RB1100AHx2 bad performance, wired network with ping timeout.

gargola · April 25, 2014, 5:07pm

Hello colleagues.
I searched for that, but they are only topics related to wireless.
This is my network:
RB750GL (Load Balance) --> RB1100AHx2 (Core router) ---> then, wireless to the clients.
I'm connected directly to the RB1100, tested various cables, and nothing, still have "ping timeout" to several domains.
FYI, two days ago, I had a RB951Ui-2HnD for the core router, but we replace it because the load of the CPU.
We have two networks, 10.0.0.0/23 (for management and CPE) and 10.0.2.0/23 (for clients routers).
Also, we have a slow browsing. So, I tried disabling DNS Cache, but didn't work.
Hope is something bad with the config, because at the moment I'm a little disappointed with the performance of the RB1100

Filter rules of the core router.

apr/25/2014 11:00:42 by RouterOS 6.12

software id = 7L0L-A3ZV

/ip firewall filter
add action=drop chain=input comment="DNS Flood from WAN" dst-port=53
in-interface=ether1 protocol=udp
add action=drop chain=forward comment="DNS Flood from LAN" dst-port=53
out-interface=!ether1 protocol=udp
add chain=input comment="Established Connections" connection-state=
established
add chain=input comment="Related Connections" connection-state=related
add action=drop chain=forward comment="Drop Invalid Connections"
connection-state=invalid
add action=drop chain=forward comment="Static IP Block" dst-address=0.0.0.0/0
in-interface=ether6 out-interface=ether1 src-address=10.0.2.0/23
src-address-list=!basico
add action=drop chain=forward dst-address=0.0.0.0/0 in-interface=ether6
out-interface=ether1 src-address=10.0.0.0/23
add action=drop chain=forward comment="Block LAN to Ubiquiti Gears"
dst-address=10.0.0.0/23 in-interface=ether6 src-address=10.0.2.0/23
src-address-list=!Admin
add action=drop chain=forward comment="Defaulters Clients" in-interface=
ether6 src-address=10.0.2.0/23 src-address-list=morosos
add action=drop chain=input comment="ICMP Flood Atack" packet-size=128-65535
protocol=icmp
add action=drop chain=output packet-size=128-65535 protocol=icmp
add action=drop chain=forward comment="Virus Filter" src-address=!10.0.2.0/23
src-address-list=Virus
add action=add-src-to-address-list address-list=Virus address-list-timeout=1w
chain=forward connection-limit=400,32 in-interface=ether6 protocol=tcp
src-address=!10.0.2.0/23 src-address-list=!Virus tcp-flags=syn
add action=drop chain=forward comment="P2P Block" p2p=all-p2p src-address=
!10.0.2.0/23 src-address-list="P2P Block"
add action=drop chain=input src-address=!10.0.2.0/23 src-address-list=
"P2P Block"
add action=add-src-to-address-list address-list="P2P Block"
address-list-timeout=1w chain=forward p2p=all-p2p src-address=
!10.0.2.0/23 src-address-list="!P2P Block"
add action=jump chain=forward comment="SYN Flood protect" connection-state=
new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add chain=SYN-Protect connection-state=new limit=400,5 protocol=tcp
tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp
tcp-flags=syn
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=135-139
protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" dst-port=135-139
protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445
protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445
protocol=udp
add action=drop chain=virus comment=________ dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" dst-port=1363 protocol=
tcp
add action=drop chain=virus comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=2283 protocol=
tcp
add action=drop chain=virus comment="Drop Beagle" dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" dst-port=2745 protocol=
tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=3127-3128
protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" dst-port=3410
protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" dst-port=8866 protocol=
tcp
add action=drop chain=virus comment="Drop Dabber.A-B" dst-port=9898 protocol=
tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=10000 protocol=
tcp
add action=drop chain=virus comment="Drop MyDoom.B" dst-port=10080 protocol=
tcp
add action=drop chain=virus comment="Drop NetBus" dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" dst-port=27374 protocol=
tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" dst-port=
65506 protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" jump-target=
virusFilter rules of load balancer router.

apr/25/2014 11:03:07 by RouterOS 6.7

software id = R9AG-SV1U

/ip firewall filter
add action=drop chain=forward comment="ISP Router Block" dst-address=
192.168.0.1 in-interface=ether5-LAN
add action=drop chain=forward comment="Drop Invalid Connections"
connection-state=invalid
add action=drop chain=forward comment="ICMP Flood Atack" packet-size=
128-65535 protocol=icmp
add action=drop chain=input comment="DNS Atack" dst-port=53 protocol=udp
add chain=input dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input comment="Established Connections" connection-state=
established
add chain=input comment="Related Connections" connection-state=related
add action=jump chain=forward comment="SYN Flood protect" connection-state=
new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add chain=SYN-Protect connection-state=new limit=400,5 protocol=tcp
tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp
tcp-flags=syn

falestiny · April 25, 2014, 5:47pm

maybe the internet source connection having problems.

CelticComms · April 25, 2014, 5:52pm

Try a ping through the RB 1100 to a local address and look at the RB1100 CPU load. You haven’t mentioned the nature of your ISP feed. Some context would be useful.

gargola · April 25, 2014, 8:18pm

You were right. Days looking for the solution and the problem was in my cablemodem provider
Sometimes we just need another point of view.
I’m waiting my provider to give me another modem and do some tests.

Regards!

EDIT: After the change of the cablemodem , everything is working like a charm!

falestiny · April 26, 2014, 7:02pm

Glad its works, maybe I deserve a karma here