Satellite connection optimization

I am on a satellite connection to the internet and my average ping to yahoo ranges from 800+ms to a max of 950.

My three questions are as follows:

Whats the best value for the MTU for the lan card connected to the Linkstar box? (its currently at 1500)
Also since i am on a satellite connection my dns can take half a second to a second to resolve. So i would love to make the dns cache in routeros be first before going out and doing the dns from the ISP.

Another thing would be to have the web proxy work its magic so (just like the dns) i can get the cached stuff first.

Any help on how to do these things would be greatly appreciated.

Welcome to the world of satellite. At the speed of sound (which sat signals travels at), it takes about 300ms to go to the satellite, and 300ms to get back down to earth. At best, you can have arround 500ms / 600ms. Add to that, overhead, small latencies you get all over the internet…

Your pings are quite normal.

Oh, really?

300ms=0.3s
speed of sound at sea level = 340.29 m/s (ask Google)

0.3s * 340.29 m/s = 102.087 m (Altitude of the satellite)

Sorry, could not resist

Eugene

Yes, really

http://www.vsat-systems.com/satellite-internet-explained/latency.html

23,000 miles up, 23,000 miles down… 46,000 total. Let’s presume it does not get bounched arround from one satellite to another either…

Given, it’s the speed of light, not the speed of sound…

Light travels at a speed of 186,000 miles a second (when it’s not in a vacuum) - also keep in mind that pressures and the like also influences it. Therefore absolute MINIMUM latency on a 46,000 mile trip will be approx 0.4 seconds (400ms)

Add to that, that even on copper and wireless, networks aren’t perfect and transmission errors occurs… The retransmission of packets… Add congestion on the satellite hub as well as on the transponders on the dish itself in the sky… Remember also that transmission errors occurs both from your CPE to the Satellite, as well as from the Satellite to the satelliet hub (earth station)…

I don’t think I’m to far off…

and while i’d love to sit here and talk about the speed of light and sound with you guys i am desperate to know the answers to my questions so here we go again:

My three questions are as follows:

Whats the best value for the MTU for the lan card connected to the Linkstar box? (its currently at 1500)
Also since i am on a satellite connection my dns can take half a second to a second to resolve. So i would love to make the dns cache in routeros be first before going out and doing the dns from the ISP.

Another thing would be to have the web proxy work its magic so (just like the dns) i can get the cached stuff first.

Answer… Except maybe a bit og QoS… Nudda

1. The link is managed by the linkstar,
2. Any possibility of optimisation on the link / throughput, will happen on the linkstar,
3. Anything related to the flow of the data into space, You guessed it… LinkStar

damn. this linkstar gadget does everything then eh?

well i’ll be damned!

Hi there,

RouterOS DNS cache can help a lot
There is a firewall rule that can intercept all DNS request and redirect to DNS cache
ip firewall nat >

;;; intercept all DNS requests
chain=dstnat protocol=udp dst-port=53 action=dst-nat to-addresses=x.x.x.x to-ports=0-65535
(where x.x.x.x is address of your gateway)

also there is rule to do transparent proxy (intercept all traffic that goes to http port 80 to proxy)

ip firewall nat >
;;; Transparent Proxy
chain=dstnat dst-address=!x.x.x.x protocol=tcp dst-port=80 action=redirect to-ports=3128
(where x.x.x.x is address of your gateway)

By applying this you will not save much bandwidth but you surfing will go smoother

Cheers dude…

thanks djape.

heres what i have now.

please advise:

[admin@grnzne-inet] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; masquerade hotspot network
     chain=srcnat src-address=192.168.0.0/24 action=masquerade 

 1   ;;; masquerade hotspot network
     chain=srcnat src-address=192.168.0.0/24 action=masquerade 

 2   chain=dstnat in-interface=ether2 dst-address=0.0.0.80 protocol=tcp 
     action=redirect to-ports=8080 

 3   chain=dstnat protocol=udp dst-port=53 action=dst-nat 
     to-addresses=192.168.0.1 to-ports=0-65535 

 4   chain=dstnat dst-address=192.168.0.1 protocol=tcp dst-port=80 
     action=redirect to-ports=3128 
[admin@grnzne-inet] ip firewall nat>

also it seems whenever the router is restarted the dns cache is flushed. how can i get it to KEEP the cache? we have lots of power outages here and the router is always rebooting. (no worries. its protected by a UPS)

Why do you have masuarading rules for same network? 0 and 1?
Field 2, why is dst-address=0.0.0.80 what does that mean?
Field 4 you should set dst-address=!192.168.0.1

I never noticed that DNS cache is lost after reboot…

Cheers…

field 2 is currently disabled. it didnt make sense to me either to i turned it off.

the masquerading stuff was done by hotspot automatically.

i have also disabled the transparent proxy and the dns redirect.

the only thing i have on is the 1st one: ;;; masquerade hotspot network

also i am not 100% what this does anyway but if i disable it my hotspot wont work.

so to sum up it looks like this for me:

[admin@grnzne-inet] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; masquerade hotspot network
     chain=srcnat src-address=192.168.0.0/24 action=masquerade

 1 X ;;; masquerade hotspot network
     chain=srcnat src-address=192.168.0.0/24 action=masquerade

 2 X chain=dstnat in-interface=ether2 dst-address=0.0.0.80 protocol=tcp
     action=redirect to-ports=8080

 3 X ;;; ;;; intercept all DNS requests
     chain=dstnat protocol=udp dst-port=53 action=dst-nat
     to-addresses=192.168.0.1 to-ports=0-65535

 4 X ;;; ;;; Transparent Proxy
     chain=dstnat dst-address=192.168.0.1 protocol=tcp dst-port=80
     action=redirect to-ports=3128
[admin@grnzne-inet] ip firewall nat>

Ok, this is cool

0 ;;; masquerade hotspot network
chain=srcnat src-address=192.168.0.0/24 action=masquerade

1 X ;;; masquerade hotspot network
chain=srcnat src-address=192.168.0.0/24 action=masquerade

2 X chain=dstnat in-interface=ether2 dst-address=0.0.0.80 protocol=tcp
action=redirect to-ports=8080

3 ;;; ;;; intercept all DNS requests
chain=dstnat protocol=udp dst-port=53 action=dst-nat
to-addresses=192.168.0.1 to-ports=0-65535

4 ;;; ;;; Transparent Proxy
chain=dstnat dst-address=!192.168.0.1 protocol=tcp dst-port=80
action=redirect to-ports=3128

HI!

example i have 3 cyber with 22 PC in total, and 20 home user customers for internet, and the satellite give burst to 1024 kbps

i have squid (webproxy Mikrotik), and Dns cache.

but bercafull, with Cache dns, i have to much trafic, (cyber), to Dns, and my Dns go to full quickly.

i change this parameter, /ip dns cache set max-cache-limit=30m

by default in Mk is 1w = 1 week for TTL, i was changed to 30 minutes.

the reason, is because, one time, try use the internet, and the browser need time for open a website, but when use FTP go very fast mmmmm

i see in dns cache, is full, and take time for search the domain for give the IP or go to other dns.

other symptons is the CPU go to high example to 40%, now is 0% to 4%


now my service go very fast,

my satellite service is share service and my CIR is 512kbps and MIR to 2mbps (only in the night 11:30 am to go). the rate go to 800 kbps in the day to little up to 1024 kbps

Best Regards

I am running a WISP in africa, with two vsat links.

Exactly because of the reasons mentiod about dns cache performance dragging down the whole network we decided to buidl a big fast server to handle the caching.

We use a pentium 4ghz server with 1gb of ram and good fast scsi disks to ensure that the caches can be served quickly both for DNS and for webproxy.

This was worth it in view of the cost and performance of vsat bandwidth.

Same box is doing link aggregation and failover with no problems.