Ping Issue on Hotspot with 150+ concurrent Users

RouterOS Beginner Basics
1

Hi All,

I have just noticed a strange issue of pinging my hotspot server (with 65500 packet size) and the results are completely broken. And due to that, internal windows SMB sharing also works slow. Meanwhile I am able to ping perfectly to other users at the same hotspot server, but only ping to router itself is breaking.

I even tried to reinstall the mikrotik and configured it with minimum configuration - still the results are same.

My configuration are as following:

/ip hotspot profile
add dns-name=new.skynet.com hotspot-address=10.80.0.1 login-by=\
    mac,http-chap,http-pap mac-auth-password=xxxxxx name=Sky-New
/ip hotspot
add disabled=no idle-timeout=1h interface=Sky-New keepalive-timeout=8h name=\
    Sky-New profile=Sky-New
/ip hotspot user profile
add idle-timeout=none keepalive-timeout=2m name=2Mbps rate-limit=1920k/1920k
add idle-timeout=none keepalive-timeout=2m name=4Mbps rate-limit=3650k/3650k
add idle-timeout=none keepalive-timeout=2m name=6Mbps rate-limit=5570k/5570k
/ip pool
add name="Sky New" ranges=10.80.0.2-10.80.255.254
/ip dhcp-server
add address-pool="Sky New" disabled=no interface=Sky-New lease-time=1h name=\
    dhcp1
/queue tree
add name=Ping_Packet packet-mark=ping_pkt parent=global-in priority=1
/queue type
set 0 pfifo-limit=50
set 1 pfifo-limit=50
add kind=sfq name=ftp-exempt
set 8 pfifo-limit=50
/queue tree
add name=ftp-down packet-mark=ftp-down parent=global-out queue=ftp-exempt
add name=ftp-up packet-mark=ftp-up parent=global-in queue=ftp-exempt
/ip address
add address=221.120.192.117/32 interface=PIE_VLAN network=221.120.192.116
add address=10.80.0.1/16 comment="hotspot network" interface=Sky-New
/ip dhcp-client
add add-default-route=no disabled=no interface="Main Sharing" use-peer-dns=no \
    use-peer-ntp=no
/ip dhcp-server network
add address=10.80.0.0/16 comment="hotspot network" gateway=10.80.0.1
/ip dns
set servers=8.8.8.8,8.8.4.4,208.67.220.220,208.67.222.222
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=ping_con \
    protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ping_con \
    new-packet-mark=ping_pkt passthrough=no protocol=icmp
add action=mark-packet chain=postrouting dst-address=10.80.0.0/16 \
    new-packet-mark=ftp-down src-address=10.0.0.0-10.0.0.6
add action=mark-packet chain=prerouting dst-address=10.0.0.0-10.0.0.6 \
    new-packet-mark=ftp-up src-address=10.80.0.0/16
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.80.0.0/16 to-addresses=0.0.0.0

Results for ping output are like these, sometimes even worst.

Reply from 10.80.0.1: bytes=65500 time=33ms TTL=64
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 10.80.0.1: bytes=65500 time=17ms TTL=64
Reply from 10.80.0.1: bytes=65500 time=33ms TTL=64
Request timed out.
Reply from 10.80.0.1: bytes=65500 time=33ms TTL=64
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
2

What makes you think that it supports 65535B frames without fragmentation ?
https://wiki.mikrotik.com/wiki/Manual:Maximum_Transmission_Unit_on_RouterBoards

3

Because at some other sites, I have similar scenario but ping doesn’t break. Plus one more thing, if it doesn’t support fragmentation, doesn’t it give error in ping reply as “Packet needs to be fragmented but DF set”, instead of request time out.

Anyway, you mean, by increasing MTU will resolve the issue?