Community discussions

MikroTik App
 
topbanana
just joined
Topic Author
Posts: 12
Joined: Wed Sep 19, 2018 2:52 pm

Detect-internet causing internal packet loss

Sat Feb 02, 2019 12:38 pm

I have a Mikrotik router which I've configured for PCC load balancing over two ISPs.

It's worked fairly well until recently. I seem to have a lot of packet loss between one host and my router. I think I've eliminated cabling / NIC / switch issues, so I think it's my Mikrotik config. (This host can talk to all other nodes in my network just fine)

One interesting observation is that when I enable the Mikrotik Packet Sniffer, the packet loss seems to stop! The moment I disable it, it starts again.

Typically if I try to ping the router, I'll get a response back for 10 seconds, or so, then nothing for a few more, and so on.

Could this be something obvious, or should I post up my config?

Many thanks for reading. This is driving me nuts!
Last edited by topbanana on Wed Feb 06, 2019 4:35 pm, edited 1 time in total.
 
topbanana
just joined
Topic Author
Posts: 12
Joined: Wed Sep 19, 2018 2:52 pm

Re: Packets being dropped from one host only

Sat Feb 02, 2019 12:41 pm

I should also add that I've disabled the FastTrack step in my filter rules in order to allow PCC to work.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1797
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Packets being dropped from one host only

Sat Feb 02, 2019 2:56 pm

Start by listing your current config: /export hide-sensitive compact
 
topbanana
just joined
Topic Author
Posts: 12
Joined: Wed Sep 19, 2018 2:52 pm

Re: Packets being dropped from one host only

Sun Feb 03, 2019 2:44 pm

Here is my current config, thanks very much for taking the time to look.
# feb/03/2019 12:41:35 by RouterOS 6.43.8
# software id = 2XI8-DMPN
#
# model = RouterBOARD 750G r3
# serial number = 6F3A0746139A
/interface bridge
add admin-mac=64:D1:54:BE:32:75 auto-mac=no comment=\
    "created from master port" fast-forward=no name=bridge1 protocol-mode=\
    none
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1 speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] name=ether5-WAN2 speed=100Mbps
/interface pppoe-client
add disabled=no interface=ether1-WAN1 keepalive-timeout=60 name=pppoe-out1 \
    use-peer-dns=yes user=*USERNAME*
add disabled=no interface=ether5-WAN2 keepalive-timeout=disabled name=\
    pppoe-out2 user=*USERNAME*
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254
add name=dhcp_pool1 ranges=192.168.1.150-192.168.1.254
add name=dhcp_pool2 ranges=192.168.1.100-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool2 interface=bridge1 name=dhcp1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether2-master
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge1 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5-WAN2 list=discover
add interface=pppoe-out1 list=discover
add interface=pppoe-out2 list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox
add interface=pppoe-out1
add interface=pppoe-out2
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge1 network=\
    192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=1.1.1.1,1.0.0.1 domain=mydomain.co.uk \
    gateway=192.168.1.1
/ip dns
set servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.1.1 name=router
add address=192.168.1.19 name=win-server.mydomain.co.uk
/ip firewall filter
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1-WAN1
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
    new in-interface=ether5-WAN2
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=all-ppp
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out2 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting comment=\
    "mark ISP1_conn on PCC 2/0" connection-mark=no-mark dst-address-type=\
    !local in-interface=bridge1 new-connection-mark=ISP1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment=\
    "mark ISP2_conn on PCC 2/1" connection-mark=no-mark dst-address-type=\
    !local in-interface=bridge1 new-connection-mark=ISP2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
    in-interface=bridge1 new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
    in-interface=bridge1 new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn \
    new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn \
    new-routing-mark=to_ISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=dst-nat chain=dstnat dst-port=80 in-interface=all-ppp protocol=tcp \
    to-addresses=192.168.1.19 to-ports=80
add action=dst-nat chain=dstnat dst-port=8123 in-interface=all-ppp protocol=\
    tcp to-addresses=192.168.1.118 to-ports=8123
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=pppoe-out2 routing-mark=to_ISP2
add check-gateway=ping distance=2 gateway=pppoe-out1
add check-gateway=ping distance=2 gateway=pppoe-out2
/ip smb shares
set [ find default=yes ] directory=/pub
/ip upnp
set enabled=yes
/system clock
set time-zone-name=Europe/London
/system resource irq rps
set ether1-WAN1 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5-WAN2 disabled=no
set ether2-master disabled=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1797
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Packets being dropped from one host only

Mon Feb 04, 2019 12:56 am

Nothing that jumps out, but

* your wan interfaces are ppp-'s not ether1 /-5 -> forward drop rules need adjusting
* remove wan2,pppoe's from dscovery list
* disable detect-internet, it caused strange issues in the past.
 
topbanana
just joined
Topic Author
Posts: 12
Joined: Wed Sep 19, 2018 2:52 pm

Re: Packets being dropped from one host only

Tue Feb 05, 2019 10:24 pm

Sebastia, you sir, are a genius.

Disabling detect internet prevents this packet loss.

I owe you a beer!
 
R1CH
Forum Veteran
Forum Veteran
Posts: 931
Joined: Sun Oct 01, 2006 11:44 pm

Re: Packets being dropped from one host only

Tue Feb 05, 2019 11:32 pm

How is that a thing?!
 
topbanana
just joined
Topic Author
Posts: 12
Joined: Wed Sep 19, 2018 2:52 pm

Re: Packets being dropped from one host only

Tue Feb 05, 2019 11:41 pm

Good question. Maybe a bug. Do Mikrotik employees read these forums?
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 760
Joined: Fri Nov 10, 2017 8:19 am

Re: Detect-internet causing internal packet loss

Thu Feb 07, 2019 6:44 am

First thing I do on any router is disable "detect internet". (well, technically I always wipe whole config but hey... same thing, right?)

It is another "clever yet limited black-box" function, similar as kid control, cloud, netwatch or hotspot - all these things can be scripted and scheduled relatively easy with full control over what is happening.

These functions might make our life easier in some situations but they should be disabled in defconf and when you reset config with no-defaults (looking at you cloud time sync!) and they should be used only when admin knows what he is doing.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1797
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Detect-internet causing internal packet loss

Thu Feb 07, 2019 10:49 am

The problem that I have with "detect-internet" feature is that it's insufficiently documented and it's impact on internal process / usage are completely unclear.
 
dricks
just joined
Posts: 13
Joined: Fri Jan 08, 2010 7:31 pm
Location: Embarcacion

Re: Detect-internet causing internal packet loss

Thu Apr 04, 2019 4:11 am

"detect-internet" feature almost went crazy trying to solve problems with my pppoe-out, "internet not detected" and dialed again.
That caused the pppoe connection to be cut for a few seconds.
ty sebastia
 
daxyco
just joined
Posts: 8
Joined: Tue May 12, 2020 5:20 pm

Re: Detect-internet causing internal packet loss

Sat Oct 17, 2020 5:12 pm

Hi guys, sorry for resurrecting an old topic, but I have a similar problem.

I have a very basic hap ac2 setup, with just a few nat/port forwarding rules. I am always messing around with the config to try and see what I might change, and today I clicked the detect Internet enable button in the android app.

Internet connection is very slow now, with a lot of lost packets, sometimes I cannot even open a simple Web site. I guessed I should disable Internet detect, but the problem is I cannot seem to have a stable enough connection to it to do it over the android app. Every few seconds I am logged out of the router with the message connection timed out.

When accessing the mikrotik via LAN, I can't find the option through the Webfig, and I don't have a Windows machine with Winbox. Can anyone let me know how to disable Internet detect via Webfig or terminal? And what to do if the connection is too unstable to do so? Factory reset?

Sent from my SM-A600FN using Tapatalk

 
sindy
Forum Guru
Forum Guru
Posts: 5905
Joined: Mon Dec 04, 2017 9:19 pm

Re: Detect-internet causing internal packet loss

Sat Oct 17, 2020 5:25 pm

/interface detect-internet set detect-interface-list=none
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
daxyco
just joined
Posts: 8
Joined: Tue May 12, 2020 5:20 pm

Re: Detect-internet causing internal packet loss

Sat Oct 17, 2020 5:30 pm

Thanks, I'll try it when I'm back home tonight.

Sent from my SM-A600FN using Tapatalk

 
DarkNate
Member Candidate
Member Candidate
Posts: 180
Joined: Fri Jun 26, 2020 4:37 pm

Re: Detect-internet causing internal packet loss

Sat Oct 17, 2020 6:18 pm

Weird problem. I have been using Detect-internet for months and never disabled it, works fine without problems.
 
daxyco
just joined
Posts: 8
Joined: Tue May 12, 2020 5:20 pm

Re: Detect-internet causing internal packet loss

Sat Oct 17, 2020 10:16 pm

Can't get it stable enough to even write anything in the terminal. I manage to connect to it, but when terminal starts, I just can't write anything, it doesn't react to typing on the keyboard. I tried disconnecting every Lan port except the computer it's connected to (others were a raspberry pi, ubiquiti ap, and a TV), and still the same.

When I disconnected the AP I realised that WiFi isn't working on mikrotik (only 5ghz wifi was enabled on mikrotik, same ssid as on the AP), so the problem isn't only related to LAN.

Is factory reset the only solution?

Sent from my SM-A600FN using Tapatalk

 
sindy
Forum Guru
Forum Guru
Posts: 5905
Joined: Mon Dec 04, 2017 9:19 pm

Re: Detect-internet causing internal packet loss

Sat Oct 17, 2020 10:22 pm

Can you try WebFig or ssh instead of Winbox? Or have you disabled those protocols?

EDIT: sorry, you've mentioned you cannot find it in WebFig. Click Interfaces in the left hand menu, and the [Detect Internet] button is above the list of interfaces, next to the [Add New] one.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
daxyco
just joined
Posts: 8
Joined: Tue May 12, 2020 5:20 pm

Re: Detect-internet causing internal packet loss

Sat Oct 17, 2020 10:31 pm

I don't have a Windows PC so I couldn't even try winbox.

I finally did it, I was hoping terminal would be easier, just copying and pasting a line, but as I said above, it would comply. I finally managed to log into Webfig and not be disconnected in a few seconds, and I did what was necessary. The terminal command helped though, I knew what to look for. It took some effort, be quick enough, but did it finally.

Thanks everyone for the help.

Now, for the sake of discussion, does anyone know why this happened? My complete setup was an ISP router in bridge, Mikrotik with a PPPoE connection, 4 LAN devices including an UBNT AP, 5GHz wifi on Mikrotik that stopped broadcasting when I enabled internet detect, and terribly slow and unreliable internet (and local) connection. The number of wifi clients was 20-25 (mainly Sonoff smart devices, a couple of laptops and phones, 2x Echo dot).

Who is online

Users browsing this forum: Bing [Bot], chechito and 84 guests