Huge packet loss

wertecs · Thu Oct 27, 2022 11:24 pm

Hello, I'm experiencing a huge packet loss when connected directly to my Mikrotik router (wireless and ethernet).

This issue does not happen if I plugin directly to the modem of my ISP provider.

This happens for all services (twitch, facebook, youtube, netflix, ...)
Example:
--- 8.8.8.8 ping statistics ---
535 packets transmitted, 420 packets received, 21.5% packet loss
round-trip min/avg/max/stddev = 8.372/12.338/67.587/7.134 ms

Config:

[admin@MikroTik] > /export hide-sensitive 
# oct/27/2022 22:16:43 by RouterOS 6.49.7
# software id = 1QLW-XWIC
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A7708ED5742
/interface bridge
add admin-mac=CC:2D:E0:E0:AC:0B auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n country="czech republic" disabled=no distance=indoors frequency=auto keepalive-frames=disabled mode=ap-bridge multicast-helper=disabled ssid=skynet station-roaming=enabled wireless-protocol=\
    802.11
/caps-man interface
add disabled=yes mac-address=00:00:00:00:00:00 master-interface=none name=cap1 radio-mac=00:00:00:00:00:00
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk,wpa2-eap mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=dynamic-keys name=viruses supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap eap-methods="" management-protection=allowed mode=dynamic-keys name=gnomish_factory supplicant-identity=""
add authentication-types=wpa-psk mode=dynamic-keys name=gnomiky supplicant-identity=MikroTik
/interface wireless
add disabled=no mac-address=4E:5E:0C:AB:37:B9 master-interface=wlan1 name=GNOMIKY security-profile=gnomiky ssid=GNOMIKY station-roaming=enabled wds-default-bridge=bridge wps-mode=disabled
add disabled=no mac-address=4E:5E:0C:AB:37:B8 master-interface=wlan1 name=gnomish_factory security-profile=gnomish_factory ssid=gnomish_factory station-roaming=enabled wds-default-bridge=bridge wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-eeeC country="czech republic" disabled=no distance=indoors frequency=5320 mode=ap-bridge security-profile=viruses ssid=Valhalla station-roaming=enabled \
    wireless-protocol=802.11 wmm-support=enabled
add disabled=no mac-address=CE:2D:E0:E0:AC:11 master-interface=wlan2 name=viruses security-profile=viruses ssid="Click Here for Viruses2" station-roaming=enabled wds-default-bridge=bridge wps-mode=disabled
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge lease-time=23h59m name=defconf
/system logging action
add email-to=REDACTED name=emailTrouble target=email
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/caps-man manager
set enabled=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=viruses
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.88.1/24 interface=wlan2 network=192.168.88.0
add address=192.168.88.1/24 interface=wlan1 network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.88.152 client-id=1:50:32:37:7a:a8:fb mac-address=50:32:37:7A:A8:FB server=defconf
add address=192.168.88.151 comment=HUE mac-address=00:17:88:63:FE:37 server=defconf
add address=192.168.88.153 client-id=1:0:11:32:80:1b:d mac-address=00:11:32:80:1B:0D server=defconf
add address=192.168.88.121 mac-address=40:F0:2F:82:DC:ED server=defconf
add address=192.168.88.155 client-id=1:a4:2b:b0:19:2:f9 mac-address=A4:2B:B0:19:02:F9 server=defconf
add address=192.168.88.110 client-id=ff:d:96:8f:69:0:2:0:0:ab:11:88:2:56:bc:fb:1c:ce:1 mac-address=50:3E:AA:05:F2:53 server=defconf
add address=192.168.88.117 client-id=1:4:d9:f5:f5:5d:23 mac-address=04:D9:F5:F5:5D:23 server=defconf
add address=192.168.88.92 client-id=1:4c:32:75:94:5c:d9 mac-address=4C:32:75:94:5C:D9 server=defconf
add address=192.168.88.79 client-id=1:28:18:78:70:62:2a mac-address=28:18:78:70:62:2A server=defconf
add address=192.168.88.93 comment="LG TV" mac-address=C4:36:6C:7A:01:34 server=defconf
add address=192.168.88.119 client-id=1:4:d9:f5:f5:5e:6 mac-address=04:D9:F5:F5:5E:06 server=defconf
add address=192.168.88.89 client-id=1:f4:d4:88:72:b3:1e mac-address=F4:D4:88:72:B3:1E server=defconf
add address=192.168.88.21 block-access=yes comment=fridge lease-time=15m mac-address=88:E7:12:22:75:5E server=defconf
add address=192.168.88.23 client-id=1:c8:89:f3:a9:e9:5b comment="makibuki lmc" mac-address=C8:89:F3:A9:E9:5B server=defconf
add address=192.168.88.31 mac-address=BC:DD:C2:50:C1:6D server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 domain=local gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes max-concurrent-queries=200 max-concurrent-tcp-sessions=30 query-server-timeout=1s query-total-timeout=3s servers=8.8.8.8,1.1.1.1
/ip dns static
add address=192.168.88.155 name=eagle.home
add address=192.168.88.110 name=plex.home
add address=192.168.88.93 name=lgtv.home
add address=192.168.88.117 name=asterix.home
add address=192.168.88.110 name=r2d2.home
add address=192.168.88.151 name=hue.home
add address=192.168.88.31 name=window-living-room.home
add address=192.168.88.110 name=postgresql.home
add address=192.168.88.1 name=router.home
add address=192.168.88.110 comment="deluge bytesized" name=deluge.home
add address=192.168.88.110 comment="local deluge" name=local.deluge.home
add address=192.168.88.153 name=c3p0.home
add address=192.168.88.89 name=astro.home
add address=192.168.88.110 name=marvin.home
add address=192.168.88.110 name=filezilla.home
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward src-address=""
add action=drop chain=forward layer7-protocol=*2 src-address=""
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=accept chain=dstnat dst-address=192.168.0.110 dst-port=80 protocol=tcp src-port=80
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=55123
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Prague
/system logging
add action=emailTrouble topics=critical
/tool bandwidth-server
set enabled=no
/tool e-mail
set address=smtp.gmail.com from=householdwx@gmail.com port=587 start-tls=yes user=householdwx@gmail.com
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Would be glad for any help.

loloski · Thu Oct 27, 2022 11:49 pm

try to change cable and redo your test

wertecs · Fri Oct 28, 2022 12:04 am

try to change cable and redo your test

Already tried that, did not help.
I've also tested the cables with a ethernet cable tester.
The router is 4 years old, I'm beginning to suspect it might be dying or something.
It works fine for a while, then it's suddenly drops every packet (PC that is plugged into the ISP modem works normally at the same time), then works normally again.

R1CH · Fri Oct 28, 2022 2:40 am

/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps

Try and set this back to autonegotiation.

Buckeye · Fri Oct 28, 2022 5:06 am

what does cpu usage look like?

What is the intent of these firewall rules at end of the /ip firewall filter list?
add action=accept chain=forward src-address=""
add action=drop chain=forward layer7-protocol=*2 src-address=""

Are you sure your MikroTik router was not compromised (due to weak password, firewalls, etc.)

Some short videos you may want to watch:

Using the Profile tool in RouterOS
MikroTik Torch tool

And if it was compromised, then these
MikroTips: Netinstall
MikroTips: How to firewall

wertecs · Fri Oct 28, 2022 12:46 pm

/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps

Try and set this back to autonegotiation.

autonegotiation is already ticked

what does cpu usage look like?

What is the intent of these firewall rules at end of the /ip firewall filter list?
add action=accept chain=forward src-address=""
add action=drop chain=forward layer7-protocol=*2 src-address=""

Are you sure your MikroTik router was not compromised (due to weak password, firewalls, etc.)

Some short videos you may want to watch:

Using the Profile tool in RouterOS
MikroTik Torch tool

And if it was compromised, then these
MikroTips: Netinstall
MikroTips: How to firewall

To be honest, I have no idea what these 2 firewall rules do, or how they got there, but 0 Bytes and 0 packets went through them.

CPU usage is at 19% max (data from graph)

I will check out the videos.

wertecs · Fri Nov 04, 2022 8:22 pm

After I tried everything, I called the ISP and they've sent over a technician. It appears I was having an signal interference on the cable from the ISP.
Thanks everyone for their help.

Huge packet loss [SOLVED]

Huge packet loss

Re: Huge packet loss

Re: Huge packet loss

Re: Huge packet loss

Re: Huge packet loss [SOLVED]

Re: Huge packet loss

Re: Huge packet loss

Who is online