Hi all,
I'm using a RouterBoard RB1100AHx4 as the main router and switch to manage a network of roughly 80 clients on a campus, distributed through a few switches and WiFi access points. Most clients are WiFi connected on the Ubiquity Unifi platform and the network is a simple star type with no redundant switching links. We have no servers on site so the network is 99% used to access the Internet and speeds across the LAN are good indicating no problem with our local network.
We're on 100Mb LAN with only 30Mb Internet access so it would seem reasonable that with the correct configuration we should be able to utilize the entire 30Mb Internet link, or at least close to it.
The problem is (and it seems to happen mostly during busy times when everyone is trying to use the Internet) that Internet speeds will drop unreasonably low, sometimes to below 1mb despite the Internet connection being at 50% utilization or even less. I can't understand why this is happening.
My configuration uses one simple queue reflecting the limits of the Internet connection (30 up and 15 down) and two PCQs, one for upload and one for download. The PCQ bandwidth limits are set at max 10Mb download per user and max 10Mb upload per user as well. This is what I understand to be the best way to evenly share the Internet connection between all users. I have played with those limits but when the problem is there it doesn't seem to matter at all if I change them up or down, I still get terrible performance on the Internet link.
When things work fine, which it does 75% of the time I easily get my 10 up and 10 down, but when this problem occurs at busy times it drops to super low speeds despite the Internet link not being anywhere close to full.
I would appreciate any thougts or tips as I'm currently stuck and don't really know what to try at this point. Here's my config, I've also attached a basic network diagram.
Thank you so much in advance for any help,
Dan
sep/03/2020 23:51:51 by RouterOS 6.44.3
software id = CKED-AUWZ
model = RB1100x4
serial number = 91D80AE30458
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] name=ether3_Classrooms speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] name=ether5_GuestHouse speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] name=ether7_BlueShop speed=100Mbps
set [ find default-name=ether8 ] name=ether8_Solplex speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] name=ether10_OutdoorKitchen speed=100Mbps
set [ find default-name=ether11 ] name=ether11_Nursery speed=100Mbps
set [ find default-name=ether12 ] speed=100Mbps
set [ find default-name=ether13 ] name=ether13WAN speed=100Mbps
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.0.0.2-10.0.0.200
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1
/queue type
set 5 pcq-rate=10M pcq-total-limit=5000KiB
set 6 pcq-rate=10M pcq-total-limit=5000KiB
/queue simple
add max-limit=12M/30M name=LimitAll queue=
pcq-upload-default/pcq-download-default target=10.0.0.0/24
/system logging action
set 0 memory-lines=2000
set 1 disk-file-count=10
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3_Classrooms
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5_GuestHouse
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7_BlueShop
add bridge=bridge1 interface=ether8_Solplex
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10_OutdoorKitchen
add bridge=bridge1 interface=ether11_Nursery
add bridge=bridge1 interface=ether12
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=
192.168.88.0
add address=10.0.0.1/24 interface=bridge1 network=10.0.0.0
add address=208.85.239.110/30 interface=ether13WAN network=208.85.239.108
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.0.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=drop chain=input comment="DROP SSH from WAN requests" dst-port=22
in-interface=ether13WAN protocol=tcp
add action=drop chain=input comment="DROP webconfig from WAN requests"
dst-port=8081 in-interface=ether13WAN protocol=tcp
add action=drop chain=input comment="DROP Winbox from WAN requests" dst-port=
8291 in-interface=ether13WAN protocol=tcp
add action=jump chain=forward comment="Prevent UDP flooding attack"
connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos comment="Prevent UDP flooding attack"
dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=
10m chain=detect-ddos comment="Prevent UDP flooding attack"
add action=add-src-to-address-list address-list=ddoser address-list-timeout=
10m chain=detect-ddos comment="Prevent UDP flooding attack"
add action=drop chain=forward comment="Prevent UDP flooding attack"
connection-state=new dst-address-list=ddosed src-address-list=ddoser
add action=drop chain=input comment="Prevent outside DHCP requests" dst-port=
53 protocol=udp
add action=drop chain=input comment="Prevent outside DHCP requests" dst-port=
53 protocol=tcp
add action=fasttrack-connection chain=forward comment="Fasttrack DNS TCP"
dst-port=53 protocol=tcp
add action=fasttrack-connection chain=forward comment="Fasttrack DNS UDP"
dst-port=53 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add distance=1 gateway=208.85.239.109
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.0.0.0/24 port=8081
set ssh address=10.0.0.0/24
set api disabled=yes
set winbox address=10.0.0.0/24
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=MikroTikLV
/system logging
set 0 action=disk topics=info,!dhcp
set 1 action=disk
set 2 action=disk
set 3 action=disk
/tool bandwidth-server
set authenticate=no enabled=no