Community discussions

MikroTik App
  4. RouterOS
  5. General

I cant quite wrap my head around this one...

Post Reply
 
rd228
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 81
Joined: Mon Nov 16, 2015 12:13 pm

Re: I cant quite wrap my head around this one...

Sun May 20, 2018 6:01 pm

Where is PC connected that you test from, behind the Cisco switch? Have you tried as @RoadkillX suggested, test from ether2 on RB2011 to eliminate internal LAN problems?
I have tried cabled into the cisco switch. But yes I have also hard wired my PC into ether2 on the mikrotik and removed my lan from the router so its literally just my laptop connected and thats it when running the test...same issue.
Top
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:
Contact CZFan

Re: I cant quite wrap my head around this one...

Sun May 20, 2018 6:14 pm

Below is my results over fibre, my PC connects to router (2011) via wireless, so yes, maybe your upload fully saturated and maybe need some QoS.
Code: Select all
Pinging www.google.co.za [216.58.223.35] with 32 bytes of data:
Reply from 216.58.223.35: bytes=32 time=4ms TTL=59
Reply from 216.58.223.35: bytes=32 time=10ms TTL=59
Reply from 216.58.223.35: bytes=32 time=4ms TTL=59
Reply from 216.58.223.35: bytes=32 time=363ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=7ms TTL=59
Reply from 216.58.223.35: bytes=32 time=8ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=57ms TTL=59
Reply from 216.58.223.35: bytes=32 time=67ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=8ms TTL=59
Reply from 216.58.223.35: bytes=32 time=7ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=4ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=27ms TTL=59

Download test starts

Reply from 216.58.223.35: bytes=32 time=130ms TTL=59
Reply from 216.58.223.35: bytes=32 time=136ms TTL=59
Reply from 216.58.223.35: bytes=32 time=214ms TTL=59
Reply from 216.58.223.35: bytes=32 time=171ms TTL=59
Reply from 216.58.223.35: bytes=32 time=158ms TTL=59
Reply from 216.58.223.35: bytes=32 time=183ms TTL=59
Reply from 216.58.223.35: bytes=32 time=186ms TTL=59
Reply from 216.58.223.35: bytes=32 time=183ms TTL=59
Reply from 216.58.223.35: bytes=32 time=118ms TTL=59
Reply from 216.58.223.35: bytes=32 time=126ms TTL=59
Reply from 216.58.223.35: bytes=32 time=155ms TTL=59
Reply from 216.58.223.35: bytes=32 time=130ms TTL=59
Reply from 216.58.223.35: bytes=32 time=127ms TTL=59
Reply from 216.58.223.35: bytes=32 time=140ms TTL=59
Reply from 216.58.223.35: bytes=32 time=40ms TTL=59
Reply from 216.58.223.35: bytes=32 time=21ms TTL=59
Reply from 216.58.223.35: bytes=32 time=29ms TTL=59

Upload test

Reply from 216.58.223.35: bytes=32 time=162ms TTL=59
Reply from 216.58.223.35: bytes=32 time=152ms TTL=59
Reply from 216.58.223.35: bytes=32 time=429ms TTL=59
Reply from 216.58.223.35: bytes=32 time=564ms TTL=59
Reply from 216.58.223.35: bytes=32 time=188ms TTL=59
Reply from 216.58.223.35: bytes=32 time=402ms TTL=59
Reply from 216.58.223.35: bytes=32 time=629ms TTL=59
Reply from 216.58.223.35: bytes=32 time=205ms TTL=59
Reply from 216.58.223.35: bytes=32 time=159ms TTL=59
Reply from 216.58.223.35: bytes=32 time=585ms TTL=59
Reply from 216.58.223.35: bytes=32 time=375ms TTL=59
Reply from 216.58.223.35: bytes=32 time=228ms TTL=59
Reply from 216.58.223.35: bytes=32 time=97ms TTL=59
Reply from 216.58.223.35: bytes=32 time=770ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=3ms TTL=59
Reply from 216.58.223.35: bytes=32 time=18ms TTL=59
Reply from 216.58.223.35: bytes=32 time=4ms TTL=59

Ping statistics for 216.58.223.35:
    Packets: Sent = 64, Received = 64, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 770ms, Average = 122ms
Top
 
rd228
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 81
Joined: Mon Nov 16, 2015 12:13 pm

Re: I cant quite wrap my head around this one...

Sun May 20, 2018 7:13 pm

Ok so it looks like we both have the same issue then by the looks of your results?

I could setup if this is possible a QOS to limit during hours I will be using the internet and then over night or weekdays when I'm at work I can set a time shedule so that it can run full speed?

Did you see my firewall post at the bottom of page 1? Just wondering if you'd mind taking a look over what I have and if its appropriate...
Top
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:
Contact CZFan

Re: I cant quite wrap my head around this one...

Sun May 20, 2018 7:40 pm

I will have a look through it, but not tonight. Maybe someone else will fill in before then
Top
 
RoadkillX
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Sun Apr 22, 2018 6:00 pm
Location: Spain

Re: I cant quite wrap my head around this one...

Sun May 20, 2018 8:03 pm

I have 42ms latency to google when link is idle while at fullspeed either download or upload it increased to 45-47ms you guys should check those fiber connections :lol: :lol:
Top
 
rd228
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 81
Joined: Mon Nov 16, 2015 12:13 pm

Re: I cant quite wrap my head around this one...

Sun May 20, 2018 8:16 pm

My latency at idle is fine - its around 6ms or less

Download is at around 40 and upload is where the problem is at over 400ms

Nothing wrong with the fibre connection as its fine as I've mentioned above if I use the BT Supplied Router. 6ms at idle around 40 download and 6ms for an upload!
Top
 
RoadkillX
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Sun Apr 22, 2018 6:00 pm
Location: Spain

Re: I cant quite wrap my head around this one...

Sun May 20, 2018 8:21 pm

Check for DSCP markings on the BT router.
Top
 
User avatar
Squire
just joined
Posts: 22
Joined: Fri Dec 15, 2017 3:04 pm

Re: I cant quite wrap my head around this one...

Mon May 21, 2018 2:58 am

http://www.dslreports.com/speedtest
post results, if possible do one for each device, tik and other the isp router
Top
 
rd228
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 81
Joined: Mon Nov 16, 2015 12:13 pm

Re: I cant quite wrap my head around this one...

Mon May 21, 2018 9:52 pm

http://www.dslreports.com/speedtest
post results, if possible do one for each device, tik and other the isp router
Here is the result with the Mikrotik -http://www.dslreports.com/speedtest/33662838

Will get the router swapped over tomorrow and run the test again with the BT Hub as I cant take the line down this evening as I'm transferring stuff.

Ross
Top
 
User avatar
Squire
just joined
Posts: 22
Joined: Fri Dec 15, 2017 3:04 pm

Re: I cant quite wrap my head around this one...

Tue May 22, 2018 12:28 am

The buffer bloat is pretty bad for a mikrotik, try do a basic setup without any special rules and try again the cpu might dropping packet processing through firewall..etc

My results for comparison: https://www.dslreports.com/speedtest/33630812
Even though my latency is high because of distance, no local servers, My packets are getting through without/very few Re-Xmits (re-transmitted) packets on good days when isp isn't being bad its A+ for both overall and bufferbloat, had been using a hAP lite but its cheapest mirkrotik you can get, I've recently upgraded to a 962UiGS-5HacT2HnT (hAP AC) still similar/same results.

When running the tests again start up the profile tool on Winbox, Tools -> Profile, select the "all" under cpu and start then use do a couple tests while monitoring that profile post a screen of a couple tests here is mine for comparison under load: as an example
Image

For reference sake I'm on a 50/5mb fibre connection with removable SFP module in my ONT/CPE
Top
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:
Contact CZFan

Re: I cant quite wrap my head around this one...

Tue May 22, 2018 1:17 am

...
Did you see my firewall post at the bottom of page 1? Just wondering if you'd mind taking a look over what I have and if its appropriate...

Firstly, it is very difficult to give pointers on firewall rules if you do not have the full picture of the network, also, from a screenshot as it does not contain all information, i.e. you might be using address-list instead of in interface and that will not show on the screenshot.

With that said, here are a couple of points:
1. make sure rules 0 & 1 are "connection-state=Related, establish" and enable them.
2. Delete rules 5 & 6 as they are taken care of in above.
3. The screenshot is only showing some of the rules, i.e. 8 - 61 is missing, so from what I can see in the screenshot, something that needs to be dropped by default drop rule in forward chain (rule 66) must go through a huge stack of rules before getting dropped, wasting unnecessary CPU / Memory resources on the router.
4. I also think your firewall rules are way to complicated and can be simplified a lot better
Top
 
rd228
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 81
Joined: Mon Nov 16, 2015 12:13 pm

Re: I cant quite wrap my head around this one...

Wed May 23, 2018 8:39 pm

...
Did you see my firewall post at the bottom of page 1? Just wondering if you'd mind taking a look over what I have and if its appropriate...

Firstly, it is very difficult to give pointers on firewall rules if you do not have the full picture of the network, also, from a screenshot as it does not contain all information, i.e. you might be using address-list instead of in interface and that will not show on the screenshot.

With that said, here are a couple of points:
1. make sure rules 0 & 1 are "connection-state=Related, establish" and enable them.
2. Delete rules 5 & 6 as they are taken care of in above.
3. The screenshot is only showing some of the rules, i.e. 8 - 61 is missing, so from what I can see in the screenshot, something that needs to be dropped by default drop rule in forward chain (rule 66) must go through a huge stack of rules before getting dropped, wasting unnecessary CPU / Memory resources on the router.
4. I also think your firewall rules are way to complicated and can be simplified a lot better
Hi CZFan

Thanks for looking into it, I did write an explanation of each rule under the screenshot to explain what I was trying to achieve and i listed where I was using address lists in those explanations. Did they not help at all?

Ross
Top
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:
Contact CZFan

Re: I cant quite wrap my head around this one...

Wed May 23, 2018 8:59 pm

E.g.:

"Allow Plex - allows external access to my plex server
Allow home assistant - allows external access to my home automation server"

Based on the screenshot, you can't see if this is from WAN1, WAN2, interface-list, specific IP Address(es) specified in address-list, etc so it makes it a bit difficult to follow the flow of traffic in some situations.

Besides the above, there are many other parameters not showing in screenshots
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], gdanov, makvladd, oxigeno20 and 117 guests
  4. RouterOS
  5. General