I have recently bought and configured a Mikrotik Hex to replace my ISP’s default modem. Setup and connectivity including IPTV went pretty smooth.
However, when up/down speeds on my 1Gbps connection only reach ~250Mbps. Resources show cpu3 on 100% when this limit is reached.
Interesting is, that after switching pppoe profile and immediately doing a speedtest, I do get 1Gbps up/down but after a few minutes it goes back to the previous situation.
I am running the latest firmware/router OS (7.12.1)
So I have 2 questions: is the cpu load indeed limiting throughput ; and ofcourse, what could be causing the high load?
Thanks in advance.
[EDIT] Ok I think I found the issue, as soon as I disable IPv6 in the ppp profile all is well. So it seems a lot of the speedtest sites use ipv6 and the hex doesnt support fasttrack for ipv6.
I can see the counter increase in ipv6 firewall.
# 2023-12-08 10:13:52 by RouterOS 7.12.1
# software id = V2VX-ACIT
#
# model = RB750Gr3
# serial number = HF209FMCSZ4
/interface bridge
add arp=proxy-arp igmp-snooping=yes name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp l2mtu=1598 loop-protect=off \
mtu=1512 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] l2mtu=1598
/interface vlan
add interface=ether1 name=vlan1.4 vlan-id=4
add interface=ether1 loop-protect=off mtu=1508 name=vlan1.6 vlan-id=6
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
add code=28 name=option28-broadcast value="'192.168.2.255'"
/ip pool
add name=thuisnetwerk ranges=192.168.2.100-192.168.2.200
/ip dhcp-server
add address-pool=thuisnetwerk interface=bridge-local lease-time=1h30m name=\
dhcp-thuis
/port
set 0 name=serial0
/ppp profile
set *0 only-one=yes use-compression=yes use-encryption=no use-mpls=yes \
use-upnp=no
add name=default-ipv6 only-one=yes use-compression=yes use-upnp=no
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=vlan1.6 \
keepalive-timeout=20 max-mru=1500 max-mtu=1500 name=pppoe-client profile=\
default-ipv6 user=1234@provider
/routing bgp template
set default disabled=yes output.network=bgp-networks
/interface bridge port
add bridge=bridge-local ingress-filtering=no interface=ether2
add bridge=bridge-local ingress-filtering=no interface=ether3
add bridge=bridge-local ingress-filtering=no interface=ether4
add bridge=bridge-local ingress-filtering=no interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.2.254/24 interface=bridge-local network=192.168.2.0
/ip dhcp-client
add default-route-distance=210 dhcp-options=option60-vendorclass interface=\
vlan1.4 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server config
set store-leases-disk=15m
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.254 domain=sdt.local gateway=\
192.168.2.254
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=1.1.1.1,8.8.8.8
/ip firewall filter
add action=accept chain=input in-interface=pppoe-client protocol=icmp
add action=accept chain=input connection-state=established,related
add action=reject chain=input in-interface=pppoe-client protocol=tcp \
reject-with=icmp-port-unreachable
add action=reject chain=input in-interface=pppoe-client protocol=udp \
reject-with=icmp-port-unreachable
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat comment="Needed for internet" \
out-interface=pppoe-client src-address=192.168.0.0/16
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
213.75.112.0/21 out-interface=vlan1.4
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
217.166.0.0/16 out-interface=vlan1.4
/ip upnp
set show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=pppoe-client type=external
/ipv6 address
add address=::1 from-pool=0 interface=bridge-local
/ipv6 dhcp-client
add interface=pppoe-client pool-name=0 pool-prefix-length=48 request=prefix
/ipv6 firewall filter
add action=accept chain=input connection-state=established in-interface=\
pppoe-client
add action=accept chain=input connection-state=related in-interface=\
pppoe-client
add action=accept chain=input in-interface=pppoe-client protocol=icmpv6
add action=accept chain=input comment="DHCPv6 for public addresses" \
dst-address=fe80::/64 dst-port=546 in-interface=pppoe-client log=yes \
log-prefix=DHCPv6 protocol=udp
add action=reject chain=input in-interface=pppoe-client reject-with=\
icmp-port-unreachable
add action=accept chain=forward connection-state=related in-interface=\
pppoe-client
add action=accept chain=forward connection-state=established in-interface=\
pppoe-client
add action=reject chain=forward in-interface=pppoe-client reject-with=\
icmp-no-route
/ipv6 nd
set [ find default=yes ] disabled=yes
add advertise-mac-address=no hop-limit=64 interface=bridge-local
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan1.4 upstream=yes
add interface=bridge-local