Problem with download on x86 PC

tassman · August 22, 2024, 5:51pm

My config is below
I want to replace my ubuntu server to mikrotik.
Machine spec: DELL 7020 (4 cores, 8 threads), 16GB RAM, 2 x 1gb card (one built in and on PCIe)
Newest Mikrotik software.
IMPORTANT!!! In config there is a couple firewall rules and some simple queue rule, but even all DISABLED results are the same.

My IPS connection is 1Gb. When doing speed test (Mikrotik) I have only - download: 120 - 140 Mbits and upload 620 - 650 Mbits.
When speed test is ON, max usage of proccessor is 10% (on resources). On profiler got 1 thread (20%) rest threads is about 1% to 10%.
Logic in my head says that there is bootleneck on eth cards… (correct mi if Iam wrong)
Thx for all responses.

# 2024-08-22 16:54:06 by RouterOS 7.15.3
# software id = xxxxxxxx
#
/interface ethernet
set [ find default-name=ether1 ] advertise="10M-baseT-half,10M-baseT-full,100M\
    -baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,2.5G-baseT,5G-base\
    T,10G-baseT" arp=reply-only comment=LAN disable-running-check=no
set [ find default-name=ether2 ] comment=WAN disable-running-check=no name=\
    ether3
/disk
set sata1 media-interface=none media-sharing=no
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.1.240-192.168.1.250
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool0 interface=ether1 lease-time=1d name=\
    dhcp_clients
/port
set 0 name=serial0
set 1 name=serial1
/queue simple
add max-limit=950M/950M name=General queue=ethernet-default/ethernet-default \
    target=192.168.1.0/24
add max-limit=1M/1M name=Guests parent=General queue=\
    ethernet-default/ethernet-default target="192.168.1.240/32,192.168.1.241/3\
    2,192.168.1.242/32,192.168.1.243/32,192.168.1.244/32,192.168.1.245/32,192.\
    168.1.246/32,192.168.1.247/32,192.168.1.248/32,192.168.1.249/32,192.168.1.\
    250/32"
add max-limit=100M/100M name=xxm30 parent=General queue=\
    ethernet-default/ethernet-default target=\
    192.168.1.23/32,192.168.1.29/32,192.168.1.44/32
add max-limit=100M/300M name=xxm13 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.22/32
add max-limit=40M/40M name=xxm37 parent=General queue=\
    ethernet-default/ethernet-default target=\
    192.168.1.6/32,192.168.1.77/32,192.168.1.78/32
add max-limit=100M/100M name=xxm44 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.59/32
add max-limit=50M/50M name=xxm41 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.17/32
add max-limit=20M/20M name=xxxx parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.25/32
add max-limit=50M/50M name=Kw parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.21/32
add max-limit=20M/20M name=xxam14 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.31/32
add max-limit=20M/20M name=xxm44voip parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.103/32
add max-limit=20M/20M name=xxam24 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.9/32
add max-limit=20M/20M name=Okulista parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.37/32
add max-limit=20M/20M name=xxm18 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.13/32
add max-limit=300M/300M name=xxm10 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.15/32
add max-limit=300M/300M name=xxm12 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.40/32
add max-limit=300M/300M name=xxm23 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.3/32
add max-limit=300M/300M name=xxm33 parent=General queue=\
    ethernet-default/ethernet-default target=192.168.1.12/32
add max-limit=50M/50M name=xxm09 parent=General target=192.168.1.19/32
add max-limit=50M/50M name=xxam10 parent=General target=192.168.1.30/32
add max-limit=50M/50M name=xxam09 parent=General target=192.168.1.2/32
add max-limit=50M/50M name=xxam01 parent=General target=192.168.1.10/32
add max-limit=50M/50M name=xxm31 parent=General target=192.168.1.14/32
add max-limit=50M/50M name=xxam16 parent=General target=192.168.1.41/32
add max-limit=50M/50M name=xxm24 parent=General target=192.168.1.4/32
add max-limit=50M/50M name=xxm01 parent=General target=192.168.1.39/32
add max-limit=50M/50M name=xxm08 parent=General target=192.168.1.16/32
add max-limit=50M/50M name=xxam04 parent=General target=192.168.1.24/32
add max-limit=900M/900M name=LaptopSerwisowy parent=General target=\
    192.168.1.27/32
add max-limit=50M/50M name=xxam08 parent=General target=192.168.1.55/32
add max-limit=50M/50M name=xxm19 parent=General target=192.168.1.42/32
add max-limit=50M/50M name=xxm03 parent=General target=192.168.1.8/32
add max-limit=300M/300M name=xxm27 parent=General target=192.168.1.35/32
add max-limit=300M/300M name=Prezentki parent=General target=192.168.1.38/32
add max-limit=300M/300M name=xxm42 parent=General target=192.168.1.45/32
add max-limit=300M/300M name=xxm35 parent=General target=192.168.1.46/32
add max-limit=100M/100M name=xxam29 parent=General target=192.168.1.28/32
add max-limit=100M/100M name=xxm16 parent=General target=\
    192.168.1.18/32,192.168.1.33/32
add max-limit=300M/300M name=xxm34 parent=General target=192.168.1.58/32
add max-limit=100M/100M name=xxm21 parent=General target=192.168.1.52/32
add max-limit=100M/100M name=xxm04 parent=General target=192.168.1.57/32
add max-limit=100M/100M name=xxm22 parent=General target=192.168.1.51/32
add max-limit=100M/100M name=xxm15 parent=General target=192.168.1.34/32
add max-limit=100M/100M name=xxm17 parent=General target=192.168.1.49/32
add max-limit=100M/100M name=xxm38 parent=General target=192.168.1.50/32
add max-limit=100M/100M name=xxam20 parent=General target=192.168.1.11/32
add max-limit=100M/100M name=xxm11 parent=General target=192.168.1.43/32
/system logging action
set 3 remote=192.168.1.249
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=none
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=ether1 list=LAN
add interface=ether3 list=WAN
/interface wifi capsman
set package-path="" require-peer-certificate=no upgrade-policy=none
/ip address
add address=192.168.1.1/24 interface=ether1 network=192.168.1.0
add address=[some IP]/30 interface=ether3 network=[some network]
/ip dhcp-server lease
add address=192.168.1.2 comment=xxam09 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.3 comment=xxm23-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.4 comment=xxm24-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.5 comment=xxm29-prestigo mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.6 comment=xxm37-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.7 comment=xxm30-support mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.8 comment=xxm03-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.9 comment=xxam24-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.10 comment=xxam1-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.11 comment=xxam20-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.12 comment=xxm33-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.13 comment=xxm18 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.14 comment=xxm31-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.15 comment=xxm10-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.16 comment=xxm08 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.17 comment=xxm41 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.18 comment=xxm16 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.19 comment=xxm09 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.20 comment=serwerFTP mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.21 comment=kwiaciarnia-router mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.22 comment=xxm13 mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.23 comment=xxm30-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.24 comment=xxam04-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.25 comment=serwis mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.26 comment=xxm30-laptopserwis mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.27 comment="Laptop serwisowy" mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.28 comment=xxam29 mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.29 comment=xxm30-pc1 mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.30 comment=xxam10-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.31 comment=xxam14-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.32 comment=xxam23 mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.33 comment=xxm16-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.34 comment=xxm15-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.35 comment=xxm27-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.36 comment=xxm30-router-phicomm mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.37 comment=okulista-router mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.38 comment=siostry mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.39 comment=xxm01 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.40 comment=xxm12 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.41 comment=xxam16-tplink mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.42 comment=xxm19-tplink mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.43 comment=xxm11 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.47 comment=xxm29pc2 mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.52 comment=xxm21-tplink mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.55 comment=xxam08-tplink mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.57 comment=xxm04-tplink mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.58 comment=xxm34-router mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.59 comment=xxm44-tplink mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.77 comment=xxm37-dreambox mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.78 comment=xxm37-tv mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.103 comment=xxm44-voip mac-address=some_mac \
    server=dhcp_clients
add address=192.168.1.45 comment=xxm42 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.44 comment=xxm30-komputer mac-address=\
    some_mac server=dhcp_clients
add address=192.168.1.46 comment=xxm35 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.51 comment=xxm22 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.49 comment=xxm17 mac-address=some_mac server=\
    dhcp_clients
add address=192.168.1.50 comment=xxm38 mac-address=some_mac server=\
    dhcp_clients
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set servers=8.8.8.8,8.8.8.4
/ip firewall address-list
add address=192.168.1.240-192.168.1.250 list=Guests
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment=WinBox dst-port=[my_port] protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input in-interface-list=!LAN
add action=drop chain=forward comment="Blocking internet for all guests" \
    disabled=yes dst-address-list=Guests
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=log chain=prerouting connection-nat-state=srcnat connection-state=\
    new disabled=yes log-prefix=NewConn
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether3
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=[my_gateway] \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8081
set ssh port=2228
set api disabled=yes
set winbox port=[my_port]
set api-ssl disabled=yes
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Warsaw
/system hardware
set allow-x86-64=yes
/system identity
set name=Serwer
/system logging
add action=disk topics=dhcp
add action=remote disabled=yes prefix=NewConn topics=info
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=0.pl.pool.ntp.org
add address=tempus1.gum.gov.pl
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

Larsa · August 22, 2024, 7:24pm

Back up the settings with a full export, reset to the default firewall config, and then rerun the tests again. If everything goes smoothly, you can start adding back the queues one by one and check the speed regularly to find the problematic one.

Just curious, why all the static IPs and related queues?

tassman · August 23, 2024, 10:48am

All my clients has static addresses. Its a small “old” network. Iam something like micro ISP so I need couple plans. If better way to do this - Im listening.

tassman · August 26, 2024, 1:20pm

I think I got solution
The bottleneck was PCI slot (I have 1gbit eth connected on PCI slot)
New card (PCIe 1Gbit) was connected on the same PC on PCIe slot.

Windows test with ntttcp shows 970mbits both way
Mikrotik (default conf without firewall and only masquarade) in both way 970mbits.

TylerJackson · September 9, 2024, 11:59am

Thanks for sharing the solution as well, I was also facing the same issue.