[SOLVED] Slow speeds with ISP subnet and VLANs on CRS125

HumanDamned · November 16, 2016, 3:13pm

Hi, I’m using CRS125-24G 6.37.1.
Mikrotik is configured as switch. Eth1 - master port. Using /24 subnet from ISP as main LAN (10.254.43.0/24).

I have also added several VLANs in my config. ether2 and endpoint computers on the subnet (for example on VLAN2) have connection speed - 1Gb. BTest gives me max TCP 50Mbps (CPU load 100%) from VLAN2 to main LAN. Btest UDP - 300 Mbps . What can be the problem?

I have tried changing the queue type from hardware to ethernet-default, as it was mention here- http://forum.mikrotik.com/t/slow-speeds-when-setting-crs125-ports-to-gig/77450/1 , but it did not help.

/interface ethernet
set [ find default-name=ether1 ] name=ether1-master
set [ find default-name=ether2 ] master-port=ether1-master
set [ find default-name=ether3 ] master-port=ether1-master

/queue interface
set ether1-master queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default

/interface vlan
add comment=K201 interface=ether1-master name=vlan2 vlan-id=2
add comment=K203 interface=ether1-master name=vlan3 vlan-id=3
add comment=students interface=ether1-master name=vlan4 vlan-id=4
add comment=K205 interface=ether1-master name=vlan5 vlan-id=5

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2,ether3,ether4,ether9,switch1-cpu vlan-id=4
add tagged-ports=ether2,switch1-cpu vlan-id=2
add tagged-ports=ether2,switch1-cpu vlan-id=3
add tagged-ports=ether2,switch1-cpu vlan-id=5

/interface ethernet switch vlan
add learn=no ports=ether2,ether3,ether4,ether9,switch1-cpu vlan-id=4
add learn=no ports=ether2,switch1-cpu vlan-id=2
add learn=no ports=ether2,switch1-cpu vlan-id=3
add learn=no ports=ether2,ether3,switch1-cpu vlan-id=5

Some more reading - http://forum.mikrotik.com/t/crs125-slow-vlan-performance/86831/1
Inter-VLAN routing speed CRS125-24G-1S-IN - http://forum.mikrotik.com/t/inter-vlan-routing-speed-crs125-24g-1s-in/71678/1
Performance issue with CRS125-24G-1S-RM - http://forum.mikrotik.com/t/performance-issue-with-crs125-24g-1s-rm/74755/1
CRS226-24G-2S+ Poor routing performance - http://forum.mikrotik.com/t/crs226-24g-2s-poor-routing-performance/76812/1

kamillo · November 16, 2016, 3:32pm

Hi,

I have CRS125 at home and never had issues like this. I don’t remember my config from top of my head but it looks similar to yours. I think the problem is with a test method. You are sending a loads of traffic to the switch itself. CPU on the switch is to weak to process all the traffic this is why your are hitting 100% CPU and such poor performance in terms of bandwidth.

Try sending traffic trough the switch, from a PC to a PC (on the same VLAN), like this: PC (vlan 2) → CRS125 → PC (vlan2).

Best,

HumanDamned · November 17, 2016, 7:01am

Thank you for your reply kamillo, you are right.
I have made some more tests and here are the results
PC (vlan 3) → CRS125 → PC (vlan3) = 500-900Mbps
PC (lan) → CRS125 → PC (lan) = 500-900Mbps

PC (vlan 3) → CRS125 → PC (lan) = 10-20Mbps, speedtest.net from vlan 3 shows around 50 Mbps
PC (lan) → CRS125 → PC (vlan3) = no ping and no connection at all and that’s strange

HumanDamned · November 17, 2016, 9:15pm

run Traceroute diagnostic and here is the result:
from vlan3 tracert 10.254.43.37
Tracing route to 10.254.43.37 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.203.1
2 <1 ms <1 ms <1 ms 10.254.43.37

from lan tracert 192.168.203.254
Tracing route to 192.168.203.254 over a maximum of 30
1 4 ms <1 ms 2 ms 10.254.43.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 3 ms <1 ms 4 ms 10.254.255.16
6 * * * Request timed out.

So the main LAN network knows nothing about 192.168.203.0/24 network… May be that is the cause of the low speed between subnets? Can I somehow manually add routes to other subnets? Unfortunately I do not have access to the 10.254.43.1 switch.

kamillo · November 18, 2016, 8:32am

Hi,

Not sure if I understood your network layout but…

Your trace results:
The first one, you doing that from 192.168.203.254 to 10.254.43.37, and all is good right?
The second, from 10.254.43.37 to 192.168.203.254, which is opposite direction from what you have done in above example, and this is not working?

If I’m right your routes are fine, otherwise in the first example packets wouldn’t know how to come back to you. If this is the case you would have to check if there are no blocking rules on the router.

Best,

HumanDamned · November 18, 2016, 10:22am

Thank you for your reply,
Thats correct, the opposite direction, from 10.254.43.37 to 192.168.203.254 is not working.
from 192.168.203.254 to 10.254.43.37 - ping is good, but transfer speed is low, about 50Mbps.

There are no blocking rules in the firewall
I will run some more tests…hope to find some solution.

kamillo · November 18, 2016, 10:26am

by looks of it there is no issues with routing, I would check the router for any blocking policies/ speed policies and also check things like speed/ duplex on the interfaces between CRS125 and router

huntah · November 18, 2016, 3:48pm

maybe you are doing NAT on the oposite side 10.254.43.0/24

Check /IP firewall NAT

HumanDamned · November 18, 2016, 4:40pm

Here are my NAT rules

/ip firewall nat
add action=redirect chain=dstnat comment="transparent proxy" dst-port=80 protocol=tcp to-ports=8080
add action=masquerade chain=srcnat out-interface=LAN to-addresses=0.0.0.0

StubArea51 · November 18, 2016, 4:55pm

If you need Gigabit routed throughput, CRS is the wrong device because it won’t ever process TCP streams fast enough to get clean throughput for real applications (which is different than maxing out a bandwidth test). Consider adding a CCR1009 or RB3011 to handle routing and then connect the CRS125 in a switched mode to aggregate all of the connections.

kamillo · November 18, 2016, 7:09pm

From the info presented I’m under impression that CRS125 is not involved in routing and only acts as a switch. It looks like (cisco ?) 10.254.43.1 acts as a router. Is that correct?

HumanDamned · November 18, 2016, 7:46pm

Can’t tell anything about the upstream hardware, because I cannot manage cisco-10.254.43.1.
I hope to use CRS125 for routing as well when I deal with this slow subnet speed problem

Paternot · November 18, 2016, 7:57pm

Don’t do this. The CRS line are switches, not routers. They don’t have the CPU power to do any serious routing. CPU is there so you can manage the switch.

kamillo · November 18, 2016, 8:04pm

So you want to remove the Cisco router from your network and just use CRS125 instead?
If this is the case like Paternot said, don’t. CPU is too weak. CRS is a switch with limited routing capabilities (hardware wise)

If you need router you will be better of by looking at something like RB2011, RB3011 or CCR series. Depending on you requirements: bandwidth, firewall rules, queues, pppoe, VPNs etc…

HumanDamned · November 18, 2016, 8:18pm

Ok, I understood, thanks for the advice.

Conclusion - 1. try changing the queue type from hardware to ethernet-default, as it was mentioned here- http://forum.mikrotik.com/t/slow-speeds-when-setting-crs125-ports-to-gig/77450/1
2. For CRS125 50-200Mbps (depends on your routing rules) is a normal speed for routing between different subnets