Community discussions

MikroTik App
 
dhwzh
just joined
Topic Author
Posts: 5
Joined: Sun May 06, 2018 7:42 pm

Bad performance (slow) of RB2011UAS-2HnD

Thu Feb 16, 2023 12:22 pm

Hello, everyone

Is RB2011UiAS-2HnD-IN still in use? The maximum broadband of my device can only reach about 200M.

In multiple tests, I only managed to get maximum download speeds of around 200mbps, even with Fasttrack enabled. I've removed almost all of the firewall filtering rules for this speed.

When browsing forum articles, some people can get a faster download speed, why can't I?

My RB2011UAS-2HND-IN firmware has been upgraded to the latest version, and the configuration data has been sent. Please check where the problem is.

Thank you very much for your help!
# feb/16/2023 16:50:48 by RouterOS 7.7
# software id = I2TM-I1DH
#
# model = RB2011UAS-2HnD

/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether5 ] mac-address=54:F6:C5:12:62:45
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether5 name=pppoe-out1 user=XXXXXXXXXXX
/interface wireless
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1 ranges=192.168.88.100-192.168.88.199
/ip dhcp-server
add address-pool=pool1 interface=bridge1 name=server1
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=sfp1
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=202.100.64.68,223.5.5.5
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=pppoe-out1 type=external
/system clock
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bad performance (slow) of RB2011UAS-2HnD

Thu Feb 16, 2023 2:23 pm

why did you remove default firewall rules....... ??
At least you have fastrack so not sure why the slowdown.
Its an older router but one would think 300-400 should be possible.
 
un9edsda
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sun Mar 15, 2020 11:11 pm

Re: Bad performance (slow) of RB2011UAS-2HnD

Fri Feb 17, 2023 1:55 am

Is RB2011UiAS-2HnD-IN still in use? The maximum broadband of my device can only reach about 200M.
According to the "Products" page it is not an EoL device.

In multiple tests, I only managed to get maximum download speeds of around 200mbps, even with Fasttrack enabled. I've removed almost all of the firewall filtering rules for this speed.
Since you have removed most of the firewall rules it maybe easier to start from scratch to sort the configuration out. I do not know whether you have upgraded from RouterOS v6 or have netinstalled 7.3 or newer version which has fixed among other things:
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
If you haven't than maybe it is the right time to export your configuration with
export show-sensitive file=thedesirednameoftheexportedconfigfile
than copy it to your computer so you have it as a reference at hand (for Internet and WiFi setup among other things).

Based on your configuration export I assume that
  • you have a single Internet connection
  • your ISP's Ethernet cable is connected to the Eth5
  • your ISP handling the accounting using PPPoE
  • you have started from the default configuration
As a foreword: PPPoE is quite CPU hungry, therefore it will likely limit your upload and download bandwidth to and from the Internet (compared to a DHCP based accounting). However having sad that your configuration is suboptimal performance wise (and since most of the firewall rules are gone from a security point of view too).

Unfortunately the default configuration on at least a few devices with more than one switch chip is one which is mentioned as a typical Layer 2 misconfiguration in the current documentation: Bridgeing and Switching Case Studies / Layer2 misconfiguration / VLAN filtering with multiple switch chips. Upon checking the block diagram of RB2011UiAS-2HnD-IN one can see that it has two switch chips and a WLAN module too therefore from performance point of view having a single bridge with all of the ports may be suboptimal. According to the current documentation the RB2011UiAS-2HnD-IN has an Atheros 8327 and a Atheros 8227 switch chip. The two switches have different Bridge Hardware Offloading capabilities. Beside this these two chips have other differences too as described in the Bridging and Switching / Switch Chip Features as described in the documentation. Therefore to maximise the throughput you should use two separate bridges: one for the SFP and Eth1 to Eth4 ports (as Eth5 is your Internet uplink) and another one for Eth6 to Eth10 ports while keeping in mind not to enable features on the two separate bridges that are not supported in the respective switch chip's hardware.

As a side note should you decide to implement Basic VLAN switching following the case study in the documentation than heed the warning in it:
On QCA8337 and Atheros8327 switch chips, a default vlan-header=leave-as-is property should be used. The switch chip will determine which ports are access ports by using the default-vlan-id property. The default-vlan-id should only be used on access/hybrid ports to specify which VLAN the untagged ingress traffic is assigned to.
and adapt the configuration (bridge1 should only have the Atheros8327 connected ports):
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
/interface ethernet switch vlan
add ports=ether1,ether2 switch=switch1 vlan-id=20
add ports=ether1,ether3 switch=switch1 vlan-id=30
add ports=ether1,switch1-cpu switch=switch1 vlan-id=99
/interface vlan
add interface=bridge1 vlan-id=99 name=MGMT
/ip address
add address=192.168.99.1/24 interface=MGMT
/interface ethernet switch port
set ether1 vlan-mode=secure vlan-header=leave-as-is
set ether2 vlan-mode=secure vlan-header=leave-as-is default-vlan-id=20
set ether3 vlan-mode=secure vlan-header=leave-as-is default-vlan-id=30
set switch1-cpu vlan-header=leave-as-is vlan-mode=secure

And in case of the solution for VLAN filtering with multiple switch chips adapt the solution code as following:
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge2 interface=ether6
add bridge=bridge2 interface=ether7
add bridge=bridge2 interface=ether8
add bridge=bridge2 interface=ether9
add bridge=bridge2 interface=ether10
/interface ethernet switch port
set ether1,ether2,ether3,ether4,ether7,ether8,ether9 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set ether5,ether6,ether10 vlan-header=add-if-missing vlan-mode=secure default-vlan-id=0
set switch1-cpu,switch2-cpu vlan-mode=secure
/interface ethernet switch vlan
add ports=ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=10
add ports=ether6,ether7,ether8,ether9,ether10,switch2-cpu switch=switch2 vlan-id=10

However please do check that switch1 is the Atheros8327 and switch2 is the Atheros8227 one before applying any of the above.
You may do the check in the terminal with the
interface/ethernet/switch/print
command.

As a side note in case you receive IPv6 prefix than you may want to start using it as in case of using GUA or ULA addresses the less resource hungry stateless firewall (raw) can be used instead of the stateful (nat, filter) one which is a must in case of using NAT. Using ULA with NPT enables users with dynamically assigned IPv6 addresses/prefix to avoid the internal reconfiguration of their network each time the ISP assigns a new address/prefix. For details see: NPTv6 / RFC 6296 Support? post #32 and NPTv6 / RFC 6296 Support? post #35. Using ULA enables the convenient use of IPv6 on a LAN with the help of RouterOS' built in DNS resolver. For example to easily reach the printer on the LAN:
ip/dns/static add name=printer.lan type=AAAA address=printersULAaddress
While we are at ISP provided (dynamic) IPv6 addresses/prefixes: the default route (router advertisement) should come from:
ipv6/settings set forward=yes accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes
as the
 ipv6/dhcp-client set interface=thesameinyourcasepppinterfacethatyougetyourinternetconnection request=address,prefix pool-name=yourpreferredpoolname pool-prefix-length=theactuallengthdependingontheproviderusuallyavaluefrom56to64 use-peer-dns=yes rapid-commit=yes add-default-route=no
(note the add-default-route=no in the second command).
 
Moba
Member Candidate
Member Candidate
Posts: 206
Joined: Sun Sep 27, 2020 6:15 pm

Re: Bad performance (slow) of RB2011UAS-2HnD

Sun Feb 19, 2023 10:02 pm

Optimization or not, the SoC is from 2010. Kernel 2.x was used at the time. Expecting the same performance from kernel 5.x 12 years later is not understanding all the things that go into a kernel update. Furthermore, internet speeds have increased dramatically in that timeline. The route cache removal is only part of the issue with this underpowered device. Mitigation of various security vulnerabilities (the route cache was one of them) and new features add extra processing as well. Slowdowns after kernel updates have been well documented on much more powerful systems running Linux over the years.

Most router manufacturers use the SoC manufacturer's SDK, which are tied to a specific kernel version. They'll backport security fixes for a few years (at best), then drop support altogether and make the product EOL. To be fair, kernel updates aren't generally required on highly optimized/specialized embedded devices in their useful lifetime.

On the other hand, MikroTik provides long term support for older models through custom unified builds with backported fixes as required. It's an amazing feat, but not one without limitations. The current state of ROS 7 after so many years is a testament to the complexity of this endeavor. The latest long term builds for this device are 6.xx and based on kernel 3.x. I can't comment on the reasons why these units are still being sold, but they are ancient hardware at this point. While I understand why many users hold on to older devices, unless you need the new features and fixes of 7.x, you should probably downgrade to maximize performance.
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: Bad performance (slow) of RB2011UAS-2HnD

Mon Feb 20, 2023 3:07 pm

If you disable the LCD display, things speed up.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bad performance (slow) of RB2011UAS-2HnD

Mon Feb 20, 2023 5:30 pm

If you want to get the most out of this router, it is probably best to go back to version 6.49.7 instead of 7.7
Also, the published performance figures are for plain routing without extra processing like PPPoE and NAT.
I have some of these in a plain routed network and indeed with Fasttrack and just routing it can achieve good speeds.
As a home internet router, not so much...
 
emunt6
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Fri Feb 02, 2018 7:00 pm

Re: Bad performance (slow) of RB2011UAS-2HnD

Wed Mar 15, 2023 2:28 am

subs
Last edited by emunt6 on Wed Mar 15, 2023 2:45 am, edited 1 time in total.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Bad performance (slow) of RB2011UAS-2HnD

Wed Mar 15, 2023 2:42 am

keep in mind RB2011 is almost 10 years OLD

2023 hAP ax lite has better performance, and is cheaper with lower power consumption
 
un9edsda
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sun Mar 15, 2020 11:11 pm

Re: Bad performance (slow) of RB2011UAS-2HnD

Wed Mar 15, 2023 12:27 pm

2023 hAP ax lite has better performance, and is cheaper with lower power consumption
And on top of that it requires less complex configuration.

Who is online

Users browsing this forum: BioMax, Google [Bot], mantouboji, mtkvvv and 47 guests