Community discussions

Search found 32 matches

by ToBeFrank
Sat Jan 26, 2019 8:49 pm
Forum: RouterBOARD hardware
Topic: CRS317 10G -> 1G traffic slow, everything else fine
Replies: 21
Views: 7382

Re: CRS317 10G -> 1G traffic slow, everything else fine

I can confirm it is fixed in 6.43.8.
by ToBeFrank
Thu Jul 26, 2018 4:02 am
Forum: General
Topic: CRS3xx Fasttrack on VLANs not working.
Replies: 11
Views: 1050

Re: CRS3xx Fasttrack on VLANs not working.

I'm seeing the same thing on a CCR1009. Did you get any resolution to this?
by ToBeFrank
Wed Jul 25, 2018 3:08 am
Forum: General
Topic: Fasttrack only working in one direction?
Replies: 2
Views: 349

Fasttrack only working in one direction?

I'm running a CCR1009 on 6.42.6. I am testing inter-vlan performance using iperf. The CCR is only capable of gigabit on a single connection if the connection is fasttracked. The following are the first 2 rules of my firewall forward chain: /ip firewall filter add action=fasttrack-connection chain=fo...
by ToBeFrank
Sat Apr 28, 2018 9:04 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2348

Re: Getting Plex to play nice with firewall rules

But how then does IP NAT rule work if one wants to limit external IP address or addresses (by list if more than one) to access the LAN Server (port(s)?? Do we need a separate FW rule on the forward chain? In other threads it seems to be indicated that we can simply specific the source address(es) i...
by ToBeFrank
Tue Apr 24, 2018 10:20 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2348

Re: Getting Plex to play nice with firewall rules

I think part of what's confusing to people is when to use chain=input and when to use chain=forward because I see similar rules with both. I know it's very complicated and the pictures make it worse not better :) So when does NAT apply? So is it really going through the firewall twice? Once for the...
by ToBeFrank
Mon Mar 05, 2018 10:49 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 27
Views: 2802

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

I don't agree that a single stream has to be handled in a single thread. I'll agree to disagree and leave it at that.
by ToBeFrank
Mon Mar 05, 2018 7:13 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 27
Views: 2802

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

Only a single processor can be active for the thread at one time, when the thread is scheduled on a different processor regularly, the average load of the processors can be low even when the thread is CPU-bound. If that's what is actually happening, I would consider that a pretty big flaw in the sc...
by ToBeFrank
Mon Mar 05, 2018 6:27 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 27
Views: 2802

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

I was hoping you could explain it. Going through 2 mangle rules and 2 queue checks (but not actually queuing) and maxing out the CPU seems not right.
by ToBeFrank
Mon Mar 05, 2018 5:34 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 27
Views: 2802

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

The load figures you see in profiling are averages and the CPU limits are instaneous.
Describe the scenario where an average load of 60% would result in a throughput of 62% of max.
by ToBeFrank
Mon Mar 05, 2018 4:39 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 27
Views: 2802

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

Well, that can still happen when the task is single-threaded and limited by CPU. The immediate performance is limited by the single CPU, but the actual CPU running the code is switched a few times per second, so you still see evenly loaded processors in the profiling. If no single core goes over 60...
by ToBeFrank
Mon Mar 05, 2018 4:03 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 27
Views: 2802

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

Always check the detailed load of the CCR in tools->profile by selecting CPU: all. When you get 10 or 20% CPU load on a CCR1009 it can mean that one or two cores are fully loaded and the others are almost idle. The CPU is still the bottleneck in that case because it apparently is a single-threaded ...
by ToBeFrank
Sun Mar 04, 2018 10:29 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 27
Views: 2802

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

I can reproduce this on my CCR1009. I tested using iperf between two VLANs. Here are my results. 1) With firewall rules, mangle rules disabled, queues disabled, fasttrack disabled: 925Mbps. 2) With firewall rules, mangle rules disabled, queues enabled (but logically disabled since no mangle rules), ...
by ToBeFrank
Sun Mar 04, 2018 12:57 am
Forum: Beginner Basics
Topic: L2TP/IPsec VPN
Replies: 9
Views: 1264

Re: L2TP/IPsec VPN

Set arp=proxy-arp on your LAN interface?
by ToBeFrank
Sun Mar 04, 2018 12:52 am
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 27
Views: 2802

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

Looks like you're using queue trees. How does it do with simple queues?
by ToBeFrank
Wed Feb 28, 2018 11:33 pm
Forum: General
Topic: L2TP VPN for iPhones
Replies: 30
Views: 9352

Re: L2TP VPN for iPhones

by ToBeFrank
Sat Feb 17, 2018 3:38 am
Forum: Beginner Basics
Topic: What hardware to use at home
Replies: 6
Views: 734

Re: What hardware to use at home

I'm very happy with my CCR1009 at home. I have a 1000/35 connection, and it doesn't even break a sweat when doing lots of QOS.
by ToBeFrank
Wed Feb 14, 2018 11:45 pm
Forum: General
Topic: Can you log packets going through a queue?
Replies: 0
Views: 229

Can you log packets going through a queue?

I am getting unmarked packets that I think should be marked(see here). If I could log the packets that are flowing through the "unmarked" queue, this would be simple to figure out. Is there a way to do that?
by ToBeFrank
Tue Feb 13, 2018 6:58 pm
Forum: General
Topic: Why am I getting unmarked packets?
Replies: 2
Views: 299

Re: Why am I getting unmarked packets?

try set dst=wan on 2nd and 3rd simple queues I don't think I can do that since I want incoming WAN connections going through the queues as well, for example port forwarding. i think 1st simple queue is not necessary My understanding is that anything that does not go through a queue gets a default p...
by ToBeFrank
Sat Feb 10, 2018 6:29 pm
Forum: General
Topic: Why am I getting unmarked packets?
Replies: 2
Views: 299

Why am I getting unmarked packets?

I have the following mangle rules set up: /ip firewall mangle add action=mark-packet chain=input in-interface=wan new-packet-mark=wan passthrough=no add action=mark-packet chain=forward in-interface=wan new-packet-mark=wan passthrough=no add action=mark-packet chain=forward out-interface=wan new-pac...
by ToBeFrank
Sat Feb 03, 2018 3:30 am
Forum: Beginner Basics
Topic: L2TP/IPSec so I can use with Apple sierra and iOS
Replies: 4
Views: 3763

Re: L2TP/IPSec so I can use with Apple sierra and iOS

Here's how I did it. Works on both iPhone and MacOS. # proxy-arp needed on interface for VPN /interface bridge add name=lan arp=proxy-arp protocol-mode=none /interface bridge port add bridge=lan interface=ether7 /ip address add address=192.168.1.254/24 interface=lan # DHCP /ip pool add name=dhcp-lan...
by ToBeFrank
Mon Jan 08, 2018 6:24 pm
Forum: General
Topic: Simple DNS question
Replies: 2
Views: 341

Re: Simple DNS question

In the DHCP client section of the manual, the use-peer-dns (yes | no; Default: yes) option is documented as follows: Whether to accept the DNS settings advertised by DHCP Server. (Will override the settings put in the /ip dns submenu. This seems to indicate that if you are using the ISP provided DNS...
by ToBeFrank
Sun Dec 31, 2017 8:30 pm
Forum: General
Topic: Connection marking and queues management doubts
Replies: 5
Views: 516

Re: Connection marking and queues management doubts

I am doing this but with a statically created dst-address list. I don't have to create any additional mangling rules on the src-address. To me this suggests something is wrong with your config.
by ToBeFrank
Sun Dec 24, 2017 10:29 pm
Forum: General
Topic: winebottler warning
Replies: 0
Views: 233

winebottler warning

I was researching how to run The Dude client on my mac and searching the forums shows that several people, including a Mikrotik employee, are recommending to use WineBottler. I use Little Snitch, which means I have to approve all outgoing connections when a new app starts up. I started WineBottler, ...
by ToBeFrank
Sun Dec 24, 2017 1:17 am
Forum: General
Topic: One of the queues in my interface queue tree doesn't work [SOLVED]
Replies: 2
Views: 630

Re: One of the queues in my interface queue tree doesn't work [SOLVED]

I was hoping I was missing something simple, and indeed, I was. Thanks much.
by ToBeFrank
Sat Dec 23, 2017 2:32 am
Forum: General
Topic: One of the queues in my interface queue tree doesn't work [SOLVED]
Replies: 2
Views: 630

One of the queues in my interface queue tree doesn't work [SOLVED]

I am setting up QOS using a queue tree on the WAN interface (upload) and a queue tree on the LAN interface (download). I have the following setup: /interface bridge settings set use-ip-firewall=yes /interface bridge settings set use-ip-firewall-for-vlan=yes /ip firewall address-list add address=192....
by ToBeFrank
Thu Dec 21, 2017 3:32 pm
Forum: General
Topic: DHCP server: have static IP on one subnet, dynamic IP on another subnet [SOLVED]
Replies: 5
Views: 868

Re: DHCP server: have static IP on one subnet, dynamic IP on another subnet [SOLVED]

That's what I get for reading the documentation instead of looking at the GUI (I'm doing my config in a script). The docs have the "server" property listed as read only. Anyway, I added it and all is well. Thanks!
by ToBeFrank
Thu Dec 21, 2017 7:05 am
Forum: General
Topic: DHCP server: have static IP on one subnet, dynamic IP on another subnet [SOLVED]
Replies: 5
Views: 868

Re: DHCP server: have static IP on one subnet, dynamic IP on another subnet [SOLVED]

I haven’t found anything in the docs that indicate you can do that.
by ToBeFrank
Thu Dec 21, 2017 2:41 am
Forum: General
Topic: DHCP server: have static IP on one subnet, dynamic IP on another subnet [SOLVED]
Replies: 5
Views: 868

DHCP server: have static IP on one subnet, dynamic IP on another subnet [SOLVED]

I have the following configuration: /interface set [ find default-name=ether1 ] name="wan" /interface set [ find default-name=ether7 ] name="physical-lan" /interface bridge add name=lan /interface bridge port add bridge=lan interface=physical-lan /interface bridge port add bridge=lan interface=ether...
by ToBeFrank
Wed Dec 20, 2017 4:02 pm
Forum: RouterBOARD hardware
Topic: Defective CCR1009?
Replies: 2
Views: 426

Re: Defective CCR1009?

Something was bad with that hardware. I returned it and received the replacement yesterday. The replacement is running at 50C so all is good.
by ToBeFrank
Tue Dec 19, 2017 4:13 am
Forum: RouterBOARD hardware
Topic: Defective CCR1009?
Replies: 2
Views: 426

Defective CCR1009?

I just received my CCR1009-7G-1C-PC this evening. In the process of trying to set it up, it has rebooted several times due to too high cpu temp. Has anyone seen this, or is this CCR defective? Note that it is not 36C in my home, it is currently 20C in my home. The CCR is sitting on a cool tile floor...
by ToBeFrank
Mon Dec 18, 2017 9:30 pm
Forum: Beginner Basics
Topic: Confused about QuickSet [SOLVED]
Replies: 3
Views: 1404

Re: Confused about QuickSet [SOLVED]

Excellent, that's exactly what I was hoping to do. Thanks!
by ToBeFrank
Mon Dec 18, 2017 7:37 pm
Forum: Beginner Basics
Topic: Confused about QuickSet [SOLVED]
Replies: 3
Views: 1404

Confused about QuickSet [SOLVED]

I will be receiving my Mikrotik router this evening. I was thinking I could use QuickSet to do most of the setup, and then change/add the settings I need for what QuickSet doesn't cover. However, the manual has the following: How is Quickset different from the Webfig tab, where a whole bunch of new ...