Community discussions

MikroTik App
 
User avatar
kosonya
just joined
Topic Author
Posts: 2
Joined: Tue Nov 30, 2021 3:35 pm
Location: San Francisco Bay Area

WAN 20x slower than expected with QuickSet

Tue Nov 30, 2021 8:19 pm

Hi all!

I'm new to MikroTik devices and, other than having once run a Gentoo netfilter box as my home router, to network administration in general. Now I'm trying to build a ridiculously overengineered multigigabit homelab, and I'm really running into the limits of my knowledge.

So far, I'm trying to prototype the new network with of its NAS+VPN+DNS+VDS glory behind my already running consumer-grade NAT, and then migrate it all at once. So what I have now is:
           {WAN}
             |
          (coax)
             |
[ARRIS TG4482A xFi Gateway 3rd Generation, router mode, LAN IP: 10.0.0.1] --------------> {WLAN1}
             |
        (2.5GBASE-T)
             |
[TRENDnet TEG-30102WS 2.5G Switch] --- (2.5GBASE-T) --- [ScreenBeam ECB7250 MoCA 2.5 adapter) ---(coax)--- [ScreenBeam ECB7250 MoCA 2.5 adapter]
             |                                                                                                              |
        (2.5GBASE-T)                                                                                                  (2.5GBASE-T)
             |                                                                                                              |
[MikroTik CRS305-1G-4S+, bridge mode, IP: 10.0.0.92] ---(10GBASE-T)---[PC1]                                [QNAP QSW-1105-5T 5-Port Unmanaged 2.5GbE Switch]
             |                                                                                                              |
        (10GBASE-T)                                                                                                    (2.5GBASE-T)
             |                                                                                                              |                 
[MikroTik CRS317-1G-16s+, router mode, WAN(SFP+1) IP: 10.0.0.242, LAN IP: 192.168.0.1]---(10GBASE-T)---[PC2]     [TP-LINK Archer AX11000, bridge mode]
             |                                                                                                              |
        (10GBASE-T)                                                                                                         V
             |                                                                                                           {WLAN2}
           [PC3]
I set up CRS317-1G-16s+ via QuickSet as best as I could after watching https://www.youtube.com/playlist?list=P ... zL3VrYtsKS and https://category5.tv/feature/mikrotik, and I'm now trying to test the absolute basic routing.
[PC1]
,
[PC2]
, and
[PC3]
all contain known good 10GBASE-T NICs, and I'm trying to evaluate the performance of the network by running
iperf
and
iperf3
on default settings between them. I'm getting:
  • PC2 <-> PC3 ~6Gbps - this seems expected, since multigigabit networks can be difficult to saturate in a single thread, without fine-tuning both the network itself and iperf.
  • PC1 <-> PC2 ~450Mbps - this is way below anything that I can write-off as a matter of fine-tuning.
  • As a sanity check, I reconnected PC2 to CRS305-1G-4S+ and tested connection between it in the new location and PC1, to verify that PC1 and CRS305-1G-4S+ can generate enough traffic to saturate the WAN port of CRS317-1G-16s+ - and yes, this connection also generates about 6Gbps.
This seems to eliminate the possibility that it could be an issue of
iperf
, NICs, cables, or CRS305-1G-4S+. I considered the possibility that SFP+1 transceiver and/or port could be the culprit, and as a sanity check, moved the WAN port to ether1. I originally avoided doing this because I wanted to avoid capping WAN at 1GbE (not that it really matters - I'm only getting about 1.2Gbps Rx and am much more bottlenecked by the 40 Mbps Tx anyway - so if it's somehow impossible to effectively use SFP+1 as WAN, ether1 is good enough, but if I can make it work, I want to), but I'd at least expect a working 1000BASE-T port to give me, Idunno, 600~700Mbps? But no, with ether1 as WAN, I'm also getting ~450Mbps across NAT. So there really does seem to be a major performance issue with routing.

I searched through this and other forums, but the most similar discussions involved problems with having more than one bridge interface, in which case only one of them can be hardware-accelerated. I nonetheless tries to poke around hardware offloading settings but didn't find anything that would seem to fix the issue.

Any other ideas about what it could be?

[UPD: completely forgot! Config.]
# nov/30/2021 10:54:35 by RouterOS 6.49.1
# software id = HCQS-C0TG
#
# model = CRS317-1G-16S+
# serial number = D7EC0EC9CC3F
/interface bridge
add mtu=1500 name=lanbridge
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,5
set [ find default-name=sfp-sfpplus15 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,
set [ find default-name=sfp-sfpplus16 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.3.1-192.168.10.254
/ip dhcp-server
add address-pool=dhcp always-broadcast=yes disabled=no interface=lanbridge name=dhcp1
/interface bridge port
add bridge=lanbridge interface=ether1
add bridge=lanbridge interface=sfp-sfpplus2
add bridge=lanbridge interface=sfp-sfpplus3
add bridge=lanbridge interface=sfp-sfpplus4
add bridge=lanbridge interface=sfp-sfpplus5
add bridge=lanbridge interface=sfp-sfpplus6
add bridge=lanbridge interface=sfp-sfpplus7
add bridge=lanbridge interface=sfp-sfpplus8
add bridge=lanbridge interface=sfp-sfpplus9
add bridge=lanbridge interface=sfp-sfpplus10
add bridge=lanbridge interface=sfp-sfpplus11
add bridge=lanbridge interface=sfp-sfpplus12
add bridge=lanbridge interface=sfp-sfpplus13
add bridge=lanbridge interface=sfp-sfpplus14
add bridge=lanbridge interface=sfp-sfpplus15
add bridge=lanbridge interface=sfp-sfpplus16
/interface list member
add interface=lanbridge list=LAN
add interface=sfp-sfpplus1 list=WAN
/ip address
add address=192.168.0.1/16 interface=lanbridge network=192.168.0.0
/ip dhcp-client
add disabled=no interface=sfp-sfpplus1
/ip dhcp-server network
add dns-server=8.8.8.8 gateway=192.168.0.1 netmask=24
add address=192.168.0.0/16 gateway=192.168.0.1 netmask=16
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=kosonyamikrotik
/system routerboard settings
set boot-os=router-os
 
User avatar
kosonya
just joined
Topic Author
Posts: 2
Joined: Tue Nov 30, 2021 3:35 pm
Location: San Francisco Bay Area

Re: WAN 20x slower than expected with QuickSet  [SOLVED]

Fri Dec 03, 2021 3:40 am

Hmm, OK, so it looks like Fasttrackmight be the solution. I added
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
/ip firewall filter add chain=forward action=accept connection-state=established,related
to my config, and WAN speed increased up to 1.85 Gbits/s, which I'm gonna call good enough. My final config is:
# dec/02/2021 17:37:01 by RouterOS 6.49.1
# software id = HCQS-C0TG
#
# model = CRS317-1G-16S+
# serial number = D7EC0EC9CC3F
/interface bridge
add mtu=1500 name=lanbridge
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full mac-address=\
    2C:C8:1B:2A:1A:9F
set [ find default-name=sfp-sfpplus15 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full
set [ find default-name=sfp-sfpplus16 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.3.1-192.168.10.254
/ip dhcp-server
add address-pool=dhcp always-broadcast=yes disabled=no interface=lanbridge name=dhcp1
/interface bridge port
add bridge=lanbridge interface=ether1
add bridge=lanbridge interface=sfp-sfpplus2
add bridge=lanbridge interface=sfp-sfpplus3
add bridge=lanbridge interface=sfp-sfpplus4
add bridge=lanbridge interface=sfp-sfpplus5
add bridge=lanbridge interface=sfp-sfpplus6
add bridge=lanbridge interface=sfp-sfpplus7
add bridge=lanbridge interface=sfp-sfpplus8
add bridge=lanbridge interface=sfp-sfpplus9
add bridge=lanbridge interface=sfp-sfpplus10
add bridge=lanbridge interface=sfp-sfpplus11
add bridge=lanbridge interface=sfp-sfpplus12
add bridge=lanbridge interface=sfp-sfpplus13
add bridge=lanbridge interface=sfp-sfpplus14
add bridge=lanbridge interface=sfp-sfpplus15
add bridge=lanbridge interface=sfp-sfpplus16
/interface list member
add interface=lanbridge list=LAN
add interface=sfp-sfpplus1 list=WAN
/ip address
add address=192.168.0.1/16 interface=lanbridge network=192.168.0.0
/ip dhcp-client
add disabled=no interface=sfp-sfpplus1
/ip dhcp-server network
add dns-server=8.8.8.8 gateway=192.168.0.1 netmask=24
add address=192.168.0.0/16 gateway=192.168.0.1 netmask=16
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=kosonyamikrotik
/system routerboard settings
set boot-os=router-os
I can't say that I quite understand what I'm doing here, and also, speeding things up even more would have been nice, so if anyone has more input, it's very much welcome. But for now, I guess, it's good enough.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], Vyizis and 47 guests