Hello,
I have a problem with my home connection. My ISP is Telekom.
Have
ONT Huawei HG8245H
Mikrotik RB962UiGS (6.42.1)
FTP cables everywhere. My DL speed is 250-300mbps via cable. Tried to speedtest via MacBook Pro 2017 (gigabit ethernet) and via Lenovo laptop with gigabit ethernet too.
Telekom's support trying to fix my problem for about month with no result. Today they tried to change ONT to router mode (was in bridge) and speedtest shows me about 900mbps. Whey!
They recommended me to setup ONT as router and setup DMZ to mikrotik.
My question is:
What do I need to setup in Mikrotik? Have about 10 port forwards there, some filter rules etc and PPPoE account from Telekom.
Do I really need to set router mode in ONT? Any idea why it doesn't work fine if ONT is in bridge mode?
They told me configuration is fine and if I want to have higher speeds, ONT must be in router mode.
Thank you very much.
Re: Mikrotik RB962UiGS - slow gigabit speed
First thing: take a look at the CPU usage, when testing the speed. This hardware can do almost one gigabit of routing, with 25 IP firewall rules. But this is without NAT, queues, and complex configuration. And NAT is quite CPU intensive...
You can find this info in /tools/profile.
If the CPU usage is very high, we found the problem. The next step would be trying to optimize the load.
You can find this info in /tools/profile.
If the CPU usage is very high, we found the problem. The next step would be trying to optimize the load.
Re: Mikrotik RB962UiGS - slow gigabit speed
cpu usage while speedtest is 94%. Just called with friend (mikrotik trainer), he told me, if I have PPPoE, mikrotik will go with about max 300mbps so I think the right way is setup ONT to router mode really.
Re: Mikrotik RB962UiGS - slow gigabit speed
He is probably right. Just check to see if You are using fastrack. It can really speed up things.
- EDIT -
Some time ago fasttrack didn't help with PPPoE. This is no longer true.
- EDIT -
Some time ago fasttrack didn't help with PPPoE. This is no longer true.
Re: Mikrotik RB962UiGS - slow gigabit speed
OK I found traffic is still slow. Tried to reset mikrotik and setup it again, same results. 300mbps max. if I'm connected via mikrotik with FTP cat5e
Re: Mikrotik RB962UiGS - slow gigabit speed
please post your config
/export hide-sensitive
Without a config we are not capable to help you
/export hide-sensitive
Without a config we are not capable to help you
Re: Mikrotik RB962UiGS - slow gigabit speed
of course:
Code: Select all
# may/18/2018 19:37:35 by RouterOS 6.42.2
# software id = ZKE3-331Q
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 830608306462
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=gateway speed=1Gbps
set [ find default-name=ether2 ] comment="synology ds216play"
set [ find default-name=ether3 ] comment="apple tv 4"
set [ find default-name=ether4 ] comment="switch d-link gigabit"
set [ find default-name=sfp1 ] disabled=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=\
wireless_profile supplicant-identity="" unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC disabled=no frequency=auto mode=ap-bridge security-profile=wireless_profile \
ssid=MikroTik_2GHz wireless-protocol=802.11 wps-mode=push-button-virtual-only
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no frequency=auto mode=ap-bridge security-profile=\
wireless_profile ssid=MikroTik_5GHz wireless-protocol=802.11 wps-mode=push-button-virtual-only
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc pfs-group=none
/ip pool
add name=vpn_pool ranges=10.31.10.2-10.31.10.10
add name=dhcp_pool ranges=10.31.0.100-10.31.0.150
/ip dhcp-server
add address-pool=dhcp_pool disabled=no interface=bridge1 lease-time=1d name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/ip address
add address=10.31.0.1/24 interface=bridge1 network=10.31.0.0
add address=10.31.10.1/24 interface=ether1 network=10.31.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=10.31.0.102 client-id=xx:xx:xx:xx:xx:xx comment="Synology DS216play" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.101 client-id=xx:xx:xx:xx:xx:xx comment="Apple MacBook Pro 13\" Retina WIFI" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.120 client-id=xx:xx:xx:xx:xx:xx comment="Apple iPhone X 256GB Space Gray" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.122 client-id=xx:xx:xx:xx:xx:xx comment="Apple iPhone SE 16GB Space Gray" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.104 always-broadcast=yes client-id=xx:xx:xx:xx:xx:xx comment="Lenovo T420" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.110 comment="HP LaserJet Pro MFP M125nw" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.103 client-id=xx:xx:xx:xx:xx:xx comment="Apple TV 4 64GB" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.100 client-id=xx:xx:xx:xx:xx:xx comment="Apple MacBook Pro 13\" Retina LAN" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.108 client-id=xx:xx:xx:xx:xx:xx comment="Panasonic Viera" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.130 client-id=xx:xx:xx:xx:xx:xx comment="Sonos PLAY:1" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.121 client-id=xx:xx:xx:xx:xx:xx comment="Apple Watch Series 3 GPS Space Gray" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.31.0.150 client-id=xx:xx:xx:xx:xx:xx comment="Raspberry Pi 2" mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
/ip dhcp-server network
add address=10.31.0.0/24 gateway=10.31.0.1
/ip firewall filter
add action=drop chain=input comment="drop ssh access to port 22" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist_port_22 address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=\
tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=2222 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=2222 protocol=tcp \
src-address-list=ssh_stage_temp
add action=add-src-to-address-list address-list=ssh_stage_temp address-list-timeout=1m chain=input connection-state=new dst-port=2222 protocol=tcp
add action=drop chain=input comment="drop remote winbox access" disabled=yes dst-port=8291 protocol=tcp src-address=!10.31.0.2-10.31.10.254 \
src-address-list=winbox_blacklist
add action=add-src-to-address-list address-list=winbox_blacklist address-list-timeout=1w3d chain=input connection-state=new disabled=yes dst-port=8291 \
protocol=tcp src-address=!10.31.0.2-10.31.10.254
add action=add-src-to-address-list address-list=winbox_access address-list-timeout=3d chain=input comment="log winbox access" connection-state=new \
dst-port=8291 protocol=tcp src-address=!10.31.0.2-10.31.10.254
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment="my_app_1" dst-port=12345 in-interface=ether1 protocol=tcp to-addresses=10.31.0.102 to-ports=12345
add action=dst-nat chain=dstnat comment="synology dsm" dst-port=5050 in-interface=ether1 protocol=tcp to-addresses=10.31.0.102 to-ports=5050
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=2222
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Bratislava
/system identity
set name=MikroTik-RB962UiGS
/system routerboard settings
set silent-boot=no
Re: Mikrotik RB962UiGS - slow gigabit speed
tested with the same ftp cable cat5e cable.
directly from ONT of my ISP
via mikrotik with the same cable
directly from ONT of my ISP
via mikrotik with the same cable
Re: Mikrotik RB962UiGS - slow gigabit speed
Ok. First thing: your firewall forward logic is "deny what I don't want, allow the rest". It is much better, safer and easier to maintain to block everything, and allow what you want. All You need is a "catch all" rule, at the end of the forward chain. Before it You create rules allowing what You want to allow.
Now, I didn't find a fasttrack rule. It looks like this:
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
It works in conjunction with this one:
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
In my firewall, fasttrack is the first, right on top. The second one is a personal rule, to allow L2TP through IPsec. The third one is the rule above.
Now, I didn't find a fasttrack rule. It looks like this:
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
It works in conjunction with this one:
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
In my firewall, fasttrack is the first, right on top. The second one is a personal rule, to allow L2TP through IPsec. The third one is the rule above.
Re: Mikrotik RB962UiGS - slow gigabit speed
If your cpu is at 94% then you need fasttrack enabled to get more bandwidth but you won't be able to use rules in filter, mangle or queue for fasttracked packets.
And disable anything that might conflict with hw-offload on that device.
Code: Select all
/ip firewall filter
add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related,untracked in-interface=Movistar.pppoe
add action=accept chain=forward comment="accept established,related, untracked" connection-state=established,related,untracked in-interface=Movister.pppoe
Code: Select all
/interface bridge set 0 igmp-snooping=no protocol-mode=none
Re: Mikrotik RB962UiGS - slow gigabit speed
after fasttrack added and accept established seems it works better. Not the best but better.
Thank you.
Thank you.
Re: Mikrotik RB962UiGS - slow gigabit speed
Hello,
some changes.
have CCR1009-7G-1C-PC at home right now. My friend recommended me it for better speeds. My ONT is in bridge mode again, PPPoE is in CCR. Speeds are slow again.
There must be something in settings. Have fasttrack enabled.
Any idea please?
I made a decision. Will pay $10 someone how can connect to my computer via Teamviewer and make good settings in mikrotik for me.
Thank you.
filter rules
interfaces
some changes.
have CCR1009-7G-1C-PC at home right now. My friend recommended me it for better speeds. My ONT is in bridge mode again, PPPoE is in CCR. Speeds are slow again.
There must be something in settings. Have fasttrack enabled.
Any idea please?
I made a decision. Will pay $10 someone how can connect to my computer via Teamviewer and make good settings in mikrotik for me.
Thank you.
filter rules
mangleFlags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
2 ;;; accept established,related
chain=input action=accept connection-state=established,related
natFlags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=pppoe-out1
1 ;;; port 1
chain=dstnat action=dst-nat to-addresses=10.31.0.150 to-ports=1234 protocol=tcp in-interface=pppoe-out1 dst-port=1234
2 ;;; synology dsm
chain=dstnat action=dst-nat to-addresses=10.31.0.102 to-ports= 1235 protocol=tcp in-interface=pppoe-out1 dst-port=1235
4 ;;;ssh
chain=dstnat action=dst-nat to-addresses=10.31.0.150 to-ports=1236 protocol=tcp in-interface=pppoe-out1 dst-port= 1236
interfaces
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=combo1 ] disabled=yes
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment="Synology DS216play"
set [ find default-name=ether3 ] comment="Debian Server"
set [ find default-name=ether4 ] comment="Apple MacBook Pro 13\" Retina"
set [ find default-name=ether5 ] comment="Apple TV 4 64GB"
set [ find default-name=ether6 ] comment="Mikrotik RB962UiGS"
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=ether1 name=pppoe-out1 password=MyPPPoEPass use-peer-dns=yes user=MyPPPoEName
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 hw=no interface=ether6
Who is online
Users browsing this forum: Bing [Bot], Extrems and 51 guests