I've configured almost everything the way I wanted, however I have a small issue:

I have a RB5009 POE (ROS) with an CRS 326 (SwOS)

When connecting to my AP (WIFI) and testing my SpeedTest, I obtaint 650/650 with my iphone 11 which makes sense. I tried on my NAS on a docker and still, I obtain 1000/980 which is spot on.

However when I test on my PC connected to a small unifi poe switch, i obtain 450/800. Which is exactly half of my speed connection. When I monitor traffic of the interface, I obtain double bps that it is shown on test page. As if, some of the data was duplicated, I really don't understand this. I tried to torch the interface and yet I won't see.

The config is simple:

Modem of my provider is on VLAN 35 (port 1 on switch 326)
Connection through SFP+ module with the Router
Router establish for the VLAN 35 a PPPOE client connection (which works).
Connection is shared on vlan 1 (default) and another 16 (alternative)
VLAN 1 is on a bridge that covers almost the entire router, the SFP+ and 22 ports of the CRS. VLAN 16 is only for a port on the switch (specific usage).

I just need a hint in the right direction.

Thanks

Michel

Bypass Unifi switch and make tests then.

Thanks for the suggestion but no, it is not the switch, issue still there.

Just to show you what I meant in my initial request.

New test with unify Switch bypassed:


MIchel

I found out why I have the double dps. It seems my NAT rule in not perfectly working...

From my computer with Wireshark, I see that some packets are not UNNATTED, I'm able to see them from the network card of my computer.


upload pictures online privately

I will have to double check my comprehension from NAT to LAN. Since I receive Internet from the CRS, it seems that all ports connected to the switch and the LAN receive that packet. I need to enforce the VLAN, so that nobody could see the packets coming from that port.

I found out why I have the double dps. It seems my NAT rule in not perfectly working...

Speedtest use multiple connections for test, so i dont see something unusual at your screen. Try test with single connection

I mean why do I have connection going to 76.68.167.94 if I'm in my LAN?

I thought the role of NAT was taking this address and converting it back to LANIP based on port.

The computer I'm on is connected to a switch connected to Ether3 of the RB5009 so it shouldn't see any 76.68.167.94 package. Those are packets coming out of the pppoe-client that should be translated, if I figure networking correctly.

Here it is

https://pastebin.com/Qbcr5V39

/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 src-address=\
192.168.88.0/24 to-addresses=192.168.88.0/24

This rule looks very strange.

/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 src-address=\
192.168.88.0/24 to-addresses=192.168.88.0/24

This rule looks very strange.

Yeah I know, it was a rule I got for hairpin nat... not sure why but it seems to be working. I could disable it and see if it resolves the issue... No still the same thing.

Vlan 35 is the VLAN coming from the Modem of my ISP.
It goes to the router through the switch through the SFP+ port
PPPOE client on the VLAN35 to obtain a pppoe-out1
NAT masquerade for pppoe-out1
Bridge on SFP + each port of the router with a DHCP server.

I think I found the issue... the PPPOE is broadcasted on all interface through the bridge so I must exclude that interface from the bridge... still not sure about how I will do it.

Michel