I have been using a MikroTik Hex for quite awhile without any difficulties. I recently swapped systems over to CRS326-24G-2S+.
Current Version: v6.45.2 Current Firmware: 6.45.2
Since the switch over to the new system I have been getting horrible speeds. I have a 1000/1000 connection at my house. All of my speed tests are returning roughly 14-25/0.75. Testing the internet connection directly confirms that the speed is working from the ISP provider correctly.
When I transitioned systems I did a manual setup of the initial settings on the CRS326. Then did an export compact from the Hex into the CRS326 and made some minor modifications. All of the systems are running, connected, and have internet.
But something is seriously impacting the speed. Any ideas on what could be causing this issue?
So as an update I am not sure what is going on with the system. I abandoned the CRS as the support team said that it was not a good item to use for routing. Purchase a newer HEX box figuring that something must of went wrong with my old box.
I have tested the wiring from the fiber optic box, to the patch panel, to the router. Each and every spot returns 1000/1000 when I am plugged directly into the PC. Including the line that is plugged into the router when it is not plugged into my PC. After attaching the routing and directly connecting to it my speeds trim all the way down to 210-126/8-12 on each side. This is a drastic impact.
At this point I am not using any restored settings. I am using the default out of the box configuration (nothing special). I have made a couple of adjustments. By setting the queue to ethernet-only on the WAN connection and verifying that the ethernet ports were operating in HW-offloading. I even setup two bridges to test settings changes at one point. But this seems to affect me where I am using my massive pile of configuration settings or whether I am using the factory self-configuration.
Any thoughts? This is impacting a number of critical services that rely upon this internet speed.
LAN IP address is bound to ether2 which is slave device of bridge … and that’s wrong. Move it to bridge interface.
Any good reason to limit advertised speeds on ether ports only to 1000-full? Autonegotiation will select it if both link partners support it, negotiation of anything else indicates problems … which have to be solved rather than masked by limiting autonegotiation possibilities.
Where would I change this setting? I found the WAN ethernet but according to winbox it is already linked to the bridge. Perhaps I am looking in the wrong spot?
Did this following advice from another forum board here (actually multiple forum postings) regarding people experiencing issues with network speed on the HEX. It was done in an attempt to try that solution. I have enabled the default ones. Reran a speed test. Result below.
Here is my updated configuration output:
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.45.2 (c) 1999-2019 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@ReichHub] > /export compact
# jul/25/2019 11:32:11 by RouterOS 6.45.2
# software id = WD8P-ZQPL
#
# model = RB750Gr3
# serial number = 8B000A2ABF57
/interface bridge
add admin-mac=74:4D:28:11:B1:D0 auto-mac=no comment=defconf mtu=1500 name=\
bridge protocol-mode=none
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/queue interface
set ether1 queue=ethernet-default
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether5
add bridge=bridge interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=10.0.0.1/24 comment=defconf interface=ether2 network=10.0.0.0
add address=198.15.7.219/24 interface=ether1 network=198.15.7.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=198.15.0.2
/ip dns static
add address=10.0.0.1 name=router.lan
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ip route
add distance=1 gateway=198.15.7.1
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=ReichHub
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@ReichHub] >
Just to post verification that the lines appear to be in working order.
Test w/ ROUTER hooked up and computer hooked directly into router Test w/o ROUTER and internet line hooked directly into the computer
Side thought … Is there any reason why a computer might be able to read a combination of different kinds of wiring such as T568A vs. T568B better than the router? I did redo the wiring in the patch panel about the same time this problem started. But since the computer gets a perfect connection I have ruled out anything problematic there.
Just to keep the progress of this up to date. Been working in tangent on this with the MikroTik support team. They requested the same CPU monitoring in screenshots sent them.
This testing was in line with the original testing done above. Resource usage during test:
I have couple RB750Gr3 but none of them were able to reach more then 300 Mbps for file transfer in routing only mode (No NAT).
To test this issue try to use the “Bandwidth Test” tool of mikrotik.
Take a look at this post: http://forum.mikrotik.com/t/public-mikrotik-bandwidth-test-server-s-now-shutdown-as-of-april-1st-2025/94863/1
It has ip addresses and usernames for speedtests.
This test will give you a starting point to what you might be able to expect from the Mikrotik device CPU to do for you.
By the way, did you had any chance and looked to the: “Ethernet test results” section of the device? https://mikrotik.com/product/RB750Gr3#fndtn-testresults
By default I look at the “25 ip filter rules” section to know what is the basic “worst case” scenario for this device.
The issue has been discovered. I worked this issue from this end as well as working with our local ISP (we are a small community makes it easier).
Apparently the FIBER boxes that we have in the house do not recognize new routers correctly without being rebooted. So the system has some kind of fault that occurs that causes a degradation in speed until the system has been rebooted. But since I was doing testing from the ISP box and switching routers while I was rebooting. I never was able to determine a fault with the ISP box and not with MikroTik.
So in this case the problem was with the ISP machinery.
Either way, I appreciate the communities support in helping to find a solution to the problem!
Just poping out to show:
Routing 25 ip filter rules 92.9 1,128.2 94.1 385.4 93.8 48.0
The worst case scenario is 48.0 Mbps but you can argue other that it’s not a real worst case..
About your mentioned talk presentation:
Single TCP connection throughput: 358Mbps ?? without fastrack? OK..
I really don’t care about a single TCP connection for a network… if it’s true at all.
On my tests with iperf and simple NAS and other real world services like WEB and DB the reality is different.
I have here a tiny set of servers and the maximum I got between the Hypervisor to the NAS via the RB2011 while Route Cache is OFF in a routed setup was less then 200 Mbps.
With this the CPU was 100% and slow speed.
In my scenario what I did eventually was to separate the NAS+Servers and put them in a rack with a simple CRS326-24G-2S+RM which does better then the RB2011 but still only with Route Cache and FastPath.
I am not arguing about my setup to be different then others but, who cares? it works for you.. that what matters.
