Community discussions

MikroTik App
 
netaccs
just joined
Topic Author
Posts: 6
Joined: Mon Aug 19, 2019 3:14 pm

queue and sloww speed rb1100ahx4

Mon Jan 10, 2022 11:24 am

Hello !
Rb1100ahx4 with 6.49 installed.
When all interfaces are set to auto (1Gbps) there is no issue with internet speed, when interfaces is set to 100Mbps download speed is fine, but upload speed is very slow 5-10Mbps (should be 80-120 at least, that is when interface is auto).
When interface is auto (1 Gbps) download and upload are with the same speed.
Setting up the interface to 100Mbps is for limitation requirement. I try to make few queue but I think they don't work correctly.
I think I have to disable fast track, but I don't know how and I know that fast path and fast track are different thinks.
Here is part of configuration of the router.
# model = RB1100x4
# serial number = D8580XXXXXX
/interface bridge
add name=LAN_bridge
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add bridge=LAN_bridge disabled=yes vlan-ids=10
/interface list member
add interface=ether1 list=WAN
add list=LAN
add interface=LAN_bridge list=LAN
/ip firewall address-list
add address=XXXXXX list=admin_nets
add address=XXXXXX list=priv_nets
add address=XXX list=internal_net
add address=XXXX list=vpn_clients
/ip firewall filter
add action=accept chain=input log-prefix=ADMIN src-address-list=admin_nets
add action=accept chain=input connection-state=established,related
add action=accept chain=forward comment="Established, Related" \                <------------------- is that fast track which have to be disabled?
    connection-state=established,related
add action=accept chain=input comment="allow icmp" protocol=icmp
add action=accept chain=output dst-address-list=external_addr protocol=udp
add action=accept chain=output dst-address-list=external_addr protocol=icmp
add action=drop chain=input log=yes log-prefix=DROP
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes src-address=XXXXXXXXXX
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set www port=XXX
So why upload speed is 10-15time slower when interface is set to 100Mbps?
This is queue example which is not work correctly
add max-limit=2M/2M name="test" target=192XXX

In any cases LAN speeds are ok, affected is only internet WAN speed.

Thanks in advance !
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: queue and sloww speed rb1100ahx4

Mon Jan 10, 2022 11:36 am

No idea regarding the dependence of the upload speed on 100 Mbps setting on the ports.

There is no action=fasttrack-connection rule in your firewall rules, so nothing to disable => the reason why the queue doesn't work is different. I hazily remember you must set limit-at as well, setting max-limit alone is not enough. The values may be the same.

Regarding security - the default handling in Mikrotik firewall chains is accept, so the single rule in chain forward of filter doesn't change anything. If you want the router to act as a firewall for the LAN, you have to permit connections initiated from LAN by another rule (chain=forward action=accept in-interface-list=!WAN, which requires that you first define an interface list named WAN and then make the actual WAN interfaces members of that list), and then add a chain=forward action=drop rule to the end of the chain just like you did in chain input. Similarly, the rules in chain output do effectively nothing for the same reason. But unless you want the router itself from sending packets somewhere, you can leave that chain empty.
 
netaccs
just joined
Topic Author
Posts: 6
Joined: Mon Aug 19, 2019 3:14 pm

Re: queue and sloww speed rb1100ahx4

Mon Jan 10, 2022 10:16 pm

No, I don't want LAN firewall, only WAN.
Just want to setup limitation of internet speed and don't know why doesn't work.

I setup the queue using winbox. I set target for example 1MB/sec for WAN port.
Trying with ftp clients, without queue the speed is ~ 8-9 MB/sec, with queue is 2-3-MB/s, but I saw that
2-3-4 different clients (pc's) at the same time can make transfer with that speed.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: queue and sloww speed rb1100ahx4

Mon Jan 10, 2022 10:40 pm

No, I don't want LAN firewall, only WAN.
Maybe you don't get what I wanted to say. Even if you only expect attacks to come to the WAN interface, it's still one thing is to protect the router itself and another thing to protect the LAN side clients of the router.

If you do not need to protect the LAN side clients, you don't need any rules in chain forward of /ip firewall filter at all.

Just want to setup limitation of internet speed and don't know why doesn't work.

I setup the queue using winbox. I set target for example 1MB/sec for WAN port.
Trying with ftp clients, without queue the speed is ~ 8-9 MB/sec, with queue is 2-3-MB/s, but I saw that
2-3-4 different clients (pc's) at the same time can make transfer with that speed.
That depends on the type of the queue. pcq type queues do exactly that - apply the same limits to all flows matching the same classifier. So if the classifier is an ip address (src-address for upload and dst-address for download), all flows of the same LAN client are limited together, but flows of another client with a different IP address are treated separately.

When talking about /queue simple, target is a term for the interface or of a subnet (prefix) for which the limitation should apply, so using the same name for the expected bandwidth limit is confusing. We have limit-at, which is the minimum bandwidth that the target always gets, and max-limit, which is the maximum bandwidth the target gets even if more bandwidth is available. At least the limit-at is confusing too, but that's how it is.

And if I remember well, you must set both limit-at and max-limit to something else than 0, otherwise the queue is ignored.

Who is online

Users browsing this forum: itvisionpk, massinia, menyarito and 96 guests