Community discussions

MikroTik App
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Fast-Track not working - was: How to test bandwidth properly

Wed Jan 12, 2022 9:36 am

Hi all,

what is the correct way to test the inter-vlan-routing capacity/bandwidth properly?

At the moment i have a hypervisor with a 10G-Trunk with 4 VLANS, and a VM in each VLAN with a router-on-stick RB5009 who does the routing between the vlans.
For tests i have disabled all Firewall Rules.

VM_VLAN10+VM_VLAN20-->vSwitch-->Trunk-to-CRS309-->Trunk-to-RB5009

But even then i just get the following results instead of the advertised which should be around 7479.1 Mbit/s

Image

Greetings
mg
Last edited by quotengrote on Fri Jan 21, 2022 1:49 pm, edited 1 time in total.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 736
Joined: Tue Dec 17, 2019 1:08 pm

Re: How to test bandwidth properly

Wed Jan 12, 2022 1:02 pm

1. RouterOS Config
If possible, please POST the Config of the RB5009
(/export hide-sensitive file=anynameyouwish)


2. Test-Parameters
Can you also Post your iPerf-Test parameter

P.S:
The 7479.1 Mbit/s only works for Transfer of 1518 byte
I recommend using 2557.1 Mbps as a real world Reference Value.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: How to test bandwidth properly

Wed Jan 12, 2022 3:25 pm

Hi,

iperf:
iperf3 -c <ip> -P 2 --bidir
Config:

[admin@rb5009] > export hide-sensitive 
# jan/12/2022 14:22:19 by RouterOS 7.1.1
# software id = 56R5-PRTF
#
# model = RB5009UG+S+
/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge1 protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=crs309
set [ find default-name=ether2 ] comment=FritzBox
set [ find default-name=ether3 ] comment=Unifi
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] comment=Notfall-Port
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard_clients
add comment="site2site Verbindung zu Papa" listen-port=4164 mtu=1420 name=wireguard_s2s_ag
/interface vlan
add interface=bridge1 name=vlan2 vlan-id=2
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
/interface list
add name=LAN
add name=WAN
add name=VPN
add name=VLAN
add name=winbox-access
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_subnet2 ranges=192.168.2.35-192.168.2.200
add name=pool_subnet10 ranges=192.168.10.35-192.168.10.200
add name=pool_subnet20 ranges=192.168.20.35-192.168.20.200
/ip dhcp-server
add add-arp=yes address-pool=pool_subnet2 interface=vlan2 lease-script=":local DHCPtag\r\
    \n:set DHCPtag \"#DHCP\"\r\
    \n\r\
    \n:if ( [ :len \$leaseActIP ] <= 0 ) do={ :error \"empty lease address\" }\r\
    \n\r\
    \n:if ( \$leaseBound = 1 ) do=\\\r\
    \n{\r\
    \n    :local ttl\r\
    \n    :local domain\r\
    \n    :local hostname\r\
    \n    :local fqdn\r\
    \n    :local leaseId\r\
    \n    :local comment\r\
    \n\r\
    \n    /ip dhcp-server\r\
    \n    :set ttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
    \n    network\r\
    \n    :set domain [ get [ find \$leaseActIP in address ] domain ]\r\
    \n\r\
    \n    .. lease\r\
    \n    :set leaseId [ find address=\$leaseActIP ]\r\
    \n\r\
    \n    # Check for multiple active leases for the same IP address. It's weird and it shouldn't be, but just in case.\r\
    \n\r\
    \n    :if ( [ :len \$leaseId ] != 1) do={\r\
    \n        :log info \"DHCP2DNS: not registering domain name for address \$leaseActIP because of multiple active leases for \$leaseActIP\"\r\
    \n        :error \"multiple active leases for \$leaseActIP\"\r\
    \n    }\r\
    \n\r\
    \n    :set hostname [ get \$leaseId host-name ]\r\
    \n    :set comment [ get \$leaseId comment ]\r\
    \n    /\r\
    \n\r\
    \n    :if ( [ :len \$hostname ] <= 0 ) do={ :set hostname \$comment }\r\
    \n\r\
    \n    :if ( [ :len \$hostname ] <= 0 ) do={\r\
    \n        :log error \"DHCP2DNS: not registering domain name for address \$leaseActIP because of empty lease host-name or comment\"\r\
    \n        :error \"empty lease host-name or comment\"\r\
    \n    }\r\
    \n    :if ( [ :len \$domain ] <= 0 ) do={\r\
    \n        :log error \"DHCP2DNS: not registering domain name for address \$leaseActIP because of empty network domain name\"\r\
    \n        :error \"empty network domain name\"\r\
    \n    }\r\
    \n\r\
    \n    :set fqdn \"\$hostname.\$domain\"\r\
    \n\r\
    \n    /ip dns static\r\
    \n    :if ( [ :len [ find name=\$fqdn and address=\$leaseActIP and disabled=no ] ] = 0 ) do={\r\
    \n        add address=\$leaseActIP name=\$fqdn ttl=\$ttl comment=\$DHCPtag disabled=no\r\
    \n    } else={\r\
    \n        :log error \"DHCP2DNS: not registering domain name \$fqdn for address \$leaseActIP because of existing active static DNS entry with this name or address\"\r\
    \n    }\r\
    \n    /\r\
    \n} else={\r\
    \n    /ip dns static\r\
    \n    :local dnsDhcpId\r\
    \n    :set dnsDhcpId [ find address=\$leaseActIP and comment=\$DHCPtag ]\r\
    \n    :if ( [ :len \$dnsDhcpId ] > 0 ) do={\r\
    \n        remove \$dnsDhcpId\r\
    \n    }\r\
    \n    /\r\
    \n}\r\
    \n" lease-time=4h name=dhcp_server_subnet2_vlan2
add add-arp=yes address-pool=pool_subnet10 interface=vlan10 lease-time=4h name=dhcp_server_subnet10_vlan10
add add-arp=yes address-pool=pool_subnet20 interface=vlan20 lease-time=4h name=dhcp_server_subnet20_vlan20
/port
set 0 name=usb1
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=!WAN
/ip settings
set max-neighbor-entries=8192 tcp-syncookies=yes
/ipv6 settings
set max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,ether3 vlan-ids=2
add bridge=bridge1 tagged=bridge1,ether1,ether3 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether1,ether3 vlan-ids=20
add bridge=bridge1 tagged=bridge1,ether1,ether3 vlan-ids=30
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=WAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=wireguard_clients list=LAN
add interface=wireguard_clients list=VPN
add interface=wireguard_s2s_ag list=VPN
add interface=vlan10 list=VLAN
add interface=vlan2 list=VLAN
add interface=vlan20 list=VLAN
add interface=vlan2 list=winbox-access
add interface=ether8 list=winbox-access
/interface wireguard peers
add allowed-address=10.25.25.2/32 comment=mg_ipad interface=wireguard_clients public-key="eFoY0xHHX9rg1DaRo4ZRsBfzJdrcJjJhd2tBKb940WY="
add allowed-address=10.25.25.3/32 comment=mg_iphone interface=wireguard_clients public-key="qUxvXieWvVyu5TJAhLrt2mgC/SHe1Ix0bevMQdWxuRk="
add allowed-address=10.25.25.4/32 comment=mg_laptop interface=wireguard_clients public-key="siaaex6zPhhDEC2l6ENwZcEXsPuJNUoR0youCOFY/D8="
add allowed-address=192.168.3.0/24 comment="Profil: mg_rb5009 auf mango02" endpoint-address=nt56227.glddns.com endpoint-port=51820 interface=wireguard_s2s_ag public-key=\
    "wliL9Py6oXPDmkkeBpEeg8QpCpuiAXgiUnFS7UQkWRg="
/ip address
add address=192.168.2.1/24 interface=vlan2 network=192.168.2.0
add address=10.25.25.1/24 interface=wireguard_clients network=10.25.25.0
add address=10.0.0.6 interface=wireguard_s2s_ag network=10.0.0.6
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m update-time=no
/ip dhcp-client
add interface=ether2 script="remove [find where list=wan_ip]\r\
    \nadd list=wan_ip address=[/ip/cloud/get public-address]\r\
    \n" use-peer-dns=no
/ip dhcp-server lease
add address=192.168.2.46 mac-address=9A:13:1C:FF:CD:87 server=dhcp_server_subnet2_vlan2
add address=192.168.2.59 mac-address=06:85:EC:82:2E:2D server=dhcp_server_subnet2_vlan2
add address=192.168.2.44 mac-address=12:06:EF:E5:0C:E5 server=dhcp_server_subnet2_vlan2
add address=192.168.2.36 mac-address=42:51:EE:46:EA:24 server=dhcp_server_subnet2_vlan2
add address=192.168.2.43 mac-address=06:35:CC:ED:1D:EE server=dhcp_server_subnet2_vlan2
add address=192.168.2.68 client-id=ff:ca:53:9:5a:0:2:0:0:ab:11:25:2c:9a:f8:31:a4:d8:2e mac-address=C6:72:DD:03:41:55 server=dhcp_server_subnet2_vlan2
add address=192.168.2.65 client-id=1:1e:e8:95:18:37:3b mac-address=1E:E8:95:18:37:3B server=dhcp_server_subnet2_vlan2
add address=192.168.2.147 client-id=1:0:e:c6:ed:4e:3a comment=ads2700w mac-address=00:0E:C6:ED:4E:3A server=dhcp_server_subnet2_vlan2
add address=192.168.2.180 client-id=1:48:2a:e3:52:c8:d7 mac-address=48:2A:E3:52:C8:D7 server=dhcp_server_subnet2_vlan2
add address=192.168.2.35 client-id=1:24:5a:4c:62:e6:37 mac-address=24:5A:4C:62:E6:37 server=dhcp_server_subnet2_vlan2
add address=192.168.2.40 client-id=1:10:63:c8:35:54:57 mac-address=10:63:C8:35:54:57 server=dhcp_server_subnet2_vlan2
add address=192.168.2.60 client-id=1:48:b4:23:94:5c:7c comment=FireTVStick mac-address=48:B4:23:94:5C:7C server=dhcp_server_subnet2_vlan2
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.1 domain=grote.lan gateway=192.168.2.1 ntp-server=192.168.2.43
add address=192.168.10.0/24 dns-server=9.9.9.9 gateway=192.168.10.1
add address=192.168.20.0/24 dns-none=yes gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h cache-size=4096KiB max-concurrent-queries=1000 servers=192.168.2.3
/ip dns static
add address=192.168.2.223 name=crs309.grote.lan
add address=192.168.2.213 name=pihole2-test.grote.lan
add address=192.168.2.210 name=pve2-test.grote.lan
add address=192.168.2.15 name=pve2.grote.lan
add address=192.168.2.13 name=supermicro-ipmi.grote.lan
add address=192.168.2.147 name=ads2700w.grote.lan
add address=192.168.2.188 name=mango01.grote.lan
add address=192.168.5.1 name=fritz.box
add address=192.168.2.3 name=pihole2.grote.lan
add address=192.168.2.65 comment=#DHCP name=win3.grote.lan ttl=4h
add address=192.168.2.35 comment=#DHCP name=nanohd-wohnzimmer.grote.lan ttl=4h
add address=192.168.2.49 comment=#DHCP name=iPadvonMichael2.grote.lan ttl=4h
add address=192.168.2.50 comment=#DHCP name=docker4.grote.lan ttl=4h
add address=192.168.2.46 comment=#DHCP name=acng.grote.lan ttl=4h
add address=192.168.2.36 comment=#DHCP name=fileserver2.grote.lan ttl=4h
add address=192.168.2.37 comment=#DHCP name=ansible2.grote.lan ttl=4h
add address=192.168.2.44 comment=#DHCP name=gitea.grote.lan ttl=4h
add address=192.168.2.45 comment=#DHCP name=dokuwiki2.grote.lan ttl=4h
add address=192.168.2.43 comment=#DHCP name=ntp-server.grote.lan ttl=4h
add address=192.168.2.59 comment=#DHCP name=docker2.grote.lan ttl=4h
add address=192.168.2.68 comment=#DHCP name=docker3.grote.lan ttl=4h
add address=192.168.2.41 comment=#DHCP name=iPhonevnneMarie.grote.lan ttl=4h
add address=192.168.2.61 comment=#DHCP name=frida.grote.lan ttl=4h
/ip firewall address-list
add address=192.168.2.0/24 list=subnet2
add address=192.168.2.0/24 list=mgmt_access
add address=192.168.3.0/24 list=subnet3
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet
add list=DOH-Server
add address=1.0.0.1 list=DOH-Server
add address=1.0.0.2 list=DOH-Server
add address=1.0.0.3 list=DOH-Server
add address=101.101.101.101 list=DOH-Server
add address=101.102.103.104 list=DOH-Server
add address=101.198.192.33 list=DOH-Server
add address=101.33.125.235 list=DOH-Server
add address=101.34.204.157 list=DOH-Server
add address=101.35.161.25 list=DOH-Server
add address=101.6.6.6 list=DOH-Server
add address=103.196.38.200 list=DOH-Server
add address=103.254.108.74 list=DOH-Server
add address=103.2.57.5 list=DOH-Server
add address=103.2.57.6 list=DOH-Server
add address=103.73.64.132 list=DOH-Server
add address=103.85.15.60 list=DOH-Server
add address=104.16.132.229 list=DOH-Server
add address=104.16.133.229 list=DOH-Server
add address=104.16.248.249 list=DOH-Server
add address=104.16.249.249 list=DOH-Server
add address=104.18.14.23 list=DOH-Server
add address=104.18.15.23 list=DOH-Server
add address=104.18.26.211 list=DOH-Server
add address=104.18.27.211 list=DOH-Server
add address=104.19.191.54 list=DOH-Server
add address=104.19.208.54 list=DOH-Server
add address=104.19.215.50 list=DOH-Server
add address=104.19.216.50 list=DOH-Server
add address=104.21.13.53 list=DOH-Server
add address=104.21.22.243 list=DOH-Server
add address=104.21.30.162 list=DOH-Server
add address=104.21.39.240 list=DOH-Server
add address=104.21.49.234 list=DOH-Server
add address=104.21.51.90 list=DOH-Server
add address=104.21.59.197 list=DOH-Server
add address=104.21.6.78 list=DOH-Server
add address=104.244.78.231 list=DOH-Server
add address=107.155.83.188 list=DOH-Server
add address=110.185.186.35 list=DOH-Server
add address=1.1.1.1 list=DOH-Server
add address=111.123.247.35 list=DOH-Server
add address=111.170.27.1 list=DOH-Server
add address=1.1.1.2 list=DOH-Server
add address=111.225.213.35 list=DOH-Server
add address=111.229.68.53 list=DOH-Server
add address=1.1.1.3 list=DOH-Server
add address=113.113.73.35 list=DOH-Server
add address=115.159.131.230 list=DOH-Server
add address=116.202.176.26 list=DOH-Server
add address=121.32.228.35 list=DOH-Server
add address=12.159.2.159 list=DOH-Server
add address=129.146.14.174 list=DOH-Server
add address=129.213.4.166 list=DOH-Server
add address=130.225.244.166 list=DOH-Server
add address=130.226.161.34 list=DOH-Server
add address=130.59.31.248 list=DOH-Server
add address=130.59.31.251 list=DOH-Server
add address=130.61.2.165 list=DOH-Server
add address=132.145.2.168 list=DOH-Server
add address=134.169.34.57 list=DOH-Server
add address=13.53.186.52 list=DOH-Server
add address=136.144.215.158 list=DOH-Server
add address=136.244.65.20 list=DOH-Server
add address=136.244.97.114 list=DOH-Server
add address=137.117.187.53 list=DOH-Server
add address=13.89.120.251 list=DOH-Server
add address=139.162.112.47 list=DOH-Server
add address=139.59.48.222 list=DOH-Server
add address=139.99.222.72 list=DOH-Server
add address=140.112.29.207 list=DOH-Server
add address=140.238.215.192 list=DOH-Server
add address=140.82.59.231 list=DOH-Server
add address=14.152.86.35 list=DOH-Server
add address=14.215.89.35 list=DOH-Server
add address=144.202.69.149 list=DOH-Server
add address=145.100.185.15 list=DOH-Server
add address=145.100.185.16 list=DOH-Server
add address=145.100.185.17 list=DOH-Server
add address=145.100.185.18 list=DOH-Server
add address=146.112.41.2 list=DOH-Server
add address=146.112.41.3 list=DOH-Server
add address=146.112.41.4 list=DOH-Server
add address=146.112.41.5 list=DOH-Server
add address=146.255.56.98 list=DOH-Server
add address=149.112.112.10 list=DOH-Server
add address=149.112.112.11 list=DOH-Server
add address=149.112.112.112 list=DOH-Server
add address=149.112.112.12 list=DOH-Server
add address=149.112.112.13 list=DOH-Server
add address=149.112.112.9 list=DOH-Server
add address=149.112.121.10 list=DOH-Server
add address=149.112.121.20 list=DOH-Server
add address=149.112.121.30 list=DOH-Server
add address=149.112.122.10 list=DOH-Server
add address=149.112.122.20 list=DOH-Server
add address=149.112.122.30 list=DOH-Server
add address=149.154.153.153 list=DOH-Server
add address=149.56.228.45 list=DOH-Server
add address=151.80.222.79 list=DOH-Server
add address=152.67.165.26 list=DOH-Server
add address=157.230.65.255 list=DOH-Server
add address=158.64.1.29 list=DOH-Server
add address=158.69.158.186 list=DOH-Server
add address=159.69.114.157 list=DOH-Server
add address=162.14.21.178 list=DOH-Server
add address=162.14.21.56 list=DOH-Server
add address=165.227.233.200 list=DOH-Server
add address=167.114.220.125 list=DOH-Server
add address=168.138.243.216 list=DOH-Server
add address=168.235.81.167 list=DOH-Server
add address=1.71.157.35 list=DOH-Server
add address=172.104.206.174 list=DOH-Server
add address=172.104.93.80 list=DOH-Server
add address=172.105.216.54 list=DOH-Server
add address=172.105.241.93 list=DOH-Server
add address=17.253.36.119 list=DOH-Server
add address=17.253.36.215 list=DOH-Server
add address=17.253.36.247 list=DOH-Server
add address=17.253.56.85 list=DOH-Server
add address=172.67.134.157 list=DOH-Server
add address=172.67.150.146 list=DOH-Server
add address=172.67.154.200 list=DOH-Server
add address=172.67.173.59 list=DOH-Server
add address=172.67.177.252 list=DOH-Server
add address=172.67.182.242 list=DOH-Server
add address=172.67.195.148 list=DOH-Server
add address=172.67.207.222 list=DOH-Server
add address=173.199.126.35 list=DOH-Server
add address=174.138.29.175 list=DOH-Server
add address=174.68.248.77 list=DOH-Server
add address=176.9.1.117 list=DOH-Server
add address=176.9.199.158 list=DOH-Server
add address=176.9.93.198 list=DOH-Server
add address=18.233.19.235 list=DOH-Server
add address=184.105.193.78 list=DOH-Server
add address=185.134.196.52 list=DOH-Server
add address=185.134.196.54 list=DOH-Server
add address=185.134.196.55 list=DOH-Server
add address=185.150.99.255 list=DOH-Server
add address=185.175.56.133 list=DOH-Server
add address=185.18.148.91 list=DOH-Server
add address=185.194.94.71 list=DOH-Server
add address=185.213.26.187 list=DOH-Server
add address=185.216.27.142 list=DOH-Server
add address=185.222.222.222 list=DOH-Server
add address=185.228.168.10 list=DOH-Server
add address=185.228.168.168 list=DOH-Server
add address=185.228.168.9 list=DOH-Server
add address=185.233.106.232 list=DOH-Server
add address=185.233.107.4 list=DOH-Server
add address=185.235.81.1 list=DOH-Server
add address=185.235.81.2 list=DOH-Server
add address=185.235.81.3 list=DOH-Server
add address=185.235.81.4 list=DOH-Server
add address=185.235.81.5 list=DOH-Server
add address=185.235.81.6 list=DOH-Server
add address=185.253.154.66 list=DOH-Server
add address=185.38.27.139 list=DOH-Server
add address=185.43.135.1 list=DOH-Server
add address=185.49.141.37 list=DOH-Server
add address=185.95.218.42 list=DOH-Server
add address=185.95.218.43 list=DOH-Server
add address=192.53.175.149 list=DOH-Server
add address=193.17.47.1 list=DOH-Server
add address=193.180.80.1 list=DOH-Server
add address=193.180.80.2 list=DOH-Server
add address=193.19.108.2 list=DOH-Server
add address=193.19.108.3 list=DOH-Server
add address=193.29.62.196 list=DOH-Server
add address=193.70.85.11 list=DOH-Server
add address=194.110.115.97 list=DOH-Server
add address=194.124.76.14 list=DOH-Server
add address=194.242.2.2 list=DOH-Server
add address=194.242.2.3 list=DOH-Server
add address=195.201.220.199 list=DOH-Server
add address=198.180.150.12 list=DOH-Server
add address=198.251.90.89 list=DOH-Server
add address=198.251.90.91 list=DOH-Server
add address=199.195.251.84 list=DOH-Server
add address=199.58.81.218 list=DOH-Server
add address=200.1.123.46 list=DOH-Server
add address=203.56.69.35 list=DOH-Server
add address=206.189.52.23 list=DOH-Server
add address=207.148.120.244 list=DOH-Server
add address=208.67.220.123 list=DOH-Server
add address=208.67.220.220 list=DOH-Server
add address=208.67.222.123 list=DOH-Server
add address=208.67.222.222 list=DOH-Server
add address=208.91.197.132 list=DOH-Server
add address=209.141.34.95 list=DOH-Server
add address=210.16.120.48 list=DOH-Server
add address=212.60.61.246 list=DOH-Server
add address=212.60.63.246 list=DOH-Server
add address=212.78.94.40 list=DOH-Server
add address=213.167.231.6 list=DOH-Server
add address=213.196.191.96 list=DOH-Server
add address=216.119.155.49 list=DOH-Server
add address=216.146.35.35 list=DOH-Server
add address=216.146.36.36 list=DOH-Server
add address=217.0.43.114 list=DOH-Server
add address=217.169.20.22 list=DOH-Server
add address=217.169.20.23 list=DOH-Server
add address=217.70.184.50 list=DOH-Server
add address=220.169.152.35 list=DOH-Server
add address=223.5.5.5 list=DOH-Server
add address=223.6.6.6 list=DOH-Server
add address=24.240.146.7 list=DOH-Server
add address=24.240.146.8 list=DOH-Server
add address=27.112.79.80 list=DOH-Server
add address=3.235.58.142 list=DOH-Server
add address=34.235.39.196 list=DOH-Server
add address=34.237.164.103 list=DOH-Server
add address=35.174.40.117 list=DOH-Server
add address=35.230.160.38 list=DOH-Server
add address=35.231.247.227 list=DOH-Server
add address=35.237.220.84 list=DOH-Server
add address=35.245.234.132 list=DOH-Server
add address=3.64.200.242 list=DOH-Server
add address=36.99.3.35 list=DOH-Server
add address=3.7.176.123 list=DOH-Server
add address=40.114.113.18 list=DOH-Server
add address=40.76.112.230 list=DOH-Server
add address=42.101.56.35 list=DOH-Server
add address=43.129.162.220 list=DOH-Server
add address=44.193.80.11 list=DOH-Server
add address=44.193.80.112 list=DOH-Server
add address=44.195.30.216 list=DOH-Server
add address=45.11.45.11 list=DOH-Server
add address=45.132.74.167 list=DOH-Server
add address=45.132.75.16 list=DOH-Server
add address=45.153.187.96 list=DOH-Server
add address=45.63.110.187 list=DOH-Server
add address=45.63.30.163 list=DOH-Server
add address=45.67.219.208 list=DOH-Server
add address=45.76.113.31 list=DOH-Server
add address=45.76.88.20 list=DOH-Server
add address=45.79.120.233 list=DOH-Server
add address=45.91.92.121 list=DOH-Server
add address=45.91.95.12 list=DOH-Server
add address=46.101.66.244 list=DOH-Server
add address=46.226.108.173 list=DOH-Server
add address=46.226.109.82 list=DOH-Server
add address=46.227.200.52 list=DOH-Server
add address=46.227.200.54 list=DOH-Server
add address=46.227.200.55 list=DOH-Server
add address=46.227.203.52 list=DOH-Server
add address=46.227.207.52 list=DOH-Server
add address=46.239.223.80 list=DOH-Server
add address=46.4.165.226 list=DOH-Server
add address=51.15.124.208 list=DOH-Server
add address=51.158.147.50 list=DOH-Server
add address=51.38.83.141 list=DOH-Server
add address=5.1.66.255 list=DOH-Server
add address=52.20.174.18 list=DOH-Server
add address=52.222.149.104 list=DOH-Server
add address=52.222.149.48 list=DOH-Server
add address=52.222.149.65 list=DOH-Server
add address=52.222.149.96 list=DOH-Server
add address=5.253.114.91 list=DOH-Server
add address=5.2.75.231 list=DOH-Server
add address=5.2.75.75 list=DOH-Server
add address=5.45.107.88 list=DOH-Server
add address=64.78.200.1 list=DOH-Server
add address=64.78.201.1 list=DOH-Server
add address=66.42.33.135 list=DOH-Server
add address=68.105.28.11 list=DOH-Server
add address=68.105.28.12 list=DOH-Server
add address=68.183.253.200 list=DOH-Server
add address=72.34.38.64 list=DOH-Server
add address=74.82.42.42 list=DOH-Server
add address=75.75.77.99 list=DOH-Server
add address=76.76.2.11 list=DOH-Server
add address=78.46.244.143 list=DOH-Server
add address=79.110.170.43 list=DOH-Server
add address=80.156.145.201 list=DOH-Server
add address=80.241.218.68 list=DOH-Server
add address=81.187.221.24 list=DOH-Server
add address=81.90.180.173 list=DOH-Server
add address=8.20.247.20 list=DOH-Server
add address=8.26.56.26 list=DOH-Server
add address=84.17.46.49 list=DOH-Server
add address=84.17.46.51 list=DOH-Server
add address=85.93.13.181 list=DOH-Server
add address=88.198.91.187 list=DOH-Server
add address=8.8.4.4 list=DOH-Server
add address=8.8.8.8 list=DOH-Server
add address=89.233.43.71 list=DOH-Server
add address=89.234.186.112 list=DOH-Server
add address=91.230.211.67 list=DOH-Server
add address=91.239.100.100 list=DOH-Server
add address=91.239.96.35 list=DOH-Server
add address=92.223.109.31 list=DOH-Server
add address=92.223.65.71 list=DOH-Server
add address=93.104.213.190 list=DOH-Server
add address=94.130.110.178 list=DOH-Server
add address=94.130.110.185 list=DOH-Server
add address=94.140.14.14 list=DOH-Server
add address=94.140.14.140 list=DOH-Server
add address=94.140.14.141 list=DOH-Server
add address=94.140.14.15 list=DOH-Server
add address=94.140.15.15 list=DOH-Server
add address=94.140.15.16 list=DOH-Server
add address=95.215.19.53 list=DOH-Server
add address=95.216.181.228 list=DOH-Server
add address=95.216.212.177 list=DOH-Server
add address=95.216.229.153 list=DOH-Server
add address=95.216.24.230 list=DOH-Server
add address=95.217.213.94 list=DOH-Server
add address=95.217.25.217 list=DOH-Server
add address=96.113.151.145 list=DOH-Server
add address=96.113.151.147 list=DOH-Server
add address=96.113.151.148 list=DOH-Server
add address=96.113.151.149 list=DOH-Server
add address=96.113.151.150 list=DOH-Server
add address=9.9.9.10 list=DOH-Server
add address=9.9.9.11 list=DOH-Server
add address=9.9.9.12 list=DOH-Server
add address=9.9.9.13 list=DOH-Server
add address=9.9.9.9 list=DOH-Server
add address=192.168.10.0/24 comment=VLAN10 list=subnet10
add address=192.168.2.40 list=subnet3_access
add address=192.168.2.65 list=subnet3_access
add address=192.168.2.180 list=subnet3_access
add address=192.168.20.0/24 comment=VLAN20 list=subnet20
add address=192.168.2.0/24 list=dns_access
add address=10.25.25.0/24 list=subnet2525
add address=10.25.25.0/24 list=mgmt_access
add address=10.25.25.0/24 list=dns_access
add address=84.159.192.42 list=wan_ip1
add address=10.25.25.4 list=subnet3_access
add address=10.25.25.3 list=subnet3_access
/ip firewall filter
add action=accept chain=input connection-state=established,related log-prefix="Allow established, related: "
add action=drop chain=input connection-state=invalid log-prefix="Drop invalid:"
add action=accept chain=input dst-port=53 in-interface-list=!WAN log-prefix="Allow DNS(UDP): " protocol=udp src-address-list=dns_access
add action=accept chain=input icmp-options=!5:0-255 log-prefix="Allow ICMP: " protocol=icmp
add action=accept chain=input dst-port=13231 in-interface-list=WAN log-prefix="Allow Wireguard: " protocol=udp
add action=accept chain=input dst-port=22,8291 in-interface-list=!WAN log-prefix="Allow ssh+winbox: " protocol=tcp src-address-list=mgmt_access
add action=accept chain=input dst-port=53 in-interface-list=!WAN log-prefix="Allow DNS(TCP): " protocol=tcp src-address-list=dns_access
add action=drop chain=input log-prefix="INPUT: Drop anything not allowed: "
add action=accept chain=forward connection-state=established,related log-prefix="Allow established, related: "
add action=drop chain=forward connection-state=invalid log-prefix="Drop invalid:"
add action=drop chain=forward dst-address-list=DOH-Server dst-port=443 in-interface=vlan2 log-prefix="Drop DoH: " protocol=tcp
add action=accept chain=forward in-interface=vlan2 log-prefix="Allow VLAN2 -> WAN: " out-interface-list=WAN
add action=accept chain=forward connection-nat-state=dstnat in-interface-list=WAN log-prefix="Allow dstnat aka Portfreigabe: "
add action=accept chain=forward in-interface=vlan10 log-prefix="Allow VLAN10 -> WAN: " out-interface-list=WAN
add action=accept chain=forward in-interface=wireguard_clients log-prefix="Allow WG-Clients -> Internet: " out-interface-list=WAN
add action=accept chain=forward in-interface=wireguard_clients log-prefix="Allow WG-Clients- > VLAN2: " out-interface=vlan2
add action=accept chain=forward dst-address-list=subnet3 log-prefix="Allow Access -> SN3: " out-interface=wireguard_s2s_ag src-address-list=subnet3_access
add action=drop chain=forward log=yes log-prefix="FORWARD: Drop anything not allowed: "
/ip firewall nat
add action=masquerade chain=srcnat log-prefix="NAT: masquerade WAN" out-interface-list=WAN
add action=masquerade chain=srcnat log-prefix="NAT: masquerade SN3" out-interface=wireguard_s2s_ag
add action=dst-nat chain=dstnat in-interface-list=WAN log-prefix="NAT: dstnat: Traefik" port=443,80 protocol=tcp to-addresses=192.168.2.68 to-ports=443
add action=dst-nat chain=dstnat in-interface-list=WAN log-prefix="NAT: dstnat: Gitea SSH " port=2222 protocol=tcp to-addresses=192.168.2.44 to-ports=2222
add action=masquerade chain=srcnat disabled=yes dst-address-list=wan_ip1 dst-port=443,80 log=yes log-prefix="NAT: Hairpin: " out-interface-list=LAN protocol=tcp src-address-list=subnet2
add action=dst-nat chain=dstnat dst-address=!192.168.2.1 dst-port=53 in-interface-list=!WAN log-prefix="NAT: DNS-Redirect(UDP): " protocol=udp src-address=!192.168.2.3 src-address-list=subnet2 to-addresses=\
    192.168.2.1 to-ports=53
add action=dst-nat chain=dstnat dst-address=!192.168.2.1 dst-port=53 in-interface-list=!WAN log=yes log-prefix="NAT: DNS-Redirect(TCP): " protocol=tcp src-address=!192.168.2.3 src-address-list=subnet2 to-addresses=\
    192.168.2.1 to-ports=53
/ip firewall raw
add action=drop chain=prerouting comment=DDoS log-prefix="Drop DDoS: " src-address-list=ddos-attackers
/ip route
add comment="route fuer fritzbox-mgmt" distance=1 dst-address=192.168.5.1/32 gateway=ether2
add disabled=no distance=1 dst-address=192.168.3.0/24 gateway=wireguard_s2s_ag pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=192.168.2.0/24,10.25.25.0/24
set api disabled=yes
set winbox address=192.168.2.0/24,10.25.25.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=rb5009
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.2.43
/system scheduler
add interval=1m name=set_wan_ip1 on-event=":if ([:len [/ip fire address-list find address=[/ip/cloud/get public-address]]] > 0) do={} else={:log info \"write wan_ip1 to address-list\"; /ip firewall address-list remo\
    ve [find where list=wan_ip1];\r\
    \n/ip firewall address-list add list=wan_ip1 address=[/ip/cloud/get public-address]}\r\
    \n\r\
    \n# pruefe ob wan ip in address-liste vorhanden ist\r\
    \n# wenn ja, dann tue nichts\r\
    \n# wenn nein, frage ip von mikroptik-cloud ab\r\
    \n# und schreibe in address-liste\r\
    \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=oct/07/2021 start-time=13:13:17
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=winbox-access
/tool mac-server ping
set enabled=no
/tool netwatch
add comment="pr\FCft ob PiHole erreichbar ist" down-script="# set variables\r\
    \n:local piholeIP 192.168.2.3\r\
    \n:local fallbackDNS 9.9.9.9;\r\
    \n:local normalDNS 192.168.2.3;\r\
    \n:local currentDNS\r\
    \n\r\
    \n:set \$currentDNS [/ip dns get servers];\r\
    \n\r\
    \n:do {\r\
    \n  :put [resolve google.com server=\$piholeIP];\r\
    \n  if (\$currentDNS!=normalDNS) do={\r\
    \n    :log info \"DNS Failover: Switching to Pi-Hole\";\r\
    \n    ip dns set servers \$normalDNS\r\
    \n    ip dns cache flush\r\
    \n  } else={}\r\
    \n} on-error={ :set \$currentDNS [/ip dns get servers];\r\
    \n  if (\$currentDNS!=\$fallbackDNS) do={\r\
    \n    :log error \"DNS Failover: Switching to FallbackDNS\";\r\
    \n    ip dns set servers \$fallbackDNS;\r\
    \n    ip dns cache flush\r\
    \n  } else={:log info \"DNS Failover: Pi-Hole Unavailable\"}\r\
    \n}\r\
    \n\r\
    \n#try to reach google through the pi-hole\r\
    \n#if it works and we are on a different DNS, set the DNS server to the pi-hole\r\
    \n#if it works and we are already on the pi-hole, do nothing\r\
    \n#if we can't reach google and we aren't already on our FallbackDNS, switch to fallback\r\
    \n#if we can't reach google through pi-hole and we are on the fallback, log that pi-hole is unavailable\r\
    \n" host=192.168.2.3 interval=5s up-script="# set variables\r\
    \n:local piholeIP 192.168.2.3\r\
    \n:local fallbackDNS 9.9.9.9;\r\
    \n:local normalDNS 192.168.2.3;\r\
    \n:local currentDNS\r\
    \n\r\
    \n:set \$currentDNS [/ip dns get servers];\r\
    \n\r\
    \n:do {\r\
    \n  :put [resolve google.com server=\$piholeIP];\r\
    \n  if (\$currentDNS!=normalDNS) do={\r\
    \n    :log info \"DNS Failover: Switching to Pi-Hole\";\r\
    \n    ip dns set servers \$normalDNS\r\
    \n    ip dns cache flush\r\
    \n  } else={}\r\
    \n} on-error={ :set \$currentDNS [/ip dns get servers];\r\
    \n  if (\$currentDNS!=\$fallbackDNS) do={\r\
    \n    :log error \"DNS Failover: Switching to FallbackDNS\";\r\
    \n    ip dns set servers \$fallbackDNS;\r\
    \n    ip dns cache flush\r\
    \n  } else={:log info \"DNS Failover: Pi-Hole Unavailable\"}\r\
    \n}\r\
    \n\r\
    \n#try to reach google through the pi-hole\r\
    \n#if it works and we are on a different DNS, set the DNS server to the pi-hole\r\
    \n#if it works and we are already on the pi-hole, do nothing\r\
    \n#if we can't reach google and we aren't already on our FallbackDNS, switch to fallback\r\
    \n#if we can't reach google through pi-hole and we are on the fallback, log that pi-hole is unavailable\r\
    \n"
[admin@rb5009] > 

Last edited by quotengrote on Sat Jan 29, 2022 12:50 pm, edited 1 time in total.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: How to test bandwidth properly

Wed Jan 19, 2022 10:39 am

Do you have an idea?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 736
Joined: Tue Dec 17, 2019 1:08 pm

Re: How to test bandwidth properly

Wed Jan 19, 2022 4:11 pm

Guten Tag,

Sorry for the delay , had other problems to take care of =)

Try implementing FastTrack in your Firewall.
This will relieve your CPU-Workload and give you more Thuput , especially between LAN`s.
(https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack)

If you need help implementing the rules, just say the magic Word =)

.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: How to test bandwidth properly

Thu Jan 20, 2022 2:24 pm

Thx for the info.

The WIki states:
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
/ip firewall filter add chain=forward action=accept connection-state=established,related
But even if i do that, or marked the connection with a mangle rule and let the fasttrack rule work with the connection marked i dont get Throughput greater than 1GBit/s.

So please enlighten me in my ignorance :-D
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 736
Joined: Tue Dec 17, 2019 1:08 pm

Re: How to test bandwidth properly

Thu Jan 20, 2022 2:54 pm

In the Config you send me , the SFP+ interface is disabled.
set [ find default-name=sfp-sfpplus1 ] disabled=yes
Maybe you are connected via a 1Gbits Interface... This would explain the Speed =)
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: How to test bandwidth properly

Thu Jan 20, 2022 3:03 pm

It is, but im using the 2,5GBit/s Interface. So something is off, maybe i can test later if the sfp+ Port behaves the same.


2022-01-20 14_09_40-admin@192.168.2.1 (rb5009) - WinBox (64bit) v7.1.1 on RB5009UG+S+ (arm64).png
You do not have the required permissions to view the files attached to this post.
Last edited by quotengrote on Thu Jan 20, 2022 3:10 pm, edited 1 time in total.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 736
Joined: Tue Dec 17, 2019 1:08 pm

Re: How to test bandwidth properly

Thu Jan 20, 2022 3:10 pm

The Adapter (SFP+/Ethernet) may be the problem.
Auto-Negotiation doesn`t always work.
You may want to check what speed they negotiate or set it manually .
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: How to test bandwidth properly

Thu Jan 20, 2022 3:13 pm

Ok, but how i can i force the Link-Speed to 2.5GBit/s? If i disable "Auto Negotiation" is see only this:
2022-01-20 14_13_02-admin@192.168.2.224 (crs309) - WinBox (64bit) v6.49.2 on CRS309-1G-8S+ (arm).png
You do not have the required permissions to view the files attached to this post.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 736
Joined: Tue Dec 17, 2019 1:08 pm

Re: How to test bandwidth properly

Thu Jan 20, 2022 3:24 pm

I think your Link is 1000Mbits.

In the Picture you posted, you can see the Parameter "Link Partner Advertising"
And 2.5Gbits is missing

I looked a bit in the Forum, mikrotik doesn`t have manual 2.5 and 5Gbits at the moment.
You can play with Auto-Negotiate and Advertising on both device
Until you get maybe get 2.5Gbits :(


If you have a SFP+ to SFP+ Cable lying around,the easy Solution, is to try connecting the switch and Router via 10Gbits.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: How to test bandwidth properly

Thu Jan 20, 2022 3:28 pm


If you have a SFP+ to SFP+ Cable lying around,the easy Solution, is to try connecting the switch and Router via 10Gbits.

Did that a moment ago. :-D
2022-01-20 14_27_28-QEMU (vm-test-vlan10) - noVNC - Vivaldi.png
2022-01-20 14_27_38-QEMU (vm-test-vlan10) - noVNC - Vivaldi.png
...and et voila 2.x GBit/s.
You do not have the required permissions to view the files attached to this post.
Last edited by quotengrote on Thu Jan 20, 2022 5:28 pm, edited 1 time in total.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: How to test bandwidth properly

Thu Jan 20, 2022 3:30 pm

Thats is the Firewall Config at the moment. Did i miss anything?
The throughput with fasttrack or fasttrack disabled is almost the same. And i see the counters from fasttrack and my normal rules increase.
[admin@rb5009] > ip firewall/
[admin@rb5009] /ip/firewall> export hide-sensitive 
# jan/20/2022 14:29:12 by RouterOS 7.1.1
# software id = 56R5-PRTF
#
# model = RB5009UG+S+
/ip firewall address-list
add address=192.168.2.0/24 list=subnet2
add address=192.168.2.0/24 list=mgmt_access
add address=192.168.3.0/24 list=subnet3
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet
add list=DOH-Server
add address=1.0.0.1 list=DOH-Server
add address=1.0.0.2 list=DOH-Server
add address=1.0.0.3 list=DOH-Server
add address=101.101.101.101 list=DOH-Server
add address=101.102.103.104 list=DOH-Server
add address=101.198.192.33 list=DOH-Server
[...]
add address=9.9.9.11 list=DOH-Server
add address=9.9.9.12 list=DOH-Server
add address=9.9.9.13 list=DOH-Server
add address=9.9.9.9 list=DOH-Server
add address=192.168.10.0/24 comment=VLAN10 list=subnet10
add address=192.168.2.40 list=subnet3_access
add address=192.168.2.65 list=subnet3_access
add address=192.168.2.180 list=subnet3_access
add address=192.168.20.0/24 comment=VLAN20 list=subnet20
add address=192.168.2.0/24 list=dns_access
add address=10.25.25.0/24 list=subnet2525
add address=10.25.25.0/24 list=mgmt_access
add address=10.25.25.0/24 list=dns_access
add address=10.25.25.4 list=subnet3_access
add address=10.25.25.3 list=subnet3_access
add address=93.200.210.113 list=wan_ip1
/ip firewall filter
add action=fasttrack-connection chain=forward comment="TEST FASTTRACK" connection-state=established,related hw-offload=yes
add action=accept chain=input connection-state=established,related log-prefix="Allow established, related: "
add action=drop chain=input connection-state=invalid log-prefix="Drop invalid:"
add action=accept chain=input dst-port=53 in-interface-list=!WAN log-prefix="Allow DNS(UDP): " protocol=udp src-address-list=dns_access
add action=accept chain=input icmp-options=!5:0-255 log-prefix="Allow ICMP: " protocol=icmp
add action=accept chain=input dst-port=13231 in-interface-list=WAN log-prefix="Allow Wireguard: " protocol=udp
add action=accept chain=input dst-port=22,8291 in-interface-list=!WAN log-prefix="Allow ssh+winbox: " protocol=tcp src-address-list=mgmt_access
add action=accept chain=input dst-port=53 in-interface-list=!WAN log-prefix="Allow DNS(TCP): " protocol=tcp src-address-list=dns_access
add action=drop chain=input log-prefix="INPUT: Drop anything not allowed: "
add action=accept chain=forward comment="TEST FASTTRACK" in-interface=vlan10 out-interface=vlan20
add action=accept chain=forward comment="TEST FASTTRACK" in-interface=vlan20 out-interface=vlan10
add action=accept chain=forward connection-state=established,related log-prefix="Allow established, related: "
add action=drop chain=forward connection-state=invalid log-prefix="Drop invalid:"
add action=drop chain=forward dst-address-list=DOH-Server dst-port=443 in-interface=vlan2 log-prefix="Drop DoH: " protocol=tcp
add action=accept chain=forward in-interface=vlan2 log-prefix="Allow VLAN2 -> WAN: " out-interface-list=WAN
add action=accept chain=forward connection-nat-state=dstnat in-interface-list=WAN log-prefix="Allow dstnat aka Portfreigabe: "
add action=accept chain=forward in-interface=vlan10 log-prefix="Allow VLAN10 -> WAN: " out-interface-list=WAN
add action=accept chain=forward in-interface=wireguard_clients log-prefix="Allow WG-Clients -> Internet: " out-interface-list=WAN
add action=accept chain=forward in-interface=wireguard_clients log-prefix="Allow WG-Clients- > VLAN2: " out-interface=vlan2
add action=accept chain=forward dst-address-list=subnet3 log-prefix="Allow Access -> SN3: " out-interface=wireguard_s2s_ag src-address-list=subnet3_access
add action=drop chain=forward log=yes log-prefix="FORWARD: Drop anything not allowed: "
/ip firewall nat
add action=masquerade chain=srcnat log-prefix="NAT: masquerade WAN" out-interface-list=WAN
add action=masquerade chain=srcnat log-prefix="NAT: masquerade SN3" out-interface=wireguard_s2s_ag
add action=dst-nat chain=dstnat in-interface-list=WAN log-prefix="NAT: dstnat: Traefik" port=443,80 protocol=tcp to-addresses=192.168.2.68 to-ports=443
add action=dst-nat chain=dstnat in-interface-list=WAN log-prefix="NAT: dstnat: Gitea SSH " port=2222 protocol=tcp to-addresses=192.168.2.44 to-ports=2222
add action=masquerade chain=srcnat disabled=yes dst-address-list=wan_ip1 dst-port=443,80 log=yes log-prefix="NAT: Hairpin: " out-interface-list=LAN protocol=tcp src-address-list=subnet2
add action=dst-nat chain=dstnat dst-address=!192.168.2.1 dst-port=53 in-interface-list=!WAN log=yes log-prefix="NAT: DNS-Redirect(UDP): " protocol=udp src-address=!192.168.2.3 \
    src-address-list=subnet2 to-addresses=192.168.2.1 to-ports=53
add action=dst-nat chain=dstnat dst-address=!192.168.2.1 dst-port=53 in-interface-list=!WAN log=yes log-prefix="NAT: DNS-Redirect(TCP): " protocol=tcp src-address=!192.168.2.3 \
    src-address-list=subnet2 to-addresses=192.168.2.1 to-ports=53
/ip firewall raw
add action=drop chain=prerouting comment=DDoS log-prefix="Drop DDoS: " src-address-list=ddos-attackers
[admin@rb5009] /ip/firewall> 

Last edited by quotengrote on Sat Jan 29, 2022 12:50 pm, edited 1 time in total.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: How to test bandwidth properly

Fri Jan 21, 2022 1:37 pm

I see that FastTrack is enabled but not FastPath, maybe thats why the FastTrack-Rule is counting the traffic.
2022-01-21 12_37_00-admin@192.168.2.1 (rb5009) - WinBox (64bit) v7.1.1 on RB5009UG+S+ (arm64).png
You do not have the required permissions to view the files attached to this post.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: Fast-Track not working - was: How to test bandwidth properly

Mon Jan 24, 2022 10:08 am

@ConnyMercier
I dont get FastPath enabled, only FastTrack... do you have an idea?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 736
Joined: Tue Dec 17, 2019 1:08 pm

Re: Fast-Track not working - was: How to test bandwidth properly

Mon Jan 24, 2022 10:30 am

Good Morning,

I don`t understand why it isn`t working .
I will have to do some test in my LAB tonight
and i will get back to you !
 
gabacho4
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: Fast-Track not working - was: How to test bandwidth properly

Mon Jan 24, 2022 10:37 am

Would this explain it?
While FastPath and FastTrack both are enabled on the device only one can be active at a time.
Found in the firewall section at https://help.mikrotik.com/docs/display ... c+Concepts

I see the same thing on my 5009
 
gabacho4
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: Fast-Track not working - was: How to test bandwidth properly

Mon Jan 24, 2022 11:30 am

Sorry, I sometimes obsess. https://help.mikrotik.com/docs/display ... n+RouterOS also explains a lot about fast path and fast track. Basically fast path works if certain conditions are met, including not using fast track. fast track is noted to basically be fast path + connections tracking. It notes that
marking packets that belong to fast-tracked connection will be sent fast-path way.
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 291
Joined: Thu Oct 19, 2017 12:50 am

Re: Fast-Track not working - was: How to test bandwidth properly

Mon Jan 24, 2022 12:23 pm

At the moment i have a hypervisor with a 10G-Trunk with 4 VLANS, and a VM in each VLAN with a router-on-stick RB5009 who does the routing between the vlans.
For tests i have disabled all Firewall Rules.

VM_VLAN10+VM_VLAN20-->vSwitch-->Trunk-to-CRS309-->Trunk-to-RB5009

But even then i just get the following results instead of the advertised which should be around 7479.1 Mbit/s
I am going to put my chair in here for a while and listen/look closly, as I am in the exact same thing here, with a RB4011 on v7.1.1 (CRS309 on 6.49.2)
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: Fast-Track not working - was: How to test bandwidth properly

Fri Jan 28, 2022 1:25 pm

I think it has something todo with this: viewtopic.php?t=182699
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
So maybe it isnt working in 7.1 atm.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: Fast-Track not working - was: How to test bandwidth properly  [SOLVED]

Sat Jan 29, 2022 12:34 pm

With rc3 Fastrack with bridge-vlan-filtering is working.
Almost half the CPU-Load with three times the troughput.
2022-01-29 11_33_12-admin@192.168.2.1 (rb5009) - WinBox (64bit) v7.2rc3 on RB5009UG+S+ (arm64).png
2022-01-29 11_32_38-QEMU (vm-test-vlan10) - noVNC - Vivaldi.png
2022-01-29 11_32_31-admin@192.168.2.1 (rb5009) - WinBox (64bit) v7.2rc3 on RB5009UG+S+ (arm64).png
2022-01-29 11_32_24-admin@192.168.2.1 (rb5009) - WinBox (64bit) v7.2rc3 on RB5009UG+S+ (arm64).png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 291
Joined: Thu Oct 19, 2017 12:50 am

Re: Fast-Track not working - was: How to test bandwidth properly

Sat Jan 29, 2022 2:36 pm

With rc3 Fastrack with bridge-vlan-filtering is working.
Almost half the CPU-Load with three times the troughput.
...good find and thanks for confirming!
I am just not prepared to run my main router on a RC-Version of ROS as of yet...using 7.1 stable path is dangerous enough ;-)
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: Fast-Track not working - was: How to test bandwidth properly

Tue Mar 01, 2022 1:04 pm

Can confirm that it is still working as expected with 7.2rc4.

No other Issues with my Home Network.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: Fast-Track not working - was: How to test bandwidth properly

Sat Mar 26, 2022 12:28 pm

Still working great with rc5.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: Fast-Track not working - was: How to test bandwidth properly

Wed Mar 30, 2022 6:10 pm

Same with rc6.
 
User avatar
quotengrote
newbie
Topic Author
Posts: 27
Joined: Sun May 16, 2021 1:20 pm

Re: Fast-Track not working - was: How to test bandwidth properly

Tue Apr 05, 2022 5:14 pm

And with 7.2 released its works now on something stable.

Who is online

Users browsing this forum: Baidu [Spider], cralin, Semrush [Bot] and 15 guests