Community discussions

 
ChenFen
just joined
Topic Author
Posts: 1
Joined: Fri Jun 10, 2016 7:01 pm

Upgraded my Internet but still get the same speed through Mikrotik 2011

Fri Jun 10, 2016 7:11 pm

I'm a beginner with two issues and would love some help!
1. Speed problem: Someone else set up my Mikrotik and since then I have upgraded my fibre internet line from 50Mbps to 100Mbps. When I connect to the ISP's router  and bypass the Mikrotik I get close to 100Mbps but through the Mikrotik I cannot exceed 50Mbps so my network is only getting 50Mbps. i have checked queues and bridges and interfaces over and over but cannot find the issue.
2. something on my Mikrotik is blocking ftp downloads or uploads. Sites that do not have usernames' or passwords are insisting on a username and password which do not exist. Have tried everything. Again, bypassing the Mikrotik solves the problem, so it is not on the ISP's end.
Any feedback for this amateur here would be great.
 
plisken
Forum Guru
Forum Guru
Posts: 2399
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Tue Jun 14, 2016 7:55 pm

Go to "new terminal"   type "export"
copy and paste the result here on this forum.
So we can look what happend
 
jarda
Forum Guru
Forum Guru
Posts: 7601
Joined: Mon Oct 22, 2012 4:46 pm

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Tue Jun 14, 2016 9:27 pm

Use fasttrack if you don't use queues.
 
User avatar
dunga
Member Candidate
Member Candidate
Posts: 254
Joined: Fri Jan 23, 2009 9:51 am
Location: Nigeria

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Wed Jun 15, 2016 1:17 pm

I have similar issues with my routerboard RB2011, but in this case if I connect thru router it gives varying speed but when I connect thru laptop, i get a higher bandwidth from the ISP
Here is the setup for my router
jun/14/2016 19:03:25 system,error,critical login failure for user tech from 91.224
.160.10 via ssh
jun/14/2016 19:03:29 system,error,critical login failure for user operator from 91
.224.160.10 via ssh
jun/14/2016 19:03:32 system,error,critical login failure for user webadmin from 91
.224.160.10 via ssh
jun/14/2016 19:44:39 system,error,critical login failure for user ai_luat from 218
.200.188.213 via ssh
jun/14/2016 19:44:43 system,error,critical login failure for user pi from 218.200.
188.213 via ssh
jun/14/2016 17:24:13 system,error,critical router was rebooted without proper shut
down
jun/15/2016 09:04:25 system,error,critical router was rebooted without proper shut
down
jun/15/2016 09:26:33 system,error,critical router was rebooted without proper shut
down
[admin@MikroTik] > export
# jun/15/2016 11:09:40 by RouterOS 6.29.1
# software id = NEZ6-PH5J
#
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether10 ] rx-flow-control=auto tx-flow-control=auto
/port
set 0 name=serial0
/ppp profile
set [ find name=default ] name=default
set [ find name=default-encryption ] name=default-encryption
/queue simple
add max-limit=150k/150k name=client1 target=178.205.20.3/32
add max-limit=1k/1k name=queue1 target=178.205.20.4/32
add max-limit=4M/4M name=sample target=178.205.20.5/32
/interface bridge port
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
/interface bridge settings
set use-ip-firewall=yes
/ip address
add address=10.12.60.45/24 interface=ether1 network=10.12.60.0
add address=178.205.20.1/26 interface=bridge1 network=178.205.20.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,4.2.2.3
/ip firewall nat
add action=masquerade chain=srcnat src-address=178.205.20.0/26
/ip route
add distance=1 gateway=10.12.60.44
/system routerboard settings
set protected-routerboot=disabled
/tool romon port
add disabled=no
[admin@MikroTik] > 
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4048
Joined: Wed May 11, 2011 6:08 pm

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Wed Jun 15, 2016 7:35 pm

I have similar issues with my routerboard RB2011, but in this case if I connect thru router it gives varying speed but when I connect thru laptop, i get a higher bandwidth from the ISP
Here is the setup for my router
jun/14/2016 19:03:25 system,error,critical login failure for user tech from 91.224.160.10 via ssh
jun/14/2016 19:03:29 system,error,critical login failure for user operator from 91.224.160.10 via ssh
jun/14/2016 19:03:32 system,error,critical login failure for user webadmin from 91.224.160.10 via ssh
jun/14/2016 19:44:39 system,error,critical login failure for user ai_luat from 218.200.188.213 via ssh
jun/14/2016 19:44:43 system,error,critical login failure for user pi from 218.200.188.213 via ssh
jun/14/2016 17:24:13 system,error,critical router was rebooted without proper shutdown
jun/15/2016 09:04:25 system,error,critical router was rebooted without proper shutdown
jun/15/2016 09:26:33 system,error,critical router was rebooted without proper shutdown
... <snip> ...
I think your problem is most likely that you're getting used as a DNS-amplification reflector in DDoS activity.
Note that you're getting ssh login failures from various sources...

You didn't show any firewall filter rules, but given the above log entries, it appears that your router is reachable via the Internet. Of course open ports with public IP addresses are like bird feeders - and the squirrels (scanning bots) will be hanging all over it eating all of your bird seed....

You should consider an input chain in your firewall filter like this:
1: accept connection-state=established,related
2: accept proto=icmp (optionally with a rate limit)
3: accept in-interface=bridge1
4: drop all

Also, your bridge is configured use-ip-firewall=yes, but you don't show any of the rules - if you're not actually doing any filtering, then disabling this option could help performance a bit as well. Additionally, you could set ports ether3 - ether5 as slaves to ether2 for hardware switching between those ports. (and set ether7 - ether10 as slaves to ether6)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
dunga
Member Candidate
Member Candidate
Posts: 254
Joined: Fri Jan 23, 2009 9:51 am
Location: Nigeria

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Tue Jun 28, 2016 5:25 pm



I think your problem is most likely that you're getting used as a DNS-amplification reflector in DDoS activity.
Note that you're getting ssh login failures from various sources...

You didn't show any firewall filter rules, but given the above log entries, it appears that your router is reachable via the Internet. Of course open ports with public IP addresses are like bird feeders - and the squirrels (scanning bots) will be hanging all over it eating all of your bird seed....

You should consider an input chain in your firewall filter like this:
1: accept connection-state=established,related
2: accept proto=icmp (optionally with a rate limit)
3: accept in-interface=bridge1
4: drop all

Also, your bridge is configured use-ip-firewall=yes, but you don't show any of the rules - if you're not actually doing any filtering, then disabling this option could help performance a bit as well. Additionally, you could set ports ether3 - ether5 as slaves to ether2 for hardware switching between those ports. (and set ether7 - ether10 as slaves to ether6)
Any assistance on how to protect the network based your suggestions.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4048
Joined: Wed May 11, 2011 6:08 pm

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Tue Jun 28, 2016 5:53 pm

You should consider an input chain in your firewall filter like this:
1: accept connection-state=established,related
2: accept proto=icmp (optionally with a rate limit)
3: accept in-interface=bridge1
4: drop all
Any assistance on how to protect the network based your suggestions.
That's it right there. Literally 4 rules in the input chain are enough to make your router ignore anything from the Internet which it did not request.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
dunga
Member Candidate
Member Candidate
Posts: 254
Joined: Fri Jan 23, 2009 9:51 am
Location: Nigeria

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Tue Jun 28, 2016 6:33 pm

Any command line for the configuartion.

That will be helpful for me
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4048
Joined: Wed May 11, 2011 6:08 pm

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Tue Jun 28, 2016 7:08 pm

I was really trying not to spoon-feed you this because I already gave the rules - the command syntax is almost word-for-word what I already specified....
/ip firewall
add chain=input action=accept connection-state=established,related
add chain=input action=accept proto=icmp
add chain=input action=accept in-interface=bridge1
add chain=input action=drop
(this assumes that there are no other rules in the input chain, of course)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
BlackVS
Member Candidate
Member Candidate
Posts: 171
Joined: Mon Feb 04, 2013 7:00 pm
Contact:

Re: Upgraded my Internet but still get the same speed through Mikrotik 2011

Wed Jun 29, 2016 10:06 am

Do decrease CPU load join ether2-..ether5 in one switch, ether6-ether10 in the second switch and - if want - bridge these two switches. 
I.e. ether3..ether5 use master port set in ether2, ether7-ether19 - in ether6. And than bridge only ether2 and ether6 if needed.

Difference between bridge and switch - bridge is fully software based, switch - hardware (faster, wire speed). You joined all 9 ports in bridge i.e. fully CPU processing  instead using hardware acceleration. Due to ether1-ether5 and ether6-ether10 done in RB2011 on different switching chips you can't join them all together without bridging. But can significantly unload CPU bridging only 2 master ports.
http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features

From my practice - RB2011 can give ~150M on torrents (using fasttrack). In speedtest I reached ~300M for 300M Internet channel.

During download tests look at /tools profile and /system resources - what they show?

Who is online

Users browsing this forum: No registered users and 22 guests