Hello everyone, my Internet provider gives me an FTTH connection with 2 Gbps download. The ports on my ISP’s router are all 1 Gbps and the router itself has serious problems (it loses packets in LAN communication). So my idea was to put a MikroTik hAP ax² configured so that everything that comes from LAN1 goes to WAN1 and everything that comes from LAN2 goes to WAN2. I did it on my router with OpenWRT, but it’s not powerful enough and I can’t switch 2 Gbps, I stop at about 600 Mbps. Would the hAP ax² be able to do it?
Would I be able to download at 1 Gbps from both WAN1 and WAN2 simultaneously?
I saw many tutorials and I know it is possible, I know how to do it, but I do not know if the CPU is fast enough.
Under some conditions it will be able to handle 2Gbps but it might not in others.
The smaller the packets become, the more it will struggle (especially when adding firewall filters and/or queues).
Well, I do not need something routing packet H24 ad the max speed.
I could have to download a big file from my PC and another one from my NAS.
I would like to reach the maximum speed I can without having to split it because of the lack CPU power.
Moreover I have a couple of rules:
1 - LAN1 has to go to WAN1
2 - LAN2 has to go to WAN2
3 - WIFI has to go to WAN (or WAN3)
4 - LAN1, LAN2 and LAN3 must be able to talk each other.
Nothing else.
They should be a dozen of rules… am I right?
Question 2: hAP ax3 should be better?
Not clear enough information.
You have an ISP that gives you one WAN connection of 2gps is that symmetrical 2gigs up and down.
Where is your second WAN coming from?
How is the 2gigs delivered, ethernet jack? Fibre port?
Is the port a 1gig port, a 2.5gig port a 10gig port ???
Sorry, I forgot to provide more detailed information.
My ISP provided me with a router called “Vodafone Station”.
The fiber cable (FTTH) goes directly into the router with 2.5 Gbps in download and 500 Mbps in upload. The router ports are all 1 Gbps. I don’t mind this because in one port I have attached a switch with my servers. In the second port, I have attached another switch with my PCs and the rest goes on WLAN.
The problem is that the router is full of bugs. The most serious is the constant loss of packets between the LAN ports. This makes it impossible for me to transfer large files between a NAS and a PC.
I then thought of Mikrotik (actually the more I look, the more I think of the Hap AX3) that does 3 WANs (3 ports attached to my ISP’s LAN router) and 2 LANs + 1 WLAN. In this way, I would balance the traffic and allow the LANs to talk to each other, but give each one a different WAN to exit.
I was wondering if the HAP AX3 would support all this as the computational capabilities it needs are not trivial.
Is there anyway to pass on the public IP address from the MODEM part of the ISP device to the MIkrotik??
Thus far I dont see any solution to your issue because the PROVIDER
is only giving you 2.5 down to their device but none of yours??
For example if all their ethernet ports are 1 gig, they have effectively capped your max download to 1 gig.
If they had an ethernet port putting out 2.5 gig, then I would say get the AX3 or better.
That vodafone station doesnt look like the white ones on the net, what is the model and name of ISP provider.
Not mantaining the 2,5 Gbps.
I can use my own router, but they will cap me at 1 Gbps.
For example if all their ethernet ports are 1 gig, they have effectively capped your max download to 1 gig.
If they had an ethernet port putting out 2.5 gig, then I would say get the AX3 or better.
That vodafone station doesnt look like the white ones on the net, what is the model and name of ISP provider.
Anyway I can reach 1800 mbps download on my phone using Wifi or downloading from 3 of the interfaces simultaneously… that is exactly what I want to do with Mikrotik (this morning I bought the Hap AX3 )
Are there any “passthrough router” or “DMZ router” setting on the Vodafone device? Some screenshots of UI of that router might give folks some clues as to what may be possible.
Most ISP routers have some method to connect your own router. In generally, you’d rather connect the Mikroitk to some ONT (e.g. fiber-to-ethernet box before router), but that’s not always possible, or at least not easily, see http://forum.mikrotik.com/t/bypassing-at-t-residential-gateways-with-mikrotik/135563/1 (but that’s for a US AT&T but similar contraption)
I think the hAPax3 be fine at that traffic level: https://mikrotik.com/product/hap_ax3#fndtn-testresults
The “25 ip rules” is the one to look at. I generally looked at the 512 byte packet size number to be conservative, even though most packets would likely be ~1500 full frame,
On Wi-Fi performance of them…hopeful you’d get similar – but ax is new in the Mikrotik world, so that be my concern.
I dont believe for a second you get 1800 on wifi.
If you look at the product each radio is capable of 1200 max and thats typically two way, so around 600Mbps would be what you should see on an OOKLA speed test for example.
I ask about passthough since an ISP router still has a CPU, so if you don’t bypass the LAN on the device, you may still be exposed to the router “bugs”.
But it is possible to do what you’re asking – your two ethernet to same router. But it is going to result in a double-NAT if they’re LAN ports on the router. This is the end of the world necessarily, but can cause problems with some apps (like older VoIP stuff) & still may expose you to problematic packet processing on the Vodafone router.
Concur AMMO, thats why asking if the router is capable of sending the public IP to the MT device…
Doing something similar for a relative… As you state, even better if one can avoid the home hub that provides often internet, IPTV, VOIP
If the OP only needs internet, then ask the provider for a business class modem ( aka an ONT only ) and get rid of the vodaphone station hub altogether.
If I ask for an ONT, they give me a 1 Gbps ONT since their rules are:
“Do you want full speed? You have to use our router. Do you want to use your router and the ONT? I will cap you @1Gbps”
If you wonder why I do not change provider… it’s quite simple. I do not pay a single cent for the connection since my company gives me Internet connection for free, but with this ISP.
We are in Italy, we use point as separator.
It is 1714 Mbps which is 1,7 Gbps.
I am sending you a new speedtest… or a video if you prefer.
I swear, it’s almost 2 Gbps… it’s a WiFi 6 5 Ghz connection @ 160 Mhz.
Here is another example: https://www.youtube.com/shorts/tFiuesM7YMk (this is not me, it’s someone with a connection like my one)
I do not need 1,7 Gbps on my phone 2 inches away from the router
No need to use mangles thus far… assuming vers7 firmware
— CUT —
/IP routes ( six required )
add dst-address=0.0.0.0/0 gwy=192.168.100.10 gateway table=main
add dst-address=0.0.0.0/0 gwy=192.168.100.20 gateway table=main
add dst-address=0.0.0.0/0 gwy=192.168.100.30 gateway table=main
Why do I need these rules if I have the useWANx rules?
Moreover, why all of the examples I saw on the Internet use mangles?
They mark the packets in the prerouting chain and they route to different gateways according to this mark.
Generally speaking in most configs, it provides the flexibility to handle many different requirements.
You may get away with only the latter 3 routes, but it costs nothing and is good practice.
I use this method because others far more xpert than I realized I was a big whimp and afraid of mangles and gave me a cleaner more friendly approach.
Mangling often means disabling fastrack and I like the speeds it provides.
Where one really needs mangling is
a. when one has to ensure external originating traffic is coming on one WAN port and thus typically should go out the same WAN port
b. when one has a large group of users that need to go out a WAN but less than a subnet and more than just a few…rule for each individual gets long and tedious…
(or a bunch of different users from different subnets)
Well, the rules do that they say, and first match wins. So if dst=0.0.0.0/0 was the first rule, it will use “useWAN1” table – &what ever is that specific route table is used. And typically the WAN route tables do NOT have other local/VLAN routes…so the WAN route table’s only path is typically the upstream ISP since they only have a 0.0.0.0. Now you add other routes in /ip/route for the various WAN route tables, those would be used by the rules.
Basically only the “main” knows automatically about other VLANs. The other routing tables you have add a local subnet routes manually.
And, No mangle because the /ip/firewall/nat tracks the connection automatically and uses the WAN for future packets on the same “connection” (e.g. ip address/port for both src/dst).
You can kinda write the same set of rules in many ways. But first wins, so order what’s critical.
*as long as you don’t add any more local subnets (and if you do you need to add more rules using this approach). If want to avoid having to update rules for new VLAN subnets, you can just use a larger subnet in the rules, like for any 192.168.x.x address as destination (e.g. local traffic):
)
