Slowness for the first few seconds then fast on download

archerious · Thu Apr 30, 2020 7:20 am

I noticed something odd since enabling fasttracking, while CPU usage has come down a lot, my internet speeds are slow 200-300mbps for like 3-4 seconds then it jumps/spikes to 800mbps. But upload instantly goes to 900mbps-942mbps on speedtest.net and same thing with Mikrotik's test servers through winbox tool.

I am very confused why this happens with fasttracking, as when I had it off I would instantly go to 800mbps but the catch was CPU would hit 40% and sometime higher on my RB4011.

Any advice?

With fasttracking off then reboot my speed but high 40-50% CPU usage:

Finally with fasttrack turned on again and rebooted after the spike at the end of the test just like real downloads spiking towards end:

Thu Apr 30, 2020 12:33 pm

but the catch was CPU would hit 40% and sometime higher on my RB4011.

What's the problem with that?

solar77 · Thu Apr 30, 2020 2:02 pm

the problem is the lockdonw, all man seek every opportunity to "work" and avoid doing house work. that's exactly what I am doing right now.

archerious · Thu Apr 30, 2020 9:12 pm

the problem is the lockdonw, all man seek every opportunity to "work" and avoid doing house work. that's exactly what I am doing right now.

No it isn't.

archerious · Thu Apr 30, 2020 9:15 pm

but the catch was CPU would hit 40% and sometime higher on my RB4011.
What's the problem with that?

Hmm, well I guess you have a point, might as well disable fasttrack.

shahriyora · Fri May 01, 2020 1:33 am

but the catch was CPU would hit 40% and sometime higher on my RB4011.
What's the problem with that?

the problem is the lockdonw, all man seek every opportunity to "work" and avoid doing house work. that's exactly what I am doing right now.

The only problem is that you're not helping a newbie to understand the quirks of a solid feature in the manufacturer's specialized forum, in the beginners' subcategory. We - beginners - write here to seek for help on something we don't understand from someone who knows. But reading the comments such as yours feels frustrating and disappointing. Please restrain.

I also think this is an interesting topic, and it'd be wonderful — not only for the TopicStarter, but for all other users with similar problems — if someone could explain why this happens, and provides with a fix if there is one.

Thanks for understanding.

archerious · Fri May 01, 2020 1:42 am

but the catch was CPU would hit 40% and sometime higher on my RB4011.
What's the problem with that?

the problem is the lockdonw, all man seek every opportunity to "work" and avoid doing house work. that's exactly what I am doing right now.

The only problem is that you're not helping a newbie to understand the quirks of a solid feature in the manufacturer's specialized forum, in the beginners' subcategory. We - beginners - write here to seek for help on something we don't understand from someone who knows. But reading the comments such as yours feels frustrating and disappointing. Please restrain.

I also think this is an interesting topic, and it'd be wonderful — not only for the TopicStarter, but for all other users with similar problems — if someone could explain why this happens, and provides with a fix if there is one.

Thanks for understanding.

Thank you! The same issue happened way before COVID-19, I just assumed it was AT&T Fiber, but after disabling fasttracking, the speeds are instantly fast at 800-900mbps down, it's only with fasttracking on that speeds are like 200-300mbps for 5-10 seconds then burst to 800mbps. It's annoying and causing some bufferbloat and lag when gaming for example. I made sure to use UPNP for both to ensure it wasn't ports being blocked etc. I even gave screenshots yet that one person just blamed it on the ISP, if I wanted stupid answers like that I would've stayed with Ubiquiti.

Paternot · Fri May 01, 2020 4:09 am

Well, this is weird. I use fasttrack, and don't get this problem.

True, my ISP gives me far less speed than Yours - but my router is an RB750Gr3, not a 4011.

What I see, with speed test:

1) Starts at about 280 - 350 Mbps.
2) Soon after (about 2 or 3 seconds) the traffic shaping of my provider comes into play, and my speed goes down to about what I pay for: 90/90.

Se the attachment. That little bump at the beginning of the test was about 280Mbps.

solar77 · Fri May 01, 2020 10:59 am

The only problem is that you're not helping a newbie

Looks like my humorous intention has not been understood so well, nonetheless, stay safe and keep the spirit up!

while this issue is interesting, it does not actually cause a problem for OP. if your curiosity won't let this go, I'd suggest two things:
watch firewall connections when starting speed test, compare what is different between with and without FT,
and with fast tracking, test with a public Mikrotik speed test server, see if you get the same behavior.

pe1chl · Fri May 01, 2020 11:44 am

Slow speeds at the start of a download and then higher speeds after some time is not a bug of the router, it is a feature of TCP.
That is how TCP works, and why you see this so often. The sending server cannot know if you are behind a 33k6 telephone modem or a gigabit fiber, hence it starts sending slowly and then gradually increases speed when the data keeps flowing.

mkx · Fri May 01, 2020 12:29 pm

Slow speeds at the start of a download and then higher speeds after some time is not a bug of the router, it is a feature of TCP.

Certainly you're right about that. However it doesn't explain the difference between behaviours OP observed ... the sending server cannot know that fasttrack is running and that such clients has to be penalized somehow.

solar77 · Fri May 01, 2020 12:53 pm

interesting.
i am thinking of two things:
MTU , but this should have nothing to do with fast-track
connection tracking: one thing different with fast-track, is that it bypass connection tracking, would this somehow slow down the process of speed testing server establish mutiple streams? that's why I suggested OP to observe connection table when starting speed test, compare with or without fast-track.

mkx · Fri May 01, 2020 1:09 pm

connection tracking: one thing different with fast-track, is that it bypass connection tracking,

No, it doesn't, fast track only works for packets belonging to marked connections (see description of fasttrack) and those are marked by connection tracking machinery. Which means router still has to perform at least part of connection tracking (the part where it classifies packets into connections, not sure if there's more). The difference between fasttracked and "normally tracked" packet is that the former skips a part of prerouting chain, complete forward chain and most (if not all) of postrouting chain.

But that definitely doesn't explain why "taking shortcuts" means lower initial throughput observed when fasttrack is enabled. Deep analysis (doing wireshark traces on possibly WAN side) would be necessary to observe if there's some difference in behaviour between both cases.
Some speculation: could be that in non-fasttrack case sending server starts additional parallel TCP connections very soon after test is initiated while in fast-track case it starts additional TCP streams after a couple of seconds? And that it does it because with fasttrack enabled, the TCP rampup is better and thus masking off need for parallel streams somehow?

solar77 · Fri May 01, 2020 1:23 pm

just tested on a cCR1009, Mikrotik bandwidth test TCP, 1Gbps uplink,
no difference with or without fast-track

Fri May 01, 2020 5:30 pm

We haven't seen the actual configuration that OP uses, so the following is just a wild guess. Some packets are still going slow path even for fasttracked connections, that's why documentation says that an explicit "accept" rule for otherwise fasttracked connections is a requirement. Potential absence of such "accept" rule might be what's causing that slowness.

archerious · Sun May 03, 2020 1:21 pm

We haven't seen the actual configuration that OP uses, so the following is just a wild guess. Some packets are still going slow path even for fasttracked connections, that's why documentation says that an explicit "accept" rule for otherwise fasttracked connections is a requirement. Potential absence of such "accept" rule might be what's causing that slowness.

I based my rules on pcunite's AT&T fiber bypass guide, pic below:

Sun May 03, 2020 3:24 pm

That pic is pretty useless, as it hides too many of the essential bits of configuration. If you want/need to share your configuration you should post the output of the /export hide-sensitive command instead.

archerious · Mon May 04, 2020 9:05 am

That pic is pretty useless, as it hides too many of the essential bits of configuration. If you want/need to share your configuration you should post the output of the /export hide-sensitive command instead.

Provided below, also changed the AT&T spoofed MAC address and my email address and WAN IPv4 to CENSORED below.

Below is config when fassttracking is on.

/export hide-sensitive
# may/04/2020 00:58:14 by RouterOS 6.46.6
# software id = 86CU-YT4V
#
# model = RB4011iGS+
# serial number = CENSORED
/interface ethernet
set [ find default-name=ether1 ] mac-address=CENSORED
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
/interface vlan
add interface=sfp-sfpplus1 name=VLAN20 vlan-id=20
add interface=sfp-sfpplus1 name=VLAN40 vlan-id=40
add interface=sfp-sfpplus1 name=VLAN45 vlan-id=45
add interface=sfp-sfpplus1 name=VLAN50 vlan-id=50
add interface=sfp-sfpplus1 name=VLAN70 vlan-id=70
add interface=sfp-sfpplus1 name=VLAN100 vlan-id=100
add interface=sfp-sfpplus1 name=vlan88 vlan-id=88
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=LAN
add name=WAN
add name=No-InterVLAN
add name=m-InterVLAN
add include=none name=DMZ-IPCAMs
add include=none name=TrueDMZ
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1,md5 enc-algorithms=\
    3des
/ip pool
add name=vlan20_guest ranges=10.10.10.6-10.10.10.254
add name=vlan70_ipcams ranges=192.168.70.20-192.168.70.254
add name=vlan100_lan ranges=10.1.1.11-10.1.1.254
add name=vlan40 ranges=10.4.1.2-10.4.1.6
add name=vlan45 ranges=10.5.1.2-10.5.1.6
add name=vlan50_work ranges=192.168.10.2-192.168.10.6
add name=vlan88_mgmt ranges=192.168.18.2-192.168.18.6
/ip dhcp-server
add add-arp=yes address-pool=vlan20_guest always-broadcast=yes disabled=no \
    interface=VLAN20 lease-time=2d name=vlan20
add add-arp=yes address-pool=vlan70_ipcams disabled=no interface=VLAN70 \
    lease-time=2d name=vlan70
add add-arp=yes address-pool=vlan100_lan disabled=no interface=VLAN100 \
    lease-time=2d name=vlan100_LAN
add add-arp=yes address-pool=vlan40 disabled=no interface=VLAN40 lease-time=2d \
    name=vlan40
add add-arp=yes address-pool=vlan45 disabled=no interface=VLAN45 lease-time=2d \
    name=vlan45
add add-arp=yes address-pool=vlan50_work disabled=no interface=VLAN50 \
    lease-time=12h name=vlan50_work
add address-pool=vlan88_mgmt disabled=no interface=ether10 lease-time=12h name=\
    mgmt-dhcp
/system logging action
add email-to=CENSORED name=email target=email
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
    ord,web,sniff,sensitive,api,romon,dude,tikapp"
/certificate settings
set crl-download=no crl-use=no
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface dot1x client
add anon-identity=CENSORED certificate=\
    Client_CENSORED.pem_0 eap-methods=eap-tls identity=\
    CENSORED interface=ether1
/interface l2tp-server server
set allow-fast-path=yes authentication=chap,mschap2 enabled=yes max-mru=1460 \
    max-mtu=1460 use-ipsec=required
/interface list member
add interface=VLAN50 list=LAN
add interface=VLAN70 list=LAN
add interface=VLAN100 list=LAN
add interface=VLAN20 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=ether1 list=WAN
add interface=VLAN100 list=No-InterVLAN
add interface=VLAN20 list=No-InterVLAN
add interface=VLAN70 list=No-InterVLAN
add interface=VLAN50 list=m-InterVLAN
add interface=VLAN100 list=m-InterVLAN
add interface=VLAN70 list=m-InterVLAN
add interface=VLAN20 list=TrueDMZ
add interface=VLAN40 list=LAN
add interface=VLAN45 list=LAN
add interface=VLAN45 list=TrueDMZ
add interface=VLAN50 list=TrueDMZ
add interface=VLAN70 list=TrueDMZ
add interface=VLAN100 list=TrueDMZ
add interface=VLAN20 list=DMZ-IPCAMs
add interface=VLAN40 list=DMZ-IPCAMs
add interface=VLAN50 list=DMZ-IPCAMs
add interface=VLAN100 list=DMZ-IPCAMs
add interface=VLAN40 list=m-InterVLAN
add interface=VLAN45 list=m-InterVLAN
add interface=VLAN45 list=No-InterVLAN
add interface=VLAN40 list=No-InterVLAN
add interface=ether10 list=LAN
/ip address
add address=10.10.10.1/24 interface=VLAN20 network=10.10.10.0
add address=192.168.10.1/29 interface=VLAN50 network=192.168.10.0
add address=192.168.70.1/24 interface=VLAN70 network=192.168.70.0
add address=10.1.1.1/24 interface=VLAN100 network=10.1.1.0
add address=10.5.1.1/29 interface=VLAN45 network=10.5.1.0
add address=10.4.1.1/29 interface=VLAN40 network=10.4.1.0
add address=192.168.18.1/29 interface=ether10 network=192.168.18.0
add address=192.168.1.1/24 interface=vlan88 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=10.10.10.58 mac-address=CC:6D:A0:FD:B5:AF server=vlan20
add address=10.10.10.52 client-id=1:60:67:20:42:db:58 mac-address=\
    60:67:20:42:DB:58 server=vlan20
add address=10.10.10.38 client-id=1:d4:61:da:12:7f:61 mac-address=\
    D4:61:DA:12:7F:61 server=vlan20
add address=10.10.10.57 client-id=1:b0:19:c6:a:81:dd mac-address=\
    B0:19:C6:0A:81:DD server=vlan20
add address=10.10.10.61 mac-address=0C:62:A6:02:7B:82 server=vlan20
add address=192.168.70.21 client-id=1:f0:0:0:12:73:84 comment=gatecam \
    mac-address=F0:00:00:12:73:84 server=vlan70
add address=10.10.10.45 mac-address=94:44:44:EA:DB:C5 server=vlan20
add address=10.1.1.25 client-id=1:d4:4d:a4:8e:5d:d4 mac-address=\
    D4:4D:A4:8E:5D:D4 server=vlan100_LAN
add address=10.1.1.50 client-id=1:0:2:c9:53:6:b8 mac-address=00:02:C9:53:06:B8 \
    server=vlan100_LAN
add address=10.1.1.47 client-id=1:18:e8:29:96:63:e6 mac-address=\
    18:E8:29:96:63:E6 server=vlan100_LAN
add address=10.1.1.46 client-id=1:b4:fb:e4:e4:90:be comment="Edgeswitch 10X" \
    mac-address=B4:FB:E4:E4:90:BE server=vlan100_LAN
add address=10.1.1.44 client-id=1:0:2:c9:51:45:d6 comment="main pc bedroom" \
    mac-address=00:02:C9:51:45:D6 server=vlan100_LAN
add address=10.1.1.41 mac-address=76:7A:9F:4A:64:84 server=vlan100_LAN
add address=10.1.1.3 client-id=1:74:4d:28:9e:26:b9 mac-address=\
    74:4D:28:9E:26:B9 server=vlan100_LAN
add address=10.1.1.36 mac-address=18:E8:29:2C:6E:8B server=vlan100_LAN
add address=10.1.1.33 client-id=1:18:e8:29:96:62:e4 mac-address=\
    18:E8:29:96:62:E4 server=vlan100_LAN
add address=10.10.10.23 client-id=1:8:66:98:53:30:6d mac-address=\
    08:66:98:53:30:6D server=vlan20
add address=10.1.1.29 client-id=1:80:fa:5b:4e:8b:bf mac-address=\
    80:FA:5B:4E:8B:BF server=vlan100_LAN
add address=10.1.1.27 client-id=1:0:2:c9:51:f9:a0 mac-address=00:02:C9:51:F9:A0 \
    server=vlan100_LAN
add address=192.168.70.26 client-id=1:c0:99:e8:d1:5a:d9 comment="tree cam" \
    mac-address=C0:99:E8:D1:5A:D9 server=vlan70
add address=192.168.70.29 client-id=1:28:ad:3e:73:5f:27 comment=\
    "wansview upstairs" mac-address=28:AD:3E:73:5F:27 server=vlan70
add address=10.1.1.21 client-id=1:38:de:ad:a7:48:2e mac-address=\
    38:DE:AD:A7:48:2E server=vlan100_LAN
add address=10.1.1.13 client-id=1:30:9c:23:e6:1a:91 mac-address=\
    30:9C:23:E6:1A:91 server=vlan100_LAN
add address=10.10.10.8 client-id=1:14:60:cb:5d:bd:25 mac-address=\
    14:60:CB:5D:BD:25 server=vlan20
add address=10.1.1.20 client-id=1:2c:c5:d3:23:7:c0 comment=ruckus mac-address=\
    2C:C5:D3:23:07:C0 server=vlan100_LAN
add address=10.1.1.19 client-id=1:2c:c5:d3:23:d:80 comment=ruckus mac-address=\
    2C:C5:D3:23:0D:80 server=vlan100_LAN
add address=10.10.10.12 client-id=1:ec:2c:e2:a:f5:33 mac-address=\
    EC:2C:E2:0A:F5:33 server=vlan20
add address=10.1.1.22 client-id=1:f0:9f:c2:70:e5:77 mac-address=\
    F0:9F:C2:70:E5:77 server=vlan100_LAN
add address=10.10.10.6 client-id=1:8c:45:0:2e:2d:94 mac-address=\
    8C:45:00:2E:2D:94 server=vlan20
add address=10.1.1.26 mac-address=00:28:F8:A9:15:B9 server=vlan100_LAN
add address=10.10.10.7 client-id=1:f4:e:1:52:f7:c1 mac-address=\
    F4:0E:01:52:F7:C1 server=vlan20
add address=10.10.10.9 client-id=1:b0:34:95:e8:2d:f9 mac-address=\
    B0:34:95:E8:2D:F9 server=vlan20
add address=192.168.70.20 client-id=1:4c:bd:8f:e2:20:4d comment=hikvision \
    mac-address=4C:BD:8F:E2:20:4D server=vlan70
add address=192.168.70.28 client-id=1:30:5:5c:3d:19:e7 comment=\
    "brother_eth8 on CRS112" mac-address=30:05:5C:3D:19:E7 server=vlan70
add address=10.10.10.14 client-id=1:14:95:ce:f:d:78 mac-address=\
    14:95:CE:0F:0D:78 server=vlan20
add address=10.10.10.15 client-id=1:50:a6:7f:a6:8:f3 mac-address=\
    50:A6:7F:A6:08:F3 server=vlan20
add address=10.10.10.16 client-id=1:f4:6:16:d0:ee:73 mac-address=\
    F4:06:16:D0:EE:73 server=vlan20
add address=10.1.1.15 client-id=1:c8:5b:76:de:30:a1 mac-address=\
    C8:5B:76:DE:30:A1 server=vlan100_LAN
add address=10.1.1.35 client-id=\
    ff:1e:78:b0:b:0:1:0:1:23:55:d2:12:12:a9:1e:78:b0:b mac-address=\
    12:A9:1E:78:B0:0B server=vlan100_LAN
add address=10.10.10.10 client-id=1:46:a2:74:be:76:44 mac-address=\
    46:A2:74:BE:76:44 server=vlan20
add address=10.10.10.13 client-id=1:74:42:8b:9:f8:e mac-address=\
    74:42:8B:09:F8:0E server=vlan20
add address=10.10.10.17 client-id=1:f8:6f:c1:be:26:b1 mac-address=\
    F8:6F:C1:BE:26:B1 server=vlan20
add address=10.1.1.24 client-id=\
    ff:96:87:8f:9f:0:2:0:0:ab:11:b9:3:74:6:5f:47:c6:3c mac-address=\
    5E:29:C2:12:23:25 server=vlan100_LAN
add address=10.1.1.32 client-id=1:9e:4b:7:14:6d:bc mac-address=\
    9E:4B:07:14:6D:BC server=vlan100_LAN
add address=10.1.1.123 client-id=1:0:e1:8c:c9:a6:a8 mac-address=\
    00:E1:8C:C9:A6:A8 server=vlan100_LAN
add address=192.168.70.24 client-id=1:e0:9:bf:11:2e:d1 comment=\
    "wansview downstairs" mac-address=E0:09:BF:11:2E:D1 server=vlan70
add address=10.1.1.60 client-id=\
    ff:e4:e:9a:bc:0:2:0:0:ab:11:b9:3:74:6:5f:47:c6:3c mac-address=\
    72:5B:5D:B3:19:42 server=vlan100_LAN
add address=10.1.1.28 client-id=1:dc:fb:48:28:91:f5 mac-address=\
    DC:FB:48:28:91:F5 server=vlan100_LAN
add address=10.1.1.30 client-id=1:dc:fb:48:2b:41:84 comment=p50 mac-address=\
    DC:FB:48:2B:41:84 server=vlan100_LAN
add address=10.1.1.34 client-id=\
    ff:8d:91:49:47:0:2:0:0:ab:11:d:23:b7:e5:35:e5:73:ee mac-address=\
    A2:D9:05:CE:85:16 server=vlan100_LAN
add address=10.1.1.37 client-id=\
    ff:26:2d:a:1b:0:2:0:0:ab:11:d:23:b7:e5:35:e5:73:ee mac-address=\
    96:9C:17:2A:8C:C1 server=vlan100_LAN
add address=192.168.70.25 client-id=1:2c:dc:ad:f9:25:e6 mac-address=\
    2C:DC:AD:F9:25:E6 server=vlan70
add address=192.168.10.6 client-id=1:0:2:c9:57:72:4a mac-address=\
    00:02:C9:57:72:4A
add address=10.1.1.38 client-id=1:80:fa:5b:4e:8b:c0 mac-address=\
    80:FA:5B:4E:8B:C0 server=vlan100_LAN
add address=10.10.10.2 client-id=1:68:db:f5:67:7e:46 mac-address=\
    68:DB:F5:67:7E:46 server=vlan20
add address=10.10.10.18 client-id=1:f8:38:80:a7:59:3 mac-address=\
    F8:38:80:A7:59:03 server=vlan20
add address=10.10.10.19 client-id=1:a0:4e:a7:8e:99:46 mac-address=\
    A0:4E:A7:8E:99:46 server=vlan20
add address=10.10.10.20 client-id=1:30:63:6b:83:98:5 mac-address=\
    30:63:6B:83:98:05 server=vlan20
add address=10.5.1.2 client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:c9:21:9b:1b:1f:d1:b1:a1 mac-address=\
    4A:FA:D7:C0:DE:DD server=vlan45
add address=10.4.1.3 client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:85:2b:44:d:5d:88:97:7e mac-address=\
    AE:64:B2:28:EE:38 server=vlan40
add address=10.5.1.3 client-id=\
    ff:32:39:22:3b:0:1:0:1:25:9a:bf:45:92:44:32:39:22:3b mac-address=\
    92:44:32:39:22:3B server=vlan45
add address=10.5.1.4 client-id=\
    ff:f1:dd:97:d6:0:2:0:0:ab:11:b9:3:74:6:5f:47:c6:3c mac-address=\
    36:26:7D:93:45:9A server=vlan45
add address=192.168.70.62 client-id=1:0:80:92:c8:be:11 mac-address=\
    00:80:92:C8:BE:11 server=vlan70
add address=192.168.10.5 client-id=1:0:2:c9:57:72:4a mac-address=\
    00:02:C9:57:72:4A server=vlan50_work
add address=10.1.1.17 client-id=1:c8:5b:76:1b:c3:4b comment="dropbear p50 see ht\
    tps://uwot.eu/blog/remotely-unclock-a-full-disk-encrypted-fedora-centos-serv\
    er/" mac-address=C8:5B:76:1B:C3:4B server=vlan100_LAN
add address=192.168.18.254 client-id=1:c8:5b:76:de:30:a1 mac-address=\
    C8:5B:76:DE:30:A1 server=mgmt-dhcp
add address=192.168.10.4 client-id=1:0:80:64:fd:45:cd mac-address=\
    00:80:64:FD:45:CD server=vlan50_work
add address=10.10.10.11 comment="likely ring doorbell" mac-address=\
    54:E0:19:12:10:5E server=vlan20
add address=10.10.10.21 client-id=1:64:5a:ed:e8:e1:61 mac-address=\
    64:5A:ED:E8:E1:61 server=vlan20
add address=192.168.70.22 client-id=1:bc:ba:c2:94:1b:a8 comment="car cam" \
    mac-address=BC:BA:C2:94:1B:A8 server=vlan70
/ip dhcp-server network
add address=10.1.1.0/24 dns-server=10.1.1.1 gateway=10.1.1.1
add address=10.4.1.0/29 dns-server=10.4.1.1 gateway=10.4.1.1
add address=10.5.1.0/29 dns-server=10.5.1.1 gateway=10.5.1.1
add address=10.10.10.0/24 dns-server=10.10.10.1 gateway=10.10.10.1
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1
add address=192.168.10.0/28 dns-server=192.168.10.1 gateway=192.168.10.1
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1
add address=192.168.18.0/24 dns-server=192.168.18.1 gateway=192.168.18.1
add address=192.168.70.0/24 dns-server=192.168.70.1 gateway=192.168.70.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,2606:4700:4700::1111
/ip firewall address-list
add address=CENSOREDmynetname.net list=WAN-IP
add address=216.218.206.78 list=IPSEC
add address=180.168.136.110 list=IPSEC
add address=216.218.206.118 list=IPSEC
add address=95.174.66.242 list=IPSEC
add address=202.96.99.84 list=IPSEC
add address=121.81.24.227 list=IPSEC
add address=181.129.42.188 list=IPSEC
add address=109.189.159.221 list=IPSEC
/ip firewall filter
add action=accept chain=input comment="Allow established related" \
    connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="Allow LAN" in-interface-list=LAN
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="drop all other input"
add action=drop chain=forward comment="no WAN for VLAN70 (ipcameras)" \
    in-interface=VLAN70 out-interface-list=WAN
add action=drop chain=forward comment="temp vlan for hikvision" in-interface=\
    vlan88 out-interface-list=WAN
add action=drop chain=forward comment="no inter-vlan for Sutherland VLAN50" \
    in-interface=VLAN50 out-interface-list=No-InterVLAN
add action=drop chain=forward comment="no intervlan for m's network" \
    in-interface=VLAN20 out-interface-list=m-InterVLAN
add action=drop chain=forward comment=dmz in-interface=VLAN45 \
    out-interface-list=DMZ-IPCAMs
add action=drop chain=forward comment=truedmz in-interface=VLAN40 \
    out-interface-list=TrueDMZ
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="Allow established related" \
    connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow LAN" in-interface-list=LAN
add action=accept chain=forward comment="Allow port forwards (dst nat)" \
    connection-nat-state=dstnat in-interface-list=WAN
add action=drop chain=forward comment="drop all other forward"
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masq" out-interface-list=\
    WAN
add action=dst-nat chain=dstnat comment="OVPN Portfoward" dst-address=\
    CENSORED dst-port=1194 in-interface-list=WAN protocol=udp \
    to-addresses=10.5.1.3
add action=dst-nat chain=dstnat comment=wireguard dst-address=CENSORED \
    dst-port=51820 in-interface-list=WAN protocol=udp to-addresses=10.5.1.2
add action=dst-nat chain=dstnat comment=apache2 dst-address=CENSORED \
    dst-port=80 in-interface-list=WAN protocol=tcp to-addresses=10.4.1.3
/ip firewall service-port
set ftp disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=VLAN20 type=internal
add interface=VLAN50 type=internal
add interface=VLAN100 type=internal
/ipv6 address
add from-pool=general-pool6 interface=VLAN20
add from-pool=general-pool6 interface=VLAN40
add from-pool=general-pool6 interface=VLAN100
add from-pool=general-pool6 interface=VLAN50
add from-pool=general-pool6 interface=VLAN45
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=general-pool6 prefix-hint=\
    ::/60 request=address,prefix use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=input comment="Accept (established, related)" \
    connection-state=established,related
add action=drop chain=input comment="Drop (invalid)" connection-state=invalid
add action=accept chain=input comment="Accept DHCP (10/sec)" in-interface=\
    ether1 limit=10,20:packet protocol=udp src-port=547
add action=drop chain=input comment="Drop DHCP (>10/sec)" in-interface=ether1 \
    protocol=udp src-port=547
add action=accept chain=input comment="Accept external ICMP (10/sec)" \
    in-interface=ether1 limit=10,20:packet protocol=icmpv6
add action=drop chain=input comment="Drop external ICMP (>10/sec)" \
    in-interface=ether1 protocol=icmpv6
add action=accept chain=input comment="Accept internal ICMP" in-interface=\
    !ether1 protocol=icmpv6
add action=drop chain=input comment="Drop external" in-interface=ether1
add action=drop chain=input comment="Reject everything else"
add action=accept chain=output comment="Accept all"
add action=accept chain=forward comment="Accept (established, related)" \
    connection-state=established,related
add action=drop chain=forward comment="Drop (invalid)" connection-state=invalid
add action=accept chain=forward comment="Accept external ICMP (20/sec)" \
    in-interface=ether1 limit=20,50:packet protocol=icmpv6
add action=drop chain=forward comment="Drop external ICMP (>20/sec)" \
    in-interface=ether1 protocol=icmpv6
add action=accept chain=forward comment="Accept internal" in-interface=!ether1
add action=accept chain=forward comment="Accept outgoing" out-interface=ether1
add action=drop chain=forward comment="Drop external" in-interface=ether1
add action=drop chain=forward comment="Reject everything else"
/ipv6 nd
set [ find default=yes ] disabled=yes
add interface=VLAN100 ra-interval=20s-1m
add interface=VLAN50 ra-interval=20s-1m
add interface=VLAN20 ra-interval=20s-1m
add interface=ether1 ra-interval=20s-1m
add interface=VLAN40 ra-interval=20s-1m
add interface=VLAN45
/system clock
set time-zone-autodetect=no time-zone-name=America/Chicago
/system identity
set name=MikroTik-RB4011
/system scheduler
add disabled=yes interval=1h name=email_logs on-event="/log print file=logs\r\
    \ndelay 10\r\
    \n/tool e-mail send to=\"CENSORED\" subject=\"\$[/system identity get na\
    me]  logs\" \\\r\
    \nbody=\"\$[/system clock get date] log file\" file=logs.txt" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=apr/27/2020 start-time=08:51:35
/system script
/tool e-mail
set address=smtp.gmail.com from=CENSORED port=587 start-tls=yes user=\
    CENSORED
/tool romon
set enabled=yes
[kazuma@MikroTik-RB4011] >

Slowness for the first few seconds then fast on download

Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Re: Slowness for the first few seconds then fast on download

Who is online