Community discussions

MikroTik App
 
andytuinman3
just joined
Topic Author
Posts: 4
Joined: Mon Apr 10, 2017 1:02 pm

Not full gigabit speed

Tue Nov 05, 2019 9:04 am

I have a RB3011 as my modem/router.

Internet comes through the sfp1 port via Vlan 300. With dhcp client enabled on Vlan 300
But my wired speeds are around 65MB per second so around 500 to 600 mbit. Sometimes fast.com gives 800 mbit but at least no speedtest comes to 1gbit. With the original modem I would get speeds of around 900 to 950 on fast.com and speedtest download. So there must be something i'm missing.

My config is as followed:

/interface bridge
add admin-mac=64:D1:54:F4:F3:C3 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] poe-out=off speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
auto-negotiation=no
/interface vlan
add interface=sfp1 name=vlan300 vlan-id=300
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=DHCP_LAN ranges=192.168.1.100-192.168.1.199
/ip dhcp-server
add address-pool=DHCP_LAN disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=vlan300 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
vlan300
/ip dhcp-server lease
add address=192.168.1.201 mac-address=B8:27:EB:F1:F4:A9 server=defconf
add address=192.168.1.202 mac-address=70:AF:24:12:AC:4C server=defconf
add address=192.168.1.203 mac-address=B8:27:EB:DA:C0:B8 server=defconf
add address=192.168.1.204 mac-address=D0:50:99:8E:49:B3 server=defconf
add address=192.168.1.200 mac-address=00:11:32:A1:4B:25 server=defconf
add address=192.168.1.22 mac-address=00:D9:D1:CD:06:27 server=defconf
add address=192.168.1.23 mac-address=00:0C:29:23:0D:34 server=defconf
add address=192.168.1.210 mac-address=64:00:6A:51:0E:2D server=defconf
add address=192.168.1.21 mac-address=00:04:4B:CF:26:9E server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.200,8.8.8.8 \
gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=443 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=80 in-interface=vlan300 protocol=tcp \
to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=5001 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=2202 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=6690 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=1723 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=3478 in-interface=vlan300 protocol=\
udp to-addresses=192.168.1.20
add action=dst-nat chain=dstnat dst-port=8443 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.20
add action=dst-nat chain=dstnat dst-port=8080 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.20
add action=dst-nat chain=dstnat dst-port=8880 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.20
add action=dst-nat chain=dstnat dst-port=8843 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.20
add action=dst-nat chain=dstnat dst-port=9443 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.210
add action=dst-nat chain=dstnat dst-port=902 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.210
add action=dst-nat chain=dstnat dst-port=25565 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.23
add action=dst-nat chain=dstnat dst-port=25566 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.23
add action=dst-nat chain=dstnat dst-port=25567 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.23
add action=dst-nat chain=dstnat dst-port=25568 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.23
add action=dst-nat chain=dstnat dst-port=22 in-interface=vlan300 protocol=tcp \
to-addresses=192.168.1.23
add action=dst-nat chain=dstnat dst-port=9000 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.23
add action=dst-nat chain=dstnat dst-port=8085 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.23
add action=dst-nat chain=dstnat dst-port=32400 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.21
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/lcd
set backlight-timeout=never default-screen=interfaces
/lcd interface pages
set 0 interfaces=sfp1
/system clock
set time-zone-name=Europe/Amsterdam
/tool graphing interface
add interface=vlan300
add interface=bridge
add interface=sfp1
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 950
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Not full gigabit speed

Tue Nov 05, 2019 9:50 am

Your config looks good to me an first sight.
There have been issues in throughput and packet loss on RB3011 with the LCD turned on.
Try turning off the LCD screen and see if that helps.

As for your plenty dst-nat rules, you can aggregate the ports comma-seperated into one rule for each protocol and host.
Like this for example:
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=5001 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=2202 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=6690 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200
add action=dst-nat chain=dstnat dst-port=1723 in-interface=vlan300 protocol=\
tcp to-addresses=192.168.1.200

### is the same as:

/ip firewall nat
add action=dst-nat chain=dstnat dst-port=5001,2202,6690,1723 in-interface=vlan300 protocol=tcp to-address=192.168.1.200

There are also duplicates in your dst-nat chain.

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
andytuinman3
just joined
Topic Author
Posts: 4
Joined: Mon Apr 10, 2017 1:02 pm

Re: Not full gigabit speed

Tue Nov 05, 2019 10:47 am

Thank you.

I did not know I could put it all in one rule per protocol/host.
I am sorry I'm just getting to know Mikrotik. So yeah my config is probably not that great :).

Thanks again.
As for the throughput. I just saw that my speedtest on my NAS when downloading a 50gb file to /dev/null is way faster and gets to 107MB per second. So yeah that's a lot better.
 
almdandi
newbie
Posts: 46
Joined: Sun May 03, 2015 5:22 pm

Re: Not full gigabit speed

Tue Nov 05, 2019 11:05 pm

Hey,

also you can take a look at the Profiler tool to find maybe a performance bottleneck.

https://wiki.mikrotik.com/wiki/Manual:Tools/Profiler

Who is online

Users browsing this forum: faxxe, Zacharytup and 61 guests