It is an image made by someone who wants answers without giving information.
Did I win anything?
The input traffic is higher because there’s some housekeeping stuff happening.
Thanks for you reply
any pointer towards the right direction?
allow remote connection for DNS is off, no webproxy etc
Thanks
Please do not quote unnecessarily.
Use “Post Reply”,
thanks.
Can simply your device under attack and the firewall block packets,
or simply your interface receiving some packet from other vlans, etc.
Can be anything without more details.
Just packet drop, (very normal in IP, even in a single UDP or TCP stream) ? (queue full or packet reached end-of-life/TTL value, device cannot handle volume, congestion, …)
RX packets number is off screen capture. But you actually hide almost everything. (What MT ? SFP speed, ether4 speed, routed/bridged?, NAT or any other firewall rules?, what is after ether4?, HW offloaded? , error counters SFP and ether4?, CPU load? , protocol used? … ???)
Ask your network administrator.
Or the one with the networking skills.
Use torch on the interfaces and sort by RX/TX Rate.
Thanks for your help
the device is RB4011
SFP is 1G
ether4 is connected to the switch where service is being distributed
Yes loads of firewall filter rules
CPU was nominal
One thing i noticed it stopped after a link to a customer went down due to lighting. i guess we have to do some investigations over there
I will update once i check
On thing common in every post i read on MikroTik forum is that i person who believes he/she knows all will make a comment that is actually not in anyway helpful or contributive
As a network admin sometimes when we are stuck we reach out to colleagues for ideas or advice.
I believe its one of the main reason this forum was created
Anyways thanks for your no contribution and your irrelevant response
/export hide-sensitive file=anynameyouwish
May point to other config issues…
Thanks for your reply
I suggest attacks of some devices on the other part of the network
We are cleaning up the client side.
May i also add there's no need for unnecessary harsh and hostile comments before you make your suggestions i tried to ignore once but you still had to comment "Please do not quote unnecessarily.
Use "Post Reply",
Even if you feel im a newbie i dont think not knowing how to post a reply after 9years in this forum makes any logical sense
Thanks again for your response
Thank you
i haven’t seen that before i will give it a try
Thanks alot
After 9 years never know the /export function
Slow reader! 
What does your NMS say? You should be able to look at your netflow stats to determine what the excess traffic is, or just torch the interface see whats happening that is not being forwarded to ether4. Likely dropped/queued packets or traffic to unused IP’s in a subnet you are using but not actively being used by a customer.
I’m sorry, my magic crystal ball sometimes is unreliable and I can’t use it in mystery problem solving.
But I see that you recently found the export function, after 9 years “of forum”. PS: spending time on a forum doesn’t make you a network administrator.
PS2: Ever saw Tool/Torch? It’s like a magic crystal ball of some sorts.
Since you talk about “customers”, chances are high that you’ve got some bandwidth shaping rules (using queues) in place. If so, it’s what @bpwl suggests - that client has attracted (willingly or unwillingly) a traffic volume his contract doesn’t allow. So that traffic arrives via the uplink (sfp) interface, but only part of it is actually forwarded to the client. Not all types of traffic adjust the transmit speed to a feedback provided by the recipient.
Regarding the harsh comments - nobody has been born a network administrator, but the same information can be presented in multiple forms, and some people perceive some forms better than others. Your augmented screenshot does illustrate what you ask about, but whereas some people may understand it at first glance, other people (like me) have to study it longer - not to find what is actually wrong but to find out what you deem wrong.
It would have been easy for you to describe your concern also in plain words, like “why the Rx bandwidth on the uplink interface is much higher than the sum of Tx bandwidths on downlink interfaces”.
Thanks for your post
Your point about the problem and opinion with regards to the harsh comments made sense
I will look into that.
Also next time i will explain clearly
Thanks once again
Funny mr know it all
you know “/export file=anyname” works if i didnt know about “hide-sensitive” doesnt make me a newbie
You are just a ridiculous fellow