Community discussions

MikroTik App
 
040mvz
just joined
Topic Author
Posts: 7
Joined: Thu Mar 19, 2015 10:31 am

RB3011 (ARM) WAN Performance Issues

Tue Feb 16, 2016 12:22 pm

Dear fellow Mikrotikkers :D

A few months ago i've had an upgrade to a 500/500 FTTH. At that time i was using an RB2011, but the rb2011 pulled out max 250/300Mbit over the WAN port.

So i decided to buy an RB3011, and an few days later it arrived. Yesterday i did an new configuration of the RB3011 but didn't manage to get higher results with the following configuration;
/interface ethernet
set 0 arp=proxy-arp auto-negotiation=yes  \
    disabled=no full-duplex=yes l2mtu=1598  \
    mtu=1500 name=ether1-gateway speed=1Gbps

set 1 arp=enabled auto-negotiation=yes \
    disabled=no full-duplex=yes l2mtu=1598 \
    mtu=1500 name=ether2 speed=1Gbps

/interface vlan
add arp=enabled disabled=no interface=ether1-gateway l2mtu=1594 mtu=1500 \
    name=vlan1.6 use-service-tag=no vlan-id=6

/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
    default use-encryption=default use-mpls=default use-vj-compression=\
    default

/interface pppoe-client
add add-default-route=yes allow=pap,mschap2 \
    dial-on-demand=no disabled=no interface=vlan1.6 keepalive-timeout=20 max-mru=1480 max-mtu=1480 \
    mrru=disabled name=pppoe password=kpn profile=default \
    use-peer-dns=no user=XX-XX-XX-xx-xx-xx@direct-adsl

/routing bgp instance
set default disabled=yes

/interface bridge
add name=bridge-local arp=proxy-arp

/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=wlan1

/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
set 6 vlan-header=leave-as-is vlan-mode=disabled
set 7 vlan-header=leave-as-is vlan-mode=disabled
set 8 vlan-header=leave-as-is vlan-mode=disabled
set 9 vlan-header=leave-as-is vlan-mode=disabled
set 10 vlan-header=leave-as-is vlan-mode=disabled
set 11 vlan-header=leave-as-is vlan-mode=disabled
set 12 vlan-header=leave-as-is vlan-mode=disabled

/ip address
add address=192.168.10.250/24 disabled=no interface=bridge-local network=192.168.10.0

/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=2048KiB \
    max-udp-packet-size=4096 servers=8.8.8.8,8.8.4.4

/ip firewall filter
add action=accept chain=input disabled=no in-interface=pppoe protocol=icmp
add action=accept chain=input connection-state=related disabled=no
add action=accept chain=input connection-state=established disabled=no

add action=reject chain=input in-interface=pppoe protocol=tcp reject-with=icmp-port-unreachable
add action=reject chain=input in-interface=pppoe protocol=udp reject-with=icmp-port-unreachable

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe \
    src-address=192.168.0.0/16 to-addresses=0.0.0.0

/ip neighbor discovery
set sfp1 discover=no
set ether1-gateway discover=no
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set wlan1 discover=no
set bridge-local discover=yes
set pppoe discover=no
set vlan1.6 discover=no

/ip pool
add name=thuisnetwerk ranges=192.168.10.40-192.168.10.99
/ip dhcp-server
add address-pool=thuisnetwerk authoritative=yes disabled=no interface=bridge-local \
    lease-time=1h30m name=dhcp-thuis
/ip dhcp-server config
set store-leases-disk=15m
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.250 domain=thuis.local gateway=\
    192.168.10.250

/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=no
/ip upnp interfaces
add disabled=no interface=bridge-local type=internal
add disabled=no interface=pppoe type=external
/lcd
set backlight-timeout=5m enabled=yes
/system clock
set time-zone-name=Europe/Amsterdam
Has anyone any idea what causes this issue?

Thanks in advance!

Martijn
 
p3rad0x
Long time Member
Long time Member
Posts: 606
Joined: Fri Sep 18, 2015 5:42 pm
Location: South Africa
Contact:

Re: RB3011 (ARM) WAN Performance Issues

Mon Feb 22, 2016 1:55 pm

Hi,

How much throughout are you getting with the current config?

How much are you getting when you directly plug in the ethernet comming from the fibre modem into a laptop?
There you go then you touched something ;-) : it only takes a change in wind direction to screw with your nat :-)
 
nescafe2002
Long time Member
Long time Member
Posts: 659
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: RB3011 (ARM) WAN Performance Issues

Mon Feb 22, 2016 2:22 pm

I'm not sure the RB3011 supports fasttrack, since the last release candidate fasttrack is supported for pppoe clients.

http://wiki.mikrotik.com/wiki/Manual:Wiki/Fasttrack

So, try to add a fasttrack rule to the firewall. If you don't get any better result (e.g. see no increment in dummy firewall rules for fasttrack), I hope you still have your old router :)

500/500 (KPN/XS4ALL) is possible on a RB2011 since 6.35rc12
 
picacho99
newbie
Posts: 42
Joined: Mon Sep 08, 2014 7:16 pm

Re: RB3011 (ARM) WAN Performance Issues

Mon Feb 22, 2016 2:48 pm

Sorry but..some basic optimizations that should benefit both RB2011 and RB3011
1- Why you are using a software bridge and not hardware bridge (define ports as slave of master prot) for lan side ports ?
2- Merge firewall rules, for example: when accepting established and related use a single rule instead two.

About RB3011, I'm not sure the RB3011 supports fasttrack, since the last release candidate fasttrack is supported for pppoe clients...I tested carefully it this week-end and no differences noticed.

About overall trafic testing : if you check using only one TCP stream....you will get the top for this alone TCP stream...only one of both CPUs to be used.....

Kind Regards

Who is online

Users browsing this forum: gkk, Google [Bot], HaPe, Majestic-12 [Bot], sindy, tomekbyd, vodokotlic and 112 guests