Unable to get full gigabit speed on RB750Gr3

RouterOS General
1

I have a gigabit connection from my ISP. When I connect the fiber modem to my iMac directly and make PPPoE connection on iMac, I can get 940 Mbps on speedtest.net.

But when I go through RB750Gr3 as a router to do the PPPoE connection, the max speed I can get is only around 800 Mbps and sometimes much slower like 600-700 Mbps.

What could be the problem?

/interface bridge
add admin-mac=6C:3B:6B:B0:04:56 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mru=1492 max-mtu=\
    1492 name=time user=***
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.0.200-192.168.0.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=time list=WAN
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=\
    192.168.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.1 gateway=\
    192.168.0.1
/ip dns
set allow-remote-requests=yes servers=1.1.0.0,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Asia/Kuala_Lumpur
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
2

Most likely the device is not powerful enough, check system / resources while testing to check CPU usage.

3

The CPU usage of the RB750Gr3 was below 50% during my tests, so this is not an issue right?

4

Hello,

Based on your setup, you may get less than gig. If you look at the gr3 specs, you’ll see that with filters and bridges, throughput goes down depending on packet size.

Regards

Sent from Tapatalk

5

Is there anything I can do to get the full speed on RB750Gr3? I am keeping the minimum setting as you can see from my config.

The CPU usage is under 50%, doesn’t this tell that the CPU is still capable?

6

I would agree with R1CH here. I just tested mine with a 120Mbps link and my CPU can peak up to 35%, although my firewall is a bit more elaborate, but I have minimal bridges.

If you compare the hEX with a RB3011, the 3011 his about 2x more powerful while the RB4011 is roughly 7x more powerful (than the hEX).

Depending on your futur needs, you might want to turn to one of those models.

Regards,

7

Use fasttrack and you should be able to max out your uplink.

You are seeing 50% cpu because you probably maximize only one core.

You should check tools > profile to see what’s using the cpu.

8

So now my problem would be whether I need a better model.

My RB750Gr3 doesn’t use up the CPU and yet it doesn’t achieve the full speed, is it my config problem or the hardware limitation?

9

The RB750Gr3 has one CPU. This CPU has two cores. Each core has two threads. So, the CPU has four threads total. Why is it important? Because if You look only at the aggregated CPU usage You can miss a single thread at 100% - that would show as 25% usage.

Compare this two examples (both from a 750Gr3):

/tool profile cpu=all
NAME                    CPU        USAGE
ovpn                      0           0%
ethernet                  0         0.5%
console                   0         0.5%
dns                       0           0%
firewall                  0           0%
networking                0         4.5%
management                0         0.5%
cpu0                                  6%
ethernet                  1           0%
ssh                       1           0%
firewall                  1           0%
networking                1           0%
management                1           0%
cpu1                                  0%
ethernet                  2         0.5%
firewall                  2           0%
networking                2           0%
management                2           0%
cpu2                                0.5%
ovpn                      3           0%
ethernet                  3           0%
console                   3           0%
firewall                  3           0%
networking                3           3%
management                3           0%
bridging                  3           0%
cpu3                                  3%

/tool profile cpu=total
NAME                    CPU        USAGE
ovpn                                  0%
ethernet                              0%
console                             0.1%
dns                                   0%
firewall                            0.1%
networking                          1.8%
radv                                  0%
ipsec                                 0%
logging                               0%
management                          0.2%
profiling                             0%
bridging                            0.1%
total                               2.3%

I did a Speedtest on both, to put some strain on the CPU. My link is slow (30Mbps), so it’s not much of a load. But it’s enough to show what I wanted: With the total, the CPU usage is 1,8%. But when displaying all threads we can see that we have one thread running at 4,5% and another at 3%. Add both and divide by four, and we get 1,875%. Close enough of the first example.

So. Take a look at tools profiling - but ask to see all the CPUs. You may find that some of them are hitting 100%…

10

No, you don’t need a better model. You need to configure FastTrack and you will able to reach 1Gbps.

11

And don’t forget the three location where FastPath is defined. I the one in the Bridge was off and my upload dropped from 750Mbit/s to 120Mbit/s and download was not affected by that and stayed at 520Mbit/s all the time.

There is one also in IP Setting and don’t forget to enable route cache there because that kill speed if not enabled.

12

Your firewall rules do include fasttrack rule, but your forward rules are below the input.
Move all chain=forward rules to the top, with fasttrack being the very first rule

13



Thanks for the information on the multi thread, this is what I missed out when I claimed under 50%.

I tested again and looked at the all cpu profiling, one of the CPU is hitting 70-80%, some times 90%.

14

As you can see from my config in the first post. I already enabled Fasttrack.

I confirmed that FastPath at both bridge setting and IP setting are enabled.

I tried it, and even removed all other rules, it does not seems improving my speed.

15

After a lot of attempts, I found disabling the bridge STP protocol improving the speed, from ~840 Mbps to ~900 Mbps.

This is the only thing I found useful now, a lot closer to the max speed of 940 Mbps now.

16

Are You testing the speed with a single connection? Try with more than one (torrent is an option). Spreading the load can help things, as You use all the available threads.

17

https://mikrotik.com/product/RB750Gr3#fndtn-testresults

18

All the while I am testing with speedtest.net, on the website and its Mac app.

19

better test with http://www.dslreports.com/speedtest
gives you a better insight in what is happening
Screen Shot 2018-10-13 at 11.22.39.png

20

Francois, this is nothing but a superstition. The order of the chains (input, output, forward) in a table doesn’t matter at all; the order of rules within the same chain does. So you can even place the rules like I1, O1, O2, F1, I2, O3, F2, F3, F4, I3, I4, O4 and it will still work, and each packet will only be handled by rules of its respective chain. Such a messy way of entering the rules makes human analysis of them a mission impossible, but the ipfilter running deep inside gets them sorted into the distinct chains with distinct entry points, so e.g. forwarded packets don’t have to skip input and output rules which are above the first forward rule in configuration.

Strictly speaking, what should be as high as possible among the forward rules is the action=accept connection-state=established,related one, because the bulk of the packets matches to this rule, so they should not have to be matched against any other rules before reaching this one; unfortunately, action=fasttrack-connection has to be even before it, otherwise it wouldn’t work. But once a connection becomes a fasttracked one, most of its packets do not pass through the firewall at all, not even through the action=fasttrack-connection one.