Community discussions

MikroTik App
 
edon2005
just joined
Topic Author
Posts: 6
Joined: Wed Apr 21, 2021 7:05 pm

CRS309 slow internet

Thu Jul 22, 2021 1:10 am

Hi guys,

Here is a junior mikrotik user :)
And probably I made wrong decision.
CRS309 is in router mode. CRS has installed 3 SFP+ 10Gbit/Ethernet modules.
Situation is next:
My modem of ISP is in bridge mode. I have 10Gbit Internet.
Modem connected to CRS309 to one of 10Gbit SFP+ module. 2 wifi routers (in acccess point mode) connected to CRS309 to other SFP+ modules.
Looks like all works good except internet speed.
To check speed I use one of wifi routers which has 2.5Gbit WAN and run internal speed test. It showed about 1400Mbps.
If connect directly wifi routers to ISP modem the speed can be 2200Mbps.
So it looks like CRS lost somewhere WAN speed.
I tried another way to check speed. I used 2 notebookes wired connected to CRS and run simultaneously speedtest.net. And sum of speed of both of them was about 1400Mbps. So Download stream was for exmple 800 on 1st and 500 on 2nd, or 600/600 or 300/900.
If I connect 2 notebooks to Wifi router with 2.5Gbit WAN which connected to ISP modem directly (CRS excluded) and run the same speedtest.net, so both notebooks at the same time has 940 and 940 download stream, so together 2Gbps. From that I guess the problem is in CRS.
So here is question: is 1400Mbps maximal speed for CRS or there is some thing wrong in settings?

Thanks in advance,
Eugene.
/export compact 
# jul/22/2021 00:05:59 by RouterOS 6.49beta54
# software id = 4ZUV-FX8F
#
# model = CRS309-1G-8S+
# serial number = D8480EC2B181
/interface bridge
add admin-mac=2C:C8:1B:46:EF:AD auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=1000M-full
set [ find default-name=sfp-sfpplus1 ] advertise=10000M-full speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] advertise=1000M-full,2500M-full,5000M-full,10000M-full speed=10Gbps
set [ find default-name=sfp-sfpplus3 ] advertise=1000M-full,2500M-full,5000M-full,10000M-full
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.25.100-192.168.25.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=dhcp1
/queue interface
set sfp-sfpplus1 queue=ethernet-default
set sfp-sfpplus2 queue=ethernet-default
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
add bridge=bridge comment=defconf interface=sfp-sfpplus5
add bridge=bridge comment=defconf interface=sfp-sfpplus6
add bridge=bridge comment=defconf interface=sfp-sfpplus7
add bridge=bridge comment=defconf interface=sfp-sfpplus8
/ip neighbor discovery-settings
set discover-interface-list=none
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge list=LAN
add interface=sfp-sfpplus1 list=WAN
/ip address
add address=192.168.25.1/24 comment=defconf interface=bridge network=192.168.25.0
/ip dhcp-client
# DHCP client can not run on slave interface!
add disabled=no interface=ether1
add disabled=no interface=sfp-sfpplus1
/ip dhcp-server lease
add address=192.168.25.60 client-id=1:0:11:32:81:36:f4 mac-address=00:11:32:81:36:F4 server=dhcp1
add address=192.168.25.50 client-id=1:6c:cd:d6:db:c:1a mac-address=6C:CD:D6:DB:0C:1A server=dhcp1
add address=192.168.25.70 client-id=1:0:11:32:8e:b0:c0 mac-address=00:11:32:8E:B0:C0 server=dhcp1
/ip dhcp-server network
add address=192.168.25.0/24 gateway=192.168.25.1 netmask=24
/ip dns
set servers=XX.XX.XX.XX
/ip firewall filter
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
add action=accept chain=forward comment="Established, Related" connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid log=yes log-prefix=invalid
add action=drop chain=forward comment="Drop tries to reach not public addresses from LAN" dst-address-list=not_in_internet in-interface=bridge log=yes log-prefix=!public_from_LAN \
    out-interface=!bridge
add action=drop chain=forward comment="Drop incoming packets that are not NATted" connection-nat-state=!dstnat connection-state=new in-interface=sfp-sfpplus1 log=yes log-prefix=!NAT
add action=drop chain=forward comment="Drop incoming from internet which is not public IP" in-interface=sfp-sfpplus1 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment="Drop packets from LAN that do not have LAN IP" in-interface=bridge log=yes log-prefix=LAN_!LAN src-address=!192.168.25.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=xx.xx.xx.xx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.25.0/24
set ssh address=192.168.25.0/24 port=22534
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Warsaw
/system package update
set channel=testing
/system routerboard settings
set boot-os=router-os
/system swos
set allow-from-ports=p1,p2,p3,p4,p5,p6,p7,p8,p9 identity=MikroTik
/tool mac-server
set allowed-interface-list=none
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: CRS309 slow internet

Thu Jul 22, 2021 10:04 am

Have you checked this?
https://mikrotik.com/product/crs309_1g_ ... estresults

It's main role is switching not routing.
You should invest in a proper router ... e.g. https://mikrotik.com/product/CCR1016-12 ... estresults
 
edon2005
just joined
Topic Author
Posts: 6
Joined: Wed Apr 21, 2021 7:05 pm

Re: CRS309 slow internet

Thu Jul 22, 2021 11:15 am

Honestly say I got it when I already bought.
But how to understand that tests correctly?
For example if compare
1. https://mikrotik.com/product/CCR1016-12 ... estresults
2. https://mikrotik.com/product/ccr2004_1g ... estresults

If we look at 64Bytes there is only 1427,3. And it leads me to misunderstand.

Both of them could work with 10Gbit WAN?

Sorry for stupid questions :)

Sincerely.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS309 slow internet

Thu Jul 22, 2021 11:57 am

Depending on amount of packet processing, needed to forward a packet between two router's interfaces, the net throughput can vary quite a lot. However, in typical SOHO environment a pretty good indication of device's performance is the number under "Ethernet Test Results -> Routing 25 ip filter rules -> 512 byte packet size". Mind that this number is not cast into stone, it's a good approximation. The two units you quoted might actually perform almost identically in same use scenario, the test results posted are heavily depending on interface types used, but for particular use case interface type used might not be decisive.
Also beware that some particular use case (e.g. data centre inter-VLAN routing) will most probably yield in completely different max performance than the one I mentioned.
 
edon2005
just joined
Topic Author
Posts: 6
Joined: Wed Apr 21, 2021 7:05 pm

Re: CRS309 slow internet

Thu Jul 22, 2021 12:03 pm

Depending on amount of packet processing, needed to forward a packet between two router's interfaces, the net throughput can vary quite a lot. However, in typical SOHO environment a pretty good indication of device's performance is the number under "Ethernet Test Results -> Routing 25 ip filter rules -> 512 byte packet size". Mind that this number is not cast into stone, it's a good approximation. The two units you quoted might actually perform almost identically in same use scenario, the test results posted are heavily depending on interface types used, but for particular use case interface type used might not be decisive.
Also beware that some particular use case (e.g. data centre inter-VLAN routing) will most probably yield in completely different max performance than the one I mentioned.
Thanks a lot!. So both routers will provide better performance than my CRS309, right?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS309 slow internet

Thu Jul 22, 2021 12:11 pm

When it comes to routing, both routers will dance circles around CRS309. Both routers might even route at 10Gbps depending on usage pattern.

With ROSv7 CRS309 will become a great wire-speed router, when used as firewall it will depend on usage pattern (might be wire-speed or as slow as it is with ROSv6).
 
edon2005
just joined
Topic Author
Posts: 6
Joined: Wed Apr 21, 2021 7:05 pm

Re: CRS309 slow internet

Thu Jul 22, 2021 12:41 pm

When it comes to routing, both routers will dance circles around CRS309. Both routers might even route at 10Gbps depending on usage pattern.

With ROSv7 CRS309 will become a great wire-speed router, when used as firewall it will depend on usage pattern (might be wire-speed or as slow as it is with ROSv6).

It is confused me a bit more 😂😂😂
So performance both routers are the same as csr309 as firewall?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS309 slow internet

Thu Jul 22, 2021 4:18 pm

No, CCR20xx devices are very fast with regard to routing and firewalling. CRS309 is a switch with low routing/firewalling speed. The speed difference between CCR20xx and CRS309 is more than 10-fold.

What I wrote about CRS309 running ROS v7 is a future prospect which will become true in yet unknown time frame and in yet unknown scale. Therefore: forget about CRS309 in role of router/firewall.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: CRS309 slow internet

Thu Jul 22, 2021 5:03 pm

As names state:

routers are for routing
switches are for switching

Routing option in Mikrotik's switches is a "bonus" and is not intended to compete with routers :)
If we look at 64Bytes there is only 1427,3. And it leads me to misunderstand.
All packets need same base time to be processed and this time does not depend on packet size so the bigger packet is the better throughput is.
 
edon2005
just joined
Topic Author
Posts: 6
Joined: Wed Apr 21, 2021 7:05 pm

Re: CRS309 slow internet

Thu Jul 22, 2021 9:04 pm

Guys, Thanks a lot for explanation! :) I ordered CCR, CRS will return :)

Dzieki! :)

Who is online

Users browsing this forum: holvoetn and 34 guests