Community discussions

MikroTik App
 
Kl0GG
just joined
Topic Author
Posts: 8
Joined: Fri Oct 21, 2022 11:02 am

Not a full speed at mikrotik router

Sat Dec 03, 2022 12:42 pm

Hey!
Finally, I've changed ISP (and I have an external IP ^^). ISP declared speed is 800mbit and I can achieve that by connecting directly to the ISP modem, unfortunately, the device connected to mikrotik at 1GBit port isn't able to get more than 400mbit. I think my FastTrack is fine cause when I disable it gets down from 400 to 100mbit. I've checked the cables and all are fine, device and ISP modem connects at 1Gbps/Full.
Any idea what's wrong? Can't find any info on the forum what more I can check?
Below is my configuration:
# dec/03/2022 11:35:44 by RouterOS 7.6
# software id = W809-WKMN
#
# model = RB2011UiAS
# serial number = 763107CFDDAF
/interface bridge
add admin-mac=64:D1:54:13:88:1C auto-mac=no fast-forward=no name=LOCAL-BRIDGE
/interface ethernet
set [ find default-name=ether1 ] name=ETH1-FIB-WAN
set [ find default-name=ether2 ] name=ETH2-LTE-WAN
set [ find default-name=ether3 ] name=ETH3-NAT
set [ find default-name=ether4 ] name=ETH4-NAT
set [ find default-name=ether5 ] name=ETH5-NAT
set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH6-NAT
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH7-NAT
set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH8-NAT
set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH9-NAT
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH10-NAT
set [ find default-name=sfp1 ] name=SFP-NAT
/interface vlan
add comment=GUEST interface=LOCAL-BRIDGE name=GUEST vlan-id=3
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN-INTERFACES
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] name=GUEST
/ip pool
add comment=LAN name=dhcp ranges=172.16.1.1-172.16.1.200
add comment=GUEST name=DHCP-GUEST ranges=192.168.0.100-192.168.0.150
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay interface=LOCAL-BRIDGE name=DHCP-LAN
add address-pool=DHCP-GUEST interface=GUEST name=DHCP-GUEST
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
add addresses=0.0.0.0/0,::/0 authentication-protocol=SHA1 encryption-protocol=AES name=monitoring security=private write-access=yes
/user group
add name=homeassistant policy=reboot,read,write,policy,test,api,!local,!telnet,!ssh,!ftp,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api
/interface bridge port
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH6-NAT
add bridge=LOCAL-BRIDGE hw=no ingress-filtering=no interface=SFP-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH3-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH4-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH5-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH7-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH8-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH9-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH10-NAT
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=SFP-NAT list=discover
add interface=ETH2-LTE-WAN list=WAN-INTERFACES
add interface=ETH3-NAT list=discover
add interface=ETH4-NAT list=discover
add interface=ETH5-NAT list=discover
add interface=ETH6-NAT list=discover
add interface=ETH7-NAT list=discover
add interface=ETH8-NAT list=discover
add interface=ETH9-NAT list=discover
add interface=ETH10-NAT list=discover
add interface=LOCAL-BRIDGE list=discover
add interface=LOCAL-BRIDGE list=mactel
add interface=LOCAL-BRIDGE list=mac-winbox
add interface=ETH1-FIB-WAN list=WAN-INTERFACES
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=172.16.0.1/22 comment=LAN interface=LOCAL-BRIDGE network=172.16.0.0
add address=192.168.0.1/24 comment=GUEST interface=GUEST network=192.168.0.0
/ip dhcp-client
add interface=ETH1-FIB-WAN use-peer-dns=no use-peer-ntp=no
add default-route-distance=2 interface=ETH2-LTE-WAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=172.16.1.200 client-id=1:34:2:86:b3:26:c1 mac-address=34:02:86:B3:26:C1 server=DHCP-LAN
add address=172.16.1.222 client-id=1:60:6d:c7:1e:7c:f7 comment="Sony Bravia TV" mac-address=60:6D:C7:1E:7C:F7 server=DHCP-LAN
add address=172.16.0.30 comment="HP T620" mac-address=7C:D3:0A:10:9B:8B server=DHCP-LAN
add address=172.16.3.10 client-id=1:ec:71:db:6b:d0:99 mac-address=EC:71:DB:6B:D0:99 server=DHCP-LAN
add address=172.16.3.50 comment="Tuya WiFi Kotlownia" disabled=yes mac-address=84:E3:42:4E:34:34 server=DHCP-LAN
add address=172.16.3.100 client-id=1:50:eb:f6:5:98:89 comment="Wideodomofon - Client AP" mac-address=50:EB:F6:05:98:89 server=DHCP-LAN
add address=172.16.3.101 client-id=1:72:91:41:23:3d:56 comment="Wideodomofon - Tuya" mac-address=72:91:41:23:3D:56 server=DHCP-LAN
add address=172.16.3.102 comment="Tasmota OpenThermGW" mac-address=C8:C9:A3:5D:EC:0C server=DHCP-LAN
add address=172.16.0.99 client-id=1:b0:52:16:60:4d:8c mac-address=B0:52:16:60:4D:8C server=DHCP-LAN
add address=172.16.1.201 client-id=1:38:de:ad:e1:a4:97 mac-address=38:DE:AD:E1:A4:97 server=DHCP-LAN
add address=172.16.3.103 mac-address=94:B9:7E:FA:83:58 server=DHCP-LAN
/ip dhcp-server network
add address=172.16.0.0/22 comment=LAN dns-server=172.16.0.2,172.16.0.3 gateway=172.16.0.1 netmask=22 ntp-server=172.16.0.1
add address=192.168.0.0/24 comment=GUEST dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d max-concurrent-queries=120 max-concurrent-tcp-sessions=30 servers=172.16.0.2
/ip dns static
add address=172.16.0.1 name=mikrotik.lan
add address=172.16.1.200 name=uBox.lan
add address=172.16.0.30 name=hp.srv
add address=172.16.0.2 name=raspberry.lan
add address=172.16.0.10 name=switch.lan
add address=172.16.0.20 name=ubiquiti1.lan
add address=172.16.0.20 name=ubiquiti2.lan
add address=172.16.0.99 name=printer.lan
add address=192.168.8.1 name=lte.lan
/ip firewall address-list
add address=172.16.0.0/12 list=local_traffic
add address=192.168.0.0/16 list=local_traffic
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="defconf: drop all from WAN" in-interface-list=WAN-INTERFACES
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN-INTERFACES
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.0/22 src-address=172.16.0.0/22
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN-INTERFACES
add action=masquerade chain=srcnat out-interface-list=WAN-INTERFACES src-address=192.168.0.0/24
add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN-INTERFACES protocol=tcp to-addresses=172.16.0.42 to-ports=80
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN-INTERFACES protocol=tcp to-addresses=172.16.0.42 to-ports=443
/ip service
set telnet address=172.16.0.0/22
set ftp address=172.16.0.0/22
set www address=172.16.0.0/22
set ssh address=172.16.0.0/22
set www-ssl address=172.16.0.0/22 disabled=no
set api address=172.16.0.0/22 disabled=yes
set winbox address=172.16.0.0/22
set api-ssl address=172.16.0.0/22 certificate="Self-signed API certificate"
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/lcd
set time-interval=weekly
/routing rule
add action=lookup-only-in-table disabled=no dst-address=172.16.0.0/22 table=main
add action=lookup-only-in-table disabled=no dst-address=192.168.8.0/30 table=main
/snmp
set contact=Upgreydd enabled=yes location=Rack trap-version=3
/system clock
set time-zone-name=Europe/Warsaw
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=0.pool.ntp.org
add address=1.pool.ntp.org
add address=2.pool.ntp.org
add address=3.pool.ntp.org
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-ip-address=167.86.69.101/32
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 1:13 pm

Official test results indicate that RB2011 can in real life route at around 244Mbps (give or take, depends on particular firewall config) ... many of us find figure under "routing: 25 ip filter rules - 512 byte packet size" to match reality the best. Don't get mislead by wired port speed, only a very few mikrotik devices can route at wire speed.

So your current results (400Mbps) are very decent for this venerable router. For your 800Mbps (plus upload) line you'll need a much faster (and newer) device.
 
Kl0GG
just joined
Topic Author
Posts: 8
Joined: Fri Oct 21, 2022 11:02 am

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 1:35 pm

Thank you @mkx for the explanation. Is there any list of mikrotik routers which will be able to route up to 1gbps? I know (now) CCR1009 will handle that, how about RB4011 or other little cheaper than CR1109?
Last edited by BartoszP on Sat Dec 03, 2022 9:18 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 3:23 pm

Most recommend the RB5009, newer than the RB4011 and around the same price point.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 7:33 pm

Go through the list of ethernet routers, check if they match your needs (number and kind of ports, routing capacity keeping in mind the rule of thumb I mentioned earlier). There are also a few WiFi devices which have some routing umph under the hood (you can always disable wireless if it bothers you).
After you decide on a few models, you can come back and ask for opinions (be sure to state your requirements clearly) as most models have their own gotchas.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 7:38 pm

I dont mind being less obtuse ;-P
More clearly the hapac2 [ $79us ] and hapac3 [ $109us } are older wifi models (wifi is not that great) but wired they can handle the 1 gigs, so those are your cheapest options......

I do see that the hapax2 a newer model is available for [ $99us ] and is also should handle 1gigs or just shy of 1 gig.
The hapax3 also a newer model and with wifi that one can actually recommend, comes in at [ $139 } and can also handle 1gig easily.

So, in order.....
cheapest wired solution hapac2
cheapest wired solution with decent wifi hapax3
more ports, and future growth capable up to 2.5G ISP connection, wired router - RB5009 [ $219us ]
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 7:47 pm

I dont mind being less obtuse ;-P

You're like the guy at the end of fish market ... if anyone asks him how to get decent fish, he'll reach into an old barrel and hand out some smelly fish claiming it's half way to become surströmming. :-P On the other hand I'm trying to give some directions (waiting people to get sidetracked off the pier, but don't tell this anybody).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 7:50 pm

In my scenario nobody starves to death.................

You should enter politics. ;-P
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 7:58 pm

In my scenario nobody starves to death...

Did you ever deal with surströmming? I did and I'd rather starve to death than deal with it again. :-P
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 9:22 pm

Some would rather starve to death than use Mikrotik but others love such yummy fish ... :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Not a full speed at mikrotik router

Sat Dec 03, 2022 10:25 pm

No idea what surströmming is, but I did have some very 'tasty' dried salty fish at the home of a (former x2) Yugoslavian girlfriend. Perchance it was similarly nasty. :-)

Who is online

Users browsing this forum: GoogleOther [Bot], holvoetn, inna and 32 guests