Community discussions

MikroTik App
 
kanuns
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Mon Nov 19, 2018 5:10 pm

Why Speed Limited on Internet?

Wed Sep 28, 2022 11:23 pm

Hi all,

I have a strange issue, and it started a few days ago. I have CCR1016-12G. I have Hotspot on few ports and some other ports. My Internet is on ether1 and It was running fine. But now, none of my devices can get speed beyond 7mbps. I have changed the ISP and it is still giving the same results. on the hotspot ports it is suppose to limit but i.e. according to the profiles; but it is treating every IP/device the same way meaning no speed more than 8mbps.

I have checked via iperf by sending and receiving data on a VM and it gives 946 mbps which is what is accepted.
I have connected my PC to my ISP and it gives 450+ speed.
Strange thing, i used bandwidth test from CCR to my another mikrotik (hex, which I introduced between ISP and lan router) and this also gives the same result i.e. 8 or less mbps.
I disconnected the LAN CCR and connected my laptop to the hex, and it gives 450+ mbps internet speed.

I just dont understand what is the matter with this device. I am also attaching my config. Please do check and help me. I am in dire need. :-(

P.S. I have removed names and passwords etc and because of privacy reasons. I hope people understand that.
# sep/28/2022 12:48:20 by RouterOS 7.5
# software id = I66E-W9EM
#
# model = CCR1016-12G
/interface bridge
add name="VMs Bridge"
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=Ether1 loop-protect=on name=\
    "WAN ISP"
set [ find default-name=ether2 ] comment=Ether2 loop-protect=on name=\
    "WAN2 Backup GPON1"
set [ find default-name=ether3 ] loop-protect=on name="ether3 "
set [ find default-name=ether4 ] loop-protect=on
set [ find default-name=ether8 ] comment="Link"
set [ find default-name=ether9 ] comment="VMs Bridge"
set [ find default-name=ether10 ] comment="VMs Bridge"
set [ find default-name=ether11 ] comment="VM Bridge"
/interface l2tp-client
add connect-to=XXXXX disabled=no name="Cloud Router" use-ipsec=yes \
    user=voguelan
add connect-to=XXXXX8.81 name=HP user=abcd

/interface list
add exclude=dynamic name=discover
add name="check backup"
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=43 name=unifi value=0x0104C0A84405
/ip hotspot profile
add hotspot-address=10.5.50.1 name=hsprof2
/ip hotspot user profile
set [ find default=yes ] address-list="Normal Users" incoming-packet-mark=\
    NormalUsers mac-cookie-timeout=4w2d name=Team_DK outgoing-packet-mark=\
    NormalUsers rate-limit=9072k/9072k shared-users=5
add !idle-timeout !keepalive-timeout mac-cookie-timeout=1d name="Trial User" \
    rate-limit=6072k/6072k session-timeout=2h shared-users=unlimited
add address-list="Normal Users" idle-timeout=12h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=4w2d name=Residents \
    outgoing-packet-mark=NormalUsers rate-limit=7572k/7572k shared-users=2
add address-list="Normal Users" idle-timeout=2h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=1d name=Nomad \
    outgoing-packet-mark=NormalUsers rate-limit=7572k/7572k shared-users=20
add idle-timeout=9h incoming-packet-mark=NormalUsers !keepalive-timeout \
    mac-cookie-timeout=3w1d name=housekeeping outgoing-packet-mark=\
    NormalUsers rate-limit=5072k/5072k session-timeout=14h
add address-list="Normal Users" idle-timeout=12h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=4w2d name=Premium \
    outgoing-packet-mark=NormalUsers rate-limit=10072k/10072k shared-users=3
add address-list="Normal Users" !idle-timeout incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=4w2d name=Devices \
    outgoing-packet-mark=NormalUsers rate-limit=5072k/5072k shared-users=10
add address-list="Normal Users" idle-timeout=2h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=1d name=Event_Customers \
    outgoing-packet-mark=NormalUsers rate-limit=7572k/7572k shared-users=40
add address-list="Normal Users" !idle-timeout incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=5w5d name=Ultra \
    outgoing-packet-mark=NormalUsers rate-limit=21072k/21072k \
    session-timeout=2h shared-users=3
add idle-timeout=12h incoming-packet-mark=NormalUsers !keepalive-timeout \
    mac-cookie-timeout=4w2d name=Inov8 outgoing-packet-mark=NormalUsers \
    rate-limit=7572k/7572k shared-users=2
add address-list="For Static GPON 1" idle-timeout=12h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=4w2d name=GPON1_Static \
    outgoing-packet-mark=NormalUsers rate-limit=7572k/7572k shared-users=2
add address-list="For Static GPON 2" idle-timeout=12h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=4w2d name=GPON2_Static \
    outgoing-packet-mark=NormalUsers rate-limit=7572k/7572k shared-users=2
add address-list="Normal Users" idle-timeout=3h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=5w5d name=safi-testing \
    outgoing-packet-mark=NormalUsers shared-users=unlimited
add address-list="Normal Users" idle-timeout=12h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=4w2d name="Ultra 24/7" \
    outgoing-packet-mark=NormalUsers rate-limit=21072k/21072k shared-users=3
add address-list="Normal Users" idle-timeout=12h incoming-packet-mark=\
    NormalUsers keepalive-timeout=none mac-cookie-timeout=4w2d name=\
    Residents+ outgoing-packet-mark=NormalUsers rate-limit=15572k/10072k \
    shared-users=2
add address-list="Normal Users" idle-timeout=12h incoming-packet-mark=\
    NormalUsers keepalive-timeout=none mac-cookie-timeout=4w2d name=\
    "Premium low" outgoing-packet-mark=NormalUsers rate-limit=7572k/7572k \
    shared-users=3
add address-list="For Static GPON 3" idle-timeout=12h incoming-packet-mark=\
    NormalUsers keepalive-timeout=none mac-cookie-timeout=4w2d name=\
    GPON3_Static outgoing-packet-mark=NormalUsers rate-limit=7572k/7572k \
    shared-users=2
add idle-timeout=12h incoming-packet-mark=NormalUsers keepalive-timeout=none \
    mac-cookie-timeout=4w2d name="Device logins" outgoing-packet-mark=\
    NormalUsers rate-limit=7572k/7572k shared-users=20
add address-list="Normal Users" idle-timeout=12h incoming-packet-mark=\
    NormalUsers keepalive-timeout=none mac-cookie-timeout=4w2d name=\
    "Careem login" outgoing-packet-mark=NormalUsers rate-limit=7572k/75572k \
    shared-users=55
add address-list="Normal Users" idle-timeout=12h incoming-packet-mark=\
    NormalUsers !keepalive-timeout mac-cookie-timeout=4w2d name=\
    "Ultra max (only for dk staff)" outgoing-packet-mark=NormalUsers \
    rate-limit=51072k/51072k shared-users=4
/ip hotspot profile
add dns-name=wifi.daftarkhwan.com hotspot-address=192.168.50.1 login-by=\
    cookie,http-chap,http-pap,trial,mac-cookie name=hsprof3 \
    trial-user-profile="Trial User"
/ip pool
add name=hs-pool-9 ranges=10.5.50.2-10.5.50.254
add name=dhcp_pool7 ranges=172.16.0.2-172.16.3.254
add name=dhcp_pool10 ranges=192.168.68.50-192.168.68.254
add name=Spillover6 ranges=173.16.0.10-173.16.3.240
/ip dhcp-server
add address-pool=dhcp_pool10 interface="VMs Bridge" name=dhcp2
/ip pool
add name="Spillover pool5" next-pool=Spillover6 ranges=\
    192.168.57.10-192.168.57.250
add name=spillover_pool4 next-pool="Spillover pool5" ranges=\
    192.168.56.10-192.168.56.200
add name=spillover_pool3 next-pool=spillover_pool4 ranges=\
    192.168.55.10-192.168.55.225
add name=spillover_pool2 next-pool=spillover_pool3 ranges=\
    192.168.51.101-192.168.51.230
add name=spillover_pool1 next-pool=spillover_pool2 ranges=\
    192.168.51.10-192.168.51.100
add name=dhcp_pool9 next-pool=spillover_pool1 ranges=\
    192.168.50.10-192.168.50.254
/ip dhcp-server
add address-pool=dhcp_pool9 interface=bridge1 lease-time=1h10m name=dhcp1
/ip hotspot
add address-pool=dhcp_pool9 addresses-per-mac=1 disabled=no idle-timeout=none \
    interface=bridge1 name=hotspot1 profile=hsprof3
/port
set 0 name=serial0
set 1 name=serial1
/queue simple
add max-limit=8M/8M name="G Mi" target=\
    192.168.50.231/32,192.168.50.230/32,192.168.50.229/32

add max-limit=25M/25M name="Velo Temp" target=192.168.50.111/32

add max-limit=12M/12M name="TaarServer" target=\
    192.168.55.12/32,192.168.55.13/32,192.168.55.14/32,192.168.55.15/32
add max-limit=10M/10M name="Alchemative Server" target=192.168.55.5/32
add max-limit=15M/15M name="TCL" target=192.168.55.238/32
add max-limit=15M/15M name=PS4 target=192.168.55.228/32,192.168.50.42/32
add disabled=yes max-limit=40M/40M name="Saji" target=192.168.50.81/32
add comment=Devices max-limit=30M/45M name="DVR" target="192.168.50.\
    246/32,192.168.51.49/32,192.168.55.248/32,192.168.55.247/32,192.168.50.214\
    /32,192.168.50.97/32,192.168.55.112/32,192.168.50.213/32,192.168.51.135/32\
    "
add max-limit=20M/20M name="TCL Lounge" target="192.168.50.238/32,192.168.50.2\
    37/32,192.168.50.236/32,192.168.50.235/32,192.168.51.229/32,192.168.55.91/\
    32,192.168.56.114/32"
add max-limit=10M/10M name="A" target="192.168.50.235/32,192.168.50.239/3\
    2,192.168.50.240/32,192.168.50.241/32,192.168.50.242/32,192.168.55.242/32,\
    192.168.55.241/32,192.168.50.144/32,192.168.55.19/32"
add max-limit=30M/30M name="Faisal PC" target=\
    192.168.51.80/32,192.168.51.103/32,192.168.56.43/32
add max-limit=50M/95M name="A PC" target=\
    192.168.50.245/32,192.168.50.244/32,192.168.50.243/32,192.168.55.67/32

add max-limit=10M/10M name="LED" target=\
    192.168.51.171/32,192.168.55.160/32,192.168.51.21/32,192.168.55.32/32,,
add comment="Access Points" disabled=yes max-limit=200M/200M name=\
    "ALL Access Points" target="192.168.50.248/32,192.168.50.249/32,192.168.50\
    .251/32,192.168.50.252/32,192.168.50.253/32,192.168.50.254/32"
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 name=notpublic
add addresses=0.0.0.0/0 name=librenms security=private
/system logging action
set 1 disk-file-count=4 disk-lines-per-file=10000
add email-start-tls=yes email-to=XXXXXX name=email target=email
add name=graylogDNS remote=172.16.0.2 remote-port=5571 target=remote
add name=graylogINFO remote=172.16.0.2 remote-port=5572 target=remote
add name=graylogcritical remote=172.16.0.2 remote-port=5573 target=remote
add name=graylogsystem remote=172.16.0.2 remote-port=5574 target=remote
add name=graylogwarning remote=172.16.0.2 remote-port=5575 target=remote
/interface ovpn-client
add certificate=*1 cipher=aes256 connect-to=XXXXXX disabled=yes \
    mac-address=02:2D:7C:72:CE:D8 name=ovpn-out1 use-peer-dns=no user=\
    voguelan-ovpn verify-server-certificate=yes
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface="ether3 "
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
add bridge="VMs Bridge" interface=ether10
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge="VMs Bridge" interface=ether9
add bridge="VMs Bridge" interface=ether11
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list="check backup"
/interface list member
add interface="WAN2 Backup GPON1" list="check backup"
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.50.1/24 interface=bridge1 network=192.168.50.0
add address=192.168.202.2/24 interface="WAN2 Backup GPON1" network=\
    192.168.202.0
add address=192.168.51.1/24 interface=bridge1 network=192.168.51.0
add address=172.16.0.1/22 interface=ether12 network=172.16.0.0
add address=192.168.55.1/24 interface=bridge1 network=192.168.55.0
add address=192.168.185.252/24 interface="WAN ISP" network=192.168.185.0
add address=192.168.56.1/24 interface=bridge1 network=192.168.56.0
add address=192.168.68.1/24 interface="VMs Bridge" network=192.168.68.0
add address=10.2.2.1/24 interface=ether8 network=10.2.2.0
add address=192.168.57.1/24 interface=bridge1 network=192.168.57.0
add address=173.16.0.1/22 interface=bridge1 network=173.16.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no disabled=yes interface="WAN ISP" use-peer-dns=\
    no
add disabled=yes interface="WAN2 Backup GPON1"
add add-default-route=no disabled=yes interface="WAN ISP" use-peer-dns=\
    no
add disabled=yes interface="WAN2 Backup GPON1"
/ip dhcp-server alert
add disabled=no interface=bridge1 on-alert="#if rougue is detected\r\
    \n#send email\r\
    \n/tool e-mail send subject=(\"Rogue DHCP Server is detected at vogue\") \
    \\\r\
    \nbody=(\"this is the mac adddress\" . [/ip dhcp-server alert get [find in\
    terface=bridge1] unknown-server]) \\ to=(\"XXXXXXX\") tls=yes\
    \r\
    \n" valid-server="2C:C8:1B:B2:F0:24,2C:C8:1B:B2:F0:25,2C:C8:1B:B2:F0:26,2C\
    :C8:1B:B2:F0:27,2C:C8:1B:B2:F0:28"
/ip dhcp-server lease
add address=192.168.68.5 comment="Unifi Controller" mac-address=\
    00:0C:29:41:4B:13 server=dhcp2
add address=192.168.68.4 client-id=\
    ff:bc:9a:4a:2d:0:2:0:0:ab:11:5d:81:54:e8:e7:ff:56:43 comment=NMS \
    mac-address=00:0C:29:F6:D5:34 server=dhcp2
add address=192.168.68.9 client-id=1:0:23:24:ab:a8:51 comment=VMware \
    mac-address=00:23:24:AB:A8:51 server=dhcp2
add address=192.168.68.6 client-id=1:00:0C:29:99:04:3B comment=\
    "Windows Anviz Host" mac-address=00:0C:29:99:04:3B server=dhcp2
add address=192.168.68.254 client-id=1:ec:f4:bb:be:f1:50 comment=VMware \
    mac-address=EC:F4:BB:BE:F1:50 server=dhcp2
add address=192.168.68.253 client-id=1:0:c:29:70:13:3f mac-address=\
    00:0C:29:70:13:3F server=dhcp2
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.68.5 name=XXXXXX

/ip firewall filter
add action=fasttrack-connection chain=forward disabled=yes hw-offload=yes \
    src-address=192.168.68.240
add action=fasttrack-connection chain=forward disabled=yes dst-address=\
    192.168.68.240 hw-offload=yes
add action=drop chain=forward comment=\
    "For Blocking port 80, 22, and 443 for servers" disabled=yes \
    dst-address-list="to Block for Servers" dst-port=80,443,22,21 protocol=\
    tcp src-address-list="!Rogue Pro"
add action=drop chain="server blocking" disabled=yes dst-address-list=\
    "to Block for Servers" dst-port=80,443,21,22 protocol=tcp
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=tcp
add action=accept chain=input dst-port=500,1701,4500 protocol=udp
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
add action=accept chain=input dst-port=123 protocol=udp
add action=accept chain=input dst-port=443,587 protocol=tcp
add action=accept chain=input dst-port=1812,1813 protocol=udp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface="WAN ISP"
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface="WAN2 Backup GPON1"
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface="WAN ISP"
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface="WAN2 Backup GPON1"
add action=drop chain=input comment="drop ssh brute forcers" dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 in-interface="WAN ISP" \
    protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=input comment="drop ssh brute forcers" dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 in-interface="WAN ISP" \
    protocol=udp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1d chain=input connection-state=new dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 protocol=tcp \
    src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1d chain=input connection-state=new dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 protocol=udp \
    src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 protocol=tcp \
    src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 protocol=udp \
    src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 protocol=tcp \
    src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 protocol=udp \
    src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 protocol=udp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 in-interface="WAN ISP" \
    protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=\
    1928,22,21,80,23,5000,5060,1701,500,4500,1194 in-interface="WAN ISP" \
    protocol=udp src-address-list=ssh_blacklist
add action=drop chain=forward disabled=yes dst-port=68 out-interface=\
    "WAN2 Backup GPON1" protocol=udp
/ip firewall mangle
add action=fasttrack-connection chain=prerouting disabled=yes dst-address=\
    192.168.68.240
add action=fasttrack-connection chain=prerouting disabled=yes src-address=\
    192.168.68.240
add action=change-dscp chain=prerouting new-dscp=60 passthrough=yes \
    src-address-list="For Static GPON 1"
add action=change-dscp chain=prerouting dst-address-list="For Static GPON 1" \
    new-dscp=60 passthrough=yes
add action=change-dscp chain=prerouting new-dscp=61 passthrough=yes \
    src-address-list="For Static GPON 2"
add action=change-dscp chain=prerouting dst-address-list="For Static GPON 2" \
    new-dscp=61 passthrough=yes
add action=change-dscp chain=prerouting new-dscp=62 passthrough=yes \
    src-address-list="For Static GPON 3"
add action=change-dscp chain=prerouting dst-address-list="For Static GPON 3" \
    new-dscp=62 passthrough=yes
add action=change-dscp chain=prerouting new-dscp=10 passthrough=yes \
    src-address-list="For Offline GPON"
add action=change-dscp chain=prerouting dst-address-list="For Offline GPON" \
    new-dscp=10 passthrough=yes
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=197.2.2.11 dst-port=8291 \
    protocol=tcp src-address=197.2.2.1 to-addresses=197.2.2.11 to-ports=1928
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.50.0/24
/ip hotspot ip-binding
In bypass there are almost 151 entries. they are not shown due to privacy

/ip hotspot user

In users there are 1300 entries. they are not shown due to privacy
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
/ip route
add check-gateway=ping comment=Primary disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=4.2.2.2 pref-src=0.0.0.0 routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
add comment=Secondary disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    192.168.202.1 pref-src="" routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
add comment="Probe Primary" disabled=no distance=1 dst-address=8.8.4.4/32 \
    gateway=192.168.185.1 pref-src=0.0.0.0 routing-table=main scope=10 \
    suppress-hw-offload=no target-scope=10
add disabled=no dst-address=191.1.1.0/24 gateway=191.1.1.1
add comment=Central disabled=no dst-address=192.168.30.0/24 gateway=191.1.1.1
add disabled=yes dst-address=192.168.35.0/24 gateway=191.1.1.1
add disabled=yes dst-address=192.168.40.0/24 gateway=191.1.1.1
add comment=North disabled=no dst-address=192.168.60.0/24 gateway=191.1.1.1
add disabled=yes dst-address=192.168.88.0/24 gateway=191.1.1.1
add comment=Central disabled=no dst-address=192.168.99.0/24 gateway=191.1.1.1
add comment=Vantage disabled=no dst-address=192.168.108.0/24 gateway=\
    191.1.1.1
add comment=North disabled=no dst-address=192.168.140.0/24 gateway=191.1.1.1
add disabled=no dst-address=192.168.145.0/24 gateway=191.1.1.1
add disabled=no dst-address=192.168.100.0/24 gateway=192.168.185.1
add comment="Probe Primary" disabled=no distance=1 dst-address=0.0.0.0/0 \
    gateway=192.168.185.1 pref-src=0.0.0.0 routing-table=main scope=10 \
    suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=197.2.2.0/24 gateway=197.2.2.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no dst-address=197.2.2.0/24 gateway=197.2.2.1 routing-table=main \
    suppress-hw-offload=no
add disabled=no distance=1 dst-address=198.42.11.0/24 gateway=191.1.1.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment=North disabled=no distance=1 dst-address=192.168.61.0/24 gateway=\
    191.1.1.1 pref-src=0.0.0.0 routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=192.168.30.251/32 gateway=191.1.1.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no dst-address=192.168.1.0/24 gateway=191.1.1.1 routing-table=\
    main suppress-hw-offload=no
add disabled=no distance=1 dst-address=174.16.0.0/22 gateway=191.1.1.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=175.16.0.0/22 gateway=191.1.1.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=192.168.150.0/24 gateway=191.1.1.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=yes distance=1 dst-address=192.168.18.0/24 gateway=197.2.2.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no dst-address=192.168.10.0/24 gateway=191.1.1.1 routing-table=\
    main suppress-hw-offload=no
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=191.1.1.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no dst-address=193.11.0.0/16 gateway=191.1.1.1 routing-table=\
    main suppress-hw-offload=no
add disabled=no dst-address=192.168.1.0/24 gateway=192.168.1.220 \
    routing-table=main suppress-hw-offload=no
add disabled=no dst-address=176.16.0.0/22 gateway=191.1.1.1 routing-table=\
    main suppress-hw-offload=no
add disabled=no distance=1 dst-address=177.16.0.0/22 gateway=191.1.1.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment=Central disabled=no distance=1 dst-address=192.168.31.0/24 \
    gateway=196.1.1.1 pref-src=0.0.0.0 routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=10.3.3.0/24 gateway=191.1.1.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no dst-address=191.1.1.0/24 gateway=191.1.1.1 routing-table=main \
    suppress-hw-offload=no
/ip traffic-flow
set enabled=yes
/ip traffic-flow target
add dst-address=172.16.0.2 port=5570 version=5
/routing rule
add action=lookup-only-in-table disabled=yes dst-address=191.1.1.0/24 table=\
    main
add action=lookup-only-in-table disabled=yes dst-address=198.42.11.0/24 \
    table=main
/snmp
set enabled=yes trap-community=librenms
/system clock
set time-zone-name=Asia/Karachi
/system identity
set name=Lan
/system logging
add action=email topics=critical
add action=graylogDNS topics=dns
add action=graylogINFO topics=info
add action=disk topics=system
add action=disk topics=critical
add action=graylogcritical topics=critical
add action=graylogsystem topics=system
add action=graylogwarning topics=warning
/system note
set note="DO NOT LOGIN\r\
    \nUnauthorized Login will be held in court of Law."
/system ntp client servers
add address=216.239.35.8
/system resource irq rps
set "WAN ISP" disabled=no
set "WAN2 Backup GPON1" disabled=no
set "ether3 " disabled=no
set ether4 disabled=no
set ether5 disabled=no
set ether6 disabled=no
set ether7 disabled=no
set ether8 disabled=no
set ether9 disabled=no
set ether10 disabled=no
set ether11 disabled=no
/system scheduler

/system watchdog
set watchdog-timer=no
/tool bandwidth-server
set authenticate=no
/tool e-mail
set address=smtp.gmail.com from="<LAN>" port=587 tls=starttls user=\
    dk.phase3
/tool graphing interface
add store-on-disk=no
/tool graphing queue
add allow-target=no store-on-disk=no
add allow-address=192.168.0.245/32 allow-target=no store-on-disk=no
/tool graphing resource
add store-on-disk=no
add allow-address=192.168.0.247/32 store-on-disk=no
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
 
elbob2002
Member Candidate
Member Candidate
Posts: 252
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 12:58 am

You have two bridges. Only one can be hardware accelerated. The other is going through CPU and maxing whatever core it's using out.

Check your CPU usage while iPerf is running through each bridge.

Edit - As was pointed out to me not so long ago the only exception are CRS1xx/2xx series switches which allow up to 7 hardware-accelerated bridges
 
kanuns
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Mon Nov 19, 2018 5:10 pm

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 9:02 am

Update: I upgraded the routerboard firmware and it is now v7.5. At first the port to port speed was 1gbps now is just 100mbps.

What i have tested is, anything that is nat-ted is limited to 8 mbps. And it does not matter if it is going outside the network (going to internet) or staying inside (going from one port to another). for example if the ip is 192.168.68.0/24 going to the same network the speed will now be 100mbps. if the IP is 192.168.68.0/24 and going to 192.168.50.0/24 (which is the IP of the router) the speed will be 8mbps

And yes i do understand the HW offloading on bridging, I had tested the CPU, it was not going beyond 10 to 15% when it was working fine.

not luck so far; i may be wrong but i think that the hardware is bad. :-(
 
elbob2002
Member Candidate
Member Candidate
Posts: 252
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 9:18 am

Was that CPU usage overall? What's the usage per core?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 9:21 am

not luck so far; i may be wrong but i think that the hardware is bad. :-(
Doubtful.
Then you would get ZERO. It will most likely be config related.
Do you remember what you changed "some days ago" ?
And before that moment it did work as expected (about 450Mbps speed) ?
What IP address does your PC get when you connect to it ? Connected to which port ?
Same with connection to Hex, how do you connect ? From which port ?
A simple network drawing showing all devices and the ports being used (incl. ISP modem) might help.

I'd watch those queues if I were you ... somehow they seem to be limiting more then you expect. Which is a config error then.
Have the queue window open in front of you and then do some tests.


"Easy" way to test the device is not broken:
- make backup of your config. Also export from terminal: export show-sensitive file=<anynameyouwish>
- put those 2 files away from your device !
- reset device to factory conditions
- ONLY changes allowed are to make internet working. No bridges, no firewall rules, no VLANs, nothing.
- connect your laptop to an ethernet port and see what speed you get.
- restore binary config and things are just as they were before.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 9:32 am

Adding:
since you mention on some ether ports speed seems to be limited to 100Mpbs. That's the speed indicator the interface shows, I assume ?
All ether ports or only some ?
Cables are ok ?
Devices on the other side are 1000Mbps capable ? Are you sure ?

That network diagram would also help here.
 
kanuns
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Mon Nov 19, 2018 5:10 pm

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 9:40 am

Nothing was changed. We cant change any settings because this is running in production environment. I have almost 1000 devices connected to this router. No change was made otherwise they would have an easy license to kill me :-) .
I am arranging a 1100AHx4 and will do the setting manually and than do a reset on this device.
And I said that I may be wrong, i am not saying that I am right that the hardware is bad, I am just saying that this can also be a case, I may have bad luck.

my first experience with 1100AHx4 was very bad, it had hardware fault and the distributor of mikrotik replaced the hardware and mikrotik replaced him. just saying that there are cases. Now the 1100 i am using, is working flawlessly for almost 3 years.
not luck so far; i may be wrong but i think that the hardware is bad. :-(
Doubtful.
Then you would get ZERO. It will most likely be config related.
Do you remember what you changed "some days ago" ?
And before that moment it did work as expected (about 450Mbps speed) ?
What IP address does your PC get when you connect to it ?
I'd watch those queues if I were you ...

"Easy" way to test the device is not broken:
- make backup of your config. Also export from terminal: export show-sensitive file=<anynameyouwish>
- put those 2 files away from your device !
- reset device to factory conditions
- ONLY changes allowed are to make internet working. No bridges, no firewall rules, no VLANs, nothing.
- connect your laptop to an ethernet port and see what speed you get.
- restore binary config and things are just as they were before.
 
Ab5
just joined
Posts: 2
Joined: Fri Jun 12, 2020 10:58 am

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 9:44 am

you have a rate-limit=7572k/7572k set in your hotspot
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 9:45 am

OK, understood. But I would assume those 1000 devices are impacted now as well ?
So either take the long path and muddle along or announce a short break to test if the config is faulty.

Do have a look at the queues though.
Are some turning red when you do not expect them to be ?

And please provide that network diagram :D
 
kanuns
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Mon Nov 19, 2018 5:10 pm

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 1:45 pm

Yes, the 1000 users are affected as their internet speed which depends upon the profile of hotspot, all is limited to 7mbps.

Its a 24/7 space. I will have to go the long way.

Please check the attached picture. I am using the 68.0/24 series, and it is not limited as it the bridge connected to Server. its speed is also limited.
OK, understood. But I would assume those 1000 devices are impacted now as well ?
So either take the long path and muddle along or announce a short break to test if the config is faulty.

Do have a look at the queues though.
Are some turning red when you do not expect them to be ?

And please provide that network diagram :D
You do not have the required permissions to view the files attached to this post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Why Speed Limited on Internet?

Thu Sep 29, 2022 10:15 pm

First a remark:
if it all worked as intented before and suddenly it doesn't anymore, something did change.
Config does not change on it's own.
And since your complete config seems to be impacted but not your ISP connection, chances are high it is something in your config.

A couple of additional questions after briefly looking at your config...

- What's the reason for the hotspot-environment and the 1300 users ? Only to provide internet access or do they also access some devices on the right side of your drawing ?
- Why the 2 bridges ? All can be done using 1 bridge
- why isn't ether8 part of bridge1 ? It's inconsistent with your drawing. I do see further on it's a completely separate subnet (10.2.2.0/24)?

If you disable all queues, what happens ?
It will not impact your users negatively since worst case they will get all bandwidth they can use for a while.

PS if your equipment breaks, you will also have downtime.
If announced upfront to your users, you should be able to get a time window to test a clean config.
Worst case just TELL them WHEN it WILL happen.
24/7 and 100.000% uptime doesn't exist.
 
kanuns
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Mon Nov 19, 2018 5:10 pm

Re: Why Speed Limited on Internet?

Sat Oct 01, 2022 10:49 pm

Update:

I copy pasted all the settings in 1100AHx4 and everything was fine.
Now, the CCR; it is also ... FINE. I just used a AIR Blower to clean the RACK and specifically cleaned the CCR as it was no doubt very very dusty.

Turned on again and it started working like it should. I personally dont know what happened. but everything is working fine since than.

However, what I am not able to figure out is, an issue present and persistent when the main issue was, that it sometimes not opens the hotspot login page for the newly connected device. What I do is, I remove that user from the DHCP lease and ask them to connect again and it works fine.

the above, i think requires another topic, but it came to my mind so i asked.

You people are great; you give others something that cannot be returned and that is TIME. I thank you all for your support.

Who is online

Users browsing this forum: Bing [Bot], erlinden, Majestic-12 [Bot], reinerotto, TheCat12 and 70 guests