Can you advise what speed you would like to limit you lan ips to and what your total bandwidth available is. I presume the address in your first rule is th one you would like to be unlimited.
Yes, first address must be unlimited. All devices connected with 1Gb link, but speed limited not by rules, but CPU of device. And very limited Suppose I can change some settings or rule, but nowadays , I don’t know what can I do. I tried to replace first queue with fasttrack rule, but without any success, moreover, it’s lower speed to 15Mb/s…
I believe if you apply simple queue or firewall rules fast track is disabled. Based on what you had in the begining you can try these rules. Depending on what you trying to do.
speed decreased to 30Mb/s again. I compare your and my queue, when I change queue type to pfifo and increase queue size to 500000, speed increased to 70Mb/s, but CPU loaded at 100%… Only one SCP thread… If I decreased queue size to 20000 and below, speed decreased too… I confused very much…
A single simple queue should not effect add that load to your device. there is something else in your configuration that is causing this. can you do a export /hide sensitive and block out any information you dont want seen then we can go through config.
What is this for.
/queue interface
set oops queue=default-big
set wan queue=default-big
I do not see any default-big queues in your queue-types and I have not seen these as a default on any of my routers. suggest you restore these back only-hardware-queue and test.
second thing
/queue simple
add dst=10.10.0.2/32 name=box priority=1/1 queue=default/default total-queue=
default
add max-limit=85M/85M name=out queue=default/default target=wan total-queue=
default
What are you trying to accomplish with these. 10.10.0.2/32 is your gateway. and then you imposing 85M up / down on your wan. I suggest restoring the interface queues to default then removing simple queues. then detail what you would like the queues to do then we can design them to do that accordingly.
I found, that this very big value of packets increasing speed of interface… Speed is about 10% increased, when I increase this value from 100 to 100000.
You confused me, 10.10.0.2 is gateway, but I would like to limit all transit traffic, but unlimit all traffic direct to 10.10.0.2
I suppose, I can do it, because no NAT is active…
Is any explanation of so high CPU load of this single thread traffic with one queue?
I have never had to change interface queues to get better performance on an interface.
There is also no need to unlimit all traffic to your first hop gateway. remove that queue.
then limit it to the one queue. make this queue more specific dont put in onto an interface rather limit it by target ip address and destination 0.0.0.0/0
see how that peforms then alter rules from there
Very strange, but if I set up only-hardware queue type on both interfaces (oops and wan), removed all queues at all, speed is not more than 60Mb/s. If I set up big pfifo queue on one of interfaces - speed increased to 113Mb/s (twice!). Test file copied from PC, attached to oops, to 10.10.0.2, gateway, attached to wan.
PC - oops-mikrotik-wan - gateway (10.10.0.2)
Hi Olegon
So first thing we trying to do is locate which queue is causing the CPU to go high. Is it the Interface queues or is it the simple queues.
To do this I would:
restore the Interface queues back to default.
remove all simple queues.
run tests monitoring cpu usage
Once you have done this and you have identified whether this resolves cpu usage then we start creating simple queues according to what you would like to do.
Are you wanting your devices on the 192.168.x.x network to be limited to anywhere.
Which traffic do you want to be unlimited. Is the unlimited traffic to an individual ip or a group of ip’s or a whole subnet.
So as an example
Rule 1 tells us any traffic that passes through the router from the 192.168.10.0/24 to a destination of 192.168.10.0/24 will not be restricted. (this is only really necessary when you using mutiple vlans or subnets on different ports or sub interfaces on the router.)
Rule 2 tells us any traffic that passes through the router from 192.168.10.0/24 to any destination that is not in the rules above will be limited to a total max of 20 mbps up /down.
Once you have listed how you would like your traffic to be controlled we can plan accordingly and guide you on your rules. .
Mikrotik is between two segments of network (192.168 and 10.10), Internet gate is 10.10.0.2 and I need to limit all traffic from 192. to Internet, because provider drop all packets above limit and some overload from 192 can break Internet connections down. But 10.10.0.2 must be unlimited, it’s also works as some app/file server.
192.168 - no limit - mikrotik - 10.10.0.2 - limit 85M - Internet
Can you comment issue, that only-hardware-queue slow down speed twice in comparison of pfifo 1000000 (all queues removed)?
On my network changing those settings offers no improvement in performance. however having flow control on and changing those settings slows my network down by ± 10%. I would remove flow control from the interfaces.
ok so simple queues are easy then.
Scientia potentia est.
I changed flow control from auto to off on both interfaces of mikrotik and than can change interface queue to only-hardware-queue without perfomance degradation.
Speed is about 113Mb/s
But when I add only
Have you inherited this config from someone or did you set it up? there are some questions I have.
By the looks of it you have 2 bridges. #1 called bridge #2 called bridge-nik these have multiple interfaces added to them. #1 Bridge you have 2 ip addresses applied to this interface and 2 dhcp servers running on this bridge. this will cause all kinds of issues. if you need to run 2 ip addresses either statically operate the one subnet or apply different subnets for different interfaces. Can you give an idea of what you are trying to achieve. Part of the issue you have is this router is only capable of so once the CPU reaches 100% your performance will degrade. in order to resolve this you need to simply your config as much as possible. Currently you using 38% cpu just on Networking 10% on ethernet. I have a similar device nat, single bridge, 17 queues, 125 firewall rules and it runs at 9% cpu usage max. as you not doing nat we need to work out where this is going. Starting with the bridges may be the first point.
Thank you for patience.
It’s some example config, modified by me. Two bridges is changed example of guest wifi.
Yesterday, I removed second bridge (bridge-nik), second DHCP-server and tried to removed interfaces from bridge, but when I set up master port, interface included in bridge dynamically.
Which load of CPU on your configuration, when you copy file at maximal speed (suppose 1Gbit?)? When typical load, my configuration loads CPU at 15%, but it’s very low traffic. Problem appeared when backup or some big file copied.
Can you show me your configuration of interfaces and bridges? As I read, interfaces, included in bridges, it’s traffic handling by CPU, not chip?
I can't use queue feature at all...
Suppose I can change some settings or rule, but nowadays , I don’t know what can I do. I tried to replace first queue with fasttrack rule, but without any success, moreover, it’s lower speed to 15Mb/s…