I recently connected two subnets with routing. The configuration works fine - however I have a problem with speed.
Two subnets: #1: 192.168.0.0/24 [ether1; 1Gbps] #2: 192.168.1.0/24 [ether5; 1Gbps]
No Firewall rules / No NAT
I copied files between two devices:
192.168.0.31 to 192.168.1.4 ~130 Mbit (CPU Usage @ Mikrotik max. 6 %) [Speed is above 100 Mbit]
192.168.1.4 to 192.168.0.31 ~550 Mbit (CPU Usage @ Mikrotik max. 17 %)
When both devices are in the same subnet without the Mikrotik Router, I have no problem: Transmission Speed in both directions ~1000 Mbit (same infrastructure and cable length).
All port are independent, right? Not sure about the first transfer, but the second test is reaching physical limitation, as both ether1 & ether5 are on same data bus, which is limited to 1gbs.
Thank you very much.
Do you know how to check wether all ports are independent?
UPDATE:
I changed the ports… ether2 = subnet1 and ether5 = subnet2. However, speed is still very slow in one direction (130 Mbit) … I really do not understand why speed is only slow in one direction?!?
Wow - you reach 1 Gbit.
Do you have the same hardware? hex S?
According to architecture for disabled switching I changed the ports as already stated before (using now ether2 and ether5). CPU usage is still very low <20%. Connection Logging is disabled and NAT is also disabled. FastTrack is active.
How to make sure that switching is disabled?
I removed all ports from bridge - bridge itself is still active.
Could it be that MikroTik has a problem with long cable length? The connection is around 60m (CAT7).
What kind of information do you nedd? Is there a terminal command available to view configuration protocol?
I have another strange observation:
Fritzbox in subnet 192.168.0.0 shows also all devices of subnet 192.168.1.0
Fritzbox in subnet 192.168.1.0 shows only devices of its own subnet; devices of subnet 192.168.0.0 are not listed
Fritzbox [IP 192.168.0.1] in subnet 192.168.0.0 has a static route 192.168.1.0/255.255.255.0 with gateway 192.168.0.254 [IP of Mikrotik]
Fritzbix [IP 192.168.1.1] in subnet 192.168.1.0 has a static route 192.168.0.0/255.255.255.0 with gateway 192.168.1.254 [IP of Mikrotik]
The problem with the Mediatek MT7621A design is that you have to keep traffic out that is local->local to enter the processor. This is not possible so I mark it as “notrack” traffic and so it will be not going in/through the connection table. Enabling the switch option does not work because it is automatically disabled again.
so for me:
NoLOCALgw = 192.168.0.1 - 192.168.0.253 [MikroTik IP = 192.168.0.254] AND 192.168.1.1 - 192.168.1.253 [MiktoTik IP = 192.168.1.254]
LOCAL all = 192.168.0.1 - 192.168.0.254 AND 192.168.1.1 - 192.168.1.254
Under which section do I have to maintain the lists? IP → Firewall?
I would like to use the MikroTik router just to connect two subnets - nothing more.
Hmmm I was moving files using FTP inside my network and saw that in beginning that I still got a high load and after a short time that dropped.
So I could abandon the untrack thought and use the following filter (ip firewall filter)
/ ip firewall filter
add action=reject chain=forward dst-address-list=noLOCALgw reject-with=icmp-network-unreachable src-address-list=LOCALall
If I am correct I am telling the transmitter that this is not the correct path and that an other way has be found to move traffic…for me that is the switch in front of the hEx S.
This does NOT work fine and new connections do not start. The Brigde states hardware offloading but it start after few GB transferred.
FYI: You’re reading the block diagram wrong. The Hex S is capable of routing a full gigabit one way even on ports which use the same path to the CPU. Each of the two gigabit CPU links is 1 Gbps in and 1 Gbps out. You only need to use ports which are on separate links if you want to route a gigabit in both directions simultaneously. In that case you should be able to route 2 Gbps (1 Gbps each way).
What’s important on the Hex S is that it must use fast tracking, because it can’t handle connection tracking at line speed without it. Any feature which prevents fast tracking from working will ruin the routing throughput. (This also means you have to decide if you need IPv6 connection tracking or full speed IPv6 routing. You can’t have both because there is still no IPv6 fast tracking.) The throughput without fast tracking is about 500 Mbps.
