Community discussions

MikroTik App
 
kazim
newbie
Topic Author
Posts: 27
Joined: Tue Feb 14, 2012 3:39 pm

LAN/WAN showing different Bandwidth( Data rate)

Sat Apr 19, 2014 1:19 pm

hello,

I facing an issue for last two weeks. I am using RB1100 and configured two interfaces. 1 for WAN and another for LAN.Now the issue is that my WAN side showing 24Mbps download and 4Mbps upload and my LAN side showing 20Mbps download and 4 Mbps upload. Upload is the same in both interfaces but the difference in download. what is the issue any body knows.

No web proxy enable and no allow remote DNS requests
You do not have the required permissions to view the files attached to this post.
 
jaykay2342
Member
Member
Posts: 335
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: LAN/WAN showing different Bandwidth( Data rate)

Sat Apr 19, 2014 3:02 pm

have you some kind of queue configuration? on the other hand i think that this values at the webinterface are not 100% accurate as bandwidth usage is calculate via taking the delta between to countervalue. so the timeframe which was used to calculate WAN might be not the same as the timeframe which was used to calculate LAN. Is the value constantly wrong?
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA
 
kazim
newbie
Topic Author
Posts: 27
Joined: Tue Feb 14, 2012 3:39 pm

Re: LAN/WAN showing different Bandwidth( Data rate)

Sat Apr 19, 2014 4:31 pm

I think the timeframe for upload is calculated right but the issue in download...Hows about that
 
jaykay2342
Member
Member
Posts: 335
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: LAN/WAN showing different Bandwidth( Data rate)

Sat Apr 19, 2014 7:36 pm

What i meant was that for one interface the data are from a different "time" as for the other interface. but than it must be also the other way around wrong sometimes. what kind of traffic do you have on the network? belongs the 20M mostly to one tcp connection? how about traffic on the WAN interface which is "garbage" and get drop by the firewall?
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA
 
kazim
newbie
Topic Author
Posts: 27
Joined: Tue Feb 14, 2012 3:39 pm

Re: LAN/WAN showing different Bandwidth( Data rate)

Sun Apr 20, 2014 8:35 am

I have got 25 Mbps for my customers..and i have made queues for each customers...20Mbps is my use in LAN while 4 to 5 mbps goes to garbage on WAN side...

I have made some rules in firewall... for unwanted traffic our the WAN side..but still the same issue .as shows in the screen shot.
 
jaykay2342
Member
Member
Posts: 335
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: LAN/WAN showing different Bandwidth( Data rate)

Sun Apr 20, 2014 10:50 am

If 5 Mbps garbage-traffic coming in on the WAN interface and get dropped by firewall-rules this is exactly what i would expect as an result. So you get 25M ( WAN-RX ), you filter out 5M, you send out the remaining 20M ( LAN-TX ).

If you really get 5Mbps garbage-traffic which get dropped you should investigate what kind of traffic it is and why it's coming.
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA
 
ojeysky
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Mar 10, 2009 2:04 pm

Re: LAN/WAN showing different Bandwidth( Data rate)

Tue Aug 25, 2015 6:14 pm

Hello,

I am having this same challenge. My WAN is reading 40mb while i am getting 30mb on my LAN. I don't have queues except for the dynamic simple queues generated by hotspot.

Any help would be appreciated.

Thanks
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Tue Aug 25, 2015 10:03 pm

Don't you have opened the dns cache to Internet, do you?
 
ojeysky
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Mar 10, 2009 2:04 pm

Re:

Wed Aug 26, 2015 5:19 pm

Don't you have opened the dns cache to Internet, do you?
Hello I have remote request enabled, is that what you mean? below is my DNS configuration:
 ip dns print 
                servers: 8.8.8.8,4.2.2.1
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
             cache-size: 16096KiB
          cache-max-ttl: 1w
             cache-used: 4651KiB
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Wed Aug 26, 2015 6:06 pm

Then drop udp and tcp in input chain port 53 on wan interface.
 
ojeysky
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Mar 10, 2009 2:04 pm

Re:

Wed Aug 26, 2015 6:25 pm

Then drop udp and tcp in input chain port 53 on wan interface.
I do have that already in place but still the problem persists
17   chain=input action=drop protocol=udp in-interface=Internet dst-port=53 

18   chain=input action=drop protocol=tcp in-interface=Internet dst-port=53 
What i noticed is that this happen once i enable hotspot.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Wed Aug 26, 2015 6:34 pm

Are those counters rising? If not you are maybe accepting or fasttracking the connections before those rules.
 
ojeysky
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Mar 10, 2009 2:04 pm

Re:

Wed Aug 26, 2015 7:06 pm

Are those counters rising? If not you are maybe accepting or fasttracking the connections before those rules.
Thanks for your response, i actually drag the rules to the top and still got no counter increase. Below is my filter rule:
 0   ;;; Echo request - Avoiding Ping Flood
     chain=ICMP action=accept protocol=icmp icmp-options=8:0 limit=1,5 

 1   chain=input action=accept protocol=udp src-address=192.168.50.6 
     dst-address=192.168.50.1 dst-port=1812 

 2   chain=forward action=accept protocol=udp src-address=10.0.0.1 
     dst-address=10.0.0.13 dst-port=1812 

 3   chain=forward action=accept src-address=10.0.0.13 

 4   chain=forward action=accept protocol=udp src-address=10.0.0.1 
     dst-address=10.0.0.13 dst-port=1813 

 5   chain=input action=drop protocol=udp in-interface=Internet dst-port=53 

 6   chain=input action=drop protocol=tcp in-interface=Internet dst-port=53 

 7   chain=input action=accept protocol=tcp src-address=172.16.0.0/12 
     dst-address=public IP src-address-list=support dst-port=80 

 8   ;;; Accept FTP - TCP
     chain=input action=accept protocol=tcp port=21 

 9   chain=input action=accept protocol=udp src-address=127.0.0.1 
     dst-address=127.0.0.1 dst-port=1812 

10   chain=input action=accept protocol=udp src-address=127.0.0.1 
     dst-address=127.0.0.1 dst-port=3799 

11   chain=input action=accept protocol=udp src-address=127.0.0.1 
     dst-address=127.0.0.1 dst-port=1813 

12   chain=input action=accept protocol=udp src-address=192.168.50.6 
     dst-address=192.168.50.1 dst-port=1813 

13   chain=input action=accept protocol=udp src-address=192.168.50.6 
     dst-address=192.168.50.1 dst-port=3799 

14   chain=input action=accept protocol=tcp dst-address=public ip
     dst-port=8291 

15   chain=forward action=accept protocol=tcp dst-port=8291 

16   chain=input action=accept protocol=tcp dst-address=public ip dst-port=2>

17   chain=input action=accept protocol=udp dst-address=public subnet
     dst-port=80 

18   chain=input action=accept protocol=udp src-address=192.168.16.2 
     dst-address=192.168.16.1 dst-port=161 

19   chain=input action=drop protocol=tcp in-interface=Internet dst-port=3128 

20   chain=input action=accept protocol=tcp dst-port=1700 

21   chain=forward action=accept protocol=tcp dst-port=5900 

22   ;;; place hotspot rules here
     chain=unused-hs-chain action=passthrough 

23 X ;;; block facebook on https
     chain=forward action=reject reject-with=tcp-reset protocol=tcp 
     dst-address-list=Facebook 

24   ;;; torrentsites
     chain=forward action=drop dst-address=46.28.48.164 

25   ;;; torrentsites
     chain=forward action=drop src-address=172.16.0.0/12 
     layer7-protocol=torrentsites 

26   ;;; dropDNS
     chain=forward action=drop protocol=udp src-address=172.16.0.0/12 
     layer7-protocol=torrentsites dst-port=53 

27   ;;; keyword_drop
     chain=forward action=drop src-address=172.16.0.0/12 content=torrent 

28   ;;; trackers_drop
     chain=forward action=drop src-address=172.16.0.0/12 content=tracker 

29   ;;; get_peers_drop
     chain=forward action=drop src-address=172.16.0.0/12 content=getpeers 

30   ;;; info_hash_drop
     chain=forward action=drop src-address=172.16.0.0/12 content=info_hash 

31   ;;; p2p_drop
     chain=forward action=drop p2p=all-p2p src-address=172.16.0.0/12 

32   ;;; drop ftp brute forcers
     chain=input action=drop protocol=tcp src-address-list=ftp_blacklist 
     dst-port=21 

33   chain=output action=add-dst-to-address-list protocol=tcp 
     address-list=ftp_blacklist address-list-timeout=3h 
     content=530 Login incorrect 

34   ;;; drop ssh brute forcers
     chain=input action=drop protocol=tcp src-address-list=ssh_blacklist 
     dst-port=22 

35   chain=input action=add-src-to-address-list connection-state=new protocol=tc>
     src-address-list=ssh_stage3 address-list=ssh_blacklist 
     address-list-timeout=1w3d dst-port=22 

36   chain=input action=add-src-to-address-list connection-state=new protocol=tc>
     src-address-list=ssh_stage2 address-list=ssh_stage3 
     address-list-timeout=1m dst-port=22 

37   chain=input action=add-src-to-address-list connection-state=new protocol=tc>
     src-address-list=ssh_stage1 address-list=ssh_stage2 
     address-list-timeout=1m dst-port=22 

38   chain=input action=add-src-to-address-list connection-state=new protocol=tc>
     address-list=ssh_stage1 address-list-timeout=1m dst-port=22 

39   ;;; drop ssh brute downstream
     chain=forward action=drop protocol=tcp src-address-list=ssh_blacklist 
     dst-port=22 

40   ;;; Add Syn Flood IP to the list
     chain=input action=add-src-to-address-list tcp-flags=syn protocol=tcp 
     address-list=Syn_Flooder address-list-timeout=30m connection-limit=30,32 

41   ;;; Drop to syn flood list
     chain=input action=drop src-address-list=Syn_Flooder 

42   ;;; Port Scanner Detect
     chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 
     address-list=Port_Scanner address-list-timeout=1w 

43   ;;; Drop to port scan list
     chain=input action=drop src-address-list=Port_Scanner 

44   ;;; Jump for icmp input flow
     chain=input action=jump jump-target=ICMP protocol=icmp 

45 X ;;; Block all access to the winbox - except to support list # DO NOT ENABLE>
IS RULE BEFORE ADD YOUR SUBNET IN THE SUPPORT ADDRESS LIST
     chain=input action=drop protocol=tcp src-address-list=!support 
     dst-port=8291 

46   ;;; Jump for icmp forward flow
     chain=forward action=jump jump-target=ICMP protocol=icmp 

47   ;;; Drop to bogon list
     chain=forward action=drop dst-address-list=bogons 

48   ;;; Add Spammers to the list for 3 hours
     chain=forward action=add-src-to-address-list protocol=tcp 
     address-list=spammers address-list-timeout=3h dst-port=25,587 
     connection-limit=30,32 limit=30/1m,0 

49   ;;; Avoid spammers action
     chain=forward action=drop protocol=tcp src-address-list=spammers 
     dst-port=25,587 

50   ;;; Accept DNS - UDP
     chain=input action=accept protocol=udp port=53 

51   ;;; Accept DNS - TCP
     chain=input action=accept protocol=tcp port=53 

52   ;;; Accept to established connections
     chain=input action=accept connection-state=established 

53   ;;; Full access to SUPPORT address list
     chain=input action=accept src-address-list=support1 

54   chain=forward action=accept protocol=tcp dst-port=389 

55   chain=forward action=accept protocol=tcp dst-port=1812 

56   chain=forward action=accept protocol=tcp dst-port=1813 

57   ;;; Drop anything else! # DO NOT ENABLE THIS RULE BEFORE YOU MAKE SURE ABOU>
LL ACCEPT RULES YOU NEED
     chain=input action=drop 

58   ;;; Echo reply
     chain=ICMP action=accept protocol=icmp icmp-options=0:0 

59   ;;; Time Exceeded
     chain=ICMP action=accept protocol=icmp icmp-options=11:0 

60   ;;; Destination unreachable
     chain=ICMP action=accept protocol=icmp icmp-options=3:0-1 

61   ;;; PMTUD
     chain=ICMP action=accept protocol=icmp icmp-options=3:4 

62   ;;; Drop to the other ICMPs
     chain=ICMP action=drop protocol=icmp 

63   ;;; Jump for icmp output
     chain=output action=jump jump-target=ICMP protocol=icmp 

64 X ;;; announce_peers_drop
     chain=forward action=drop src-address=172.16.0.0/12 content=announce_peers 
 
ojeysky
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Mar 10, 2009 2:04 pm

Re: LAN/WAN showing different Bandwidth( Data rate)

Thu Aug 27, 2015 11:56 am

Bump! any suggestion from anyone on what else to check? like i said, everything is fine when/if i don't have hotspot enabled. My hotspot settings has bandwidth limit set (hence there are dynamic queues existing). I recently started experiencing this disparity.

Thanks
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: LAN/WAN showing different Bandwidth( Data rate)

Fri Aug 28, 2015 6:01 am

If your hotspot users are bandwidth limited (shaped), maybe some bytes are intentionally discarded and not forwarded to lan interface ..
 
User avatar
chapex
Member Candidate
Member Candidate
Posts: 137
Joined: Wed May 30, 2007 1:23 am

Re: LAN/WAN showing different Bandwidth( Data rate)

Sat Aug 29, 2015 2:58 am

some progress on this? currently i have the same problem of difference between interfaces
Ubnet datacenter: bandwith transport
 
ojeysky
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Mar 10, 2009 2:04 pm

Re: LAN/WAN showing different Bandwidth( Data rate)

Mon Aug 31, 2015 12:31 pm

If your hotspot users are bandwidth limited (shaped), maybe some bytes are intentionally discarded and not forwarded to lan interface ..
By intentionally you mean i added a rule that does that or the router has a mind of its own? If that is the case, then why should the WAN traffic be more than the LAN since some bytes going through LAN to WAN is being discarded?
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1731
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: LAN/WAN showing different Bandwidth( Data rate)

Mon Aug 31, 2015 12:39 pm

some progress on this? currently i have the same problem of difference between interfaces
sorry, but where is problem investigating it yourself? with sniffer, firewall counters and logging???

1) add simple pasthrough rule in firewall chain input and forward, that captures all traffic caming in via interface.
2) reset all counters in interfaces and in firewall
3) use sniffer and torch
changing placement of these rules you can find out exactly where and what traffic goes.

my best guess is:
a) some traffic are dropped by firewall
b) some management traffic like winbox connection can add some traffic
c) typical network traffic like broadcasts etc.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
ojeysky
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Mar 10, 2009 2:04 pm

Re: LAN/WAN showing different Bandwidth( Data rate)

Mon Aug 31, 2015 2:23 pm

some progress on this? currently i have the same problem of difference between interfaces
sorry, but where is problem investigating it yourself? with sniffer, firewall counters and logging???

1) add simple pasthrough rule in firewall chain input and forward, that captures all traffic caming in via interface.
2) reset all counters in interfaces and in firewall
3) use sniffer and torch
changing placement of these rules you can find out exactly where and what traffic goes.

my best guess is:
a) some traffic are dropped by firewall
b) some management traffic like winbox connection can add some traffic
c) typical network traffic like broadcasts etc.
Hi, b and c would not be the case since we are talking about LAN being lesser than WAN. As for a, there seem not to be firewall issue as everything seem to normalise once hotspot is disabled. So i think it has to do with hotspot (at least in my own case)

Thanks
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: LAN/WAN showing different Bandwidth( Data rate)

Mon Aug 31, 2015 8:13 pm

If your hotspot users are bandwidth limited (shaped), maybe some bytes are intentionally discarded and not forwarded to lan interface ..
By intentionally you mean i added a rule that does that or the router has a mind of its own? If that is the case, then why should the WAN traffic be more than the LAN since some bytes going through LAN to WAN is being discarded?
Intentionally ..because "you" are shaping :D

Tipical users traffic is more on download direction..
Anyway you have to go deeper and discover what it's happening ..we are only giving you some hints (remember.. we have not access to your device/config and we know nothing of your network)
 
ojeysky
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Mar 10, 2009 2:04 pm

Re: LAN/WAN showing different Bandwidth( Data rate)

Thu Sep 03, 2015 5:04 pm

If your hotspot users are bandwidth limited (shaped), maybe some bytes are intentionally discarded and not forwarded to lan interface ..
By intentionally you mean i added a rule that does that or the router has a mind of its own? If that is the case, then why should the WAN traffic be more than the LAN since some bytes going through LAN to WAN is being discarded?
Intentionally ..because "you" are shaping :D

Tipical users traffic is more on download direction..
Anyway you have to go deeper and discover what it's happening ..we are only giving you some hints (remember.. we have not access to your device/config and we know nothing of your network)
Hello,

I have provided you with my firewall rules, what other details would you like to see so i can provide it. I have disabled all my firewall rules yet i am getting a difference as much as 10mb at times!

Regards
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: LAN/WAN showing different Bandwidth( Data rate)

Thu Sep 03, 2015 6:43 pm

..[CUT].. I have provided you with my firewall rules, what other details would you like to see so i can provide it. I have disabled all my firewall rules yet i am getting a difference as much as 10mb at times!
Firewall rules probably doesn't matter here ..


At this point, I must agree with @macgaiver ..
sorry, but where is problem investigating it yourself? with sniffer, firewall counters and logging???
So go deeper and try some logging/sniffing: try to understand better your traffic and post your findings so someone can (maybe) help you more.

Who is online

Users browsing this forum: Bing [Bot], ctconigz, garlicbulb, Majestic-12 [Bot], w0lt and 248 guests