Community discussions

MikroTik App
 
petertosh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Wed Mar 21, 2018 9:42 am

WinBox & WebFig extremely slow after Update from 7.1.5 to 7.2 - faulty config or Bug?

Thu Apr 28, 2022 9:41 pm

I made a strange experience a couple of days ago when I updated my CCR1009-7G-1C-PC from 7.1.5 to 7.2. I updated using winbox and system/packages, router rebooted and came back almost not responsive. Pings to the router were varying wildly in their response time, winbox and writing in terminal were extremely slow. It felt like 0.5 frames per second for a refresh. Connecting to a useful winbox window took 5-10 seconds, the windows in winbox were extremely slow to populate with data.

I tried /tool/profile and there was no particular load, it showed about 1-5 % cpu usage. One reboot didn't help, it came back the same and didn't stabilize in minutes. Fortunately I had copied the previous system to another partition and was able to reboot back to 7.1.5. Everything was back to normal then.

Today I took the time to try a second time. I upgraded to V7.3b37, reset the config and imported the previously exported config. There was no change to the situation of wildly varying ping responses and unusable winbox. But at last I could test that using winbox from another computer did not improve things. Webfig was the same - extremely slow to open and populate. At the same time my client pc had internet and I could even do some speedtests. They were ok.

One thing was strange: when I opened a mac-winbox connection everything was snappy and fast, like always. The pings to the router were sub 1 ms, everything was working fine. Connecting winbox by IP-address provoked the previous strange behaviour. I could go between connecting winbox by mac or by ip and thus provoking slow winbox and variation in ping responses.

So, what's wrong? Is my config faulty or is this some bug in routeros >7.1.5 ? My config is working fine in 7.1.5 and 6.49.5. Has anyone experienced something like this? Is anyone interested in reviewing my config?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: WinBox & WebFig extremely slow after Update from 7.1.5 to 7.2 - faulty config or Bug?

Fri Apr 29, 2022 12:15 am

If someone wanted to help you, they would not want to read a novel, but how the apparatus is configured.
 
petertosh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Wed Mar 21, 2018 9:42 am

Re: WinBox & WebFig extremely slow after Update from 7.1.5 to 7.2 - faulty config or Bug?

Fri Apr 29, 2022 9:53 am

Thank you for the input, I was not aware of having written a novel. Anyway, here comes my config:
# apr/29/2022 08:31:45 by RouterOS 7.1.5
#
# model = CCR1009-7G-1C
/interface bridge
add admin-mac=64:D1:54:D6:02:C5 auto-mac=no fast-forward=no ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=combo1 ] loop-protect=off mac-address=64:D1:54:D6:02:C6 name=combo1-gateway
set [ find default-name=ether1 ] mac-address=64:D1:54:D6:02:C7
set [ find default-name=ether2 ] mac-address=64:D1:54:D6:02:C8
set [ find default-name=ether3 ] mac-address=64:D1:54:D6:02:C9
set [ find default-name=ether4 ] mac-address=64:D1:54:D6:02:CA
set [ find default-name=ether5 ] mac-address=64:D1:54:D6:02:CB
set [ find default-name=ether6 ] mac-address=64:D1:54:D6:02:CC
set [ find default-name=ether7 ] loop-protect=on mac-address=64:D1:54:D6:02:CD
/interface vlan
add interface=combo1-gateway name=vlan-ppp vlan-id=7
add interface=bridge1 name=vlan1 vlan-id=1
add interface=bridge1 name=vlan20 vlan-id=20
/interface pppoe-client
add disabled=no interface=vlan-ppp max-mru=1492 max-mtu=1492 name=pppoe-out1 use-peer-dns=yes user=\
    XXXXYYYYZZZZ
/interface list
add name=mac-winbox
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=5m keepalive-timeout=5m mac-cookie-timeout=3h shared-users=2
/ip ipsec peer
add name=peer1 passive=yes
/ip ipsec policy group
add name=RoadWarrior
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-128,3des
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=8h pfs-group=none
/ip pool
add name=ipsec-RW ranges=192.168.176.130-192.168.176.149
add name=Hotspot-P2 ranges=192.168.0.0/24
/ip ipsec mode-config
add address-pool=ipsec-RW name=RW-cfg split-include=192.168.177.0/24,192.168.179.0/24
/ip pool
add name=Hotspot next-pool=Hotspot-P2 ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=Hotspot interface=vlan20 lease-time=2h name=default
/port
set 0 name=serial0
set 1 name=serial1
/queue type
add kind=pcq name=pcq-download-k1 pcq-classifier=dst-address pcq-rate=16M
add kind=pcq name=pcq-upload-k1 pcq-classifier=src-address pcq-rate=11M
add cake-diffserv=besteffort cake-nat=yes kind=cake name=cake-default
add cake-ack-filter=filter cake-bandwidth=40.0Mbps cake-diffserv=besteffort cake-nat=yes kind=cake name=cake-up-hotspot
add cake-bandwidth=220.0Mbps cake-diffserv=besteffort cake-nat=yes cake-wash=yes kind=cake name=cake-down-hotspot
add cake-ack-filter=filter cake-bandwidth=60.0Mbps cake-diffserv=besteffort cake-nat=yes kind=cake name=cake-up-regular
add cake-bandwidth=245.0Mbps cake-diffserv=besteffort cake-nat=yes cake-wash=yes kind=cake name=cake-down-regular
/queue simple
add disabled=yes name=cake-hotspot queue=cake-up-hotspot/cake-down-hotspot target=192.168.0.0/23 total-queue=cake-default
add bucket-size=0/0 name=cake-regular queue=cake-up-regular/cake-down-regular target=192.168.0.0/16 total-queue=cake-default
add bucket-size=0/0 name=cake-child parent=cake-regular queue=cake-up-regular/cake-down-regular target=192.168.0.0/16
add bucket-size=0/0 disabled=yes max-limit=40M/220M name=\
    Hotspot-Night parent=cake-regular queue=pcq-upload-default/pcq-download-default target=192.168.0.0/23 total-queue=hotspot-default
add bucket-size=0/0 max-limit=40M/220M name=Hotspot-Day \
    parent=cake-regular queue=pcq-upload-k1/pcq-download-k1 target=192.168.0.0/23 total-queue=hotspot-default
/routing table
add fib name=dsl5
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 disabled=yes
add addresses=192.168.177.0/24,192.168.179.0/24 name=Intern
/system logging action
set 0 memory-lines=2000
set 1 disk-file-count=4 disk-file-name=syslog
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp,rest-api
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether1
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
add bridge=bridge1 ingress-filtering=no interface=ether6
add bridge=bridge1 ingress-filtering=no interface=ether7
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=no interface=vlan20 pvid=20
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=no interface=vlan1
/ip neighbor discovery-settings
set discover-interface-list=mac-winbox
/ip settings
set allow-fast-path=no max-neighbor-entries=8192 rp-filter=strict
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,vlan1 untagged=combo1-gateway,ether1,ether2,ether3,ether4,ether5,ether6,ether7 vlan-ids=1
add bridge=bridge1 tagged=bridge1,ether7,vlan20 vlan-ids=20
/interface list member
add interface=ether2 list=mac-winbox
add interface=ether1 list=mac-winbox
add interface=ether3 list=mac-winbox
add interface=ether4 list=mac-winbox
add interface=ether5 list=mac-winbox
add interface=ether6 list=mac-winbox
add interface=vlan1 list=mac-winbox
/ip address
add address=192.168.177.3/24 interface=vlan1 network=192.168.177.0
add address=192.168.1.1/24 comment="Hotspot Gateway" interface=vlan20 network=192.168.1.0
add address=192.168.0.1/24 comment="Hotspot Gateway" interface=vlan20 network=192.168.0.0
add address=10.10.1.2/24 comment="ETH to ONT" disabled=yes interface=combo1-gateway network=10.10.1.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1h
/ip dhcp-server network
add address=192.168.0.0/23 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-size=6144KiB max-concurrent-queries=400 max-concurrent-tcp-sessions=80 query-server-timeout=6s \
    query-total-timeout=13s
/ip dns static
add address=192.168.1.1 name=router
add address=192.168.1.1 name=hotspot
/ip firewall address-list
add address=192.168.177.0/24 list=XYZ
add address=192.168.179.0/24 list=XYZ
add address=80.166.12.0/24 list=ListA
add address=212.98.80.8/29 list=ListA
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet
add address=192.168.176.0/24 list=XYZ
add address=216.218.128.0/17 list=SPAM
add address=122.224.0.0/12 list=SPAM
add address=183.128.0.0/11 list=SPAM
add address=218.75.0.0/17 list=SPAM
add address=192.168.100.0/24 list=XYZ
add address=188.180.65.192/29 list=ListA
/ip firewall filter
add action=accept chain=input comment="allow L2TP VPN (ipsec-esp)" in-interface=pppoe-out1 protocol=ipsec-esp src-address-list=!SPAM
add action=accept chain=input comment="allow L2TP VPN (500,4500,1701/udp)" dst-port=500,1701,4500 in-interface=pppoe-out1 protocol=udp \
    src-address-list=!SPAM
add action=accept chain=forward comment="Accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="Accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward connection-state=invalid in-interface=pppoe-out1
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new \
    in-interface=pppoe-out1 log=yes log-prefix=!NAT
add action=drop chain=forward in-interface=pppoe-out1 log=yes log-prefix=\
    !public src-address-list=not_in_internet
add action=drop chain=input connection-state=invalid in-interface=pppoe-out1
add action=drop chain=input connection-state=invalid
add action=drop chain=forward connection-state=invalid src-address-list=!XYZ
add action=accept chain=forward connection-state=established,related
add action=accept chain=input disabled=yes src-address-list=ListA
add action=accept chain=forward src-address-list=ListA
add action=accept chain=input dst-port=22 protocol=tcp src-address-list=XYZ
add action=drop chain=input dst-port=22 protocol=tcp
add action=accept chain=input protocol=icmp
add action=accept chain=input src-address-list=XYZ
add action=accept chain=input connection-state=established,related
add action=drop chain=forward dst-address-list=XYZ log=yes log-prefix=\
    !hotspot2intern src-address=192.168.0.0/23
add action=accept chain=input disabled=yes src-address=127.0.0.0/24
add action=accept chain=input dst-port=53,67,68 protocol=udp src-address=192.168.0.0/23
add action=accept chain=input dst-port=53 protocol=tcp src-address=192.168.0.0/23
add action=drop chain=forward dst-address-list=not_in_internet in-interface=\
    bridge1 log=yes log-prefix=!public_from_LAN out-interface=!bridge1
add action=drop chain=input in-interface=pppoe-out1 log-prefix=inc-ppp
add action=drop chain=input log-prefix=inc-oth
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.0.0/23
add action=masquerade chain=srcnat comment="masquerade other clients" out-interface=pppoe-out1 src-address=192.168.177.0/24
add action=dst-nat chain=dstnat comment="3CX Port 5001 TCP" dst-port=5001 in-interface=pppoe-out1 protocol=tcp \
    to-addresses=192.168.177.60 to-ports=5001
add action=dst-nat chain=dstnat comment="CS TCP" dst-port=8000 in-interface=pppoe-out1 protocol=tcp \
    to-addresses=192.168.177.101 to-ports=8000
add action=dst-nat chain=dstnat comment="CS Remote Desktop TCP" dst-port=13389 in-interface=pppoe-out1 protocol=tcp \
    to-addresses=192.168.177.101 to-ports=3389
add action=dst-nat chain=dstnat comment="3CX Port 5060 TCP" dst-port=5060 in-interface=pppoe-out1 protocol=tcp \
    to-addresses=192.168.177.60 to-ports=5060
add action=dst-nat chain=dstnat comment="3CX Port 5060 UDP" dst-port=5060 in-interface=pppoe-out1 protocol=udp \
    to-addresses=192.168.177.60 to-ports=5060
add action=dst-nat chain=dstnat comment="3CX Port 5090 TCP" dst-port=5090 in-interface=pppoe-out1 protocol=tcp \
    to-addresses=192.168.177.60 to-ports=5090
add action=dst-nat chain=dstnat comment="3CX Port 5090 TCP" dst-port=5090 in-interface=pppoe-out1 protocol=udp \
    to-addresses=192.168.177.60 to-ports=5090
add action=dst-nat chain=dstnat comment="3CX Port 9000-10999 UDP" dst-port=9000-10999 in-interface=pppoe-out1 protocol=\
    udp to-addresses=192.168.177.60 to-ports=9000-10999
add action=dst-nat chain=dstnat comment="ONT" dst-port=8072 in-interface=vlan1 protocol=tcp to-addresses=192.168.100.1 \
    to-ports=80
add action=dst-nat chain=dstnat comment="hue Web" dst-port=8083 in-interface=vlan1 protocol=tcp to-addresses=\
    192.168.1.3 to-ports=80
add action=dst-nat chain=dstnat comment="LHG Winbox" dst-port=8085 in-interface=vlan1 protocol=tcp to-addresses=\
    192.168.1.7 to-ports=8291
add action=dst-nat chain=dstnat comment="LHG Web" dst-port=8086 in-interface=vlan1 protocol=tcp to-addresses=\
    192.168.1.7 to-ports=80
add action=dst-nat chain=dstnat comment="LHG ssh" dst-port=8087 in-interface=vlan1 protocol=tcp to-addresses=\
    192.168.1.7 to-ports=22
add action=masquerade chain=srcnat comment="masquerade access ONT" out-interface=combo1-gateway
/ip firewall service-port
set sip disabled=yes
/ip hotspot service-port
set ftp disabled=yes
/ip hotspot user
set [ find default=yes ] limit-uptime=1h
/ip ipsec identity
add auth-method=pre-shared-key-xauth generate-policy=port-strict mode-config=RW-cfg peer=peer1 policy-template-group=RoadWarrior \
    username=USERA
add auth-method=pre-shared-key-xauth generate-policy=port-strict mode-config=RW-cfg peer=peer1 policy-template-group=RoadWarrior \
    username=USERB
/ip ipsec policy
add dst-address=192.168.176.0/24 group=RoadWarrior src-address=192.168.177.0/24 template=yes
add dst-address=192.168.176.0/24 group=RoadWarrior src-address=192.168.179.0/24 template=yes
/ip route
add comment="WAN 1" disabled=no dst-address=0.0.0.0/0 gateway=192.168.177.2 routing-table=dsl5
add comment="WAN 2" disabled=no dst-address=0.0.0.0/0 gateway=pppoe-out1
add comment="Site 2" disabled=no dst-address=192.168.179.0/24 gateway=192.168.177.100 scope=10
add disabled=yes dst-address=192.168.100.0/24 gateway=combo1-gateway
add disabled=yes distance=1 dst-address=10.10.1.0/24 gateway=combo1-gateway pref-src="" routing-table=main scope=30 suppress-hw-offload=\
    no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.179.0/24,192.168.177.0/24,80.166.12.0/24,192.168.176.0/24 port=1864
set ssh address=192.168.179.0/24,192.168.177.0/24,192.168.176.0/24
set api address=80.166.12.0/24
set winbox address=192.168.179.0/24,192.168.177.0/24,192.168.176.0/24,80.166.12.0/24
/ip ssh
set forwarding-enabled=remote strong-crypto=yes
/radius
add address=127.0.0.1 disabled=yes service=hotspot timeout=2s
/routing rule
add action=lookup disabled=yes interface=vlan20
/snmp
set enabled=yes trap-community=Intern trap-interfaces=vlan20
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=CCR
/system logging
set 0 topics=info,!firewall,!dhcp,!ntp
set 1 action=disk
set 2 action=disk disabled=yes
set 3 topics=critical,!ntp
add action=disk topics=critical,!ntp
add action=remote topics=info,!firewall
add action=remote topics=warning
add action=remote topics=error
add action=remote topics=critical,!ntp
add topics=warning
add disabled=yes topics=firewall
add action=remote topics=firewall
add topics=store,write
add action=remote topics=write,store
add topics=script
add topics=ipsec,info,!debug,!packet
add action=syslog prefix=XYZ topics=firewall
add action=syslog prefix=XYZ topics=hotspot,account
add action=syslog prefix=XYZ topics=firewall
add action=syslog prefix=XYZ topics=hotspot,account
/system ntp server
set manycast=yes
/system ntp client servers
add address=0.de.pool.ntp.org
/system package update
set channel=long-term
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add interval=1d name=Queue-Day on-event="/system script run Queue-Day" policy=read,write,test start-date=jun/23/2020 start-time=07:00:00
add interval=1d name=Queue-Night on-event="/system script run Queue-Night" policy=read,write,test start-date=jun/23/2020 start-time=\
    23:30:00
/system script
add dont-require-permissions=no name=Queue-Day owner=sachariew policy=read,write,test source=\
    "/queue simple enable Hotspot-Day; /queue simple disable Hotspot-Night"
add dont-require-permissions=no name=Queue-Night owner=sachariew policy=read,write,test source=\
    "/queue simple enable Hotspot-Night; /queue simple disable Hotspot-Day"
/tool graphing interface
add allow-address=192.168.179.0/24 interface=combo1-gateway store-on-disk=no
add interface=vlan20 store-on-disk=no
add allow-address=192.168.179.0/24 interface=pppoe-out1 store-on-disk=no
/tool graphing queue
add allow-address=192.168.179.0/24 allow-target=no simple-queue=Hotspot-Night store-on-disk=no
add allow-address=192.168.179.0/24 allow-target=no simple-queue=Hotspot-Day store-on-disk=no
/tool graphing resource
add allow-address=192.168.179.0/24 store-on-disk=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
 
petertosh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Wed Mar 21, 2018 9:42 am

Re: WinBox & WebFig extremely slow after Update from 7.1.5 to 7.2 - faulty config or Bug?

Sun Jun 05, 2022 11:35 am

UPDATE: The problem was solved once I configured my CAKE queue types correctly. As long as I had CAKE in simple queue with bandwidth parameter set, I could trigger the packet drop/latency by enabling and disabling the simple queues.

I now have the following simple queues for the hotspot and everything is working fine:
/queue simple
add bucket-size=0/0 max-limit=65M/255M name=cake-regular queue=cake-WAN-tx/cake-WAN-rx target=192.168.0.0/16 total-queue=cake-default
add bucket-size=0/0 max-limit=65M/255M name=cake-child parent=cake-regular queue=cake-WAN-tx/cake-WAN-rx target=192.168.0.0/16 \
    total-queue=cake-default
add bucket-size=0/0 disabled=yes max-limit=40M/230M name=\
    Hotspot-Night parent=cake-regular queue=pcq-upload-default/pcq-download-default target=192.168.0.0/23 total-queue=hotspot-default
add bucket-size=0/0 max-limit=40M/230M name=Hotspot-Day \
    parent=cake-regular queue=pcq-upload-k1/pcq-download-k1 target=192.168.0.0/23 total-queue=hotspot-default

/queue type
add kind=pcq name=pcq-download-k1 pcq-classifier=dst-address pcq-rate=16M
add kind=pcq name=pcq-upload-k1 pcq-classifier=src-address pcq-rate=11M
add cake-diffserv=besteffort cake-nat=yes kind=cake name=cake-default
add cake-flowmode=dual-srchost cake-nat=yes kind=cake name=cake-WAN-tx
add cake-diffserv=besteffort cake-flowmode=dual-dsthost cake-nat=yes kind=cake name=cake-WAN-rx
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 274
Joined: Mon Oct 02, 2006 11:47 am

Re: WinBox & WebFig extremely slow after Update from 7.1.5 to 7.2 - faulty config or Bug?

Fri Jun 17, 2022 7:18 pm

If someone wanted to help you, they would not want to read a novel, but how the apparatus is configured.
Unfortunately it looks that it has nothing to do with configuration, but with ROS version only. Iz happens on "clean" and configured router the same if you use "wrong" version of ROS. (tryed it few minutes ago...)

I have just downgraded two of mine RB4011 to 7.1.5 and now they are working like they should. Before with 7.3.1 the situation was the same as described by topic author.


regards

Who is online

Users browsing this forum: No registered users and 28 guests