i have poor english.and dont know post where.so i post here
my router is RB750GR3 ver 6.46.6
all 1-4 port set to advertise “1000M half” and “1000M full”
port 5 set to advertise “10M half” and “10M full” …
idont know QOS speed limit why not work..so i use advertise to 10Mbps
but…when port5 full speed @ 10mbps…port1-4 got huge delay..0-600ms ping to wan..
is that ROS bug or my problem?
What is your native language? It often makes sense to use Google or Microsoft translation from the native language to English and then back again, and if what you originally wrote in native language still makes the same sense after this double translation, the English version is comprehensible too. But some languages may still not be supported good enough.
To the subject, better post your configuration export, my automatic signature here below says how to do that without revealing any sensitive information. I cannot imagine how reducing bandwidth of one interface to 10 Mbit/s should affect the performance on other interfaces, but maybe there is something else in your configuration. If you shut ether5 down or allow it to negotiate 100 or 1000 Mbit/s, does the issue between ether4 and ether1 disappear?
Thanks for reply, native language was traditional Chinese.
# jun/01/2020 15:16:36 by RouterOS 6.46.6
# software id = ***HIDE***
#
# model = RouterBOARD 750G r3
# serial number = ***HIDE***
/interface bridge
add name=Bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=1000M-half,1000M-full
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=IPv4 ranges=***HIDE***-***HIDE***
/ip dhcp-server
add address-pool=IPv4 disabled=no interface=Bridge name=DHCPv4
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=Bridge interface=ether2
add bridge=Bridge interface=ether3
add bridge=Bridge interface=ether4
add bridge=Bridge interface=ether5
/ipv6 settings
set accept-router-advertisements=yes
/ip address
add address=192.168.88.1/24 interface=Bridge network=192.168.88.0
/ip dhcp-client
add disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=***HIDE*** client-id=***HIDE*** mac-address=\
***HIDE*** server=DHCPv4
add address=***HIDE*** client-id=***HIDE*** mac-address=\
***HIDE*** server=DHCPv4
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4,129.250.35.250,129.250.35.251 gateway=\
192.168.88.1
/ip dns
set cache-max-ttl=30m servers=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4,129.250.35.250,129.250.35.251
/ip firewall filter
add action=fasttrack-connection chain=forward
add action=accept chain=forward protocol=icmp
add action=drop chain=input disabled=yes dst-port=53 in-interface=ether1 \
protocol=udp
add action=drop chain=input disabled=yes dst-port=53 in-interface=ether1 \
protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
192.168.88.0/24
add action=dst-nat chain=dstnat dst-port=***HIDE*** in-interface=ether1 \
protocol=tcp to-addresses=***HIDE*** to-ports=***HIDE***
add action=dst-nat chain=dstnat dst-port=***HIDE*** in-interface=ether1 \
protocol=tcp to-addresses=***HIDE*** to-ports=***HIDE***
add action=dst-nat chain=dstnat dst-port=***HIDE*** in-interface=ether1 protocol=\
udp to-addresses=***HIDE*** to-ports=***HIDE***
add action=dst-nat chain=dstnat dst-port=***HIDE*** in-interface=ether1 protocol=\
tcp to-addresses=***HIDE*** to-ports=***HIDE***
add action=dst-nat chain=dstnat dst-port=***HIDE*** in-interface=ether1 protocol=\
udp to-addresses=***HIDE*** to-ports=***HIDE***
add action=dst-nat chain=dstnat dst-port=***HIDE*** in-interface=\
ether1 protocol=tcp to-addresses=***HIDE*** to-ports=***HIDE***
add action=dst-nat chain=dstnat dst-port=***HIDE*** in-interface=ether1 protocol=\
udp to-addresses=***HIDE*** to-ports=***HIDE***
add action=dst-nat chain=dstnat dst-port=***HIDE*** in-interface=ether1 \
protocol=tcp to-addresses=***HIDE*** to-ports=***HIDE***
add action=dst-nat chain=dstnat disabled=yes dst-port=***HIDE*** \
in-interface=ether1 protocol=tcp to-addresses=***HIDE*** to-ports=\
***HIDE***
add action=dst-nat chain=dstnat disabled=yes dst-port=***HIDE*** in-interface=\
ether1 protocol=udp to-addresses=***HIDE*** to-ports=***HIDE***
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.88.0/24 disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=internal
add interface=Bridge type=external
/ipv6 address
add from-pool=IPv6 interface=Bridge
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=IPv6 request=prefix \
use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=forward protocol=icmpv6
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
/ipv6 nd
set [ find default=yes ] advertise-mac-address=no other-configuration=yes
/system clock
set time-zone-name=Asia/Hong_Kong
/system ntp client
set enabled=yes primary-ntp=***HIDE***
using “export file=setting.cfg” to export
no cut..only hide IP/MAC/serial/port
set [ find default-name=ether5 ] advertise=1000M-half,1000M-full
to
set [ find default-name=ether5 ] advertise=10M-half,10M-full
when i set port5 advertise to “advertise=1000M-half,1000M-full”…no speed/ping abnormal
OK, nothing unusual in your configuration. I can only imagine that the switch chip tells the CPU to pause sending until it manages to deliver already received frames regardless the egress port (which may be a bug of RouterOS or a design limitation of the switch chip, I don’t have any information about the switch chip features), and if the input buffer of the switch chip is long enough, those tens of milliseconds of ping delay could be explainable.
In any case, even if it was a software bug (which doesn’t sound likely to me), the only way to resolve it quickly would be to implement the speed limitation using /queue tree or /queue simple, so that the unlimited traffic wouln’t have to wait in a common queue with the one being throttled.
I watched YOUTUBE instruction but couldn’t speed limit … Is my router itself damaged?
Youtube is full of misleading videos. What is wrong about the explanation in the documentation?
/queue simple> add name=private target=192.168.88.0/24 max-limit=256K/512K dst=ether5
ether5 still can get max speed of wifi
so …i really dont know how to use queue speed limit…
ether5 is a member port of a bridge, so it cannot be a dst, you must use Bridge as dst.
In order to make queues work, you have to disable the action=fasttrack-connection rule in chain=forward of /ip firewall filter. The very essence of fasttracking is that most packets bypass most firewall processing and queues.
Other than that, your firewall is a mess and provides almost no protection, so if your WAN address is a public one, it needs some changes.
if disable fasttrack..this router will be too hard to use…maybe wait mikrotik can or can’t fix my advertise problem…
thx a lot.
To get a reaction from Mikrotik, you must send the problem description along with a supout.rif file to support@mikrotik.com. This is just a peer help forum and Mikrotik staff doesn’t necessarily read every single topic, so they may not notice this one at all. And even if it can be resolved by a software modification, which may not be the case, expect the solution to take rather months than days.
If you need to throttle only a relatively small share of traffic, you can exclude only that traffic from fasttracking by using appropriate firewall rules (prevent only traffic to/from the simple queue’s target from ever reaching the fasttrack rule by placing action=accept rules matching that traffic before (above) the action=fasttrack-connection one).
I sent it a few days ago. but still “WAITING FOR SUPPORT”.
i dont know how to bypass fasttrack to limit 