Community discussions

 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Significant Speed Issues with MikroTik

Sat Jul 20, 2019 7:37 am

I have been using a MikroTik Hex for quite awhile without any difficulties. I recently swapped systems over to CRS326-24G-2S+.

Current Version: v6.45.2
Current Firmware: 6.45.2

Since the switch over to the new system I have been getting horrible speeds. I have a 1000/1000 connection at my house. All of my speed tests are returning roughly 14-25/0.75. Testing the internet connection directly confirms that the speed is working from the ISP provider correctly.

When I transitioned systems I did a manual setup of the initial settings on the CRS326. Then did an export compact from the Hex into the CRS326 and made some minor modifications. All of the systems are running, connected, and have internet.

But something is seriously impacting the speed. Any ideas on what could be causing this issue?

Thanks!
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 7:22 pm

So as an update I am not sure what is going on with the system. I abandoned the CRS as the support team said that it was not a good item to use for routing. Purchase a newer HEX box figuring that something must of went wrong with my old box.

I have tested the wiring from the fiber optic box, to the patch panel, to the router. Each and every spot returns 1000/1000 when I am plugged directly into the PC. Including the line that is plugged into the router when it is not plugged into my PC. After attaching the routing and directly connecting to it my speeds trim all the way down to 210-126/8-12 on each side. This is a drastic impact.

At this point I am not using any restored settings. I am using the default out of the box configuration (nothing special). I have made a couple of adjustments. By setting the queue to ethernet-only on the WAN connection and verifying that the ethernet ports were operating in HW-offloading. I even setup two bridges to test settings changes at one point. But this seems to affect me where I am using my massive pile of configuration settings or whether I am using the factory self-configuration.

Any thoughts? This is impacting a number of critical services that rely upon this internet speed.

Thank you.
 
mkx
Forum Guru
Forum Guru
Posts: 2604
Joined: Thu Mar 03, 2016 10:23 pm

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 7:54 pm

First thing is to profile CPUs to get idea whether CPU is bottleneck ... and which subsystem is hit most.
BR,
Metod
 
msatter
Forum Guru
Forum Guru
Posts: 1176
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 8:15 pm

Did you already found Fasttracking?

https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.3.1
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 8:21 pm

Yes I do believe so. My configuration settings are:
[admin@ReichHub] > /export compact
# jul/25/2019 10:19:56 by RouterOS 6.45.2
# software id = WD8P-ZQPL
#
# model = RB750Gr3
# serial number = 8B000A2ABF57
/interface bridge
add admin-mac=74:4D:28:11:B1:D0 auto-mac=no comment=defconf mtu=1500 name=\
    bridge protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] advertise=1000M-full
set [ find default-name=ether2 ] advertise=1000M-full
set [ find default-name=ether3 ] advertise=1000M-full
set [ find default-name=ether4 ] advertise=1000M-full
set [ find default-name=ether5 ] advertise=1000M-full
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/queue interface
set ether1 queue=ethernet-default
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether5
add bridge=bridge interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=10.0.0.1/24 comment=defconf interface=ether2 network=10.0.0.0
add address=PRIVATE/24 interface=ether1 network=PRIVATE
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=PRIVATE
/ip dns static
add address=10.0.0.1 name=router.lan
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
/ip route
add distance=1 gateway=PRIVATE
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=ReichHub
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@ReichHub] > 
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 8:38 pm

First thing is to profile CPUs to get idea whether CPU is bottleneck ... and which subsystem is hit most.
Just ran a test the results have been attached below.

CPU ran up to 6% as a max during the speed test for about 0.02 of a second. Then held fairly steadily between 1-3% until the test was completed.

Should be noted that my ping when directly connected without the router is about 0.89.
You do not have the required permissions to view the files attached to this post.
 
mkx
Forum Guru
Forum Guru
Posts: 2604
Joined: Thu Mar 03, 2016 10:23 pm

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 8:50 pm

LAN IP address is bound to ether2 which is slave device of bridge ... and that's wrong. Move it to bridge interface.

Any good reason to limit advertised speeds on ether ports only to 1000-full? Autonegotiation will select it if both link partners support it, negotiation of anything else indicates problems ... which have to be solved rather than masked by limiting autonegotiation possibilities.
BR,
Metod
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1700
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 9:08 pm

Some interesing parts:
* why queue with 1GBS = interface speed?
* dns server on PRIVATE=WAN? -> just forwarding to upstream

Other than that looks default.
Last edited by sebastia on Thu Jul 25, 2019 9:47 pm, edited 2 times in total.
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 9:19 pm

No need to profile anything: it's the hardware!
Look at the routing results: -> https://mikrotik.com/product/CRS326-24G ... estresults

CRS is a switch not a router. Your last hex had more power...
Yes. That is why we switched back to the HEX (sorry first post is confusing I explained in the second) ... although ... same problem.

I have ordered a RB3011UiAS-RM which will be here tomorrow. But specific router does not appear to be the issue in this scenario.
Last edited by JordanReich on Thu Jul 25, 2019 9:24 pm, edited 1 time in total.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1700
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 9:21 pm

Indeed noticed, edited post

gr3 should be able to do close to 1gbps cpu-wise, you're nowhere near that, so there must be something else that's causing it.
Last edited by sebastia on Thu Jul 25, 2019 9:33 pm, edited 1 time in total.
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 9:32 pm

LAN IP address is bound to ether2 which is slave device of bridge ... and that's wrong. Move it to bridge interface.
Where would I change this setting? I found the WAN ethernet but according to winbox it is already linked to the bridge. Perhaps I am looking in the wrong spot?
Any good reason to limit advertised speeds on ether ports only to 1000-full? Autonegotiation will select it if both link partners support it, negotiation of anything else indicates problems ... which have to be solved rather than masked by limiting autonegotiation possibilities.
Did this following advice from another forum board here (actually multiple forum postings) regarding people experiencing issues with network speed on the HEX. It was done in an attempt to try that solution. I have enabled the default ones. Reran a speed test. Result below.

Here is my updated configuration output:










  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 6.45.2 (c) 1999-2019       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level
[admin@ReichHub] > /export compact
# jul/25/2019 11:32:11 by RouterOS 6.45.2
# software id = WD8P-ZQPL
#
# model = RB750Gr3
# serial number = 8B000A2ABF57
/interface bridge
add admin-mac=74:4D:28:11:B1:D0 auto-mac=no comment=defconf mtu=1500 name=\
    bridge protocol-mode=none
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/queue interface
set ether1 queue=ethernet-default
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether5
add bridge=bridge interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=10.0.0.1/24 comment=defconf interface=ether2 network=10.0.0.0
add address=198.15.7.219/24 interface=ether1 network=198.15.7.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=198.15.0.2
/ip dns static
add address=10.0.0.1 name=router.lan
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
/ip route
add distance=1 gateway=198.15.7.1
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=ReichHub
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@ReichHub] > 
You do not have the required permissions to view the files attached to this post.
 
mkx
Forum Guru
Forum Guru
Posts: 2604
Joined: Thu Mar 03, 2016 10:23 pm

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 10:34 pm

LAN IP address is bound to ether2 which is slave device of bridge ... and that's wrong. Move it to bridge interface.
Where would I change this setting? I found the WAN ethernet but according to winbox it is already linked to the bridge. Perhaps I am looking in the wrong spot?
That would be in /ip address ... change settings for LAN addressso that it will use interface=bridge
BR,
Metod
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik

Thu Jul 25, 2019 10:51 pm

LAN IP address is bound to ether2 which is slave device of bridge ... and that's wrong. Move it to bridge interface.
Where would I change this setting? I found the WAN ethernet but according to winbox it is already linked to the bridge. Perhaps I am looking in the wrong spot?
That would be in /ip address ... change settings for LAN addressso that it will use interface=bridge
Got it!

Updated configuration:

















































  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 6.45.2 (c) 1999-2019       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level
[admin@ReichHub] > /export compact
# jul/25/2019 12:50:23 by RouterOS 6.45.2
# software id = WD8P-ZQPL
#
# model = RB750Gr3
# serial number = 8B000A2ABF57
/interface bridge
add admin-mac=74:4D:28:11:B1:D0 auto-mac=no comment=defconf mtu=1500 name=bridge protocol-mode=none
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/queue interface
set ether1 queue=ethernet-default
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether5
add bridge=bridge interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=10.0.0.1/24 comment=defconf interface=bridge network=10.0.0.0
add address=198.15.7.219/24 interface=ether1 network=198.15.7.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=198.15.0.2
/ip dns static
add address=10.0.0.1 name=router.lan
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=198.15.7.1
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=ReichHub
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@ReichHub] > 
Also the results of the new speed test ...
You do not have the required permissions to view the files attached to this post.
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik

Fri Jul 26, 2019 12:00 am

Just to post verification that the lines appear to be in working order.

Test w/ ROUTER hooked up and computer hooked directly into router
ROUTER-SPEED.jpg
ROUTER-TEST.jpg
Test w/o ROUTER and internet line hooked directly into the computer
NOROUTER-SPEED.jpg
NOROUTER-TEST.jpg
Side thought ... Is there any reason why a computer might be able to read a combination of different kinds of wiring such as T568A vs. T568B better than the router? I did redo the wiring in the patch panel about the same time this problem started. But since the computer gets a perfect connection I have ruled out anything problematic there.
You do not have the required permissions to view the files attached to this post.
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik

Fri Jul 26, 2019 6:47 pm

Just to keep the progress of this up to date. Been working in tangent on this with the MikroTik support team. They requested the same CPU monitoring in screenshots sent them.

This testing was in line with the original testing done above. Resource usage during test:
duringtest-results.png
You do not have the required permissions to view the files attached to this post.
 
elico
just joined
Posts: 14
Joined: Mon Nov 07, 2016 3:23 am

Re: Significant Speed Issues with MikroTik

Mon Jul 29, 2019 1:11 am

I have couple RB750Gr3 but none of them were able to reach more then 300 Mbps for file transfer in routing only mode (No NAT).
To test this issue try to use the "Bandwidth Test" tool of mikrotik.
Take a look at this post: viewtopic.php?t=104266
It has ip addresses and usernames for speedtests.
This test will give you a starting point to what you might be able to expect from the Mikrotik device CPU to do for you.
By the way, did you had any chance and looked to the: "Ethernet test results" section of the device?
https://mikrotik.com/product/RB750Gr3#fndtn-testresults

By default I look at the "25 ip filter rules" section to know what is the basic "worst case" scenario for this device.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1700
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Significant Speed Issues with MikroTik

Mon Jul 29, 2019 2:43 am

Hey @elico, you obviously use sub-optimal config for your hardware.
Furthermore, the link you provided suggest 1Gbps routing performance for gr3...

Wrt testing, have a look at https://mum.mikrotik.com/presentations/ ... 080654.pdf & https://youtu.be/rQX0inNcPuM
 
JordanReich
newbie
Topic Author
Posts: 34
Joined: Sat Jul 20, 2019 7:31 am

Re: Significant Speed Issues with MikroTik  [SOLVED]

Mon Jul 29, 2019 7:28 pm

Sorry for the delay in updating this post ...

The issue has been discovered. I worked this issue from this end as well as working with our local ISP (we are a small community makes it easier).

Apparently the FIBER boxes that we have in the house do not recognize new routers correctly without being rebooted. So the system has some kind of fault that occurs that causes a degradation in speed until the system has been rebooted. But since I was doing testing from the ISP box and switching routers while I was rebooting. I never was able to determine a fault with the ISP box and not with MikroTik.

So in this case the problem was with the ISP machinery.

Either way, I appreciate the communities support in helping to find a solution to the problem!
 
msatter
Forum Guru
Forum Guru
Posts: 1176
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Significant Speed Issues with MikroTik

Mon Jul 29, 2019 8:38 pm

Good to read that it has been resolved and in searching for strange problems check whole chain is the second step.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.3.1
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)

Who is online

Users browsing this forum: No registered users and 27 guests