Slow network and internet throughput

SilverNodashi · Fri Nov 16, 2018 4:08 pm

Hi,

I am trying to diagnose slow internet connectivity. We have a 100Mbs 1:1 Fiber line but I can't ever seem to get it running at full speed.
When connecting a PC directly to the ISP's Cisco fiber router, speedtest.net reach about 120Mbps, but with the Mikrotik connected I get a max of about 16Mbps.

So I started digging a bit and see what even network traffic inside the LAN is very slow.

I have a CRS226-24G-2S+ as the core router and two more on the LAN where all the PC's connect to. The "core router" basically connects the 2 linux servers, some Windows servers, some Wfii AP's and then two more MT cloud routers for the LAN. Queues are setup to give preference to VOIP traffic, but the Fiber port never reach the Queue limits.

Copying a file from 1 Linux server to another copies at about 888.1KB/s. The one server is connected to port 15 and the other connected to port 5

Running the bandwidth test between the two switches gets upto about 19Mbps RX and 5Mbps TX.

I have tested the CAT5e cables with a Fluke "CableIQ" tester and they all tested for 1Gbps.

The Linux servers report connections of 1Gbps as well

Settings for eth0:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supported pause frame use: No
        Supports auto-negotiation: Yes
        Advertised link modes:  Not reported
        Advertised pause frame use: No
        Advertised auto-negotiation: Yes
        Speed: 1000Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 0
        Transceiver: internal
        Auto-negotiation: on
        MDI-X: Unknown

Any help in improving this would be very helpful!

Here's the config:

# nov/16/2018 15:54:44 by RouterOS 6.43.4
# software id = LN6R-IAY1
#
# model = CRS226-24G-2S+
# serial number = 787B079B6A0F
/interface bridge
add fast-forward=no name=bridge-39
add fast-forward=no name=bridge-LAN
add fast-forward=no name=bridge-WAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1-FIBER speed=100Mbps
set [ find default-name=ether2 ] name=ether2-LAN speed=100Mbps
set [ find default-name=ether3 ] name=ether3-Meraki-LAN3 speed=100Mbps
set [ find default-name=ether4 ] name=ether4-Meraki-Internet1 speed=100Mbps
set [ find default-name=ether5 ] name=ether5-HSTServer speed=100Mbps
set [ find default-name=ether6 ] name=ether6-HSTServer-IPMI speed=100Mbps
set [ find default-name=ether7 ] name=ether7-VOIPServer speed=100Mbps
set [ find default-name=ether8 ] name=ether8-VOIPServer-IPMI speed=100Mbps
set [ find default-name=ether9 ] name="ether9-Debtpack Server" speed=100Mbps
set [ find default-name=ether10 ] name=ether10-Optimiza speed=100Mbps
set [ find default-name=ether11 ] name=ether11-VIP-Server speed=100Mbps
set [ find default-name=ether12 ] speed=100Mbps
set [ find default-name=ether13 ] name=ether13-Netstock speed=100Mbps
set [ find default-name=ether14 ] speed=100Mbps
set [ find default-name=ether15 ] name=ether15-HSTServer-Local speed=100Mbps
set [ find default-name=ether16 ] speed=100Mbps
set [ find default-name=ether17 ] speed=100Mbps
set [ find default-name=ether18 ] speed=100Mbps
set [ find default-name=ether19 ] speed=100Mbps
set [ find default-name=ether20 ] name=ether20-Grandstream speed=100Mbps
set [ find default-name=ether21 ] speed=100Mbps
set [ find default-name=ether22 ] name=ether22-VOIP-POE speed=100Mbps
set [ find default-name=ether23 ] name=ether23-Wifi-AP speed=100Mbps
set [ find default-name=ether24 ] name=ether24-Wireless-Bridge speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=sfpplus2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pptp-client
add add-default-route=yes connect-to=y.y.y.y name=39SteelRoadVPN \
    user=JHBVPN
add add-default-route=yes connect-to=y.y.y.y name=y.y.y.y \
    user=Sherry
/interface list
add name=WAN
add name=LAN
/ip dhcp-server option
add code=43 name=unifi value=0xc0a80188
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.200
/ip dhcp-server
add address-pool=dhcp always-broadcast=yes authoritative=after-2sec-delay \
    disabled=no interface=bridge-LAN lease-time=30m name=DHCP
/queue simple
add max-limit=10M/10M name=Flash target=192.168.1.183/32
add max-limit=50M/50M name="VOIP Server" target=ether7-VOIPServer
add max-limit=50M/50M name=Wifi target=ether24-Wireless-Bridge
add max-limit=50M/50M name=Wifi-AP target=ether23-Wifi-AP
add max-limit=10M/10M name=HSTServer target=ether5-HSTServer
/queue type
set 0 pfifo-limit=200
set 1 pfifo-limit=250
/queue simple
add max-limit=50M/50M name=LAN queue=ethernet-default/default target=\
    bridge-LAN
add max-limit=50M/50M name=ether2-LAN queue=ethernet-default/ethernet-default \
    target=ether2-LAN
/interface bridge port
add bridge=bridge-WAN disabled=yes interface=ether1-FIBER
add bridge=bridge-LAN hw=no interface=ether2-LAN
add bridge=bridge-LAN hw=no interface=ether3-Meraki-LAN3
add bridge=bridge-LAN hw=no interface=ether4-Meraki-Internet1
add bridge=bridge-39 hw=no interface=ether5-HSTServer
add bridge=bridge-LAN hw=no interface=ether6-HSTServer-IPMI
add bridge=bridge-LAN hw=no interface=ether7-VOIPServer
add bridge=bridge-LAN hw=no interface=ether8-VOIPServer-IPMI
add bridge=bridge-LAN hw=no interface="ether9-Debtpack Server"
add bridge=bridge-LAN hw=no interface=ether10-Optimiza
add bridge=bridge-LAN hw=no interface=ether11-VIP-Server
add bridge=bridge-LAN hw=no interface=ether12
add bridge=bridge-LAN hw=no interface=ether13-Netstock
add bridge=bridge-LAN hw=no interface=ether14
add bridge=bridge-LAN hw=no interface=ether15-HSTServer-Local
add bridge=bridge-39 hw=no interface=ether16
add bridge=bridge-39 hw=no interface=ether17
add bridge=bridge-39 hw=no interface=ether18
add bridge=bridge-39 hw=no interface=ether19
add bridge=bridge-LAN hw=no interface=ether20-Grandstream
add bridge=bridge-39 hw=no interface=ether21
add bridge=bridge-LAN hw=no interface=ether23-Wifi-AP
add bridge=bridge-39 broadcast-flood=no hw=no interface=\
    ether24-Wireless-Bridge
add bridge=bridge-WAN hw=no interface=sfp-sfpplus1
add bridge=bridge-WAN hw=no interface=sfpplus2
add bridge=bridge-LAN hw=no interface=ether22-VOIP-POE
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface detect-internet
set internet-interface-list=all lan-interface-list=LAN wan-interface-list=all
/interface ethernet switch port
set 9 egress-mirror-to=mirror0 ingress-mirror-to=mirror0
set 19 egress-mirror-to=mirror0 ingress-mirror-to=mirror0
/interface l2tp-server server
set authentication=chap,mschap2 enabled=yes use-ipsec=required
/interface list member
add interface=ether2-LAN list=LAN
add interface=ether3-Meraki-LAN3 list=LAN
add interface=ether4-Meraki-Internet1 list=LAN
add interface=ether5-HSTServer list=LAN
add interface=ether6-HSTServer-IPMI list=LAN
add interface=ether7-VOIPServer list=LAN
add interface=ether8-VOIPServer-IPMI list=LAN
add interface="ether9-Debtpack Server" list=LAN
add interface=ether10-Optimiza list=LAN
add interface=ether11-VIP-Server list=LAN
add interface=ether12 list=LAN
add interface=ether13-Netstock list=LAN
add interface=ether14 list=LAN
add interface=ether15-HSTServer-Local list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20-Grandstream list=LAN
add interface=ether21 list=LAN
add interface=ether22-VOIP-POE list=LAN
add interface=ether23-Wifi-AP list=LAN
add interface=ether24-Wireless-Bridge list=LAN
add interface=sfpplus2 list=LAN
add interface=bridge-WAN list=LAN
add interface=ether1-FIBER list=WAN
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.1.1/24 interface=ether2-LAN network=192.168.1.0
add address=z.z.z.z/30 interface=ether1-FIBER network=x.x.x.x
add address=192.41.100.2/24 interface=bridge-39 network=192.41.100.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1-FIBER
/ip dhcp-server lease
add address=192.168.1.217 client-id=1:80:5e:c0:22:5c:99 comment="Rene Phone" \
    insert-queue-before=first mac-address=80:5E:C0:22:5C:99 rate-limit=1m \
    server=DHCP
add address=192.168.1.186 client-id=1:fc:ec:da:19:24:f8 comment=\
    "Ubiquity Unifi - HFSA 45 Admin" mac-address=FC:EC:DA:19:24:F8 server=\
    DHCP
add address=192.168.1.179 client-id=1:c:c4:7a:cb:dd:bf comment=IPMI \
    mac-address=0C:C4:7A:CB:DD:BF server=DHCP
add address=192.168.1.178 comment=HSTSRV01 mac-address=AC:1F:6B:28:9D:08 \
    server=DHCP
add address=192.168.1.180 comment="VOIP Gateway" insert-queue-before=first \
    mac-address=00:08:7B:15:73:4A rate-limit=1m server=DHCP
add address=192.168.1.223 client-id=1:80:5e:c0:2a:c2:f1 comment=\
    "Wynand Phone" insert-queue-before=first mac-address=80:5E:C0:2A:C2:F1 \
    rate-limit=1m server=DHCP
add address=192.168.1.214 client-id=1:80:5e:c0:22:5a:9d comment=\
    "Sherry Phone" insert-queue-before=first mac-address=80:5E:C0:22:5A:9D \
    rate-limit=1m server=DHCP
add address=192.168.1.213 client-id=1:0:15:65:f5:ae:91 comment="Neve Phone" \
    insert-queue-before=first mac-address=00:15:65:F5:AE:91 rate-limit=1m \
    server=DHCP
add address=192.168.1.218 client-id=1:80:5e:c0:2a:c4:ac comment=\
    "Sandra Phone" insert-queue-before=first mac-address=80:5E:C0:2A:C4:AC \
    rate-limit=1m server=DHCP
add address=192.168.1.215 client-id=1:0:15:65:f1:c3:8b comment="Jacky Phone" \
    insert-queue-before=first mac-address=00:15:65:F1:C3:8B rate-limit=1m \
    server=DHCP
add address=192.168.1.224 client-id=1:80:5e:c0:2a:c4:71 comment="Bongi Phone" \
    insert-queue-before=first mac-address=80:5E:C0:2A:C4:71 rate-limit=1m \
    server=DHCP
add address=192.168.1.225 client-id=1:80:5e:c0:2a:c4:af comment=\
    "Victor Phone" insert-queue-before=first mac-address=80:5E:C0:2A:C4:AF \
    rate-limit=1m server=DHCP
add address=192.168.1.216 client-id=1:80:5e:c0:22:5c:8a comment=\
    "Shamila Phone" insert-queue-before=first mac-address=80:5E:C0:22:5C:8A \
    rate-limit=1m server=DHCP
add address=192.168.1.220 client-id=1:80:5e:c0:22:5c:bd comment="Rudi Phone" \
    insert-queue-before=first mac-address=80:5E:C0:22:5C:BD rate-limit=1m \
    server=DHCP
add address=192.168.1.221 client-id=1:80:5e:c0:22:5c:41 comment=\
    "Mariska Phone" insert-queue-before=first mac-address=80:5E:C0:22:5C:41 \
    rate-limit=1m server=DHCP
add address=192.168.1.219 client-id=1:80:5e:c0:2a:c4:65 comment="Annah Phone" \
    insert-queue-before=first mac-address=80:5E:C0:2A:C4:65 rate-limit=1m \
    server=DHCP
add address=192.168.1.124 client-id=1:0:e0:4c:1e:25:18 comment=\
    "Pieter Venter" mac-address=00:E0:4C:1E:25:18 server=DHCP
add address=192.168.1.105 client-id=1:90:2b:34:72:f8:8b comment=\
    "Mobile Invoice Printer" mac-address=90:2B:34:72:F8:8B server=DHCP
add address=192.168.1.188 comment="Neve Printer" mac-address=\
    80:CE:62:8D:C6:33 server=DHCP
add address=192.168.1.100 client-id=1:1c:6f:65:c2:31:15 comment="VIP PC" \
    mac-address=1C:6F:65:C2:31:15 server=DHCP
add address=192.168.1.119 client-id=1:94:de:80:5d:38:11 comment="Annah PC" \
    mac-address=94:DE:80:5D:38:11 server=DHCP
add address=192.168.1.114 client-id=1:58:fb:84:e5:9d:31 comment=\
    "Sherry Laptop" mac-address=58:FB:84:E5:9D:31 server=DHCP
add address=192.168.1.33 client-id=1:94:de:80:8a:ae:b3 comment="Jacky PC" \
    mac-address=94:DE:80:8A:AE:B3 server=DHCP
add address=192.168.1.31 comment="JHBDispatch Picking Print Server" \
    mac-address=18:D6:C7:A9:F0:46 server=DHCP
add address=192.168.1.125 client-id=1:70:5a:f:3d:f3:89 comment="Victor PC" \
    mac-address=70:5A:0F:3D:F3:89 server=DHCP
add address=192.168.1.113 client-id=1:7c:b0:c2:3a:14:b1 comment="Neve Laptop" \
    mac-address=7C:B0:C2:3A:14:B1 server=DHCP
add address=192.168.1.28 comment="Printer at Annah's desk" mac-address=\
    78:54:2E:E9:4F:9C server=DHCP
add address=192.168.1.116 client-id=1:3c:52:82:50:2e:3 comment="Shamila PC" \
    mac-address=3C:52:82:50:2E:03 server=DHCP
add address=192.168.1.85 insert-queue-before=bottom mac-address=\
    1C:39:47:45:3E:81 rate-limit=1m server=DHCP
add address=192.168.1.73 always-broadcast=yes client-id=1:8c:f5:a3:d:5e:f4 \
    insert-queue-before=bottom mac-address=8C:F5:A3:0D:5E:F4 rate-limit=1m \
    server=DHCP
add address=192.168.1.74 always-broadcast=yes client-id=1:4c:74:bf:ba:f9:2c \
    insert-queue-before=bottom mac-address=4C:74:BF:BA:F9:2C rate-limit=1m \
    server=DHCP
add address=192.168.1.89 client-id=1:2c:76:8a:c3:f5:87 comment=\
    "HP Printer at Mariska & Pieter Venter" mac-address=2C:76:8A:C3:F5:87 \
    server=DHCP
add address=192.168.1.72 always-broadcast=yes client-id=1:40:9c:28:3b:81:6 \
    insert-queue-before=bottom mac-address=40:9C:28:3B:81:06 rate-limit=1m \
    server=DHCP
add address=192.168.1.127 comment="Onnias PC" mac-address=1C:6F:65:E8:55:1B \
    server=DHCP
add address=192.168.1.118 client-id=1:94:de:80:1f:9c:92 comment="Sandra PC" \
    mac-address=94:DE:80:1F:9C:92 server=DHCP
add address=192.168.1.71 always-broadcast=yes client-id=1:90:97:f3:c3:65:ea \
    insert-queue-before=bottom mac-address=90:97:F3:C3:65:EA rate-limit=1m \
    server=DHCP
add address=192.168.1.70 always-broadcast=yes client-id=1:7c:1c:68:4c:1a:49 \
    insert-queue-before=bottom mac-address=7C:1C:68:4C:1A:49 rate-limit=1m \
    server=DHCP
add address=192.168.1.76 insert-queue-before=bottom mac-address=\
    A4:E4:B8:53:2F:5B rate-limit=1m server=DHCP
add address=192.168.1.79 always-broadcast=yes client-id=1:f0:c8:50:58:ec:d6 \
    mac-address=F0:C8:50:58:EC:D6 server=DHCP
add address=192.168.1.77 always-broadcast=yes client-id=1:38:94:96:f8:ac:d \
    insert-queue-before=bottom mac-address=38:94:96:F8:AC:0D rate-limit=1m \
    server=DHCP
add address=192.168.1.78 always-broadcast=yes client-id=1:90:97:f3:c3:65:ac \
    insert-queue-before=bottom mac-address=90:97:F3:C3:65:AC rate-limit=1m \
    server=DHCP
add address=192.168.1.146 client-id=0:0:1f:29:1f:f7:5 comment=\
    "HP LasetJet 3055 from Branch4" mac-address=00:1F:29:1F:F7:05 server=\
    DHCP
add address=192.168.1.86 client-id=1:74:4a:a4:6a:e1:74 insert-queue-before=\
    first mac-address=74:4A:A4:6A:E1:74 rate-limit=1m server=DHCP
add address=192.168.1.200 client-id=1:0:15:65:f7:3:87 comment=\
    "Switchboard Phone" mac-address=00:15:65:F7:03:87 server=DHCP
add address=192.168.1.240 client-id=1:0:b:82:60:3e:e7 comment=\
    "Grandstream SIP Server" mac-address=00:0B:82:60:3E:E7 server=DHCP
add address=192.168.1.177 comment=FreePBX mac-address=52:54:00:82:D1:8E \
    server=DHCP
add address=192.168.1.187 client-id=1:fc:ec:da:19:2c:a2 comment=\
    "Ubiquity Unifi - HFSA45 Warehouse" mac-address=FC:EC:DA:19:2C:A2 server=\
    DHCP
add address=192.168.1.126 client-id=1:7c:b0:c2:36:da:1c comment=\
    "Bongi Laptop" mac-address=7C:B0:C2:36:DA:1C server=DHCP
add address=192.168.1.183 client-id=1:c:54:15:7f:68:63 mac-address=\
    0C:54:15:7F:68:63 server=DHCP
/ip dhcp-server network
add address=192.168.1.0/24 dhcp-option=unifi dns-server=\
    192.168.1.1,41.79.80.34,8.8.8.8 gateway=192.168.1.1 netmask=24
/ip dns
set servers=41.79.80.34,8.8.8.8,192.168.1.1,8.8.8.8
/ip firewall filter
add action=accept chain=input src-address=172.16.16.0/24
add action=accept chain=input comment="allow established connections" \
    connection-state=established,related
add action=accept chain=forward comment="allow related connections" \
    connection-state=related
add action=accept chain=forward comment="Allow VOIP" dst-port=5060 \
    in-interface=ether1-FIBER protocol=udp
add action=accept chain=forward dst-port=80 protocol=tcp src-address=\
    192.41.100.135
add action=accept chain=forward dst-port=443 protocol=tcp src-address=\
    192.41.100.135
add action=accept chain=input comment="INPUT Dropped" protocol=gre
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
    196.0.0.0/8
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
    197.0.0.0/8
add action=accept chain=input dst-port=22 protocol=tcp src-address=41.0.0.0/8
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
    x.x.x.x/24
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
    105.0.0.0/8
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
    165.0.0.0/8
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
    192.41.100.0/24
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input comment="Log SSH 3rd Attemp" \
    connection-state=new dst-port=22 log=yes protocol=tcp src-address-list=\
    ssh_s
add action=add-src-to-address-list address-list=blacklist \
    address-list-timeout=4w chain=input comment="Block SSH 4th Attemp" \
    connection-state=new dst-port=22 log=yes protocol=tcp src-address-list=\
    ssh_stage3
add action=accept chain=output dst-address=192.41.100.0/24 out-interface=\
    bridge-39
add action=accept chain=input
add action=accept chain=input comment=VPN dst-port=1723 protocol=tcp
add action=accept chain=input comment=VPN protocol=gre
add action=accept chain=forward comment="VIP Payroll VPN User Rules" \
    dst-address=192.41.100.4 src-address=172.16.16.25
add action=accept chain=forward dst-address=172.16.16.25 src-address=192.41.100.4
add action=accept chain=forward comment="General VPN Rules" dst-address=192.41.100.0/24 src-address=172.16.16.0/24
add action=accept chain=forward comment="General VPN Rules" dst-address=192.168.1.0/24 src-address=172.16.16.0/24
add action=accept chain=forward comment="General VPN Rules" dst-address=192.168.1.0/24 src-address=192.41.100.0/24
add action=accept chain=forward dst-address=192.168.1.0/24 src-address=172.16.16.0/24
add action=accept chain=forward dst-address=172.16.16.0/24 src-address=192.168.1.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat comment=":: default configuration" \
    out-interface=ether1-FIBER
add action=masquerade chain=srcnat out-interface=bridge-39
add action=masquerade chain=srcnat out-interface=bridge-LAN
add action=masquerade chain=srcnat out-interface=bridge-WAN
add action=masquerade chain=srcnat dst-address=192.168.1.0/24 src-address=\
    192.168.10.0/24
add action=masquerade chain=srcnat comment="Branch3 VPN" dst-address=192.168.1.0/24 src-address=192.168.8.0/24
add action=accept chain=dstnat dst-address=192.168.1.0/24 src-address=192.41.100.0/24
add action=masquerade chain=srcnat dst-address=192.41.100.0/24 out-interface=ether1-FIBER
add action=masquerade chain=srcnat
add action=accept chain=srcnat disabled=yes dst-address=192.41.100.0/24 src-address=192.168.1.0/24
add action=accept chain=srcnat disabled=yes dst-address=192.168.1.0/24  src-address=192.16.16.101
/ip route
add check-gateway=ping distance=1 gateway=x.x.x.y
add distance=1 gateway=ether1-FIBER
add check-gateway=ping distance=2 gateway=bridge-39
add check-gateway=ping distance=1 dst-address=10.1.1.0/24 gateway=192.41.100.1
add check-gateway=ping distance=1 dst-address=10.1.1.0/24 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.0/24 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.20/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.20/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.20/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.25/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.25/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.25/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.98/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.98/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.98/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.143/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.143/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.143/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.241/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.241/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.241/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.242/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.242/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.242/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.243/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.243/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.243/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.244/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.244/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.244/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=10.1.1.245/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.245/32 gateway=192.168.1.10
add check-gateway=ping distance=2 dst-address=10.1.1.245/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.252/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.252/32 gateway=192.168.1.10
add check-gateway=ping distance=2 dst-address=10.1.1.252/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.253/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.253/32 gateway=192.168.1.10
add check-gateway=ping distance=2 dst-address=10.1.1.253/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.1.1.254/32 gateway=10.106.20.1
add check-gateway=ping distance=1 dst-address=10.1.1.254/32 gateway=192.168.1.10
add check-gateway=ping distance=2 dst-address=10.1.1.254/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.106.20.1/32 gateway=192.41.100.1
add check-gateway=ping distance=1 dst-address=10.106.20.1/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.106.20.1/32 gateway=192.168.1.1
add check-gateway=ping distance=1 dst-address=10.106.20.1/32 gateway=192.168.1.10
add distance=1 dst-address=10.106.20.20/32 gateway=192.41.100.1
add check-gateway=ping distance=1 dst-address=10.106.20.20/32 gateway=10.106.20.1
add distance=1 dst-address=10.106.20.20/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=10.106.20.20/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=192.41.100.1/32 gateway=bridge-39
add check-gateway=ping distance=2 dst-address=192.41.100.1/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=192.41.100.67/32 gateway=192.41.100.1
add check-gateway=ping distance=1 dst-address=192.41.100.145/32 gateway=bridge-39
add check-gateway=ping distance=2 dst-address=192.41.100.145/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=192.41.100.177/32 gateway=bridge-39
add check-gateway=ping distance=2 dst-address=192.41.100.177/32 gateway=192.168.1.10
add check-gateway=ping distance=1 dst-address=192.41.100.240/32 gateway=bridge-39
add check-gateway=ping distance=2 dst-address=192.41.100.240/32 gateway=192.168.1.10
add check-gateway=ping distance=3 dst-address=192.41.100.240/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=192.41.100.251/32 gateway=bridge-39
add check-gateway=ping distance=2 dst-address=192.41.100.251/32 gateway=192.168.1.10
add check-gateway=ping comment="Branch2 VPN" distance=1 dst-address=192.168.3.0/24 gateway=172.16.16.103
add check-gateway=ping comment="Branch1 VPN" distance=1 dst-address=192.168.4.0/24 gateway=172.16.16.104
add check-gateway=ping comment="Branch4 VPN" distance=1 dst-address=192.168.6.0/24 gateway=172.16.16.106
add check-gateway=ping distance=1 dst-address=192.168.8.0/24 gateway=*F0079E
add check-gateway=ping comment="Branch3 VPN" distance=1 dst-address=192.168.8.0/24 gateway=172.16.16.108
add check-gateway=ping distance=1 dst-address=192.168.10.0/24 gateway=*F001FF
add check-gateway=ping distance=1 dst-address=q.q.q.q/32 gateway=192.41.100.1
add check-gateway=ping distance=1 dst-address=q.q.q.q/32 gateway=172.16.16.101
add check-gateway=ping distance=1 dst-address=w.w.w.w/32 gateway=192.41.100.1
add check-gateway=ping distance=1 dst-address=w.w.w.w/32 gateway=172.16.16.101
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/lcd
set default-screen=stat-slideshow
/lcd interface pages
set 0 interfaces="ether1-FIBER,ether2-LAN,ether3-Meraki-LAN3,ether4-Meraki-Int\
    ernet1,ether5-HSTServer,ether6-HSTServer-IPMI,ether7-VOIPServer,ether8-VOI\
    PServer-IPMI"
/ppp secret
add local-address=172.16.16.1 name=neve remote-address=172.16.16.10
add local-address=172.16.16.1 name=ros remote-address=172.16.16.12
add comment=Branch2 local-address=172.16.16.1 name=clinton remote-address=172.16.16.20
add local-address=172.16.16.1 name=pbs remote-address=172.16.16.23
add local-address=172.16.16.1 name=marc remote-address=172.16.16.24
add local-address=172.16.16.1 name=johnny remote-address=172.16.16.27
add local-address=172.16.16.1 name=bev remote-address=172.16.16.28
add local-address=172.16.16.1 name=etienne remote-address=172.16.16.29
add local-address=172.16.16.1 name=ver remote-address=172.16.16.30
add local-address=172.16.16.1 name=Kerneels remote-address=172.16.16.32
add local-address=172.16.16.1 name=bongi remote-address=172.16.16.11
add local-address=172.16.16.1 name=franco remote-address=172.16.16.33
add local-address=172.16.16.1 name=werner remote-address=172.16.16.34
add local-address=172.16.16.1 name=Wynand remote-address=172.16.16.35
add local-address=172.16.16.1 name=SherryLee remote-address=172.16.16.36
add local-address=172.16.16.1 name=CPT2 remote-address=172.16.16.40
add comment=Branch6 local-address=172.16.16.1 name=Wikus remote-address=172.16.16.41
add local-address=172.16.16.1 name=Rudi remote-address=172.16.16.42
add local-address=172.16.16.1 name=Johan remote-address=172.16.16.43
add comment="Branch1" local-address=172.16.16.1 name=Peter remote-address=172.16.16.46
add comment=Branch6 local-address=172.16.16.1 name=Tenie remote-address=172.16.16.45
add comment="Branch1" local-address=172.16.16.1 name=Cheryl remote-address=172.16.16.47
add local-address=172.16.16.1 name=RudiA remote-address=172.16.16.100
add local-address=172.16.16.1 name=FC remote-address=172.16.16.48
add local-address=172.16.16.1 name=Stefan remote-address=172.16.16.49
add local-address=172.16.16.1 name=Mindi remote-address=172.16.16.50
add local-address=172.16.16.1 name=Anro remote-address=172.16.16.51
add local-address=172.16.16.1 name=Taguta remote-address=172.16.16.52
add comment="Branch1" local-address=172.16.16.1 name=Bobby remote-address=\
    172.16.16.53
add comment="Branch1" local-address=172.16.16.1 name=Marco remote-address=\
    172.16.16.54
add comment="Branch3 VPN" local-address=172.16.16.1 name=RUSTVPN remote-address=172.16.16.108 routes=192.41.100.1
add local-address=172.16.16.1 name=RudiC remote-address=172.16.16.55
add comment=" Branch2 router VPN" local-address=172.16.16.1 name=DBNVPN remote-address=172.16.16.103 routes=192.41.100.1
add local-address=172.16.16.1 name=Andries remote-address=172.16.16.56
add comment="Branch4 router VPN" local-address=172.16.16.1 name=VERVPN remote-address=172.16.16.106 routes=192.41.100.1
add local-address=172.16.16.1 name=RichardsBay remote-address=172.16.16.57
add local-address=172.16.16.1 name=RudiB remote-address=172.16.16.21
add comment="39 Steel Road VPN" local-address=172.16.16.1 name=JHBVPN remote-address=172.16.16.101
add comment="39 Steel Road VPN" local-address=192.168.1.1 name=HSTVPN remote-address=192.168.1.10
add comment=" Branch2 router VPN" local-address=172.16.16.1 name=CTVPN remote-address=172.16.16.104 routes=192.41.100.1
add comment="VPN Account used on HFSA24 laptop" local-address=172.16.16.1 name=Mobile remote-address=172.16.16.58
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=HFSA-45-1
/system routerboard settings
set silent-boot=no
/tool sniffer
set streaming-enabled=yes streaming-server=192.168.0.13

sebastia · Sat Nov 17, 2018 12:21 am

CRS is not a core router, but a core switch with routing functionality. it's main purpose is to switch. You have the wrong hardware. get a hex r3 (or better) in front as the router and use CRS as switch only

SilverNodashi · Mon Nov 19, 2018 8:28 pm

CRS is not a core router, but a core switch with routing functionality. it's main purpose is to switch. You have the wrong hardware. get a hex r3 (or better) in front as the router and use CRS as switch only

That doesn't explain the very poor network throughput on the switch.

sebastia · Mon Nov 19, 2018 10:06 pm

No it doesn't, but it's not a configuration with any future...

With regards to switching, few ideas:
* is the switch/bridge HW offload active/enabled
* do you get errors / fault on these ports
* any MTU changes?
* what if you try to transfer to/from CRS?

SilverNodashi · Tue Nov 20, 2018 8:35 am

No it doesn't, but it's not a configuration with any future...

With regards to switching, few ideas:

* is the switch/bridge HW offload active/enabled

HW offload is unticked on all the ports. I had it ticked but it didn't make any difference.

* do you get errors / fault on these ports

Where exactly should I look?

* any MTU changes?

No, I haven't changed any MTU settings. I didn't think it is / was necessary. It's 1500 on all ports.

* what if you try to transfer to/from CRS?

I am not sure I understand the question? Buying new switches are not an option.

sebastia · Tue Nov 20, 2018 12:47 pm

* do you get errors / fault on these ports

Where exactly should I look?
=> Statistics on each interface: tabs Rx stats & Tx stats.

* what if you try to transfer to/from CRS?

I am not sure I understand the question? Buying new switches are not an option.
=> try transferring over "single leg", smaller file into "disk" / ram drive on the switch. That way you can test pure network interface and one at a time.

SilverNodashi · Tue Nov 20, 2018 4:51 pm

* do you get errors / fault on these ports
Where exactly should I look?
=> Statistics on each interface: tabs Rx stats & Tx stats.

ok, so no errors there.

* what if you try to transfer to/from CRS?
I am not sure I understand the question? Buying new switches are not an option.
=> try transferring over "single leg", smaller file into "disk" / ram drive on the switch. That way you can test pure network interface and one at a time.

FTP'ing a 10MB file to and from the Mikrotik to the Linux server connected to port 8 wasn't much quicker either:

ftp> get routeros-mipsbe-6.43.2.npk
local: routeros-mipsbe-6.43.2.npk remote: routeros-mipsbe-6.43.2.npk
227 Entering Passive Mode (192,168,1,1,170,253).
150 Opening ASCII mode data connection for /routeros-mipsbe-6.43.2.npk (10962021 bytes)
226 ASCII transfer complete
11004341 bytes received in 24.3 secs (452.46 Kbytes/sec)
ftp> put routeros-6.43.2.npk
local: routeros-6.43.2.npk remote: routeros-6.43.2.npk
227 Entering Passive Mode (192,168,1,1,203,91).
150 Opening ASCII mode data connection for '/routeros-6.43.2.npk'
226 ASCII transfer complete
11004177 bytes sent in 73.1 secs (150.47 Kbytes/sec)

sebastia · Tue Nov 20, 2018 11:19 pm

I see a few curious settings in your config relevant to this thread:
* "speed=100Mbps": are these manually set to 100mbps
* "hw=no" you mentioned it before, but it's preferred to be enabled
* "use-ip-firewall=yes use-ip-firewall-for-vlan=yes" is that needed?
* "add action=masquerade chain=srcnat out-interface=bridge-LAN" why masq local traffic?
* "add action=masquerade chain=srcnat" what's the goal here?
* "set streaming-enabled=yes streaming-server=192.168.0.13" is that sniffer running constantly?

you got a lot going on that "not router"

When you do the transfer test, what is the cpu usage?

SilverNodashi · Fri Nov 23, 2018 1:55 pm

I see a few curious settings in your config relevant to this thread:
* "speed=100Mbps": are these manually set to 100mbps

I think this is a MikroTik design flaw? The interface stats show 1Gbps, as per the screenshots

* "hw=no" you mentioned it before, but it's preferred to be enabled

It didn't improve the network throughput though, hence being at that time when I exported.
The test in Clipboard06 was done with hardware loading=on

* "use-ip-firewall=yes use-ip-firewall-for-vlan=yes" is that needed?

I have some firewall rules in place, as well as queues. Do I not need those then?

* "add action=masquerade chain=srcnat out-interface=bridge-LAN" why masq local traffic?

This is an internet facing router, surely this is needed?

* "add action=masquerade chain=srcnat" what's the goal here?

As above

* "set streaming-enabled=yes streaming-server=192.168.0.13" is that sniffer running constantly?

I was sniffing at that time, but not active the whole time.

you got a lot going on that "not router"

Please explain, what do you see that could be optimized??

When you do the transfer test, what is the cpu usage?

It jumps between 28% and 50%-65% under normal use. With a large file copy it goes to 100%, as per the last screenshots.

Unfortunately I don't have another Linux server on the other switch to do the test, and can't move these servers network cables.

sebastia · Fri Nov 23, 2018 3:19 pm

I don't know your requirements and situation so I'm not going to say that your config is wrong. But it is definitely sub-optimal. Further current config treats this CRS as router while it's not the intended use. Basically your CPU maxes out at 100 impacting all communications through it.

As said before you need router for routing and keep the CRS for switching / bridging only.

Edit: and you'll need to correct & optimize your configuration. Some settings can be removed and corrected, but it will not be able to do what is there today.

Slow network and internet throughput

Slow network and internet throughput

Re: Slow network and internet throughput

Re: Slow network and internet throughput

Re: Slow network and internet throughput

Re: Slow network and internet throughput

Re: Slow network and internet throughput

Re: Slow network and internet throughput

Re: Slow network and internet throughput

Re: Slow network and internet throughput

Re: Slow network and internet throughput

Who is online