Community discussions

 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

speed issues - what I am doing wrong?

Tue Feb 14, 2017 3:11 pm

Hello all,
I searched the forum and didn't find any post about this issue.
Hope this post is not a duplicate. If so, please just point me to the other post.

Here's the scenario:
{homelan}--->[mikrotic CPE](<--radio link-->)[mikrotic PTP-bridge]<---
---{officelan}--->[mikrotik 2011iLS]-nat-->[adsl router]-nat-again-->{internet}

The two mikrotik radio boxes between the homelan and the officelan:
- are SXT 5HPnD r2 (webfig v6.38.1, fw: 3.33)
- do not NAT
(systems in the office lan need to know what Ip at home is requesting services)
. office lan is 192.168.5.0/24
. home lan is 192.168.3.0/24

The mikrotik 2011iLS has 192.168.3.0/24 in the routing table and
knows to route through the [mikrotic PTP-bridge] at the office side
in order to reach the homelan.

When at home I can reach servers in the office lan at good speed.
it can peak up to 90 Mbps, average 60 Mbps. In other words, the path:
{homelan}--->[mikrotic as CPE](<--radio-link-->)[mikrotic PTP-bridge]<---
---{officelan}<--server performs at around 60 Mbps average.

When in the office, test speeds over the internet average at around
16 Mbps (down). In other words, the path:
{internet}-->[adsl router]-nat-->[mikrotik 2011iLS]-nat-->{ office lan }
performs at around 16 Mbps average.

Since the latter path is the slowest one, I expected to see speeds at
around 16 Mbps or a little bit less, from the internet to home.
But I can reach 6 Mbps in the best cases and conditions.

I have been trying to pinpoint the problem for weeks by now, but
I'm now short of any other good ideas about where to look into.

What could be wrong with the combination:
{internet}-->[adsl router]-nat-->[mikrotik 2011iLS]-nat-->{officelan}
-->[mikrotic PTP-bridge](<--radio-link-->)[mikrotic CPE]--{homelan}?

I know that natting twice is a bad practice. But if it were the problem
I would have slow speed issues at the office too.

Am I missing something?
Ask if you need other details,

Thanks in advance, Alessandro
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Tue Feb 14, 2017 5:46 pm

Are you natting between your home and office lan?
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Tue Feb 14, 2017 7:15 pm

I do not NAT between office and home lans.
As I wrote:
> - do not NAT
> (systems in the office lan need to know what Ip at home is requesting services)
> . office lan is 192.168.5.0/24
> . home lan is 192.168.3.0/24"

In other words, my systems in the officelan need to know which
IPs at home are trying to connect (host-firewalls and tcp_wrappers are
selecting the few homelan systems allowed to use them).

Or the other way around, my systems at the office need to be able
to initiate a connection to a homelan system (for example a NAS).

So NATTING only takes place (twice) at the entrance from the internet:
{internet}-->[adsl-router]#-NAT(°)--->[mikrotik2011iLS]#-NAT-(°°)---[....]

(°)
---[ADSL-ROUTER]<-192.168.12.2---- cross-cable ---192.168.12.1->[mikrotik2011iLS]

(°°)
--- 192.168.12.1->[mikrotik2011iLS]--192.168.5.0 (or 192.168.3.0 or others)

Routing table of the mikrotik 2011iLS
;;; OutWall (deafult gw to the internet):
0.0.0.0/0 192.168.12.2 ether1-gateway <<(the adsl router)
;;; home lan:
192.168.3.0/24 192.168.5.251 ether2 <<(the SXT box office-side)
;;; office lan:
192.168.5.0/24 192.168.5.253 ether2 <<(this is the mikrotik2011iLS IP address)
;;; ANOTHER lan "behind" the homelan:
192.168.11.0/24 192.168.5.251 ether2

NATTING RULES of the mikrotik 2011iLS
Action Chain Src. Address Out. Interface
masquerade srcnat 192.168.5.0/24 ether1-gateway
masquerade srcnat 192.168.3.0/24 ether1-gateway
masquerade srcnat 192.168.11.0/24 ether1-gateway

NO NATTING RULES IN THE RADIO BOXES
Only routing tables.

Thanks in advance.
Alessandro
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Tue Feb 14, 2017 8:03 pm

Are you running any firewall rules? Are you running any queues?
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Wed Feb 15, 2017 10:25 am

> Are you running any firewall rules?
Some at the "entry point" from the internet in the Mikrotik 2011iLS box:
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 chain=forward action=fasttrack-connection log=no
2 ;;; default configuration
chain=forward action=accept connection-state=established,related log=no
log-prefix=""
3 ;;; invalid packets
chain=output action=drop connection-state=invalid
out-interface=all-ethernet log=no log-prefix=""
4 ;;; Microsoft telemetry 1 of 2
chain=forward action=drop dst-address=191.232.139.253 log=no
log-prefix=""
5 ;;; Microsoft Telemetry 2 of 2
chain=forward action=drop dst-address=191.232.139.254 log=no
log-prefix=""
6 ;;; drop pings except from outwall
chain=input action=drop protocol=!icmp in-interface=ether1-gateway
log=no log-prefix=""
7 ;;; default configuration
chain=input action=accept connection-state=established,related,new
log=no log-prefix=""
8 ;;; default configuration
chain=input action=accept connection-state=established,related,new
protocol=icmp src-address=192.168.0.0/16 log=no log-prefix=""
9 chain=input action=accept connection-state=established,related,new
protocol=udp src-address=192.168.12.2 dst-address=192.168.12.1
dst-port=514 log=no log-prefix=""

The radio boxes have only this "passthrough/fasttrack" built-in that
showed up when I upgraded to 6.38.1 (and I must admit I haven't
understood yet....)

> Are you running any queues?
I didn't set any. Also because I'm a "white hair" guy. I have to admit
I come from the old (deep last century!) school. An IP packet is an
IP packet is an IP packet :-) I am able to reason only in terms
of routing (being able to redirect a packet to the right piece of iron)
and filtering (being free to drop a packet if I don't like it).

I should upgrade myself, I know... ;-)

From the "entry point" from the internet (the Mikrotik 2011iLS box)
[admin@InWall] /queue interface> print
# INTERFACE QUEUE ACTIVE-QUEUE
0 ether1-gateway only-hardware-queue only-hardware-queue
1 ether2 only-hardware-queue only-hardware-queue
2... all other ethers are hardware-queue (and shouldn't matter - they are disabled)
10 sfp1 only-hardware-queue only-hardware-queue
11 bridge-local no-queue no-queue

From the PTP.bridge (office side):
[admin@SideC] /queue interface> print
# INTERFACE QUEUE ACTIVE-QUEUE
0 eth0 only-hardware-queue only-hardware-queue
1 air0 wireless-default wireless-default
2 bridge1 no-queue no-queue

From the CPE (home side):
[admin@sideD] /queue interface> print
# INTERFACE QUEUE ACTIVE-QUEUE
0 eth0 only-hardware-queue only-hardware-queue
1 air0 wireless-default wireless-default
2 bridge1 no-queue no-queue
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Wed Feb 15, 2017 12:07 pm

Please try disable your firewall on your mikrotik to see if that makes a difference to the speed from your home clients.
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Wed Feb 15, 2017 12:35 pm

I'll try this evening when I go back home.
I'll let you know the results.
Thanks
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Wed Feb 15, 2017 1:36 pm

Also if you run
export hide-sensitive
on the router that will give us an idea of anything else that could be lurking in the background.
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Thu Feb 16, 2017 1:01 pm

Please try disable your firewall on your mikrotik to see if that makes a difference


I tried, it doesn't make any difference.

run export hide-sensitive


I did it on the entry point box [the 2011iLS router]
I found a few incongruities vs what I see through the WEB UI.
I'll have to recheck them, see if it makes a difference, and then post the whole result.
In the meanwhile here's what I noticed so far (any help is appreciated):

set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full disabled=yes speed=10Mbps
((where is ether2?? I'm sure is there and running (or I wouldn't be here posting this reply....)
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
... ... ...
... ... ...
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
>>>this 2011iLS box has no wireless interfaces... it this just a "left-over" of a general purpose firmware/software?<<<

/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
>>>The dhcp server is off, I'm pretty sure of that. At least this is what the WEB UI says...<<<
>>>Or this is right? I would see enabled=yes if it were enabled?<<<

/interface ovpn-server server
set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=default-encryption mode=ethernet port=1202
>>>The ovpn server is off, I'm pretty sure of that. At least this is what the WEB UI says...<<<
>>>Or this is right? I would see enabled=yes if it were enabled?<<<

/interface pptp-server server
set enabled=yes max-mru=1400 max-mtu=1400
>>>AH! That's my fault. That is enabled indeed and is not supposed to.<<<

/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
>>>AGAIN; The dhcp server is off, I'm pretty sure of that. At least this is what the WEB UI says...<<<
>>>Or this is right? I would see enabled=yes if it were enabled?<<<

Later on (probably tomorrow morning with the whole output after I fix a few things.
Of course I've no idea now if speed will improve after such fixes.

-- Alessandro
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Thu Feb 16, 2017 1:12 pm

Often when you get a new box it is better tofactory default the settings remove defautl configuration then most of the things you are seeing now would not be there. Let us know how it goes after you have resolved the issues you found. Where are your ip addresses coming from if you are not running dhcp. WHich ports are connected to which area. I see one port Ether 3 is running at 10 mbps where does that go?
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Thu Feb 16, 2017 2:16 pm

Where are your ip addresses coming from if you are not running dhcp.

At the office:
. adsl router behind the 2011iLS box provides to wireless clients dhcp addresses only for the internet
(such IPs are "by design" unroutable to/through the 2011iLS box - guests can see only the internet)
. all "wired" devices (PCs, NAS, servers, SXTs, whatever, ...) at the office have a fixed IP address

At home:
. WiFi access point provides addresses to wireless clients
(such IPs are fully routable to both the office lan and the internet - no "guests" at home)
. all "wired" devices (PCs, NAS, servers, SXTs, whatever, ...) at home have a fixed IP address

Which ports are connected to which area. I see one port Ether 3 is running at 10 mbps where does that go?


thanks for any advice

{ISP}---dsl line-->[adsl router]<eth0--- cross cable --- ether1-gateway>[mikrotik 2011iLS]

[..........................]<ether2 --------->[[[16 port 3COM Gb switch]]] =
[mikrotik 2011iLS]<ether3* unplugged (a leftover of previous experiments)
[..........................]<ALL other ethers disabled and unplugged
* among other things, I'll disable ether3 since is not used. But I doubt it'lll make a difference

[[[.........................................]]]>most of all other office devices---
[[[16 ports 3COM Gb switch]]]>(including the SXT box in question)-->eth0[SXT]air0((-~~~~~~~~
[[[.........................................]]]>------->[[[another switch]]]>-- a very few other office devices

-->192.168.5.251/eth0>[officeSXT]10.4.4.1/air0((--~~~air~~~--))10.4.4.2/air0[homeSXT]>192.168.3.3/eth0---
*192.168.5.251/eth0 is linked to the 3com-swicth at 100 Mbps. Double-checked it.
*And I wouldn't get 60Mbps office-to-home speed if it were not at 100Mbps

~air~~~--))10.4.4.2/air0>[homeSXT]>192.168.3.3/eth0--->[[[8 port TPLINK switch]]]---(homelan)
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Thu Feb 16, 2017 10:01 pm

so just to confirm you have the mikrotik 2011 --->3com switch1 ---->SXT-----wirelesss------ to other office devices. these devices connec to internet at 16mbps
3com switch1 ---->switch---->SXT OFFICE-->wireless bridge-->SXT Home-->TP-LINK SWITCH--> WIRELESS AP (DHCP SERVER)
Is the wireless bridge a transparent bridge.
I am worried about your bridge I understand from home to office is working fine.from your notes you listing one side of bridge as having 192.168.5.251 on the otherside you have 192.168.3.3
Which interface on 2011 is your home lan hosted on and which interface is your office lan hosted on or are they coming off one port on main 2011 router. it would make it easier to understand if either you posted logical network diagram or posted your actual configuration hiding sensitive data and or anything else you dont want visible.
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Fri Feb 17, 2017 2:41 pm

so just to confirm you have the

mikrotik 2011 --->3com switch1 ---->SXT-----wirelesss------ to other office devices


Well, close with a little change:
mikrotik 2011 --->3com switch1 ---->all wired office devices + the SXT@office-~~radiolink~~-SXT@home---home devices

Which interface on 2011 is your home lan hosted on and which interface is your office lan hosted on or are they coming off one port on main 2011 router

everything is coming off the ether2 on 2011 and going to the 3com switch.
the idea was not to traverse the 2011 when home<->office devices are talking to each other (bad idea?)

Is the wireless bridge a transparent bridge.

No, the idea was to use the SXTs on both sides as "routers" to avoid useless traffic (like broadcasting) traversing the wireless link.
For both economy and security reasons. I'll give details in a next post in one or two hours. (bad idea?)

it would make it easier to understand if either you posted logical network diagram or posted your actual
configuration hiding sensitive data and or anything else you dont want visible.


I will draw it and post it in one or two hours. No problem about hiding things (except keys).
As a security professional I always recommend my Clients not to count on "secrecy" for security. Security comes from good design, keys, and control.
Then the world can see how your network is designed and still not be able to do anything with it (if you did a good job).

I'll be back in one/two hours. But if in the meanwhile you noticed any "bad idea", you're welcome to note it.

-- Alessandro
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Fri Feb 17, 2017 3:36 pm

So do you have static routes on each of the sxt's as well as the 2011 pointing to all the lans you require access to?
AS you are routing between mutiple routers 2 x sxts and 1x 2011 to get out to the internet it could be something as simple as the default route you pointed at from home is going a round about route to get out to internet or is missing on one of the routers and slowing things down.
Personally I would have connected the SXT's to one of the unused ports on the 2011 and hosted there lan from there. If you then wanted to configure the remote sxt as a router you could do keep local traffic local but because it is only a few home devices(unless you have 100 of devices on your home network) I would not be worrying about a broadcast storm and by using a port on the 2011 for this purpose, it would not bring your office network down only that port.
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Fri Feb 17, 2017 4:00 pm

So do you have static routes on each of the sxt's as well as the 2011 pointing to all the lans you require access to?

YES, or at least this was the intention... while putting together the diagram I started noticing a few strange (at least to me) things:

[[SXT@officeside]]
interface print
0 RS eth0 ether
1 RS air0 wlan
2 R bridge1 bridge

ip address print
0 192.168.5.251/24 192.168.5.0 eth0
1 10.4.4.1/30 10.4.4.0 eth0 <<< THAT'S A SURPRISE TO ME. i THOUGHT 10.4.4.1 TO BE THE AIR0 i/F ADDDRESS!
<<<<<<<<<<<<<<<<<<<<<<<<<<<<< OR, AT LEAST, THIS IS WHAT THE WEB GUI TELLS ME!

[admin@SideC] > ip route print
0 A S ;;; default gw @ office-lan
0.0.0.0/0 192.168.5.253 1 <<<The default gw (the mikrotik 2011 box) the when all the rules that follow fail
1 ADC 10.4.4.0/30 10.4.4.1 bridge1 0 <<<I don't understand this dynamic rule. Already have a static rule to the homeside of the radiolink (see next rule)
2 S ;;; home-to-office radio link
10.4.4.0/30 10.4.4.1 air0 1 <<<.1 is office-side and .2 is home-side
3 A S ;;; axampab.axinet.vpn via fedora
172.29.5.6/32 192.168.5.3 1 <<< ignore this. It's the routing to a (open)vpn network of ours
4 A S ;;; home lan
192.168.3.0/24 10.4.4.2 1 <<<this is where the SXT knows to send IP packets to/from the homelan to the SXT homeside
5 ADC 192.168.5.0/24 192.168.5.251 bridge1 0 <<<I don't understand this dynamic rule. Already have a static rule to the officelan via eth0 (see next rule)
6 S ;;; office lan
192.168.5.0/24 eth0 1
7 A S ;;; rho-lan via home-lan
192.168.11.0/24 10.4.4.2 1 <<<another network behind the homelan, so to be routed to 10.4.4.2 (SXT@home)

I'll be back. Thank you for your notes.
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Fri Feb 17, 2017 4:28 pm

1 10.4.4.1/30 10.4.4.0 eth0 <<< THAT'S A SURPRISE TO ME. i THOUGHT 10.4.4.1 TO BE THE AIR0 i/F ADDDRESS!

10.4.4.1 is the ip address 10.4.4.0 is the subnet id or network id
1 ADC 10.4.4.0/30 10.4.4.1 bridge1 0 <<<I don't understand this dynamic rule. Already have a static rule to the homeside of the radiolink (see next rule)

Tells you to get to the network 10.4.4.0/30 it will use 10.4.4.1. this is automatically generated when you add an ip to an interface. there is no need to add a static so you could remove
2 S ;;; home-to-office radio link
10.4.4.0/30 10.4.4.1 air0 1 <<<.1 is office-side and .2 is home-side

not needed
6 S ;;; office lan
192.168.5.0/24 eth0 1


if you can post the ip routes for each of the routers.
ie 2011
sxt off
sxt home
then any other router after that
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Fri Feb 17, 2017 5:26 pm

Thanks for all your notes.

if you can post the ip routes for each of the routers.
ie 2011
sxt off
sxt home
then any other router after that


[[[[ie 2011]]]]
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; OutWall (deafult gw to the internet)
0.0.0.0/0 192.168.12.2 1
1 A S ;;; vpns via fedora2
172.29.0.0/16 192.168.5.3 1
2 A S ;;; home lan
192.168.3.0/24 192.168.5.251 1
3 ADC 192.168.5.0/24 192.168.5.253 ether2 0
4 S ;;; office lan
192.168.5.0/24 ether2 1
5 A S ;;; rho-lan via home-lan
192.168.11.0/24 192.168.5.251 1
6 ADC 192.168.12.0/24 192.168.12.1 ether1-gateway 0
7 A S 192.168.12.0/30 ether1-gateway 1

[[[[sxt@office]]]]
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; default gw @ office-lan
0.0.0.0/0 192.168.5.253 1
1 ADC 10.4.4.0/30 10.4.4.1 bridge1 0
2 S ;;; home-to-office radio link
10.4.4.0/30 10.4.4.1 air0 1
3 A S ;;; axampab.axinet.vpn via fedora
172.29.5.6/32 192.168.5.3 1
4 A S ;;; home lan
192.168.3.0/24 10.4.4.2 1
5 ADC 192.168.5.0/24 192.168.5.251 bridge1 0
6 S ;;; office lan
192.168.5.0/24 eth0 1
7 A S ;;; rho-lan via home-lan
192.168.11.0/24 10.4.4.2 1

[[[[sxt1@home]]]] the one linked with the sxt@office
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
;;; deafult via office.lan
0 A S 0.0.0.0/0 10.4.4.1 1
;;; radio-to-radio
1 ADC 10.4.4.0/30 10.4.4.2 air0 0
;;; home-to-rho radio link via sxt2@home
2 A S 10.8.8.0/30 192.168.3.252 1
3 ADC 192.168.3.0/24 192.168.3.251 bridge1 0
;;; route to office.lan
4 A S 192.168.5.0/24 192.168.3.251 air0 1 USELESS, I GUESS...
;;; route to home.lan via sxt2@home
5 A S 192.168.11.0/24 192.168.3.252 1

[[[[sxt2@home2]]]] the one airlinked with rho.lan (192.168.11.0/24)
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.3.251 1
1 ADC 10.8.8.0/30 10.8.8.1 bridge1 0
2 S ;;; homelan-rholan link radio-to-radio
10.8.8.0/30 air0 1
3 ADC 192.168.3.0/24 192.168.3.252 bridge1 0
4 S ;;; homelan
192.168.3.0/24 eth0 1
5 A S ;;; officelan
192.168.5.0/24 192.168.3.251 1 USELESS, I GUESS...
6 A S ;;; rholan
192.168.11.0/24 10.8.8.2 1

[[[[sxt2@rho]]]] (the other side of home->rho radio link)
ip route print
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
;;; default gw via rholan-homelan radio link
0 A S 0.0.0.0/0 10.8.8.1 1
;;; reach radio-to-radio
1 ADC 10.8.8.0/30 10.8.8.2 air0 0 USELESS, I GUESS...
;;; reach home-lan
2 A S 192.168.3.0/24 192.168.11.1 10.8.8.1 1 USELESS, I GUESS...
;;; rho.lan
4 ADC 192.168.11.0/24 192.168.11.1 eth1 0


I doubt I'll be able to finish drawing the network scheme today.
In the meanwhile clients are demanding my attention. Don't know why... don't have my invoices already??? 8)
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Fri Feb 17, 2017 6:25 pm

I am going to highlight the ones I dont believe are needed in red you can disable and see that they are not before deleting
the ones you have put useless I guess next to are needed because they tell that particular router where to find the other lan without it you have to go to the start router or run ospf that will put it all in for you but that requires some configuration. confirm you not running any simple queues on any of these routers.

alessandro2 wrote:
Thanks for all your notes.


[[[[ie 2011]]]]
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; OutWall (deafult gw to the internet)
0.0.0.0/0 192.168.12.2 1
1 A S ;;; vpns via fedora2
172.29.0.0/16 192.168.5.3 1
2 A S ;;; home lan
192.168.3.0/24 192.168.5.251 1
3 ADC 192.168.5.0/24 192.168.5.253 ether2 0
4 S ;;; office lan
192.168.5.0/24 ether2
1
5 A S ;;; rho-lan via home-lan
192.168.11.0/24 192.168.5.251 1
6 ADC 192.168.12.0/24 192.168.12.1 ether1-gateway 0
7 A S 192.168.12.0/30 ether1-gateway 1

[[[[sxt@office]]]]
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; default gw @ office-lan
0.0.0.0/0 192.168.5.253 1
1 ADC 10.4.4.0/30 10.4.4.1 bridge1 0
2 S ;;; home-to-office radio link
10.4.4.0/30 10.4.4.1 air0 1

3 A S ;;; axampab.axinet.vpn via fedora
172.29.5.6/32 192.168.5.3 1
4 A S ;;; home lan
192.168.3.0/24 10.4.4.2 1
5 ADC 192.168.5.0/24 192.168.5.251 bridge1 0
6 S ;;; office lan
192.168.5.0/24 eth0 1

7 A S ;;; rho-lan via home-lan
192.168.11.0/24 10.4.4.2 1

[[[[sxt1@home]]]] the one linked with the sxt@office
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
;;; deafult via office.lan
0 A S 0.0.0.0/0 10.4.4.1 1
;;; radio-to-radio
1 ADC 10.4.4.0/30 10.4.4.2 air0 0
;;; home-to-rho radio link via sxt2@home
2 A S 10.8.8.0/30 192.168.3.252 1
3 ADC 192.168.3.0/24 192.168.3.251 bridge1 0
;;; route to office.lan
4 A S 192.168.5.0/24 192.168.3.251 air0 1 USELESS, I GUESS...
;;; route to home.lan via sxt2@home
5 A S 192.168.11.0/24 192.168.3.252 1

[[[[sxt2@home2]]]] the one airlinked with rho.lan (192.168.11.0/24)
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.3.251 1
1 ADC 10.8.8.0/30 10.8.8.1 bridge1 0
2 S ;;; homelan-rholan link radio-to-radio
10.8.8.0/30 air0 1

3 ADC 192.168.3.0/24 192.168.3.252 bridge1 0
4 S ;;; homelan
192.168.3.0/24 eth0 1

5 A S ;;; officelan
192.168.5.0/24 192.168.3.251 1 USELESS, I GUESS...
6 A S ;;; rholan
192.168.11.0/24 10.8.8.2 1

[[[[sxt2@rho]]]] (the other side of home->rho radio link)
ip route print
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
;;; default gw via rholan-homelan radio link
0 A S 0.0.0.0/0 10.8.8.1 1
;;; reach radio-to-radio
1 ADC 10.8.8.0/30 10.8.8.2 air0 0 USELESS, I GUESS...
;;; reach home-lan
2 A S 192.168.3.0/24 192.168.11.1 10.8.8.1 1 USELESS, I GUESS...
;;; rho.lan
4 ADC 192.168.11.0/24 192.168.11.1 eth1 0


I doubt I'll be able to finish drawing the network scheme today.
In the meanwhile clients are demanding my attention. Don't know why... don't have my invoices already??? 8)
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Fri Feb 17, 2017 6:28 pm

the other thing to do is run a traceroute to google.com and see how it goes out to make sure it follows the paths it should
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Wed Feb 22, 2017 6:23 pm

Hi again. Sorry for the delay, clients (fortunately) kept me busy :-)

Here's the diagram
(checked via traceroute the path is what is supposed to be)
follow the colored lines for speed tests from internet->officelan, officelan->homelan, and internet->homelan
cleaning up the route tables of useless stuff improved office<-->home speed (up to average 90, occasionally 120 Mbps)
no changes in speed from internet to homelan.

Any idea?

Image
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Wed Feb 22, 2017 7:56 pm

no worries we know how that feels.
If you run Btest to router 2011 what results are you getting? Secondly what are your ping times to your main router from the house?
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Wed Feb 22, 2017 9:07 pm

btest doesn't connect... I activated it on the 2011... but no game :-/
Any trick?

ping from my home workstation to local server @ office
(200 pings, at 100ms intervals)
$ sudo ping -c 200 -i 0.1 192.168.5.3
.. bla bla bla....
200 packets transmitted, 200 received, 0% packet loss, time 20032ms
rtt min/avg/max/mdev = 2.892/20.982/94.202/17.830 ms


ping from my home workstation to 2011 @ office
$ sudo ping -c 200 -i 0.1 192.168.5.253
.. bla bla bla....
200 packets transmitted, 200 received, 0% packet loss, time 20024ms
rtt min/avg/max/mdev = 3.026/20.077/71.479/17.568 ms


Those two results seem quite comparable to me...

I do not believe the 2011 has any troubles find its way to homelan, nor significant delay.

A doubt: may be this "double natting" biting back (it never did for years when only 192.168.5.0/24 was behind the NAT)???
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Wed Feb 22, 2017 9:12 pm

your firewall may block btest. remember you should enter a username and password for btest.
 
alessandro2
just joined
Topic Author
Posts: 13
Joined: Tue Feb 14, 2017 2:21 pm
Reputation: 0

Re: speed issues - what I am doing wrong?

Thu Feb 23, 2017 12:05 am

I got BTest working.

From SXT CPE homeside1 (see diagram) to 2011iLS inwall:

Tx/Rx Total Average: 50.3 Mbps/38.6 Mbps
(I guess BTest is not "pushing" the connection to its limits, real connections go double than that...)

I start to suspect something else is going wrong after (if you see it from the LAN), that is before (if you see it from the OUTSIDE) the inwall, and is going wrong only if destination/origin IP is different then 192.168.5.0/24... I don't get it.... :-(

Any idea?
 
User avatar
dgnevans
Member Candidate
Member Candidate
Posts: 248
Joined: Fri Mar 08, 2013 12:24 pm
Reputation: 2
Location: Zimbabwe

Re: speed issues - what I am doing wrong?

Thu Feb 23, 2017 12:02 pm

Is you 3COM a managed switch? is there any configuration running on it. For LAN traffic between home lan and server there is no need of it to hit the router 2011. I am still suspecting some form of QOS or queue issue in place. I suspect the issue is between the 2011 router and the switch from the tests results so far.
 
p3rad0x
Member
Member
Posts: 329
Joined: Fri Sep 18, 2015 5:42 pm
Reputation: 14

Re: speed issues - what I am doing wrong?

Thu Feb 23, 2017 3:48 pm

Hi,

enable flow control on the ethernet ports of the ptp links and give it a test.

Who is online

Users browsing this forum: No registered users and 3 guests