I have two WAN Uplinks with 150 and 350 mbps speeds respectively. However, after applying the '10' mangle rules, and making sure that for multi-threaded and non :443 tasks 'both addresses and ports' is used, I still can't get speeds from over ~210 mbps MAX while my CPU hits around 80 - 90 percent. I've posted similar queries on other posts of mine but they have gotten no attention and/or help around it. I've receieved vague responses such as, "RB750gr3 can't do aggregation" etc., and upon asking further, no help!
Please note that I'm new to Mikrotik but not networking in general. I've spent countless hours trying to learn the working of RouterOS and am over exceedingly happy by the same. However, the fact that my router can't fully utilize my ISP plan is a deal breaker for me. Surely I'm missing something, and would appreciate if I'm pointed in the correct direction please.
I simply need to know two things:
1. Is my PCC config the most optimal?
2. Do I need to invest in a more powerful router such as the RB5009UG+S+IN? Or is there a cheaper alternative? After having used PCC and the flexibility it offers, I don't think I can go back to basic round-robin based routers. Remember, I'm trying to hit ~600 mbps.
Below is my config:
Code: Select all
# nov/08/2022 15:48:38 by RouterOS 7.6
# software id = AU10-A1CY
#
# model = RB750Gr3
# serial number = xxxxxxxxxxxx
/interface bridge
add name=bridge-LAN1andLAN2
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1452 mac-address=F8:75:A4:AB:D1:AB mtu=1452 name=ether1-BSNL
set [ find default-name=ether2 ] comment=NetPlus name=ether2-NetPlus
set [ find default-name=ether3 ] comment="LAN - To ASUS" name=ether3-LAN1
set [ find default-name=ether4 ] comment="LAN - Free" name=ether4-LAN2
set [ find default-name=ether5 ] comment="LAN - Management" name=ether5-Management
/disk
set sd1-part1 name=disk1
/interface list
add comment="Contains all WAN Interfaces" name=WAN
add comment="Contains all LAN Interfaces" name=LAN
add comment="Contains Iterfaces with Internet" name=INTERNET
add comment="Contains all Management Interfaces" name=Management
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.88.100-192.168.88.254
add name=dhcp_pool2 ranges=192.168.3.2-192.168.3.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=bridge-LAN1andLAN2 name=Bridge_DCHP_Server
add address-pool=dhcp_pool2 interface=ether5-Management name=Management_DCHP_Server
/port
set 0 name=serial0
/interface pppoe-client
add add-default-route=yes comment=BSNL disabled=no interface=ether1-BSNL max-mru=1450 max-mtu=1450 name=PPPoE-BSNL profile=default-encryption user=joxxxxxxxxxxxx.bsnl.in
/routing table
add fib name=to_ISP_BSNL
add fib name=to_ISP_NetPlus
add disabled=no fib name=only_via_BSNL
add disabled=no fib name=only_via_NetPlus
add disabled=no fib name=directly_to_ASUS
/interface bridge port
add bridge=bridge-LAN1andLAN2 interface=ether3-LAN1
add bridge=bridge-LAN1andLAN2 interface=ether4-LAN2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all internet-interface-list=INTERNET lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add interface=ether1-BSNL list=WAN
add interface=ether2-NetPlus list=WAN
add interface=ether3-LAN1 list=LAN
add interface=ether4-LAN2 list=LAN
add interface=PPPoE-BSNL list=WAN
add interface=PPPoE-BSNL list=INTERNET
add interface=ether2-NetPlus list=INTERNET
add interface=ether5-Management list=Management
add interface=bridge-LAN1andLAN2 list=LAN
/ip address
add address=192.168.88.1/24 comment=Bridge interface=bridge-LAN1andLAN2 network=192.168.88.0
add address=192.168.1.12/24 comment="To NetPlus Router" interface=ether2-NetPlus network=192.168.1.0
add address=192.168.0.10/24 comment="To BSNL Modem" interface=ether1-BSNL network=192.168.0.0
add address=192.168.3.1/24 comment=Management interface=ether5-Management network=192.168.3.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.3.0/28 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
add address=192.168.88.0/24 dns-server=8.8.8.8,8.8.4.4,218.248.114.129 gateway=192.168.88.1
add address=192.168.89.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet
add address=255.255.255.255 comment=RFC6890 list=not_in_internet
add address=cloud.mikrotik.com list=mikrotik-cloud
add address=cloud2.mikrotik.com list=mikrotik-cloud
add address=whatismyipaddress.com list=what-is-my-ip
/ip firewall filter
add action=accept chain=input comment="Accept, Established & Related" connection-state=established,related
add action=drop chain=input comment="Drop Invalid Connections" connection-state=invalid
add action=accept chain=input comment="Allow ICMP" disabled=yes in-interface=PPPoE-BSNL log=yes log-prefix=FIREWALL_ICMP_HIT protocol=icmp
add action=accept chain=input comment="Allow Winbox (1964)" in-interface=PPPoE-BSNL log=yes log-prefix=FIREWALL_WINBOX_HIT port=1964 protocol=tcp
add action=accept chain=input comment="Allow SSH (1963)" dst-port=1963 in-interface=PPPoE-BSNL log=yes log-prefix=FIREWALL_SSH_HIT protocol=tcp
add action=accept chain=input comment="Allow HTTP and HTTPs (80,443)" dst-port=80,443 in-interface=PPPoE-BSNL log=yes log-prefix=FIREWALL_WebServer_HIT protocol=tcp
add action=accept chain=input comment="Allow HTTP and HTTPs (80,443)" dst-port=80,443 in-interface=PPPoE-BSNL log=yes log-prefix=FIREWALL_HTTPS_HIT protocol=udp
add action=drop chain=input comment="Block Everything Else" in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=output dst-address-list=mikrotik-cloud log=yes new-routing-mark=only_via_BSNL passthrough=no
add action=mark-routing chain=output disabled=yes dst-address=192.168.50.0/24 log=yes log-prefix=To_ASUS new-routing-mark=directly_to_ASUS passthrough=no
add action=mark-routing chain=prerouting dst-address-list=what-is-my-ip log=yes new-routing-mark=only_via_BSNL passthrough=no
add action=accept chain=prerouting disabled=yes dst-address=192.168.0.0/24
add action=accept chain=prerouting disabled=yes dst-address=192.168.1.0/24
add action=mark-connection chain=prerouting comment="WAN to LAN" connection-mark=no-mark in-interface=PPPoE-BSNL new-connection-mark=ISP_BSNL passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2-NetPlus new-connection-mark=ISP_NetPlus passthrough=no
add action=mark-connection chain=prerouting comment=PCC::Mangles connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses:10/0 \
protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses:10/1 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses:10/2 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/3 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/4 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/5 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/6 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/7 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/8 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/9 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses:10/0 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses:10/1 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses:10/2 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/3 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/4 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/5 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/6 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/7 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/8 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses:10/9 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses-and-ports:10/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses-and-ports:10/1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_BSNL passthrough=yes per-connection-classifier=both-addresses-and-ports:10/2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses-and-ports:10/3
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses-and-ports:10/4
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses-and-ports:10/5
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses-and-ports:10/6
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses-and-ports:10/7
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses-and-ports:10/8
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!not_in_internet dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP_NetPlus passthrough=yes per-connection-classifier=both-addresses-and-ports:10/9
add action=mark-routing chain=prerouting comment="Outgoing Traffic with PCC" connection-mark=ISP_BSNL in-interface-list=LAN new-routing-mark=to_ISP_BSNL passthrough=no
add action=mark-routing chain=prerouting connection-mark=ISP_NetPlus in-interface-list=LAN new-routing-mark=to_ISP_NetPlus passthrough=no
add action=mark-routing chain=output connection-mark=ISP_BSNL new-routing-mark=to_ISP_BSNL out-interface=PPPoE-BSNL passthrough=no
add action=mark-routing chain=output connection-mark=ISP_NetPlus new-routing-mark=to_ISP_NetPlus out-interface=ether2-NetPlus passthrough=no
/ip firewall nat
add action=dst-nat chain=dstnat comment="NGINX Reverse Proxy Forward to ASUS" dst-port=80 in-interface=PPPoE-BSNL log=yes log-prefix=HIT_NON_Secure_WebServer_NGINX port="" protocol=tcp to-addresses=192.168.88.2 to-ports=81
add action=dst-nat chain=dstnat dst-port=443 in-interface=PPPoE-BSNL log=yes log-prefix=HIT_Secure_WebServer_NGINX port="" protocol=tcp to-addresses=192.168.88.2 to-ports=444
add action=dst-nat chain=dstnat dst-port=80,433 in-interface=PPPoE-BSNL log=yes log-prefix=HIT_WebServer_NGINX port="" protocol=udp to-addresses=192.168.88.2
add action=dst-nat chain=dstnat comment="OpenVPN Forward to ASUS" dst-port=1194 in-interface=PPPoE-BSNL log=yes log-prefix=OpenVPN protocol=udp to-addresses=192.168.88.2 to-ports=1194
add action=masquerade chain=srcnat comment="General NAT for all WAN (includes Failover)" out-interface=PPPoE-BSNL
add action=masquerade chain=srcnat out-interface=ether2-NetPlus protocol=tcp to-addresses=192.168.1.1
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping comment="Default Route for NetPlus" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Load Balancing Route to ISP BSNL" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-BSNL pref-src="" routing-table=to_ISP_BSNL scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Load Balancing Route to ISP NetPlus" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1@main pref-src="" routing-table=to_ISP_NetPlus scope=30 suppress-hw-offload=no target-scope=10
add comment="For Cloud Update" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-BSNL pref-src="" routing-table=only_via_BSNL scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Only via NetPlus" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 pref-src="" routing-table=only_via_NetPlus scope=30 suppress-hw-offload=no target-scope=10
add comment="Default Route for BSNL" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=PPPoE-BSNL pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=192.168.50.0/24 gateway=192.168.88.2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=ether3-LAN1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=1963
set api disabled=yes
set winbox port=1964
set api-ssl disabled=yes
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Kolkata
/system scheduler
add interval=20m name=Update_Google_Domains_IP on-event="# Variables\r\
\n# Username and password are the long cryptic ones Google Domains provides,\r\
\n# not your regular Google account ones\r\
\n:local GoogleDNSUsername \"xxxxxxxxxx\"\r\
\n:local GoogleDNSPassword \"xxxxxxxxx\"\r\
\n:local hostName \"xxxxxxxxxx\"\r\
\n:local currentIP \"\"\r\
\n:local setResults \"\"\r\
\n:local previousIP \"\"\r\
\n\r\
\n# Script\r\
\n:set currentIP [/ip cloud get public-address]\r\
\n:set previousIP [:resolve \"\$hostName\"]\r\
\n\r\
\n:if (\$currentIP != \$previousIP) do={\r\
\n:do {\r\
\n/tool fetch url=\"https://\$GoogleDNSUsername:\$GoogleDNSPassword@domains.google.com/nic/update\?hostname=\$hostName&myip=\$currentIP\" mode=https dst-path=/disk1/GoogleDNS.txt\r\
\n:set setResults [/file/ get disk1/GoogleDNS.txt contents];\r\
\n:log info (\"GoogleDNS said this: \$setResults\")\r\
\n} on-error={ \r\
\n:log error (\"GoogleDNS: script failed to set new IP address\") \r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=oct/20/2020 start-time=22:55:00
add interval=1d name="Reboot Every Morning @ 4:30 AM" on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=oct/20/2020 start-time=04:30:00
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool sniffer
set file-limit=500000KiB file-name=/disk1/ron.pcap filter-interface=ether1-BSNL,PPPoE-BSNL,ether3-LAN1 streaming-server=192.168.50.20
And below is a high-level network topology I have. Help and guidance is much appreciated.
Kind Regards,