hAP ac poor performance

Hello!

I am not a professional so apologies if I mix anything up or my explanations are unclear. I use a MikroTik hAP ac router for my private home network and I am unsatisfied with its performance.

My setup is the following: My MikroTik hAP ac is connected to my ISP’s cable modem. I am using the very basic configuration: WAN on eth1, everything else bridged and NATed. When I connect my laptop PC to the cable modem via ethernet directly, I can download 1GB of random data (a file dumped from /dev/urandom) from one of my webservers with a speed of just above 100MByte/sec (reported by the wget command line tool).
$ wget -O /dev/null […]
/dev/null 100%[===================>] 1.00G 105MB/s in 10s

This seems quite reasonable; I’m paying for 1GBit/s and that’s quite close. Now when I connect the MikrotTik hAP ac to the cable modem and my laptop to the MikroTik (both via ethernet), wget starts with 60MByte/sec, everything becomes gradually slower, and when the file has finished downloading, wget reports an average speed of 16MByte/sec.
$ wget -O /dev/null […]
/dev/null 100%[=====================================>] 1.00G 16.2MB/s in 39s
This seems quite unsatisfactory to me. The hAP ac does not max out its CPU. It might run a bit warm (around 40°), but nothing outside of the specification.

The following is my configuration:

# jan/06/2021 12:44:47 by RouterOS 6.48
# software id = AZX9-7PXM
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 6F12074B13B5
/interface bridge
add admin-mac=64:D1:54:6D:00:59 auto-mac=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] full-duplex=no name=WAN
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-g/n channel-width=20/40mhz-XX country=no_country_set disabled=no frequency=auto frequency-mode=manual-txpower mode=ap-bridge ssid=DLN station-roaming=enabled wireless-protocol=802.11 wmm-support=enabled \
    wps-mode=disabled
/interface ethernet switch
set 0 name=switch
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap eap-methods="" management-protection=allowed mode=dynamic-keys name=guest supplicant-identity=""
add authentication-types=wpa2-psk mode=dynamic-keys name=default-5g supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX country=germany disabled=no distance=indoors frequency=auto hw-retries=10 installation=indoor max-station-count=100 mode=ap-bridge security-profile=default-5g ssid=DLN station-roaming=\
    enabled wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
add disabled=no mac-address=66:D1:54:6D:00:5F master-interface=wlan1 name=wlan3 security-profile=guest ssid=DLNF station-roaming=enabled wds-default-bridge=bridge wps-mode=disabled
/ip pool
add name=pool ranges=192.168.0.2-192.168.0.99
/ip dhcp-server
add address-pool=pool bootp-support=none disabled=no interface=bridge lease-time=12h name=dhcp
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan3
/ip neighbor discovery-settings
set discover-interface-list=discover
/ip settings
set allow-fast-path=no
/interface list member
add interface=wlan1 list=discover
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=sfp1 list=discover
add interface=wlan2 list=discover
add interface=bridge list=discover
add interface=WAN list=discover
/ip address
add address=192.168.0.1/24 interface=bridge network=192.168.0.0
/ip dhcp-client
add dhcp-options=clientid,clientid_duid,hostname disabled=no interface=WAN use-peer-dns=no
/ip dhcp-server lease
add address=192.168.0.62 mac-address=00:16:EA:DB:EB:56
add address=192.168.0.61 mac-address=E8:B1:FC:0A:08:39
add address=192.168.0.60 mac-address=D4:25:8B:66:B9:21
add address=192.168.0.63 client-id=1:88:87:17:8f:ee:93 mac-address=88:87:17:8F:EE:93 server=dhcp
add address=192.168.0.72 client-id=1:34:7e:5c:32:65:48 mac-address=34:7E:5C:32:65:48 server=dhcp
add address=192.168.0.73 client-id=1:34:7e:5c:33:39:ec mac-address=34:7E:5C:33:39:EC server=dhcp
add address=192.168.0.74 client-id=1:34:7e:5c:f0:96:a0 mac-address=34:7E:5C:F0:96:A0 server=dhcp
add address=192.168.0.71 client-id=1:34:7e:5c:f3:29:0 mac-address=34:7E:5C:F3:29:00 server=dhcp
add address=192.168.0.254 client-id=ff:0:0:0:7:0:3:0:1:4c:5e:c:f8:75:12 mac-address=4C:5E:0C:F8:75:13 server=dhcp
add address=192.168.0.64 mac-address=50:9A:4C:19:63:DE server=dhcp
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 domain=local.lan gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=WAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=WAN
/ip ipsec policy
set 0 disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=Europe/Berlin
/system leds
set 1 interface=wlan2
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox

So I was worried that I could be facing a hardware problem and therefore I bought a second identical device just today. It runs the default configuration, and I get the identical behavior: Downloads are limited to 10-20MByte/sec. Just for reference, the full config of the second device can be found below.

Is this a general problem with those devices? From the test results (https://mikrotik.com/product/RB962UiGS-5HacT2HnT#fndtn-testresults) I did not expect this. Any help would be greatly appreciated!

# jan/06/2021 11:27:30 by RouterOS 6.48
# software id = PS15-74GD
#
# model = RB962UiGS-5HacT2HnT
# serial number = CC4F0C35A661
/interface bridge
add admin-mac=48:8F:5A:88:8F:79 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=sfp1 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX country=germany distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=DLN2 wireless-protocol=802.11 wps-mode=\
    disabled
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX country=germany distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=DLN5 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Berlin
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Update: made clear that I only use ethernet connections, no Wifi involved.

I would suggest resetting the first device as there are couple of settings that can cause slow performance, i.e. Ether1 (WAN) is set to half duplex, fast path s disabled and fasttrack needs this, etc

Many other suggestions, that always fall in the same list of settings to take.

1. What is your second connection? The one to the client, I assume it is wireless, not ethernet? If it is ethernet then forget what follows.
2. What is your connection & quality. Is it to the 2.5 GHz WLAN1 or to the 5 GHz WLAN2? What does the “Registration” of the wireless connection say on TX Rates/RX Rates/Signal strength/CCQ?
3. The latest 6.48(.0) RouterOS version is rather plagued with bugs. It may not affect your results, but the LT (Long Term not Stable) version is preferred.
4. MKT (and mostly other brands as well) are not “smart” when set to “auto” for the frequency. They have to pick a frequency at startup in a split second, and they stick to that choice.
5. Using “auto” as frequency is asking for random performance result, unless somewhere on a lonely island or in the desert.
6. Using XX and XXXX as channel specification is non-deterministic. You don’t know what the AP will select.
7. 40 MHz on 2.4 GHz is seldom available or ‘free’ in the neighborhood. 80 MHz may do well in 5GHz but also may not.
8. Start by using a “Freq Usage” and “Snooper” scan, and pick the ‘free’ channels yourselves. You wait to transmit for everyone above -96 dBm !
9. You are in Germany, you are in the ETSI regulation. Don’t limit the installation to “indoor”, set it to “any” . Indoors you are allowed to use the outdoor frequencies as well (they are stronger also)

[admin@MikroTik] > interface wireless info country-info germany
  ranges: 2402-2482/b,g,gn20,gn40(20dBm)
          2417-2457/g-turbo(20dBm)
          5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(23dBm)/passive,indoor
          5170-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,passive,indoor
          5250-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,passive,indoor
          5490-5710/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(27dBm)/dfs,passive

10 Learn about the wifi overhead. With a connected PHY rate (TX rate/RX rate) , the useful airtime will be reduced as the CCQ. The overhead of 802.11 is between 25 and 60% . (Throughput is between 40% and 75% of the CCQ*PHY rate, if unidirectional (half-duplex). It is half of this if it is full duplex.) In your best case (100% CCQ, 866Mbps) expect 390 Mbps unidirectional. To be shared with all your neighbors, and the slowest one takes the largest share of the airtime.

Unless you check the “registration”, no one can figure out what the expected max speed of your connection would be, nor have an indication why it does not give what you expect.

Hi all,

thank you for our input!

I am in fact using ethernet, eth1 to WAN, eth2 to Laptop PC. Sorry if that was not clear! I already did the factory reset: settings on the old device might have been off since I played around quite a bit with them during the last couple of days. (Some similar forum posts suggested turning fast path off/on, etc. For me, this did not affect performance at all.)

What bothers me right now is the following: Transfers start with wire-speed but after a couple of seconds the speed deteriorates noticeably. I am aware that “wget” is probably not the best way to assess network quality; nevertheless I would not have expected to see any difference (direct connection to cable modem vs. MikroTik in between).