Community discussions

MikroTik App
 
tinom86
just joined
Topic Author
Posts: 6
Joined: Sat Aug 17, 2019 4:41 pm

Slow Gbit speed with Mikrotik hex S

Tue Aug 20, 2019 10:07 pm

Hi all,

I recently connected two subnets with routing. The configuration works fine - however I have a problem with speed.

Two subnets:
#1: 192.168.0.0/24 [ether1; 1Gbps]
#2: 192.168.1.0/24 [ether5; 1Gbps]

No Firewall rules / No NAT

I copied files between two devices:
192.168.0.31 to 192.168.1.4 ~130 Mbit (CPU Usage @ Mikrotik max. 6 %) [Speed is above 100 Mbit]
192.168.1.4 to 192.168.0.31 ~550 Mbit (CPU Usage @ Mikrotik max. 17 %)

When both devices are in the same subnet without the Mikrotik Router, I have no problem: Transmission Speed in both directions ~1000 Mbit (same infrastructure and cable length).

Any ideas what to do?

Best
Tino
You do not have the required permissions to view the files attached to this post.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Slow Gbit speed with Mikrotik hex S

Tue Aug 20, 2019 10:51 pm

Hey

All port are independent, right? Not sure about the first transfer, but the second test is reaching physical limitation, as both ether1 & ether5 are on same data bus, which is limited to 1gbs.

see block diagram without switching: https://mikrotik.com/product/hex_s#fndtn-downloads
 
tinom86
just joined
Topic Author
Posts: 6
Joined: Sat Aug 17, 2019 4:41 pm

Re: Slow Gbit speed with Mikrotik hex S

Tue Aug 20, 2019 11:05 pm

Hi Sebastia,

Thank you very much.
Do you know how to check wether all ports are independent?

UPDATE:
I changed the ports... ether2 = subnet1 and ether5 = subnet2. However, speed is still very slow in one direction (130 Mbit) ... I really do not understand why speed is only slow in one direction?!? :(

Best
Tino
Hey

All port are independent, right? Not sure about the first transfer, but the second test is reaching physical limitation, as both ether1 & ether5 are on same data bus, which is limited to 1gbs.

see block diagram without switching: https://mikrotik.com/product/hex_s#fndtn-downloads
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Slow Gbit speed with Mikrotik hex S

Tue Aug 20, 2019 11:19 pm

If you swap the clients, do you also get "reverse" throughput? If so then I would start looking at the clients / software
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Slow Gbit speed with Mikrotik hex S

Tue Aug 20, 2019 11:21 pm

I think that independent stands for not in a bridge. Bridge is more or less standard with Mikrotik.

Be aware that using the SFP will reduce overall speed again.

Connect uneven with even for each subnet so you will have the best usage of resources of the 760iGS.
 
McSee
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Tue Feb 26, 2019 12:49 pm

Re: Slow Gbit speed with Mikrotik hex S

Tue Aug 20, 2019 11:22 pm

Use a pair of adjacent ports, and enable FastTrack or disable connection tracking if you don't need NAT / stateful firewall at all.
dupl_nonat_Gr3.PNG
You do not have the required permissions to view the files attached to this post.
 
tinom86
just joined
Topic Author
Posts: 6
Joined: Sat Aug 17, 2019 4:41 pm

Re: Slow Gbit speed with Mikrotik hex S

Tue Aug 20, 2019 11:44 pm

Wow - you reach 1 Gbit.
Do you have the same hardware? hex S?

According to architecture for disabled switching I changed the ports as already stated before (using now ether2 and ether5). CPU usage is still very low <20%. Connection Logging is disabled and NAT is also disabled. FastTrack is active.

How to make sure that switching is disabled?
I removed all ports from bridge - bridge itself is still active.

Could it be that MikroTik has a problem with long cable length? The connection is around 60m (CAT7).
Use a pair of adjacent ports, and enable FastTrack or disable connection tracking if you don't need NAT / stateful firewall at all.

dupl_nonat_Gr3.PNG
You do not have the required permissions to view the files attached to this post.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Slow Gbit speed with Mikrotik hex S

Tue Aug 20, 2019 11:56 pm

Use ether1 with ether2 or 4
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: Slow Gbit speed with Mikrotik hex S

Wed Aug 21, 2019 12:01 am

Post your config so we can have a look.
 
tinom86
just joined
Topic Author
Posts: 6
Joined: Sat Aug 17, 2019 4:41 pm

Re: Slow Gbit speed with Mikrotik hex S

Wed Aug 21, 2019 8:43 am

What kind of information do you nedd? Is there a terminal command available to view configuration protocol?

I have another strange observation:

Fritzbox in subnet 192.168.0.0 shows also all devices of subnet 192.168.1.0
Fritzbox in subnet 192.168.1.0 shows only devices of its own subnet; devices of subnet 192.168.0.0 are not listed

Fritzbox [IP 192.168.0.1] in subnet 192.168.0.0 has a static route 192.168.1.0/255.255.255.0 with gateway 192.168.0.254 [IP of Mikrotik]
Fritzbix [IP 192.168.1.1] in subnet 192.168.1.0 has a static route 192.168.0.0/255.255.255.0 with gateway 192.168.1.254 [IP of Mikrotik]

Thx
Tino
Post your config so we can have a look.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Slow Gbit speed with Mikrotik hex S

Wed Aug 21, 2019 10:45 am

The problem with the Mediatek MT7621A design is that you have to keep traffic out that is local->local to enter the processor. This is not possible so I mark it as "notrack" traffic and so it will be not going in/through the connection table. Enabling the switch option does not work because it is automatically disabled again.
add action=notrack chain=prerouting comment="Notrack local traffic / return" dst-address-list=noLOCALgw log-prefix=no-track src-address-list=LOCALall tcp-flags=""
add action=return chain=prerouting dst-address-list=noLOCALgw log-prefix=no-track src-address-list=LOCALall tcp-flags=""
NoLOCALgw = local IP excluding the one of the router itself
LOCALall = all local IP including the one of the router itself

The return is there so that the rest of the lines in RAW are skipped because it is local-local traffic so nothing to route or NAT.

I am using a simple ip range: 192.168.0.0./16 which also included the 192.168.178.1 Fritz address and one router IP in that range.
 
tinom86
just joined
Topic Author
Posts: 6
Joined: Sat Aug 17, 2019 4:41 pm

Re: Slow Gbit speed with Mikrotik hex S

Wed Aug 21, 2019 12:39 pm

The problem with the Mediatek MT7621A design is that you have to keep traffic out that is local->local to enter the processor. This is not possible so I mark it as "notrack" traffic and so it will be not going in/through the connection table. Enabling the switch option does not work because it is automatically disabled again.
add action=notrack chain=prerouting comment="Notrack local traffic / return" dst-address-list=noLOCALgw log-prefix=no-track src-address-list=LOCALall tcp-flags=""
add action=return chain=prerouting dst-address-list=noLOCALgw log-prefix=no-track src-address-list=LOCALall tcp-flags=""
NoLOCALgw = local IP excluding the one of the router itself
LOCALall = all local IP including the one of the router itself

The return is there so that the rest of the lines in RAW are skipped because it is local-local traffic so nothing to route or NAT.

I am using a simple ip range: 192.168.0.0./16 which also included the 192.168.178.1 Fritz address and one router IP in that range.
Hi,

so for me:
NoLOCALgw = 192.168.0.1 - 192.168.0.253 [MikroTik IP = 192.168.0.254] AND 192.168.1.1 - 192.168.1.253 [MiktoTik IP = 192.168.1.254]
LOCAL all = 192.168.0.1 - 192.168.0.254 AND 192.168.1.1 - 192.168.1.254

Under which section do I have to maintain the lists? IP -> Firewall?

I would like to use the MikroTik router just to connect two subnets - nothing more.

Best
Tino
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Slow Gbit speed with Mikrotik hex S

Wed Aug 21, 2019 12:50 pm

ip - firewall - address-list

I wrote processor and to bemore clear it is Connection tracking in R-OS that slows things down.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Slow Gbit speed with Mikrotik hex S

Wed Aug 21, 2019 3:28 pm

Hmmm I was moving files using FTP inside my network and saw that in beginning that I still got a high load and after a short time that dropped.

So I could abandon the untrack thought and use the following filter (ip firewall filter)
/ ip firewall filter
add action=reject chain=forward dst-address-list=noLOCALgw reject-with=icmp-network-unreachable src-address-list=LOCALall
If I am correct I am telling the transmitter that this is not the correct path and that an other way has be found to move traffic....for me that is the switch in front of the hEx S.

This does NOT work fine and new connections do not start. The Brigde states hardware offloading but it start after few GB transferred.
Last edited by msatter on Thu Aug 22, 2019 2:44 pm, edited 2 times in total.
 
McSee
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Tue Feb 26, 2019 12:49 pm

Re: Slow Gbit speed with Mikrotik hex S

Wed Aug 21, 2019 4:40 pm

Wow - you reach 1 Gbit.
Do you have the same hardware? hex S?
It was hEX (RB750Gr3) which has the same MTK chipset as hEX S; it's essentially hEX S without SFP and PoE out.
 
Emil66
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Tue Aug 28, 2018 2:09 am

Re: Slow Gbit speed with Mikrotik hex S

Wed Aug 21, 2019 5:03 pm

FYI: You're reading the block diagram wrong. The Hex S is capable of routing a full gigabit one way even on ports which use the same path to the CPU. Each of the two gigabit CPU links is 1 Gbps in and 1 Gbps out. You only need to use ports which are on separate links if you want to route a gigabit in both directions simultaneously. In that case you should be able to route 2 Gbps (1 Gbps each way).

What's important on the Hex S is that it must use fast tracking, because it can't handle connection tracking at line speed without it. Any feature which prevents fast tracking from working will ruin the routing throughput. (This also means you have to decide if you need IPv6 connection tracking or full speed IPv6 routing. You can't have both because there is still no IPv6 fast tracking.) The throughput without fast tracking is about 500 Mbps.

Who is online

Users browsing this forum: anav, araqiel, Majestic-12 [Bot], muona, pe1chl, simonefil and 83 guests