Community discussions

MikroTik App
 
Jimmy
Member Candidate
Member Candidate
Posts: 109
Joined: Thu Sep 29, 2011 11:42 pm
Location: Denmark
Contact:

Re: RB2011 slow internet even with fasttrack

Fri Dec 28, 2018 1:50 am

I do not understand how you can get that speed? After update to 6.43.8 is the worst shit I have seen from mikrotik :(
Back to DLINK Again :(
# dec/28/2018 00:36:18 by RouterOS 6.43.8
# software id = 8N6V-6ATQ
#
# model = 2011UAS-2HnD
# serial number = 419E02286B23
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] mode=ap-bridge ssid=MikroTik \
    wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] mac-address=1C:5F:2B:70:B2:9B
set [ find default-name=sfp1 ] disabled=yes
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/lcd
set enabled=no touch-screen=disabled
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=Europe/Copenhagen
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Image
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: RB2011 slow internet even with fasttrack

Fri Dec 28, 2018 2:02 am

Hey

I'm guessing the test was for forwarded traffic? And I'm hoping the test was not over wifi?!? And also not over the 100mbit ports? Any cpu usage data?
Do note that the gbit switch is connected over 1gbit line: so max you'll be able to do is 500 up + down = 1gbit total
Block diagram: https://i.mt.lv/cdn/rb_files/Block-RB2011UAS-2HnD.pdf

With the listed config all traffic is processed in full -> no fast-track.

Add this and retest
/ip firewall filter
add action=fasttrack-connection chain=forward comment="FastTrack: established & related" connection-state=established,related place-before=0
 
Jimmy
Member Candidate
Member Candidate
Posts: 109
Joined: Thu Sep 29, 2011 11:42 pm
Location: Denmark
Contact:

Re: RB2011 slow internet even with fasttrack

Fri Dec 28, 2018 2:38 am

standart router basic setup with cabel and Of cause 1gb. (if you see my config my wifi is distable :)
lucky i have a RB1100AHx4 for test, and now i no i will bye a RB4011 bur it is still sad about the speed on RB2011 :(

This is on RB1100AHx4 with same setup and same version and firmware :)

Image
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: RB2011 slow internet even with fasttrack

Fri Dec 28, 2018 2:44 am

2011 is not as fast as 4011, but with the suggested change it can do much better.
 
Jimmy
Member Candidate
Member Candidate
Posts: 109
Joined: Thu Sep 29, 2011 11:42 pm
Location: Denmark
Contact:

Re: RB2011 slow internet even with fasttrack

Fri Dec 28, 2018 3:12 am

The RB4011 uses a quad core Cortex A15 CPU, same as in our carrier grade RB1100AHx4 unit, so hopfull it will run as RB1100AHx4 :)
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Fri Dec 28, 2018 11:47 pm

So did you enable fast track yet?
 
Jimmy
Member Candidate
Member Candidate
Posts: 109
Joined: Thu Sep 29, 2011 11:42 pm
Location: Denmark
Contact:

Re: RB2011 slow internet even with fasttrack

Sat Dec 29, 2018 12:32 am

No sorry i Will try it to morrow.

Cheers
Jimmy
 
neilticktin
just joined
Posts: 2
Joined: Fri Dec 28, 2018 5:27 pm

Re: RB2011 slow internet even with fasttrack

Sat Dec 29, 2018 8:46 pm

When a new connection was being put it a couple days ago, we started doing testing and saw poor performance on a RB2011 -- around 100 mbps when the cable modem was testing directly at 900+ mbps. Decided to really streamline the rules and make sure that we were using FastTrack. A bit better, but not as much as one would think. So we went ahead and swapped out the RB2011 with a RB3011 that we had on hand, and found that it doubled the speed to 300-400 mbps -- but still nowhere near the 900+ mbps that we saw on a direct connect with the cable modem.

It feels to us like a bug in v6.43.8 -- any more that we can help provide to help identify?

Thanks!

Neil
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 897
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: RB2011 slow internet even with fasttrack

Sun Dec 30, 2018 12:10 pm

RB3011 w/fasttrack should reach 850Mbps easily, more or less depending on configuration.

RB3011 at 6.43.8 reaches 335 Mbps without fasttrack and 550Mbps with fasttrack (500Mbps capped connection) in a single TCP connection based browser test.

Are you perhaps using an IPv6 test server?
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Sun Dec 30, 2018 5:07 pm

If you have ipv6 disabled in the router, it won't connect to ipv6 websites or connections, right?
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Sun Dec 30, 2018 5:11 pm

When a new connection was being put it a couple days ago, we started doing testing and saw poor performance on a RB2011 -- around 100 mbps when the cable modem was testing directly at 900+ mbps. Decided to really streamline the rules and make sure that we were using FastTrack. A bit better, but not as much as one would think. So we went ahead and swapped out the RB2011 with a RB3011 that we had on hand, and found that it doubled the speed to 300-400 mbps -- but still nowhere near the 900+ mbps that we saw on a direct connect with the cable modem.

It feels to us like a bug in v6.43.8 -- any more that we can help provide to help identify?

Thanks!

Neil
Can you try downgrading to 6.36.4 or earlier os and firmware and see if you have normal speed with fasttrack?

I just want to know if it's just my hardware (modem+router) or the 2011 itself/software bug.
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Mon Jan 14, 2019 8:44 am

Heck, why not...
It's a new year, nothing changed...
Speedtest.net gives 150 down/22 up
Dslreports gives 450 down/23 up

Gotta love the consistency.
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Fri Jan 18, 2019 9:33 pm

I'll be leaving cable for a fiber connection soon (either 250/25 or 500/50) so I will be able to test and see what happens on a different ISP/modem with the same router/config/computers.
Speed is still bad, much worse at times: only 75-200 down.
 
dasvos
newbie
Posts: 29
Joined: Sat Mar 14, 2015 7:10 pm

Re: RB2011 slow internet even with fasttrack

Sun Jan 20, 2019 9:47 am

Have you ruled out the speedtest server as a possible issue?

Have you tried to connect another computer to WAN and test the throughput using a tool like iperf?
 
CsXen
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Wed Sep 10, 2014 8:31 pm
Location: Budapest - Hungary

Re: RB2011 slow internet even with fasttrack

Mon Jan 21, 2019 12:30 am

Hi.
Speedtest.net gives 150 down/22 up
On our 2011 this is the scenario too. When I upgraded it to 6.40.9 because of winbox vulnerability, it slowed down to about 150/28 Mbps... on a 350/30 UPC ConnectBox modem.
If I test the direct link without 2011, just PC->UPC... there is a full 350/30 speed. So something wrong with the RoS versions till 6.36.x
(I glued to 6.40.9 because it is the latest version, which uses master/slave port config instead of Hw offloading. :) which is a pain in my *ss)

Best regards: CsXen
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Mon Jan 21, 2019 4:10 am

I really wish there was a solution to this. The 2011 is fairly powerful and I hate to upgrade it because of a software issue. I would be ok if it impacted lan traffic too or had some logical reason, but fasttrack thru wan shouldn't slow down that bad, especially without cpu maxing out...
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB2011 slow internet even with fasttrack

Mon Jan 21, 2019 3:49 pm

Unrelated, but never the less:

I glued to 6.40.9 because it is the latest version, which uses master/slave port config instead of Hw offloading.

I'm using 6.44beta54 on my RB951G configured with traditional /interface ethernet setup, including VLANs in hardware ... and things work just fine. E.g. VLAN filtering works wire speed without RB's CPU noticing single bit.

The only big difference on ROS change 6.40->6.41 is how ports are grouped to a switch group (6.40) or bridge (6.41), nothing else is forced by this SW change.
 
CsXen
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Wed Sep 10, 2014 8:31 pm
Location: Budapest - Hungary

Re: RB2011 slow internet even with fasttrack

Mon Jan 21, 2019 4:25 pm

Hi.

I'm using 6.44beta54 on my RB951G configured with...

So.. your RB951 has 1 (one) switch chip, my RB2011 has 2 (two) different speed switch chip, and I can't do bridge the bridges.
(1 bridge for 1G and 1 bridge for 100M ports instead of switching... and can't bridge this 2 bridges. :) In old time, I simply bridged the two master port, and filtered, what I want... So the new bridge scheme with Hw offloading is a pain in my *ss, as I said.)

Best regards: CsXen
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB2011 slow internet even with fasttrack

Mon Jan 21, 2019 8:33 pm

In new time you simply add all 10 ports to the same bridge. Regardless, bridge will only see traffic sent towards it through switch1-cpu and switch2-cpu "interfaces" (those are actually old master-ports). The new bridge implementation doesn't mess with /interface ethernet switch settings unless you configure bridge with vlan-filtering=yes.

Why, instead of whining, don't you just try?
 
CsXen
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Wed Sep 10, 2014 8:31 pm
Location: Budapest - Hungary

Re: RB2011 slow internet even with fasttrack

Thu Jan 24, 2019 6:50 pm

Hi.

Why, instead of whining, don't you just try?

I tried... I can't got over about 100Mbps on the Giga ports. I think, this is because bridge is as fast as the slowest port in it.
When current issue will corrected (150M max even with fasttrack...) I will try again. :)

Best regards: CsXen
 
volkswagner
newbie
Posts: 32
Joined: Sun Nov 20, 2016 9:45 pm

Re: RB2011 slow internet even with fasttrack

Sat Feb 09, 2019 5:44 pm

I wish MikroTik would help here. There is a serious issue with the later software or firmware or both.
It's frustrating to see their synthetic test results, while we can only realize a very small fraction in real world scenario.

With gigabit connections becoming more affordable, I'm now seeing MikroTik devices not keeping up.

I had a site with rb2011 with older software capping out at ~280Mbs in a gig connection. I thought
perhaps an update would help. Updated to latest software and firmware, which cause speed to cap
at about 120Mbs. I ended up using the providers router and and took the RB2011 home.

At home I performed a factory reset with default config and got the same speeds in my Gig services.
Additionally my hEX (750G r3) only gets ~550Mbs. I connected RB4011 and I get wire speed with
all other variables the same (computer, lan cable, modem, speed test site).

I see the same issue with CPU load never gets above ~70%. the RB2011 is the only device out of the
three that starts at it's max speed then slowly decreases over the test time (which appears to be some
sort of throttling). The hEX and RB4011 gradually speed up then maintain it's max speed.

I have a CRS125-24G-1S with 200Mbs circuit which maxes out at 50Mbs running 6.43.8.

I would love if MikroTik would stop saying we are just whiners. How about MikroTik tells
us which packages/firmware combination and which config will give us performance.
Like, hey MikroTik, put your money where your mouth is. Stop saying it's a problem with
our config, show me a good config that works, then I'll stop whining :)
Clearly vanilla/stock config does not cut the mustard.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: RB2011 slow internet even with fasttrack

Sat Feb 09, 2019 6:14 pm

As a Tik admin you have a lot of features / possibilities in your hands, but also responsibility, as the choices made have significant impact.

Few examples:
* vlans & bridging: latest software introduces bridge level vlans, but it's has only limited switch chip support. one ends up quickly with full cpu processing. using switch menu features is better for performance.

* physical topology / connections of ports matters, see https://i.mt.lv/cdn/rb_files/RB2011iL-160620170215.png. if wan is on eth1-5 and lan on 6-10, 100mb is max one can get! Knowing the platform is important. Same story for hex (https://i.mt.lv/cdn/rb_files/RB750Gr3-d ... 140316.png & https://i.mt.lv/cdn/rb_files/RB750Gr3-e ... 152443.png), depending on how it is connected and configured, throughput could be capped to 500mbps, and that even before accounting for the bi-directional traffic.

* Its necessary to measure / analyse at the right place and in context. Router itself won't speed up or slow down, it will just do it's thing. The up's and down's depend on quite a bit of aspects: window size at client, ISP situation, source server load, ...

* CRS is a switch! Don't try to route with it -> know the hardware

BTW, it's a user that mentioned something about "whining" not the company.
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Sat Feb 09, 2019 6:25 pm

I wish MikroTik would help here. There is a serious issue with the later software or firmware or both.
It's frustrating to see their synthetic test results, while we can only realize a very small fraction in real world scenario.

With gigabit connections becoming more affordable, I'm now seeing MikroTik devices not keeping up.

I had a site with rb2011 with older software capping out at ~280Mbs in a gig connection. I thought
perhaps an update would help. Updated to latest software and firmware, which cause speed to cap
at about 120Mbs. I ended up using the providers router and and took the RB2011 home.

At home I performed a factory reset with default config and got the same speeds in my Gig services.
Additionally my hEX (750G r3) only gets ~550Mbs. I connected RB4011 and I get wire speed with
all other variables the same (computer, lan cable, modem, speed test site).

I see the same issue with CPU load never gets above ~70%. the RB2011 is the only device out of the
three that starts at it's max speed then slowly decreases over the test time (which appears to be some
sort of throttling). The hEX and RB4011 gradually speed up then maintain it's max speed.

I have a CRS125-24G-1S with 200Mbs circuit which maxes out at 50Mbs running 6.43.8.

I would love if MikroTik would stop saying we are just whiners. How about MikroTik tells
us which packages/firmware combination and which config will give us performance.
Like, hey MikroTik, put your money where your mouth is. Stop saying it's a problem with
our config, show me a good config that works, then I'll stop whining :)
Clearly vanilla/stock config does not cut the mustard.
That has been my question/problem from the beginning. I get if the bridge performance changes how things work, but is it possible to give some insight into why things are acting weird.
  • Why did speed decrease only on wan traffic so dramatically since removing master/slave config?
  • Why even with fasttrack enabled does speed start out normal but slow down so dramatically without a corresponding maxing out of cpu? Speed often remains slower in subsequent tests. Is this an internal device buffer problem or packet timing issue? Can I troubleshoot this?
  • Why does cpu performance not go above 70-80% even when fasttrack is disabled?
Unfortunately I don't have another gigabit capable device at the moment to check config, but will within a month or 2.
 
volkswagner
newbie
Posts: 32
Joined: Sun Nov 20, 2016 9:45 pm

Re: RB2011 slow internet even with fasttrack

Sat Feb 09, 2019 10:24 pm

As a Tik admin you have a lot of features / possibilities in your hands, but also responsibility, as the choices made have significant impact.

Few examples:
* vlans & bridging: latest software introduces bridge level vlans, but it's has only limited switch chip support. one ends up quickly with full cpu processing. using switch menu features is better for performance.

* physical topology / connections of ports matters, see https://i.mt.lv/cdn/rb_files/RB2011iL-160620170215.png. if wan is on eth1-5 and lan on 6-10, 100mb is max one can get! Knowing the platform is important. Same story for hex (https://i.mt.lv/cdn/rb_files/RB750Gr3-d ... 140316.png & https://i.mt.lv/cdn/rb_files/RB750Gr3-e ... 152443.png), depending on how it is connected and configured, throughput could be capped to 500mbps, and that even before accounting for the bi-directional traffic.

* Its necessary to measure / analyse at the right place and in context. Router itself won't speed up or slow down, it will just do it's thing. The up's and down's depend on quite a bit of aspects: window size at client, ISP situation, source server load, ...

* CRS is a switch! Don't try to route with it -> know the hardware

BTW, it's a user that mentioned something about "whining" not the company.
@sebastia thanks for chiming in. Thanks for pointing out block diagrams, (which I'm already familiar with). I'm not sure what "if wan is on eth1-5 and lan on 6-10, 100mb is max one can get!" means. I certainly was not connecting to a 100Mb port and expecting greater than 100Mbs. Are you suggesting combining 1000Mbs and 100Mbs ports in same bridge, will degrade all 1000Mbs ports to 100Mbs Max?

I'm not sure what I'm supposed to learn from your post.
I asked some very direct questions and offered very direct challenge (please provide a working config that allows max NAT throughput).
I understand CRS is classified as a switch. A 600Mhz CPU with very modest routing needs, should be handled with ease.

MikroTik could be so much more if this forum offered real solutions vs pointing to existing documents. The Wiki is not clear, especially with so many variants of hardware and iterations of software advance. I don't think it's unreasonable to expect over 400Mbs from a RB2011 fully patched with default config, do you?

According to MikroTik, the CRS125 and RB2011 display nearly identical routing test results.
https://mikrotik.com/product/CRS125-24G ... estresults
https://mikrotik.com/product/RB2011UiAS ... estresults

Please tell me why I shouldn't consider them both for routing purposes?
If MikroTik doesn't show real world test results, how is anyone expected to pick the correct hardware for the desired workload?

So again, I challenge anyone to show me a config that will route NAT on RB2011 at the hardware's maximum limit.
Why can't we saturate the CPU with NAT traffic?
Why does the RB2011 appear to throttle at 70-75% CPU utilization (or after a 1 dec celsius increase).

My whining comment was not directly related to this thread, but from MikroTik employee at a MUM presentation.
I thought it was a worldly know fact (how MikroTik feels about it's user base complaining about misrepresented stats).
The consensus is always the same, "know your product". How are we supposed to "know it", when example stats are not
real world and when people ask for help, they simply get pointed to existing documentation, without any explanation.
Try giving your 12 year old child the keys to the car and a driving manual and expect them to learn how to drive
without any first hand instruction. Many of us need some on on one help.

People coming to these forums are looking for help, for products they genuinely like, but
since not all the users have the knowledge of how to wire a switch chip, it's hard to get real help. Why is there such
apprehension to share real world examples and individual help?

Claims have been made in this thread... the RB2011 has actually NAT'd over 800Mbs, but nobody has
posted a config that can do such. It's a simple request.

Please help educate your consumers MikroTik.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: RB2011 slow internet even with fasttrack

Sat Feb 09, 2019 11:37 pm

I have managed to get ~ 850Mb/s with RB2011, using NAT (No PPPoE). About a year ago, the RB2011 retired to my lab area and has been replaced with a HAP AC2 and I no longer have a 1Gb/s Internet link.

Why do you not start by providing your full config, and we can make suggestions?
 
volkswagner
newbie
Posts: 32
Joined: Sun Nov 20, 2016 9:45 pm

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 12:55 am

Well hopefully I'll be able to call myself an idiot when all said and done!

You helped me see a potential issue. Ignorance on my part, or a failed reset has
left some configs, that I didn't expect to see.

Here is the config that I last use (which I expected to be bone stock default, out of the box experience).
Notice firewall rules pointing to address list "LAN" and other ipec related firewall rules (that I don't expect
would be in the default config). I see how firewall rules were carried over in reset, but the address lists weren't?

I'll have to do a better reset and try again.
# feb/06/2019 21:57:45 by RouterOS 6.43.11
# software id = KQLT-H381
#
# model = 2011UiAS-2HnD
# serial number = 762C0718xxxx
/interface bridge
add admin-mac=64:D1:54:2C:xx:xx auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
    MikroTik-2C9E69 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=America/New_York
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 2:56 am

My previous post was mean to provide perspective and context: performance depends not only on hardware, but also software, configuration and topology. There is no one good solution.
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 6:07 am

I have managed to get ~ 850Mb/s with RB2011, using NAT (No PPPoE). About a year ago, the RB2011 retired to my lab area and has been replaced with a HAP AC2 and I no longer have a 1Gb/s Internet link.

Why do you not start by providing your full config, and we can make suggestions?
Why don't you un-retire the RB2011, install new ROS and firmware and see what sort of performance change you get, vs whatever ISP speeds you get with your hap AC2? What is your link speed currently?
I remember you had given up after I reset to plain vanilla on page 1. :(
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 2:32 pm

Back in the times I had a 1Gb internet, my one son (Serious gamer) was living with us and he paid for the link. This is not the case anymore, he has moved out, moved the 1Gb link with him, so now I have a measly 40/20 fibre link so will not prove anything anymore unfortunately.
 
volkswagner
newbie
Posts: 32
Joined: Sun Nov 20, 2016 9:45 pm

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 5:59 pm

Well, it seems I'm progressing and can't blame hardware or software just yet. I have been able to achieve ~800Mbs
with the following config:
# feb/10/2019 10:54:43 by RouterOS 6.43.11
# software id = KQLT-H381
#
# model = 2011UiAS-2HnD
# serial number = 762C0718xxxx
/interface bridge
add admin-mac=64:D1:54:2C:xx:xx auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.88.10-192.168.88.99
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridgeLocal name=dhcp1
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
add bridge=bridgeLocal comment=defconf interface=ether6
add bridge=bridgeLocal comment=defconf interface=ether7
add bridge=bridgeLocal comment=defconf interface=ether8
add bridge=bridgeLocal comment=defconf interface=ether9
add bridge=bridgeLocal comment=defconf interface=ether10
add bridge=bridgeLocal comment=defconf interface=sfp1
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
    interfaces=wlan1
/ip address
add address=192.168.88.1/24 comment=ericAdded interface=bridgeLocal network=\
    192.168.88.0
/ip dhcp-client
add comment="eric moved dhcp-client to eth1, was on bridgeLocal" \
    dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=1.1.1.1 gateway=192.168.88.1
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat comment="eric added after reset" \
    out-interface=ether1
/system clock
set time-zone-name=America/New_York
This offers no real firewall protection. Does anyone have any suggestions what to add to firewall to make it more secure, but not slow throughput?
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 6:17 pm

Generic, home use FW rules for me are: (With fwd chain rules first)

1. Drop invalid, fwd chain
2. accept Fastrack, fwd chain, est, rel
3. accept fwd chain, est, rel
4.allow new from lan, fwd chain
5. allow dst nat, in wan, connection new, fwd chain
6. drop all fwd chain

Then use similar for Input chain except the dst nat rule
 
volkswagner
newbie
Posts: 32
Joined: Sun Nov 20, 2016 9:45 pm

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 8:11 pm

I followed this post

and ended up with the following config, which still yielded 750-800Mbs NAT download.
# feb/10/2019 13:06:30 by RouterOS 6.43.11
# software id = KQLT-H381
#
# model = 2011UiAS-2HnD
# serial number = 762C0718xxxx
/interface bridge
add admin-mac=64:D1:54:2C:xx:xx auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.88.10-192.168.88.99
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridgeLocal name=dhcp1
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
add bridge=bridgeLocal comment=defconf interface=ether6
add bridge=bridgeLocal comment=defconf interface=ether7
add bridge=bridgeLocal comment=defconf interface=ether8
add bridge=bridgeLocal comment=defconf interface=ether9
add bridge=bridgeLocal comment=defconf interface=ether10
add bridge=bridgeLocal comment=defconf interface=sfp1
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
    interfaces=wlan1
/ip address
add address=192.168.88.1/24 comment=ericAdded interface=bridgeLocal network=\
    192.168.88.0
/ip dhcp-client
add comment="eric moved dhcp-client to eth1, was on bridgeLocal" \
    dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=1.1.1.1 gateway=192.168.88.1
/ip firewall address-list
add address=192.168.88.0/24 list=support
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
    d this subnet before enable it" disabled=yes list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
    need this subnet before enable it" disabled=yes list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
    \_need this subnet before enable it" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
    bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
    disabled=yes list=bogons
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=drop chain=input comment=\
    "Drop invalid, will need to update this rule when using ipsec" \
    connection-state=invalid
add action=accept chain=forward connection-state=established,related \
    disabled=yes
add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
    tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
    src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=1w chain=input comment="Port Scanner Detect" \
    protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
    src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
    ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
    o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
    PORT ADDRESS LIST" dst-port=8291 protocol=tcp src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" \
    jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    bogons
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=3h chain=forward comment=\
    "Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
    25,587 limit=30/1m,0 protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
    protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
    connection-state=established
add action=accept chain=input comment="Accept to related connections" \
    connection-state=related
add action=accept chain=input comment="Full access to SUPPORT address list" \
    src-address-list=support
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
    RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" \
    icmp-options=8:0 limit=1,5 protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
    3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
    protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat comment="eric added after reset" \
    out-interface=ether1
/system clock
set time-zone-name=America/New_York
Image
 
volkswagner
newbie
Posts: 32
Joined: Sun Nov 20, 2016 9:45 pm

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 8:21 pm

Thanks to everyone (@sebastia & @CZfan) that helped me on my journey.

The most important things I learned:
  • Don't trust software reset (command line nor WebFig) they leave traces of user config even when not checked
  • FastTrack does work.
  • Make sure firewall rules make sense and always test after implementing firewall changes
  • Queues don't work with fasttrack. If I need Queues, I'll need a more powerful model. Next test is to see if I can use Queues with RB4011 and still get high throughput.
I was also able to modify my existing firewall rules on RB750 G3. I made sure FastTrack was enabled and working correctly.
I now get over 900Mbs on my hEX!

...
hEX results:
Image
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: RB2011 slow internet even with fasttrack

Sun Feb 10, 2019 9:29 pm

Well done, glad I could help.

FYI, IIRC, that is exactly what I achieved with my 2011, 812Mb/s

The link you posted to the firewall config, I just did a quick scan through it and off the bat it looks over complicated for many environments, I will also be weary of the following 2 rules as generally you will want to limit this to access only from inside your network, else can become a target for DNS Amplification attacks

add action=accept chain=input comment="Accept DNS - UDP" disabled=no port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" disabled=no port=53 protocol=tcp
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Sun Feb 17, 2019 10:46 am

Well, I reset my 2011 to no config, copied and pasted your config and I still have exactly the same performance as before. This is irritating.

Image

Then a few minutes later, I reset to my config with mangle rules and everything, with fasttrack enabled like usual:
Image

It doesn't stay this good of course.
I followed this post

and ended up with the following config, which still yielded 750-800Mbs NAT download.
# feb/10/2019 13:06:30 by RouterOS 6.43.11
# software id = KQLT-H381
#
# model = 2011UiAS-2HnD
# serial number = 762C0718xxxx
/interface bridge
add admin-mac=64:D1:54:2C:xx:xx auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.88.10-192.168.88.99
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridgeLocal name=dhcp1
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
add bridge=bridgeLocal comment=defconf interface=ether6
add bridge=bridgeLocal comment=defconf interface=ether7
add bridge=bridgeLocal comment=defconf interface=ether8
add bridge=bridgeLocal comment=defconf interface=ether9
add bridge=bridgeLocal comment=defconf interface=ether10
add bridge=bridgeLocal comment=defconf interface=sfp1
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
    interfaces=wlan1
/ip address
add address=192.168.88.1/24 comment=ericAdded interface=bridgeLocal network=\
    192.168.88.0
/ip dhcp-client
add comment="eric moved dhcp-client to eth1, was on bridgeLocal" \
    dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=1.1.1.1 gateway=192.168.88.1
/ip firewall address-list
add address=192.168.88.0/24 list=support
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
    d this subnet before enable it" disabled=yes list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
    need this subnet before enable it" disabled=yes list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
    \_need this subnet before enable it" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
    bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
    disabled=yes list=bogons
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=drop chain=input comment=\
    "Drop invalid, will need to update this rule when using ipsec" \
    connection-state=invalid
add action=accept chain=forward connection-state=established,related \
    disabled=yes
add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
    tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
    src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=1w chain=input comment="Port Scanner Detect" \
    protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
    src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
    ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
    o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
    PORT ADDRESS LIST" dst-port=8291 protocol=tcp src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" \
    jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    bogons
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=3h chain=forward comment=\
    "Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
    25,587 limit=30/1m,0 protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
    protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
    connection-state=established
add action=accept chain=input comment="Accept to related connections" \
    connection-state=related
add action=accept chain=input comment="Full access to SUPPORT address list" \
    src-address-list=support
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
    RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" \
    icmp-options=8:0 limit=1,5 protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
    3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
    protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat comment="eric added after reset" \
    out-interface=ether1
/system clock
set time-zone-name=America/New_York
Image
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: RB2011 slow internet even with fasttrack

Sun Feb 17, 2019 4:37 pm

Maybe you should approach your ISP?
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Sun Feb 17, 2019 4:47 pm

If i hook directly to the modem it runs flat out and they tell me it's my router. This modem isn't a "router", so can't put it into bridge or pass thru mode (i thought double nat issue maybe). I spent 3 hours one evening getting escalated and bounced around.
Maybe you should approach your ISP?
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: RB2011 slow internet even with fasttrack

Mon Feb 18, 2019 12:14 am

If I may ask, what device is this ISP modem, make, model, etc?
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Mon Feb 18, 2019 12:50 am

Arris TM1602a docsis 3.0 cable/telephony modem
If I may ask, what device is this ISP modem, make, model, etc?
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Tue Mar 12, 2019 1:58 am

I upgraded to a RB4011iGS+5HacQ2HnD and it's running max speed every time at around 4% CPU out of the box.
 
User avatar
MarHazK
newbie
Posts: 27
Joined: Wed Mar 29, 2017 8:31 pm

Re: RB2011 slow internet even with fasttrack

Tue Jul 02, 2019 1:10 am

so, anyone has a sample config how to solve this yet so that the TiK can achieve the expected speeds (ie should be 800mbps at 800mbps ISP internet plan but physically still stucked at 60-130mbps)?

Sent from my CPH1819 using Tapatalk

 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: RB2011 slow internet even with fasttrack

Tue Jul 02, 2019 9:35 am

sure:
1. update to latest version of RouterOs
2. restore default home router config
 
psion
just joined
Posts: 10
Joined: Thu Nov 12, 2009 8:02 am

Re: RB2011 slow internet even with fasttrack

Sun Jul 21, 2019 12:35 am

I do not understand how you can get that speed? After update to 6.43.8 is the worst shit I have seen from mikrotik :(
Back to DLINK Again :(
# dec/28/2018 00:36:18 by RouterOS 6.43.8
# software id = 8N6V-6ATQ
#
# model = 2011UAS-2HnD
# serial number = 419E02286B23
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] mode=ap-bridge ssid=MikroTik \
    wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] mac-address=1C:5F:2B:70:B2:9B
set [ find default-name=sfp1 ] disabled=yes
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/lcd
set enabled=no touch-screen=disabled
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=Europe/Copenhagen
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Image
jup getting exactly this drop off on upload, started a few updates back. Annoying as heck. With a useless DLINK its perfect.
Reseting and using basic config with no filter rules it still does not work. Changing to a different RB does the same, Something really has changed in how the software handle traffic.
 
User avatar
rudykern
just joined
Posts: 11
Joined: Sat Feb 16, 2013 5:24 pm

Re: RB2011 slow internet even with fasttrack

Sun Jul 21, 2019 1:34 am

Recent test in house
Image


Sent from my iPhone using Tapatalk
 
JordanReich
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Sat Jul 20, 2019 7:31 am

Re: RB2011 slow internet even with fasttrack

Tue Jul 23, 2019 6:52 pm

Same issue experienced as those above. Except I upgraded the firmware on HEX to the newest release. I dropped from 983/875 to 120/6.

Where do we go to get older firmware packages? The links I have found do not appear to work any longer.
 
elico
Member Candidate
Member Candidate
Posts: 143
Joined: Mon Nov 07, 2016 3:23 am

Re: RB2011 slow internet even with fasttrack

Mon Jul 29, 2019 2:53 am

I have a local RB2011 (FW 6.44.3)with 2 LAN segments:
LAN - 10.0.0.138/24
SERVERS - 192.168.89.1/24

Client: 10.0.0.65
LAN SpeedTest Server: 10.0.0.79/10.0.0.13
SERVERS SpeedTest Server: 192.168.89.42

It works for a very long time now but always with the same max routing speed of 250-280 Mbps from one segment to the other.
I have tested couple setups with a local speed test server and iperf server.
Testing speed on the same broadcast segment Via a switch a get:
https://pasteboard.co/Iq8s1H2.png

And with iperf:
iperf3.exe -c 10.0.0.13
Connecting to host 10.0.0.13, port 5201
[ 4] local 10.0.0.65 port 53110 connected to 10.0.0.13 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 111 MBytes 933 Mbits/sec
[ 4] 1.00-2.00 sec 112 MBytes 936 Mbits/sec
[ 4] 2.00-3.00 sec 112 MBytes 938 Mbits/sec
[ 4] 3.00-4.00 sec 112 MBytes 942 Mbits/sec
[ 4] 4.00-5.00 sec 112 MBytes 941 Mbits/sec
[ 4] 5.00-6.00 sec 112 MBytes 943 Mbits/sec
[ 4] 6.00-7.00 sec 111 MBytes 932 Mbits/sec
[ 4] 7.00-8.00 sec 110 MBytes 924 Mbits/sec
[ 4] 8.00-9.00 sec 112 MBytes 938 Mbits/sec
[ 4] 9.00-10.00 sec 111 MBytes 928 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 1.09 GBytes 935 Mbits/sec sender
[ 4] 0.00-10.00 sec 1.09 GBytes 935 Mbits/sec receiver

iperf Done.
When I move the server to the servers segment and test I get these results:
https://pasteboard.co/Iq8uDS8.png

And with iperf:
iperf3.exe -c 192.168.89.42
Connecting to host 192.168.89.42, port 5201
[ 4] local 10.0.0.65 port 53127 connected to 192.168.89.42 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 9.00 MBytes 75.5 Mbits/sec
[ 4] 1.00-2.00 sec 17.1 MBytes 144 Mbits/sec
[ 4] 2.00-3.00 sec 15.4 MBytes 129 Mbits/sec
[ 4] 3.00-4.00 sec 23.6 MBytes 198 Mbits/sec
[ 4] 4.00-5.00 sec 23.6 MBytes 198 Mbits/sec
[ 4] 5.00-6.00 sec 16.0 MBytes 134 Mbits/sec
[ 4] 6.00-7.00 sec 23.9 MBytes 200 Mbits/sec
[ 4] 7.00-8.00 sec 24.0 MBytes 202 Mbits/sec
[ 4] 8.00-9.00 sec 23.1 MBytes 194 Mbits/sec
[ 4] 9.00-10.00 sec 23.4 MBytes 196 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 199 MBytes 167 Mbits/sec sender
[ 4] 0.00-10.00 sec 199 MBytes 167 Mbits/sec receiver

iperf Done.
When I am monitoring the speeds on the winbox gui I can see it is maxed on 250~ Mbps:
https://pasteboard.co/Iq8wql5.png

These speeds was always the same and I never managed to go above it.
With RB750Gr3 I managed to surpass this speed to something like 400~ Mbps.

I do not know what might cause this issue but it's clear to me that both RB750Gr3 and RB2011 cannot stream a single connection in routing mode faster then 400 Mbps.
... I have tested the speed in LAN and not against the Internet, the ping between the devices in 0.3 ms.
I have seen the mentioned configuration and I managed to reset the RB2011 and the RB750Gr3 into the default config with FastTrack and with minimal FW rules(defaults...).

For these who want to run a speedtest against a 1Gbps service try:
https://speed.rimon.net.il/

I really do not understand how anyone got 850Mbps on these devices.

Since I have upgraded to FW 6.44.5 and the speed decreased from max 280~ Mbps to 230~ Mbps for multiple HTTP streams and
about 170~ Mbps for a single stream with iperf:
iperf3.exe -c 192.168.89.42
Connecting to host 192.168.89.42, port 5201
[ 4] local 10.0.0.65 port 54016 connected to 192.168.89.42 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 14.5 MBytes 122 Mbits/sec
[ 4] 1.00-2.00 sec 21.0 MBytes 176 Mbits/sec
[ 4] 2.00-3.00 sec 21.0 MBytes 176 Mbits/sec
[ 4] 3.00-4.00 sec 21.1 MBytes 177 Mbits/sec
[ 4] 4.00-5.00 sec 22.4 MBytes 188 Mbits/sec
[ 4] 5.00-6.00 sec 14.9 MBytes 125 Mbits/sec
[ 4] 6.00-7.00 sec 20.8 MBytes 174 Mbits/sec
[ 4] 7.00-8.00 sec 21.0 MBytes 176 Mbits/sec
[ 4] 8.00-9.00 sec 22.0 MBytes 184 Mbits/sec
[ 4] 9.00-10.00 sec 20.4 MBytes 171 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 199 MBytes 167 Mbits/sec sender
[ 4] 0.00-10.00 sec 199 MBytes 167 Mbits/sec receiver

iperf Done.
 
elico
Member Candidate
Member Candidate
Posts: 143
Joined: Mon Nov 07, 2016 3:23 am

Re: RB2011 slow internet even with fasttrack

Wed Aug 14, 2019 7:59 pm

EDIT: It appears that the browser on client cannot reach higher speed then 500 ~ Mbps on the HTTP SpeedTest.
So I tried again with iperf and found out the next:
via RB2011 using iperf with or without NAT I am able to reach 750 ~ Mbps.
However when I am disabling route cache I am reaching a limit of: 170 ~ 200 Mbps.

So... now it's working as expected and the culprit for the 200 ~ Mbps issue was? Route cache disabled..
Hope it helps to sum this issue testing for others.

-----
I have a local RB2011 (FW 6.44.3)with 2 LAN segments:
LAN - 10.0.0.138/24
SERVERS - 192.168.89.1/24

Client: 10.0.0.65
LAN SpeedTest Server: 10.0.0.79/10.0.0.13
SERVERS SpeedTest Server: 192.168.89.42
I have also tried to followup the whole post with config.
With 6.36.4 it is still the same expected speed 200 ~ Mbps with iperf and 400 ~ Mbps with a local LAN to SERVERS http speedtest.
The CPU load is between 30-50 % with NAT enabled or disabled.

What do you think?

Attached default config for Direct routing (NAT is disabled)
# aug/14/2019 19:48:35 by RouterOS 6.44.5
# software id = ETRH-AEFB
#
# model = 2011UiAS
# serial number = 77AD0727C344
/interface bridge add admin-mac=64:D1:54:2A:1F:49 auto-mac=no comment=defconf name=bridge
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port add bridge=bridge comment=defconf interface=ether2
/interface bridge port add bridge=bridge comment=defconf interface=ether3
/interface bridge port add bridge=bridge comment=defconf interface=ether4
/interface bridge port add bridge=bridge comment=defconf interface=ether5
/interface bridge port add bridge=bridge comment=defconf interface=ether6
/interface bridge port add bridge=bridge comment=defconf interface=ether7
/interface bridge port add bridge=bridge comment=defconf interface=ether8
/interface bridge port add bridge=bridge comment=defconf interface=ether9
/interface bridge port add bridge=bridge comment=defconf interface=ether10
/interface bridge port add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings set discover-interface-list=LAN
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add comment=defconf interface=ether1 list=WAN
/ip address add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns set allow-remote-requests=yes
/ip dns static add address=192.168.88.1 name=router.lan
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WAN
/system clock set time-zone-name=Asia/Jerusalem
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
 
CsXen
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Wed Sep 10, 2014 8:31 pm
Location: Budapest - Hungary

Re: RB2011 slow internet even with fasttrack

Wed Oct 09, 2019 11:14 am

Hi.
So... now it's working as expected and the culprit for the 200 ~ Mbps issue was? Route cache disabled..
So, where, and how did you changed the route cache seetings ?

Best regards: CsXen
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: RB2011 slow internet even with fasttrack

Wed Oct 09, 2019 4:44 pm

The route cache is set here

[admin@R1] > ip settings set route-cache=no
 
gedanjj9972
just joined
Posts: 14
Joined: Wed Nov 06, 2019 6:53 pm

Re: RB2011 slow internet even with fasttrack

Thu Nov 07, 2019 11:13 pm

So....disabling route cache got you the speeds you were looking for?

I'm having the same problem as you. I don't want to downgrade if I don't have to.
 
BobcatGuy
Member Candidate
Member Candidate
Posts: 240
Joined: Thu Apr 19, 2007 7:41 am

Re: RB2011 slow internet even with fasttrack

Fri Apr 10, 2020 10:28 am

Any follow up with this?
I have been thinking this for years that ROS and particular devices are acting strange. But no one believed me. Keep chasing problems that don't want to be fixed. Everyone says don't use the board to do the speed test.

Explain to me, why when I do the board to board speed test, I will get 150Mb over the wireless, BUT when I do the speedtest from a PC on the network to the ISP, who has 600mbit download, I only get 40 - 50 mbit?
This doesn't add up. There is other issues where I can plug in an ethernet cable into a laptop, and get around 50 mbit over the wireless link, through a Uniquiti switch. Then I take that SAME ethernet cable and plug it into a Rukus AP and then I connect the laptop to that wirelessly, and I get 80 Mbit. Keep in mind the ISP down speed is 600 Mbit.

I'm sitting here and listen to distributors that say I should be able to get 500mbit REAL through put over my wireless link, and sure the connected air modulation rate is 400-500mbit. But what should the REAL data rate be? Should it drop all the way down to 50-80mbit? I don't think so. But that same link worked at 180 -225 mbit and then it changed at some point.`

WHY? And the silence from MT only speaks to what there may be hidden problems.

You can get 700+ mbit on your RB2011, then why cant I? is it date of manufacture / Lot of product that was bad? why doesn't MT tell us if it is so we can dump this shit and move on.
 
ksuuk
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jan 22, 2014 5:11 pm

Re: RB2011 slow internet even with fasttrack

Mon May 11, 2020 9:13 am


WHY? And the silence from MT only speaks to what there may be hidden problems.

You can get 700+ mbit on your RB2011, then why cant I? is it date of manufacture / Lot of product that was bad? why doesn't MT tell us if it is so we can dump this shit and move on.

Another "victim" - viewtopic.php?f=7&t=160943
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Mon May 11, 2020 9:48 am

After buying and being very unsatisfied with the 4011/wAP/RB260GSP, I'm planning my preliminary move/test of Ubiquiti.
Wireless tools and configuration is *meh* and the 4011 reboots itself at random times.

Edit:
A half year (approximately) later, the 4011 has stopped its antics and has become much more stable, possibly an update fix? I'm overall very happy with the price/performance value, just wish they would give a bit more love to the 2.4/5ghz AP wireless side.
 
bdubs85
newbie
Topic Author
Posts: 48
Joined: Fri Sep 07, 2018 4:30 am

Re: RB2011 slow internet even with fasttrack

Mon Sep 14, 2020 8:19 pm

Explain to me, why when I do the board to board speed test, I will get 150Mb over the wireless, BUT when I do the speedtest from a PC on the network to the ISP, who has 600mbit download, I only get 40 - 50 mbit?
Often in the real world with crowded 2.4GHz spectrum, you won't realistically get more than 40-70 Mbps in a client/AP scenario. That's just the nature of 2.4GHz anymore in many cases. This is the biggest reason for migration to 5GHz. I haven't messed with the 2011 yet to give you an answer from my perspective yet, but I also have slower internet right now so it's not an issue at the moment.
 
elico
Member Candidate
Member Candidate
Posts: 143
Joined: Mon Nov 07, 2016 3:23 am

Re: RB2011 slow internet even with fasttrack

Wed Nov 04, 2020 8:18 pm

So....disabling route cache got you the speeds you were looking for?

I'm having the same problem as you. I don't want to downgrade if I don't have to.
Disabling route cache means disabling also FastTrack which technically is a "flow" offload into either hardware or software.
For normal and simple routers you would use FastTrack and Route Cache.
However when you are trying to use any mangle rules you would need to disable Router Cache and FastTrack.
For example, if you would want to run some kind of LoadBalancing based on PCC or any other way with some mangle rules, you must disable Route Cache for these to work.
The main issue is that the device has 5 x 1 Gbps links which can "Switch" packets without any problem however it's cpu cannot handle speed higher then 150 ~ Mbps.
It's the same thing for other devices from many vendors in the networking world.... It fits for most simple use cases based on "Flows".

If you need speeds above 400 Mbps you would need a device which will either have a special or programmable feature/cpu/other/flowtable or it should have a CPU that can handle Gbps..
ie specific ARM or other cpu's.

Who is online

Users browsing this forum: scoobyn8 and 40 guests