Hi all!
I’m new to MikroTik devices and, other than having once run a Gentoo netfilter box as my home router, to network administration in general. Now I’m trying to build a ridiculously overengineered multigigabit homelab, and I’m really running into the limits of my knowledge.
So far, I’m trying to prototype the new network with of its NAS+VPN+DNS+VDS glory behind my already running consumer-grade NAT, and then migrate it all at once. So what I have now is:
{WAN}
|
(coax)
|
[ARRIS TG4482A xFi Gateway 3rd Generation, router mode, LAN IP: 10.0.0.1] --------------> {WLAN1}
|
(2.5GBASE-T)
|
[TRENDnet TEG-30102WS 2.5G Switch] --- (2.5GBASE-T) --- [ScreenBeam ECB7250 MoCA 2.5 adapter) ---(coax)--- [ScreenBeam ECB7250 MoCA 2.5 adapter]
| |
(2.5GBASE-T) (2.5GBASE-T)
| |
[MikroTik CRS305-1G-4S+, bridge mode, IP: 10.0.0.92] ---(10GBASE-T)---[PC1] [QNAP QSW-1105-5T 5-Port Unmanaged 2.5GbE Switch]
| |
(10GBASE-T) (2.5GBASE-T)
| |
[MikroTik CRS317-1G-16s+, router mode, WAN(SFP+1) IP: 10.0.0.242, LAN IP: 192.168.0.1]---(10GBASE-T)---[PC2] [TP-LINK Archer AX11000, bridge mode]
| |
(10GBASE-T) V
| {WLAN2}
[PC3]
I set up CRS317-1G-16s+ via QuickSet as best as I could after watching https://www.youtube.com/playlist?list=PLCvN_Pl1Blxh2ejJCGI4T-xzL3VrYtsKS and https://category5.tv/feature/mikrotik, and I’m now trying to test the absolute basic routing.
[PC1]
,
[PC2]
, and
[PC3]
all contain known good 10GBASE-T NICs, and I’m trying to evaluate the performance of the network by running
iperf
and
iperf3
on default settings between them. I’m getting:
- PC2 ↔ PC3 ~6Gbps - this seems expected, since multigigabit networks can be difficult to saturate in a single thread, without fine-tuning both the network itself and iperf.
- PC1 ↔ PC2 ~450Mbps - this is way below anything that I can write-off as a matter of fine-tuning.
- As a sanity check, I reconnected PC2 to CRS305-1G-4S+ and tested connection between it in the new location and PC1, to verify that PC1 and CRS305-1G-4S+ can generate enough traffic to saturate the WAN port of CRS317-1G-16s+ - and yes, this connection also generates about 6Gbps.
This seems to eliminate the possibility that it could be an issue of
iperf
, NICs, cables, or CRS305-1G-4S+. I considered the possibility that SFP+1 transceiver and/or port could be the culprit, and as a sanity check, moved the WAN port to ether1. I originally avoided doing this because I wanted to avoid capping WAN at 1GbE (not that it really matters - I’m only getting about 1.2Gbps Rx and am much more bottlenecked by the 40 Mbps Tx anyway - so if it’s somehow impossible to effectively use SFP+1 as WAN, ether1 is good enough, but if I can make it work, I want to), but I’d at least expect a working 1000BASE-T port to give me, Idunno, 600~700Mbps? But no, with ether1 as WAN, I’m also getting ~450Mbps across NAT. So there really does seem to be a major performance issue with routing.
I searched through this and other forums, but the most similar discussions involved problems with having more than one bridge interface, in which case only one of them can be hardware-accelerated. I nonetheless tries to poke around hardware offloading settings but didn’t find anything that would seem to fix the issue.
Any other ideas about what it could be?
[UPD: completely forgot! Config.]
# nov/30/2021 10:54:35 by RouterOS 6.49.1
# software id = HCQS-C0TG
#
# model = CRS317-1G-16S+
# serial number = D7EC0EC9CC3F
/interface bridge
add mtu=1500 name=lanbridge
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,5
set [ find default-name=sfp-sfpplus15 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,
set [ find default-name=sfp-sfpplus16 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.3.1-192.168.10.254
/ip dhcp-server
add address-pool=dhcp always-broadcast=yes disabled=no interface=lanbridge name=dhcp1
/interface bridge port
add bridge=lanbridge interface=ether1
add bridge=lanbridge interface=sfp-sfpplus2
add bridge=lanbridge interface=sfp-sfpplus3
add bridge=lanbridge interface=sfp-sfpplus4
add bridge=lanbridge interface=sfp-sfpplus5
add bridge=lanbridge interface=sfp-sfpplus6
add bridge=lanbridge interface=sfp-sfpplus7
add bridge=lanbridge interface=sfp-sfpplus8
add bridge=lanbridge interface=sfp-sfpplus9
add bridge=lanbridge interface=sfp-sfpplus10
add bridge=lanbridge interface=sfp-sfpplus11
add bridge=lanbridge interface=sfp-sfpplus12
add bridge=lanbridge interface=sfp-sfpplus13
add bridge=lanbridge interface=sfp-sfpplus14
add bridge=lanbridge interface=sfp-sfpplus15
add bridge=lanbridge interface=sfp-sfpplus16
/interface list member
add interface=lanbridge list=LAN
add interface=sfp-sfpplus1 list=WAN
/ip address
add address=192.168.0.1/16 interface=lanbridge network=192.168.0.0
/ip dhcp-client
add disabled=no interface=sfp-sfpplus1
/ip dhcp-server network
add dns-server=8.8.8.8 gateway=192.168.0.1 netmask=24
add address=192.168.0.0/16 gateway=192.168.0.1 netmask=16
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=kosonyamikrotik
/system routerboard settings
set boot-os=router-os