hAP AC Ethernet Speed problem

rtem · May 23, 2017, 8:03am

Hi, I have a problem with download speed over the ethernet connection on my new hAP AC router.
My home setup is following:

hAP AC router. S/N 6F1206D7078D. Firmware version: 6.39.1
WAN cable from provider with PPPoE connection. Tarif is 80/80 Mbits/s (Download/Upload). Connected to Eth1 port.
PC with wired connection. Connected to Eth4 port
Laptops connected over WiFi (5Ghz)

Results using speedtest.net (Download/Upload):
Wired connection: 20/83
WiFi connection: 80/83
Direct connection without hAP AC: 80/83

So the problem is only with download speed over the wired connection.
WiFi and direct connection are fine.
Is it some hardware defect or I configured something wrong?
I found another topics on this forum with similar problems, but have not found solution there.

Below is result of /export hide-sensitive command.

/interface bridge
add fast-forward=no mtu=1500 name=br1-lan protocol-mode=none

/interface ethernet
set [ find default-name=ether1 ] name=eth1-wan
set [ find default-name=ether5 ] name=eth5-lan
set [ find default-name=ether2 ] master-port=eth5-lan name=eth2-lan
set [ find default-name=ether3 ] master-port=eth5-lan name=eth3-lan
set [ find default-name=ether4 ] auto-negotiation=no master-port=eth5-lan name=eth4-lan

/interface pppoe-client
add add-default-route=yes disabled=no interface=eth1-wan keepalive-timeout=60 name=tap1-wan use-peer-dns=yes user=k134

/ip neighbor discovery
set eth1-wan discover=no
set eth5-lan discover=no
set sfp1 discover=no
set tap1-wan discover=no

/ip neighbor discovery
set eth2-lan discover=no
set eth3-lan discover=no
set eth4-lan discover=no

/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=Home-WiFi-Profile supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-Ce country="united states" disabled=no mode=ap-bridge security-profile=Home-WiFi-Profile ssid=Rabits-2.4 \
    wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce country="united states" disabled=no mode=ap-bridge security-profile=Home-WiFi-Profile ssid=Rabbits-5 \
    wireless-protocol=802.11 wps-mode=disabled

/ip neighbor discovery
set wlan1 discover=no
set wlan2 discover=no

/interface wireless nstreme
set wlan1 enable-polling=no
set wlan2 enable-polling=no

/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot

/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.200

/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=br1-lan lease-time=8h name=dhcp-pc

/interface bridge port
add bridge=br1-lan interface=eth5-lan
add bridge=br1-lan interface=wlan1
add bridge=br1-lan interface=wlan2

/interface l2tp-server server
set caller-id-type=ip-address

/ip address
add address=192.168.1.1/24 interface=eth5-lan network=192.168.1.0

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 netmask=24

/ip dns
set allow-remote-requests=yes

/ip firewall filter
add action=drop chain=input comment="drop invalid connections" connection-state=invalid
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=input comment="allow established connections" connection-state=established
add action=accept chain=input comment="allow related connections" connection-state=related
add action=accept chain=input comment="allow ICMP" protocol=icmp
add action=accept chain=input comment="allow connections from lan" in-interface=!tap1-wan src-address=192.168.1.0/24
add action=drop chain=input comment="drop everything else" in-interface=tap1-wan

/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-port=9999 new-connection-mark=allow_in passthrough=yes protocol=tcp

/ip firewall nat
add action=masquerade chain=srcnat out-interface=tap1-wan

/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

/ip smb shares
set [ find default=yes ] directory=/pub

/ip upnp
set enabled=yes

/ip upnp interfaces
add interface=eth1-wan type=external
add interface=eth2-lan type=internal
add interface=eth3-lan type=internal
add interface=eth4-lan type=internal
add interface=eth5-lan type=internal
add interface=br1-lan type=internal
add interface=tap1-wan type=external

/system clock
set time-zone-name=Europe/Kiev

/system leds
set 1 interface=wlan2

/tool mac-server
set [ find default=yes ] disabled=yes
add interface=br1-lan

pukkita · May 23, 2017, 9:25am

/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-port=9999 new-connection-mark=allow_in passthrough=yes protocol=tcp

start by disabling that mangle rule, it’s not being used for anything else according to your setup, and will impact fasttrack.

How’s the Hap ac CPU when doing a speed test?

Whats the firmware version? (System > Routerboard, compare Current firmware vs Upgrade firmware)

80/80 shouldn’t tax the Hap ac CPU; additionally you have fasttrack set, so I’d rule out a CPU load problem, would suspect of a fragmentation problem (MTU/MRU/MSS) on the PPPoE client.

Try noting which MTU/MRU/MSS settings do your PC pppoe interface uses, and replicate on the pppoe-client settings.

6.39 brought changes that could be related to this:

!) ppp - completely rewritten internal fragmentation algorithm (when MRRU is used), optimized for multicore;
!) ppp - implemented internal algorithm for “change-mss”, no mangle rules necessary;

Have you tried 6.37.5?

Steveocee · May 23, 2017, 9:57am

add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=input comment=“allow established connections” connection-state=established
add action=accept chain=input comment=“allow related connections” connection-state=related

Looks wrong to me…
You are fasttracking connections that are established AND related (simultaneously) and accepting established and accepting related.
If you remove the current fast track and change the action on the 2 other rules to fast track that may improve you a fair bit.

rtem · May 23, 2017, 11:16am

pukkita:

/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-port=9999 new-connection-mark=allow_in passthrough=yes protocol=tcp
start by disabling that mangle rule, it’s not being used for anything else according to your setup, and will impact fasttrack.

Done. Nothing changed.

During download CPU load is 10-15%. During upload 30-40%

Both (current/upgrade) firmware 3.34

Could you explain more detailed?

Yes, previously I was on that version. Same problems there. This is why I decided to update.

pukkita · May 23, 2017, 11:42am

So the problem is only with download speed over the wired connection.

Sorry, I overlooked this. So the PC is the only one having problems (got mixed up with another post). This rules out pppoe client issues.

set [ find default-name=ether4 ] auto-negotiation=no master-port=eth5-lan name=eth4-lan

Why not autonegotiate? disabling it will just mask other problems. The problem probably resides on L2 between the PC and router.

Can you please post the output of

/interface print stats-detail where name=eth4-lan
/interface print detail where name=eth4-lan

I suspect either the cable, your PC network card, or ether4 may be faulty.

rtem · May 23, 2017, 11:53am

Here is the output

/interface print stats-detail where name=eth4-lan                   

Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  RS name="eth4-lan" last-link-down-time=may/23/2017 08:47:10 last-link-up-time=may/23/2017 08:47:12 link-downs=5 rx-byte=908 929 899 tx-byte=657 809 604 rx-packet=1 293 036 
       tx-packet=1 040 372 rx-drop=0 tx-drop=0 rx-error=0 tx-error=0 fp-rx-byte=0 fp-tx-byte=0 fp-rx-packet=0 fp-tx-packet=0 


/interface print detail where name=eth4-lan

Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  RS name="eth4-lan" default-name="ether4" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 mac-address=6C:3B:6B:45:A0:DD fast-path=yes 
       last-link-down-time=may/23/2017 08:47:09 last-link-up-time=may/23/2017 08:47:11 link-downs=5

rtem · May 23, 2017, 12:13pm

I suspect either the cable, your PC network card, or ether4 may be faulty.

The issue occurs on any of Eth2-Eth5 port.
Just tried Cable Test on Eth4. It says, that link is up.
I was also thinking about cable problem. Physically router and pc are connected through ethernet sockets. I mean I have one socket near the router and another near the pc. There is a cable inside the wall between those two sockets (~7 meters). But, as I mentioned, if I put cable directly (Provider cable to socket that goes to PC) the speed is fine.

pukkita · May 23, 2017, 12:21pm

What happens if you wire the PC directly to the router?

rtem · May 23, 2017, 12:36pm

Can’t move PC closer to router right now. Can do this only in a few hours. I will let you know.

But I tried such connection that worked well.

pukkita · May 23, 2017, 12:48pm

run this on a terminal while doing the tests (ether4 → 3) and paste captures

/interface ethernet monitor 3

Which ethernet chipset does the PC have? is it gigabit? Is your ISP router gigabit?

rtem · May 23, 2017, 12:55pm

Done:

[rtem@MikroTik] > /interface ethernet monitor 3
name: eth4-lan
status: link-ok
auto-negotiation: disabled
rate: 100Mbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no

rtem · May 23, 2017, 1:02pm

PC uses default embedded ethernet adapter (Realtek 8111G ). It’s Gigabit. Unfortunately have no idea about ISP router

rtem · May 23, 2017, 2:21pm

I did few more tests.
First I tried to plug in pc directly to the router (without all the sockets). Exactly same result.
Then I tried to remove master-port value from all Eth2-Eth4 ports and added them to Bridge. And the issue gone. The speed is normal 80/80. Tried with both connection (direct and through the sockets). What does it mean? Is there some defect with hardware switch?
Maybe this is somehow related to this topic:
http://forum.mikrotik.com/t/hap-ac-faulty-seriers-very-poor-lan-performance-switch-problem/96655/1

pukkita · May 23, 2017, 2:36pm

What happens if you set the ether for the PC to autonegotiate? Doesn’t it link at 1Gbps?

I would first try to clear that out. Could it be related to the post you refer to, but I’d rule out any local variables before re-enabling the switch, generating a supout and writing support.

Realtek chipsets are (sadly) ubiquitous nowadays so the possibility of being a “hardware compatibility” issue looks to be rather unlikely. I think is L1/L2 related.

rtem · May 23, 2017, 3:03pm

Just turned on autonegotiation. Log says:

eth4-lan link up (speed 1G, full duplex

The hardware switch is still turned off.

rtem · May 24, 2017, 8:42am

So, should I report to support with this problem and send them a link to this post? For me it seems like the problem with hardware switch.
Just to summarize:

Speed over WiFi is fine
Direct connection speed (without router) is fine.
Speed over ethernet connection when ports are added to switch using master port option is ~20-25% of real ISP speed.
Speed over ethernet connection when ports are bridged is fine

pukkita · May 24, 2017, 10:16am

did you test with autonegotiation on and still suffered from the -25% speed?

If so, recreate the switch, and while doing a test generate a supout. Attach it on your email to support, including a link to this post.

crashbit · June 5, 2017, 12:06pm

I have similar problems.

I have a RouterBOARD 962UiGS-5HacT2HnT
Wifi connection works fine
PC connected directly to ONT works fine
When I connect a PC to mikrotik router slow down my connection

I’m connected to ONT with cat 6 wire. I do a pppoe connection. I have a mikrotik with home PA dual config.

My ISP says the problem is Mikrotik. I have a 1Gbps internet connection.

My ethernet ifaces are sync 1gbps full duplex.

Max internet connection with mikrotik are 140mbps download and 80mbps upload.