RB2011 poor performance with newer firmwares

Hello…

I am using RB2011 for limiting internet connection to 100/100 and provide IPTV at the same time.
Installed igmp proxy and some simple queues to limit traffic and prioritize IPTV (multicast) over internet. With 6.19 everything works. When I do www.speedtest.net, then it shows speed of 97/97 and routers CPU usage stay about 94%. IPTV works well at the same time.

After upgrading to 6.33.5 or up to the latest, then speed result is about the same, but CPU usage is solid 100% during the test, and IPTV works like half of the packets get lost. Configured from beginning will not help. Disabled all filters - same result. Can not disable mangle rules and queues, because then incoming traffic (1Gbps via SFP) will kill router anyway. Tried fastpath, but then queues do not work and result is even worse (CPU is lower though). Speedtest shows over 600Mbps.

Is there any way to resolve that problem without downgrading to 6.16 or use more powerful router?

You are really hitting the limits of this router anyway. While you have much faster link to Internet, you should start thinking about getting more powerful device for your network. Or split the functionality. See the profiler while doing the test. Maybe better firewall organisation may help you, maybe you can fasttrack the TV packets. Hard to say, it’s on the edge…

Don’t keep open the connection tracking window in winbox while doing the test.

Maybe better firewall organisation may help you, maybe you can fasttrack the TV packets.

disabling all firewall rules, did not help, and I can’t use fasttrack, because prioritizing of traffic do not work then and torrent may kill TV anyway.

While advertised up to 600M with fasttrack and 300M without, then in real life RB2011 can’t handle even 100M of traffic. What frustrating is, that much older routers like RB450G and etc. work fine with same config and older firmwares in RB2011 was working well so far. Tested different speeds, and even with simplest configuration, 75-80Mbps seems to be limit of it as soon as few simple queues is involved. That’s pathetic, really …

Tested RB3011, and it was fine. CPU maxed about 20%. Let’s hope they do not kill it with next update.
Actual problem is, that I am stuck with several hundreds of RB2011 here now. Will try to downgrade them all…

please provide configuration and the support output file to support@mikrotik.com so we could analyze all that and check where is the problem.

Keep in mind that the real-life performance heavily depends on your configuration and kind of traffic you are pushing through. Also the performance of your device is not only limited by the number of bytes, but also the number of packets it can process per second. The official performance test results table gives you both top Mbps and top kpps (kilo-packets per second) numbers. For instance a typical IPTV stream (MPEG-TS container, SD quality) is 5Mbps per stream average, being split into packets of ~200bytes each (as per standard) gives you roughly 25kpps per stream. You can try analyzing other types of traffic going through your device yourself.

I have wrote several times to support (with other matters), and never got any real help from there. I think that support can’t help me with this one either.

There is nothing special, no bridges, 1 vlan for multicast, input from sfp1 and out from ether1, including dhcp and etc. I have used similar configuration for more than 10 years.

no ip firewall filter rules

2 ip firewall nat rules

/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan98
add action=masquerade chain=srcnat out-interface=sfp1 src-address=192.168.0.0/24

6 ip firewall mangle rules

/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=172.16.16.0/22 in-interface=!vlan98 new-connection-mark=tv_conn
add action=mark-packet chain=prerouting connection-mark=tv_conn new-packet-mark=tv passthrough=no
add action=mark-connection chain=prerouting dst-address=224.0.0.0/4 new-connection-mark=multicast_conn
add action=mark-packet chain=prerouting connection-mark=multicast_conn new-packet-mark=multicast passthrough=no
add action=mark-connection chain=prerouting in-interface=!sfp1 new-connection-mark=other_conn
add action=mark-packet chain=prerouting connection-mark=other_conn new-packet-mark=other passthrough=no

4 simple queues

/queue simple
add name=ether1-multicast packet-marks=multicast priority=1/1 queue=ethernet-default/ethernet-default target=ether1
add name=ether1-tv packet-marks=tv priority=3/3 queue=ethernet-default/ethernet-default target=ether1
add burst-limit=100M/100M burst-threshold=25M/25M burst-time=6h/6h max-limit=25100k/25100k name=ether1-internet queue=ethernet-default/ethernet-default target=ether1
add name=ether1-internet-other packet-marks=other parent=ether1-internet priority=7/7 queue=ethernet-default/ethernet-default target=ether1

As I already told, I have disabled step-by-step everything that can be disabled, but as long minimal set of packet marking and queues still works (to guarantee multicast traffic priority over internet traffic), router is not be able to forward multicast traffic without dropping some packets. When multicast queue is disabled, then result is even worse. Lowering internet queue’s burst-limit to 75Mbps, will help, but barely. To be honest 6.19 works barely as well, but with 100M internet queue.

I think those are right, who say, that this router is not having enough power to limit and prioritize such traffic. Now I must deal with that, and start using more expensive models.

All morning I have tested RB3011, and it can handle up to 350Mbps with exact same configuration. That is acceptable for now.

Bridging will also impact performance.

like I already wrote in previoust post - no bridges.

I did not think from the speed posted, but I was not sure if because no firewall.

I had the same problem after a routerOS update.
Turns out I forgot to upgrade my RouterBoard firmware.
System - RouterBoard - Firmware
make sure your " current firmware" = the upgrade firmware.