Hello everyone,
I've just configured a CCR1036 to replace my old router but I have a big issue.
There is internet connection on SFP1, and on the ethernet ports there are other devices.
If I try to upload something I reach max 20mbps per port.
It means that if I start an upload from three ports (and three different devices) at the same time I reach 60mbps, but my internet connection is 300mbps in upload.
I can't understand why I can't reach 300mbps... With the old router I had 300mbps.
Can you help me?
RouterOS version is 6.19
Re: Upload issue on CCR-1036-12G-4S
Update: Rebooting the router gave me max speed for 3 minutes... And then 20mbps 
-
-
IntrusDave
Forum Guru
- Posts: 1286
- Joined:
- Location: Rancho Cucamonga, CA
Re: Upload issue on CCR-1036-12G-4S
We need the config to see what's going on. post an /export compact
Re: Upload issue on CCR-1036-12G-4S
Super simple configuration:
SFP1 to an ADM
Ether1 to Ether12 bridged on bridge1
Public IP on SFP1
Private IP on Ether1
NAT on IP class 10.0.0.0/8
My computer connected directly to the ADM: full speed
My computer connected to one of the port ether1-12: 20mbps max (per port!!!)
SFP1 to an ADM
Ether1 to Ether12 bridged on bridge1
Public IP on SFP1
Private IP on Ether1
NAT on IP class 10.0.0.0/8
My computer connected directly to the ADM: full speed
My computer connected to one of the port ether1-12: 20mbps max (per port!!!)
Re: Upload issue on CCR-1036-12G-4S
Here is export compact:
I have a bridged wireless network, 100% mikrotik.
I can attach my bridged network to the CCR via SFP or Ethernet, but the results are the same.
I can attach my WAN network directly to my Fiber ADM via SFP or through an SFP switch and then ethernet, but the results are the same.
Code: Select all
/interface bridge
add mtu=1500 name=my-bridged-network protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=\
ether1-bridged
set [ find default-name=sfp1 ] auto-negotiation=no comment="Fiber" \
l2mtu=9600 name=sfp1-wan
set [ find default-name=sfp2 ] auto-negotiation=no comment="Bridged Network" \
name=sfp2-bridged
set [ find default-name=sfp3 ] auto-negotiation=no
set [ find default-name=sfp4 ] auto-negotiation=no
/interface bridge port
add bridge=my-bridged-network interface=ether1-bridged
add bridge=my-bridged-network interface=sfp2-bridged
add bridge=my-bridged-network interface=ether3
add bridge=my-bridged-network interface=ether4
add bridge=my-bridged-network interface=ether5
add bridge=my-bridged-network interface=ether6
add bridge=my-bridged-network interface=ether7
add bridge=my-bridged-network interface=ether8
add bridge=my-bridged-network interface=ether9
add bridge=my-bridged-network interface=ether10
add bridge=my-bridged-network interface=ether11
add bridge=my-bridged-network interface=ether12
add bridge=my-bridged-network interface=ether2
add bridge=my-bridged-network interface=sfp3
add bridge=my-bridged-network interface=sfp4
/interface bridge settings
set use-ip-firewall-for-pppoe=yes
/ip address
add address=10.0.2.254/24 comment="Local IP" interface=sfp2-bridged \
network=10.0.2.0
add address=XXXXXXXX/30 interface=sfp1-wan network=XXXXXXXX
/ip dns
set allow-remote-requests=yes cache-size=8192KiB max-udp-packet-size=512 \
servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=sfp1-wan src-address=\
10.0.0.0/8 to-addresses=MY_WAN_IP
/ip route
add distance=1 gateway=MY_GATEWAY_WAN_IP
add distance=1 dst-address=MY_WAN_IP gateway=MY_GW_WAN_IPI can attach my bridged network to the CCR via SFP or Ethernet, but the results are the same.
I can attach my WAN network directly to my Fiber ADM via SFP or through an SFP switch and then ethernet, but the results are the same.
Re: Upload issue on CCR-1036-12G-4S
Hello,
Maybe the issue is here?:
set [ find default-name=sfp1 ] auto-negotiation=no comment="Fiber" \
l2mtu=9600 name=sfp1-wan
If ros is v.6.19, then set autonegotiation to yes
and why second route?
add distance=1 dst-address=MY_WAN_IP gateway=MY_GW_WAN_IP
Maybe the issue is here?:
set [ find default-name=sfp1 ] auto-negotiation=no comment="Fiber" \
l2mtu=9600 name=sfp1-wan
If ros is v.6.19, then set autonegotiation to yes
and why second route?
add distance=1 dst-address=MY_WAN_IP gateway=MY_GW_WAN_IP
-
-
IntrusDave
Forum Guru
- Posts: 1286
- Joined:
- Location: Rancho Cucamonga, CA
Re: Upload issue on CCR-1036-12G-4S
I would guess that it's the L2MTU=9600. Even if your ISP is delivering via fiber, i doubt they are using anything more than 1500. So your MTU should be 1500 and L2 MTU should be 1590.
Also on the auto-negotiation, You have it disabled, but you are not setting the link. at the very least it should be:
Also on the auto-negotiation, You have it disabled, but you are not setting the link. at the very least it should be:
Code: Select all
set [ find default-name=sfp1 ] advertise=1000M-full auto-negotiation=no rx-flow-control=auto tx-flow-control=autoRe: Upload issue on CCR-1036-12G-4S
Thank you for your answer!
Do you think I should edit my MTU on all interfaces?
Because I have the same issue using ethernet to connect to my ISP instead of SFP (passing through a switch)!
The export doesn't say nothing about auto-negotiation because I used the default settings, they are the same you reported but with Flow Control off (my ISP told me to turn it off).
Here's interface data:
----Actual Gateway (x86 machine with RouterOS 6.19)----
LAN (Ethernet to bridged network)
MTU: 1500
L2 MTU: 9200 (not editable)
WAN (Ethernet to a switch that has both SFP and Ethernet port)
MTU: 1500
L2 MTU: 7152 (not editable)
Bridge
MTU: 1500
L2 MTU: 9200 (not editable)
----New CCR Gateway----
SFP1 to Fiber (instead of old WAN)
MTU: 1500
L2 MTU: 9600
SFP2 to bridged network (instead of old LAN)
MTU: 1500
L2 MTU: 9600
All other interfaces
MTU: 1500
L2 MTU: 1590
Bridge
MTU: 1500
L2 MTU: 1590 (not editable)
As I said, I have the same issue using SFP or using Ethernet, both for bridged network and fiber...
My ISP told me to do this.
About the second route you're right, it's not needed, I don't remember why is there, maybe because all my attempts to solve the problem
I noticed also that on the Old Gateway in Firewall -> Mangle there are these two values, and there are not in the new one:
But they are dynamic, where are they from?
Do you think I should edit my MTU on all interfaces?
Because I have the same issue using ethernet to connect to my ISP instead of SFP (passing through a switch)!
The export doesn't say nothing about auto-negotiation because I used the default settings, they are the same you reported but with Flow Control off (my ISP told me to turn it off).
Here's interface data:
----Actual Gateway (x86 machine with RouterOS 6.19)----
LAN (Ethernet to bridged network)
MTU: 1500
L2 MTU: 9200 (not editable)
WAN (Ethernet to a switch that has both SFP and Ethernet port)
MTU: 1500
L2 MTU: 7152 (not editable)
Bridge
MTU: 1500
L2 MTU: 9200 (not editable)
----New CCR Gateway----
SFP1 to Fiber (instead of old WAN)
MTU: 1500
L2 MTU: 9600
SFP2 to bridged network (instead of old LAN)
MTU: 1500
L2 MTU: 9600
All other interfaces
MTU: 1500
L2 MTU: 1590
Bridge
MTU: 1500
L2 MTU: 1590 (not editable)
As I said, I have the same issue using SFP or using Ethernet, both for bridged network and fiber...
I had to use auto-negotiation=no and set it to 1gbps-full because it's the only way to make it work.Hello,
Maybe the issue is here?:
set [ find default-name=sfp1 ] auto-negotiation=no comment="Fiber" \
l2mtu=9600 name=sfp1-wan
If ros is v.6.19, then set autonegotiation to yes
and why second route?
add distance=1 dst-address=MY_WAN_IP gateway=MY_GW_WAN_IP
My ISP told me to do this.
About the second route you're right, it's not needed, I don't remember why is there, maybe because all my attempts to solve the problem
I noticed also that on the Old Gateway in Firewall -> Mangle there are these two values, and there are not in the new one:
Code: Select all
MANGLE
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=forward action=change-mss new-mss=1370 passthrough=yes
tcp-flags=syn protocol=tcp in-interface=all-ppp tcp-mss=1371-65535
log=no log-prefix=""
1 D chain=forward action=change-mss new-mss=1420 passthrough=yes
tcp-flags=syn protocol=tcp out-interface=all-ppp tcp-mss=1421-65535
log=no log-prefix=""Re: Upload issue on CCR-1036-12G-4S
Do you use any tunnel protocol like pppoe for wan connection?
Re: Upload issue on CCR-1036-12G-4S
No, my users connect to the access points (on the bridged network) using pppoe but on the gateway I'm not using it...
Re: Upload issue on CCR-1036-12G-4S
So the problem can beNo, my users connect to the access points (on the bridged network) using pppoe but on the gateway I'm not using it...
a) with the nat rule
b) L2MTU size
try to lower l2mtu size to 1590
Re: Upload issue on CCR-1036-12G-4S
This ruleWhat NAT rule?
/ip firewall nat
add action=masquerade chain=srcnat out-interface=sfp1-wan src-address=\
10.0.0.0/8 to-addresses=MY_WAN_IP
in general this rule looks ok. but who knows.
remove src address and to-addresses
and if not helps, write here
Re: Upload issue on CCR-1036-12G-4S
SRC is needed because I NAT only users with private IP.
There are users with public IP which are not natted.
I can remove to-address but it seems strange to me that a NAT rule creates these problems!
I would like to have as more advice as possible because the gateway is 100km far from home so I'll go there only if I'm pretty sure I can solve the problem
Or at least I have some suggestions from you 
There are users with public IP which are not natted.
I can remove to-address but it seems strange to me that a NAT rule creates these problems!
I would like to have as more advice as possible because the gateway is 100km far from home so I'll go there only if I'm pretty sure I can solve the problem
Or at least I have some suggestions from you 
Re: Upload issue on CCR-1036-12G-4S
I cant solve your issue, but you should set the IP not on the port but on the bridge. And you forgot to add a firewall rule to drip DNS reflection attack.
Re: Upload issue on CCR-1036-12G-4S
Thank you for your support!
What rule for DNS reflection?
Why IPs on the bridge?
What rule for DNS reflection?
Why IPs on the bridge?
Re: Upload issue on CCR-1036-12G-4S
Since the ports are added to the bridge the bridge should have the ip and not one of the ports.
DNS, its a DNS amplification attack that you want to stop, http://forum.mikrotik.com/viewtopic.php?f=13&t=85598 . Not closing the DNS from WAN side could consume all your outgoing bandwidth by someone doing the attack.
DNS, its a DNS amplification attack that you want to stop, http://forum.mikrotik.com/viewtopic.php?f=13&t=85598 . Not closing the DNS from WAN side could consume all your outgoing bandwidth by someone doing the attack.