I have RB5009 with 80 PPPOE client and 3 Wan Connection, it got high ping everytime my client consume 50Mbps Bandwidth. Not only high ping to internet, but ping to antoher Mikrotik with the same network and connected using LAN port got high ping. Even ping to RB5009 from a laptop using ethernet get very high ping where it must be lower than 2ms, like this :
This when i ping another Mikrotik, in this case Hap AC3 on the same network :
But if my client consume less bandwith, lt goes to normal condition. This is what i does to minimize the latency :
- I got a lot of TX Queue Drop on all interface connected, so i change queue type from ony-hardware-queue to multi-queue-ethernet. No more TX Queue Drop, but ping still high.
- Change queue type on pppoe profile.
- Change cable.
- Using single WAN
This my topology :
This is my config :
# 2025-11-05 21:50:24 by RouterOS 7.18.2
/interface bridge
add admin-mac=78:9A:18:98:54:FE auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether4 ] comment=wan_ac3
set [ find default-name=ether7 ] comment=wan_iconnet
set [ find default-name=ether8 ] comment=wan_starlink
/interface vlan
add comment=ftth_5m_vid5 interface=bridge name=vlan_5 vlan-id=5
add comment=ftth_10m_vid10 interface=bridge name=vlan_10 vlan-id=10
add comment=ftth_10m_vid11 interface=bridge name=vlan_11 vlan-id=11
add comment=ftth_10m_vid12 interface=bridge name=vlan_12 vlan-id=12
add comment=ftth_20m_vid13 interface=bridge name=vlan_13 vlan-id=13
add comment=mgmt_vid99 interface=bridge name=vlan_99 vlan-id=99
add comment=mgmt_vid1011 interface=bridge name=vlan_1011 vlan-id=1011
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment="contains all ftth interfaces" name=FTTH
/ip pool
add name=pool_pppoe_vid5 ranges=10.5.5.5-10.5.5.250
add name=pool_pppoe_vid10 ranges=10.10.10.5-10.10.10.250
add name=pool_mgmt_vid99 ranges=10.11.99.10-10.11.99.254
add name=pool_mgmt_vid1011 ranges=10.11.110.2-10.11.110.254
add name=pool_pppoe_vid11 ranges=10.10.11.5-10.10.11.250
add name=pool_pppoe_vid12 ranges=10.10.12.5-10.10.12.250
add name=pool_pppoe_vid13 ranges=10.20.13.5-10.20.13.250
/ip dhcp-server
add address-pool=pool_mgmt_vid99 interface=vlan_99 lease-time=12h name=\
dhcp_mgmt_vid99
add address-pool=pool_mgmt_vid1011 interface=vlan_1011 lease-time=12h name=\
dhcp_mgmt_vid1011
/queue type
add kind=fq-codel name="fq codel"
add kind=cake name=cake
/ppp profile
add dns-server=10.5.5.1 local-address=10.5.5.1 name=profile_5m_vid5 only-one=\
yes queue-type="fq codel/fq codel" rate-limit=\
"2M/4M 4M/7M 1M/3M 15/15 3 1M/3M" remote-address=pool_pppoe_vid5
add dns-server=10.10.10.1 local-address=10.10.10.1 name=profile_10m_vid10 \
only-one=yes queue-type="fq codel/fq codel" rate-limit=\
"3M/8M 5M/13M 2M/6M 15/15 2 2M/5M" remote-address=pool_pppoe_vid10
add dns-server=10.10.11.1 local-address=10.10.11.1 name=profile_10m_vid11 \
only-one=yes queue-type=cake/cake rate-limit=\
"3M/8M 5M/13M 2M/6M 15/15 2 2M/5M" remote-address=pool_pppoe_vid11
add dns-server=10.10.12.1 local-address=10.10.12.1 name=profile_10m_vid12 \
only-one=yes queue-type="fq codel/fq codel" rate-limit=\
"3M/8M 5M/13M 2M/6M 15/15 2 2M/5M" remote-address=pool_pppoe_vid12
add dns-server=10.20.13.1 local-address=10.20.13.1 name=profile_20m_vid13 \
only-one=yes queue-type="fq codel/fq codel" rate-limit=\
"6M/18M 8M/22M 5M/15M 15/15 1 3M/12M" remote-address=pool_pppoe_vid13
/routing table
add disabled=no fib name=via_telkom
add disabled=no fib name=via_starlink
add disabled=no fib name=via_iconnet
/zerotier
set zt1 disabled=no disabled=no
/zerotier interface
add allow-default=no allow-global=no allow-managed=yes disabled=no instance=\
zt1 name=zerotier1 network=fada62b015530dfc
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf disabled=yes interface=ether7
add bridge=bridge comment=defconf disabled=yes interface=ether8
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge list=LAN
add interface=ether8 list=WAN
add interface=vlan_5 list=FTTH
add interface=vlan_10 list=FTTH
add interface=vlan_11 list=FTTH
add interface=vlan_12 list=FTTH
add interface=vlan_13 list=FTTH
add interface=ether4 list=WAN
add interface=ether4 list=LAN
add interface=ether7 list=WAN
/interface pppoe-server server
add default-profile=profile_5m_vid5 disabled=no interface=vlan_5 \
one-session-per-host=yes service-name=pppoe_5m_vid5
add default-profile=profile_10m_vid10 disabled=no interface=vlan_10 \
one-session-per-host=yes service-name=pppoe_10m_vid10
add default-profile=profile_10m_vid11 disabled=no interface=vlan_11 \
one-session-per-host=yes service-name=pppoe_10m_vid11
add default-profile=profile_10m_vid12 disabled=no interface=vlan_12 \
one-session-per-host=yes service-name=pppoe_10m_vid12
add default-profile=profile_20m_vid13 disabled=no interface=vlan_13 \
one-session-per-host=yes service-name=pppoe_20m_vid13
/ip address
add address=172.16.5.2/28 interface=bridge network=172.16.5.0
add address=10.5.5.1/24 comment=ffth_vid5 interface=vlan_5 network=10.5.5.0
add address=10.10.10.1/24 comment=ffth_vid10 interface=vlan_10 network=\
10.10.10.0
add address=10.10.11.1/24 comment=ffth_vid11 interface=vlan_11 network=\
10.10.11.0
add address=10.10.12.1/24 comment=ffth_vid12 interface=vlan_12 network=\
10.10.12.0
add address=10.20.13.1/24 comment=ffth_vid13 interface=vlan_13 network=\
10.20.13.0
add address=10.11.99.1/24 comment=mgmt_vid99 interface=vlan_99 network=\
10.11.99.0
add address=10.11.110.1/24 comment=mgmt_vid1011 interface=vlan_1011 network=\
10.11.110.0
/ip dhcp-client
add add-default-route=no comment=defconf interface=ether8
add add-default-route=no interface=ether7
/ip dhcp-server network
add address=10.11.99.0/24 dns-server=10.11.99.1 gateway=10.11.99.1
add address=10.11.110.0/24 dns-server=10.11.110.1 gateway=10.11.110.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=8192KiB servers=\
1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall address-list
add address=10.5.5.0/24 list=IP-FTTH-5M-VID5
add address=10.10.10.0/24 list=IP-FTTH-10M-VID10
add address=10.10.11.0/24 list=IP-FTTH-10M-VID11
add address=10.10.12.0/24 list=IP-FTTH-10M-VID12
add address=10.11.99.0/24 list=ONU-MGMT
add address=10.11.110.0/24 list=ONU-MGMT
add address=10.5.5.0/24 list=FTTH
add address=10.10.10.0/24 list=FTTH
add address=10.10.11.0/24 list=FTTH
add address=10.10.12.0/24 list=FTTH
add address=10.20.12.0/24 list=IP-FTTH-20M-VID13
add address=10.20.13.0/24 list=FTTH
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment=zerotier in-interface=zerotier1
add action=accept chain=forward comment=zerotier in-interface=zerotier1
add action=accept chain=input comment="allow remote dns" dst-port=53 \
protocol=udp src-address-list=FTTH
add action=accept chain=input dst-port=53 protocol=tcp src-address-list=FTTH
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=netmap chain=dstnat dst-port=8292 protocol=tcp to-addresses=\
172.16.5.7 to-ports=80
add action=netmap chain=dstnat dst-port=8293 protocol=tcp to-addresses=\
10.10.11.20 to-ports=80
/ip route
add comment=starlink_main disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=10.0.0.1 routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add check-gateway=ping comment=indihome_main disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=172.16.5.1 routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
add comment=iconnet_main disabled=yes distance=1 dst-address=0.0.0.0/0 \
gateway=192.168.18.1 routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add comment=via_icon disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
192.168.18.1 routing-table=via_iconnet scope=30 suppress-hw-offload=no \
target-scope=10
add check-gateway=ping comment=via_telkom disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=172.16.5.1 routing-table=via_telkom \
scope=30 suppress-hw-offload=no target-scope=10
add comment=via_starlink disabled=no distance=2 dst-address=0.0.0.0/0 \
gateway=10.0.0.1 routing-table=via_starlink scope=30 suppress-hw-offload=\
no target-scope=10
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack6" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/ppp secret
# add 80 pppoe secret
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Makassar
/system identity
set name=RB5009
/system note
set show-at-login=no
/system routerboard settings
set cpu-frequency=1400MHz
/system scheduler
add interval=1d name=fan_on on-event="/system routerboard usb power-reset" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2025-11-05 start-time=09:00:00
add interval=1d name=fan_off on-event=\
"/system routerboard usb power-reset duration=14h" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2025-11-05 start-time=18:00:00
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN