Router Optimization

bissy121 · December 10, 2018, 10:41am

Hello all,
and i wish you all happy holidays in advance.

Now, to get the elephant out of the room, i am a begginer in ROUTER OS.

I have a Cloud Core Router 1016-12G - as a Router with fixed IP as ISP connection type.
Behind that there a a few CRS326-24G-2S+RM and a zyxel 24 Port POE switch which hold CCTV system made of IP cameras.

Now first things first, i have cleared the Router to default, gave it access to internet, and made my forwarding rules for cameras in NAT section.
So far so good, everything works, however im losing connection to cameras and gaining it back, as if the equippment is struggling to process all the traffic.

I have plenty of Bandwidth for my router (300 UP and 300 Down ) my cameras should take 120 mbps tops. However when i try to view them through internet, they seem to struggle, frame drops , image drops, connection lost, etc.

i suppose the router is the problem.

So now to my question:

How do i optimize the router to process the streams and pass them on ? Also how do i secure it better ?

i would look, but i dont know what to look for.

Please help, or at least point me in the right direction to look at.

Thank you for your time.
Dan

UPDATE*** i implemented some Fasttrack rules…from what i found on google/forums and the issue is less pressing…more quality, less dropouts, but still the problem is there..however the quality improved a lot.

WeWiNet · December 10, 2018, 1:32pm

First thing check system/ressources (CPU load / memory).
Only if that is maxed out, drops could be due to the router load (which I doubt).

Check firewall rules and put the most hit ones come first (if possible).
But again, if CPU is not 100%, that should not be an issue.

bissy121 · December 10, 2018, 1:56pm

Hello WeWiNet,

thank you for your reply.

You are right sir, i have checked both ends of my Router ( Router with CCTV) (Router with server receiving streams) both are load 1-3%. and plenty of free memory.

However i am still getting the gray image/frame drops in my cameras. How do i troubleshoot this ?

-internet speeds are great and way over the requirement on both ends.
-required ports are forwarded.

i have about 72 NAT rules for cameras only ( could that be a problem ? however it did not reflect in resource usage)
Router shows below then 3% load.
if i access a single camera on browser same thing…works ..works…connection error…works …frame drop…works…and so on

also this is what i added and seemed to improve the situation a bit.

/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related dst-port=XXXX protocol=tcp comment=“Cam port”

i added the above for all ports used by cameras.

Any other ideeas ?

matuss · December 10, 2018, 2:22pm

Are you sure that your IP cameras use TCP? Almost all should use UDP for video transfer.
You could check it by using packet snifer for a brief moment while watching camera stream and then see if TCP or UDP was used.

bissy121 · December 10, 2018, 3:31pm

They use TCP. i just checked

anav · December 10, 2018, 8:43pm

post config please

bissy121 · December 11, 2018, 7:56am

This is the conf:

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

add action=dst-nat chain=dstnat comment="Camera 1" dst-address=X.X.X.X \
    dst-port=4901 in-interface=ether1 protocol=tcp to-addresses=\
    192.168.10.201 to-ports=80
    
add action=dst-nat chain=dstnat dst-address=X.X.X.X dst-port=1024 \
    in-interface=ether1 protocol=tcp to-addresses=192.168.10.201 to-ports=\
    1024
    
add action=dst-nat chain=dstnat dst-address=X.X.X.X dst-port=9001 \
    in-interface=ether1 protocol=tcp to-addresses=192.168.10.201 to-ports=\
    9001
    
    and so on for other 23 cameras


ALso these fasttrack rules which seem to improve the situation a bit

/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related dst-port=4901,4902,4903,4904,4905,4906,4907,4908,4910,4911,4912,4913,4914,4915,4916,4917,4918,4919,4920,4921,4922,4923,4924 protocol=tcp comment=""
/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related dst-port=1024,1025,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047 protocol=tcp comment=""
/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related dst-port=9001,9002,9003,9004,9005,9006,9007,9008,9009,9010,9011,9012,9013,9014,9015,9016,9017,9018,9019,9020,9021,9022,9023,9024 protocol=tcp comment=""

Thing is..that it works ..sort of…but losing connection often, getting grey image or frame drops.

My 1st guess was something is bottlenecking…but the ISP speeds are way above requirements, routers are using <3% CPU.

I am going to make some tests on site…to rule out some more theories.

karlisi · December 11, 2018, 12:05pm

I hope you have also some rules to protect the router from attacks, not only those shown, and your router isn’t transferring any malicious traffic too.

IMHO it’s enough to have 1 rule instead of 3 in forward chain, not needed to specify ports

/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related