com/viewtopic.php?f=1&t=177092#p878135

目前的替代方案,依然還是只能把 vlan interface 疊加在 bridge 上面,也就是官方文檔裡面提到的 VLAN on a bridge in a bridge:
https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#VLAN_on_a_bridge_in_a_bridge

運作起來是也沒什麼問題,只是就醜了些,感覺沒有那麼優雅…

好消息是官方說此功能正在積極開發中了。

Update

似乎 DHCPv6-PD 也修好了?

/ipv6 address
add from-pool=hinet_ipv6_pool interface=bridge_vlan100_HOME
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-out2-dynamic pool-name=hinet_ipv6_pool rapid-commit=no request=prefix use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=output
add action=accept chain=forward connection-limit=100,64 connection-state=established,related connection-type="" dst-limit=1,5,dst-address/1m40s headers=\
    :exact limit=1,5:packet time=0s-1d,sun,mon,tue,wed,thu,fri,sat
/ipv6 firewall mangle
add action=change-mss chain=forward dst-prefix=::/0 new-mss=clamp-to-pmtu passthrough=no protocol=tcp src-prefix=::/0 tcp-flags=syn
/ipv6 nd
add interface=bridge_vlan100_HOME managed-address-configuration=yes
/ipv6 settings
set max-neighbor-entries=8192

RouterOS v7 vlan-filtering