If you don’t need the SFP Port and only use IPv4 you can get hap ac², it will route gigabit with stateful IPv4 firewall and fasttrack enabled.
If you need gigabit speed with IPv6 or IPv4 without fasttrack, I think the way to go is RB4011.
PS: You shouldn’t use backup/restore across different devices. Use /export instead.
The following link demonstrates that the hEX can do 900 Mbps
Perhaps you could request from user @archerious … to post sanitized configuration that may assist you to achieve the same performance.
Why would you buy a router and then ask this question…
“Is the HexS RB760iGS able to get 900MBPS, using PPPoE together with a VLAN?”
Well based on the AVAILABLE information before purchase (let alone asking on the forum), the short answer is hell no!
Using the 512 byte size words and 25 filter rules as a real world guide - 700-800ish is reasonable WITHOUT ipsec.
With IPSEC - I would say you would be lucky to get 200ish.
Even with ipsec, an RB4011 will not get you 1gig VPN performance but somewhere in the 700-800 range.
You need to look at the CCR1009 series for 1gig VPN performance. https://mikrotik.com/product/CCR1009-7G-1C-1SplusPC
You won’t get 900Mbps through VPN with this router, period. You MAY get 900Mbps with PPPoE and without VPN.
What I would suggest is:
Do an export of the config. EXPORT, not backup.
If you have any certificate or keys on the device, export them too.
Save them on your computer.
Upgrade it to the latest “stable” or “long term”. Upgrade the firmware too.
Disconnect from the internet.
Reset unit to factory defaults.
You should have now a minimal config, with a small firewall and fasttrack enabled and set. Take a look at the firewall rules, just to be sure. They should be there. Set the ports to reflect Your needs. The SFP one should be part of the WAN interface group, should be removed from the “LAN” interface group (if it is there, I don’t know) and should be removed from the “bridge”. You need to create a PPoE connection, and put its interface on the WAN group too.
Do the same with the eth1 port, if it isn’t already done.
Reconnect the router to the internet. Check to see if the PPPoE is connected.
Test the speed, without VPN.
This should give you an idea about max routing speed. Maybe there is some extra tweaking to do, but should be minimal. The hard part is to get more performance from the VPN - THAT is best left to someone else.
then copied partial configs… (I had some really old stuff and just removed those)
upgraded the router software to latest long-term
upgraded the firmware
disabled the sf1 interface, but left it in the bridge: still listed in the bridge
My best results:
DOWNLOAD Mbps 477.93. ( My ISP Max is 900MBS )
UPLOAD Mbps 295.37 ( My ISP Max is 500MBS )
My ISP requires me to set the VLAN=10… Wondering if that might add load to the router, and if I can maybe set the switch default to 10, currently my default is 1.
Would that help to improve performance?
They are bellow what I expected. Not much, but some. Based on my CPU usage (I have an hEX - RB750Gr3, basically the same thing, without SFP), I estimated something about 600Mbps, with PPPoE.
Yes, the VLAN will use some CPU. Don’t know how much, never used it with this unit. What I find weird is the slow upload speed: You should get something like the download speed, since both are lower than your upload.
Well, first things first.
Your firewall should have one rule to fast track. The reason I said to you upgrade before the reset is because Mikrotik sometimes tweak the default firewall rules. By upgrading first and reseting later we get the latest version of them. No problem. Take a look at the firewall rules, and find the fast track one.
I’m looking for one called “defconf: fasttrack”. It should be in the “forward” chain. It should be the fourth rule, from the top. Is it there? Is it beeing used (look at its counters)?
Thanks for the tip regarding the Firewall rules, I did a check as I had a screen shot, and the rules appear to be
visually the same. Phew!
I was really being silly, I forgot the simple fact that I am testing the speed over WiFi,
which should theoretically get good results, but still.
My WiFi (UAP-AC-LITE) can do: 867 Mbps @ 5Ghz on paper
After plugging in into a LAN port I got new results, not all test sites I get good results and the strange thing is that closer test sites give worse results.
Here is my best I have seen:
DOWNLOAD Mbps 861.57
UPLOAD Mbps 321.56
At some point I saw a 917Mbps download too, but did not capture the results.
I did find that I had to test on several servers, non of them give the same test results, all vary quite a bit.
Hoorah!!!
Wondering if the RB411iGS do better, I suspect the drastically varying speeds is because of the ISP and test servers, and not the Hex-S router.
How can I make sure the router is not the cause? (itching to get the RB411iGS )
I found this diagram which I think is more inline to my configuration.
My eth1 is not part of the bridge, and
ether2, ether3, ether4, ether5, and the sfp1 is part if the bridge. (sfp1 is disabled and is also not plugged in)
Furthermore my ether2, ether3, ether4, ether5 all have HardwareOffload enabled.
I found that diagram always a bit strange. It states “integrated switch chip” integrated in the CPU? The the diagram is then not logical.
That is why I prefer the other diagrams.
If you reach 500Mbit/s then fasttracking is working or you would be around 250Mbit/s. Look for way to optimize your rules to get more speed.
I have since a few weeks a 4011 and it a good product but like the hEX S some edges. My SFP works since before yesterday and yesterday I solved also why my MTU was to low. Solved that by restarting the SFP after four seconds, on connect through PPPoE.
Mikrotik is now releasing ARM 64 bits like a new AC2 and 2004 but they a bit more expensive.
Just stay while on the hEX S and look for a next router if VPN over 500Mbit/s is needed.
WiFi has a lot of overhead: You should get effective speed at about 60% of connection speed. This is a WiFi thing, it’s not related with Mikrotik. 60% of 867 = 520,2. I’d say the first test where limited by WiFi.
I believe that You are limited by Your ISP now. The download speed got where it should(ish) be, and the upload speed is limited by something else.
I think this is a schematic diagram - the connections are not to some ports. I think we have:
CPU → two full duplex 1 gigabit links → switch chip → five ethernet ports.
If we use (say) eth1 as WAN, and the other five as LAN, the traffic will:
Enter eth1
Travel through one of the two 1 gigabit links
Go to the CPU, to be routed.
Get out of the CPU, to one of the others ethX, using one of the two 1 gigabit links
Response comes back via the same ethX and goes back in reverse order.
So, we use the links twice, since they are on the same switch chip. That’s the reason this unit will NOT do more than 1,9Mbps: no more internal links. Real world scenario it does far less - but that’s not the point.
sorry to add to this old post but im having a similar issue, we have a 330MB fibre
ive factory reset RB760iGS, PPPOE, no VPN,upgraded to 7.6, but i cant get more than 120MB through the speedtest?
ive tried changing MTU on pppoe, no difference
enabling/disabling the change tcp mss, no difference?
disabling all firewall rules, no difference?
tried no computers connected to any ports expect our ONT on port 1
i dont no what else to try?
i can connect my laptop and other routers to the ONT and get the full wack no problem?
Set the ports to reflect Your needs. The SFP one should be part of the WAN interface group, should be removed from the “LAN” interface group (if it is there, I don’t know) and should be removed from the “bridge”. You need to create a PPoE connection, and put its interface on the WAN group too.
