My intention is to have network shared directory on server and mount it to my Linux desktop using fstab and sshfs mount. This works fine but the file transfer speed is less than I hoped. Below are my iperf3 results:
Code: Select all
iperf3 -c server -p 5201
Connecting to server, port 5201
[ 5] local 10.0.10.254 port 46302 connected to 10.0.10.100 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 58.5 MBytes 491 Mbits/sec 0 348 KBytes
[ 5] 1.00-2.00 sec 56.2 MBytes 471 Mbits/sec 0 348 KBytes
[ 5] 2.00-3.00 sec 56.1 MBytes 470 Mbits/sec 0 348 KBytes
[ 5] 3.00-4.00 sec 56.1 MBytes 470 Mbits/sec 0 348 KBytes
[ 5] 4.00-5.00 sec 56.1 MBytes 471 Mbits/sec 0 348 KBytes
[ 5] 5.00-6.00 sec 57.1 MBytes 479 Mbits/sec 0 348 KBytes
[ 5] 6.00-7.00 sec 56.7 MBytes 475 Mbits/sec 0 348 KBytes
[ 5] 7.00-8.00 sec 60.5 MBytes 508 Mbits/sec 0 348 KBytes
[ 5] 8.00-9.00 sec 61.6 MBytes 517 Mbits/sec 0 348 KBytes
[ 5] 9.00-10.00 sec 61.5 MBytes 516 Mbits/sec 0 348 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 580 MBytes 487 Mbits/sec 0 sender
[ 5] 0.00-10.02 sec 579 MBytes 484 Mbits/sec receiver
RoS 6.x and Ros 7.x
I first got similar results when using RoS 6.x. After reading VLAN enabled bridges and hw offloading, I thought that updating to 7.x would help me here. Something definitely changed since when I ran iperf3 test on RoS 6.x the Hex CPU usage was around 50% when viewed in Tools > Profile. Now the CPU usage barely changes from idle during the test. So hw-offload seems to work? Still, the average transfer speed is pretty much exactly the same.
WLAN test
For comparison I also ran iper3 test over TPLink EAP access point from my laptop to the PC. Here I get similar results to the PC - Server. Perhaps even slightly better:
Code: Select all
[ 5] local 10.0.10.243 port 45960 connected to 10.0.10.254 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 73.3 MBytes 614 Mbits/sec 0 2.64 MBytes
[ 5] 1.00-2.00 sec 71.2 MBytes 598 Mbits/sec 0 3.00 MBytes
[ 5] 2.00-3.00 sec 65.0 MBytes 545 Mbits/sec 0 3.00 MBytes
[ 5] 3.00-4.00 sec 68.8 MBytes 577 Mbits/sec 0 3.00 MBytes
[ 5] 4.00-5.00 sec 55.0 MBytes 461 Mbits/sec 0 3.00 MBytes
[ 5] 5.00-6.00 sec 70.0 MBytes 587 Mbits/sec 0 3.00 MBytes
[ 5] 6.00-7.00 sec 65.0 MBytes 545 Mbits/sec 0 3.00 MBytes
[ 5] 7.00-8.00 sec 68.8 MBytes 577 Mbits/sec 0 3.00 MBytes
[ 5] 8.00-9.00 sec 68.8 MBytes 577 Mbits/sec 0 3.00 MBytes
[ 5] 9.00-10.00 sec 60.0 MBytes 503 Mbits/sec 0 3.00 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 666 MBytes 558 Mbits/sec 0 sender
[ 5] 0.00-10.01 sec 663 MBytes 556 Mbits/sec receiver
I guess these speeds are okay to me but I'd like to know if there is some configuration error or option I could enable to gain a bit faster connection.
Finally here is my /export:
Code: Select all
/interface bridge
add admin-mac=<mac> auto-mac=no comment=defconf name=bridge pvid=10 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=PC
set [ find default-name=ether3 ] comment=HomeServer
set [ find default-name=ether4 ] comment=Other
set [ find default-name=ether5 ] comment=WAP
/interface vlan
add interface=bridge name=iot-vlan vlan-id=20
add interface=bridge name=main-vlan vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=VLAN
add name=MGMT
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=main-pool ranges=10.0.10.2-10.0.10.254
add name=iot-pool ranges=10.0.20.2-10.0.20.254
/ip dhcp-server
add address-pool=main-pool interface=main-vlan name=main-dhcp
add address-pool=iot-pool interface=iot-vlan name=iot-dhcp
/port
set 0 name=serial0
/user group
add name=terraform policy=local,read,write,api,!telnet,!ssh,!ftp,!reboot,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=10
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=ether5 pvid=10
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=bridge comment=main-vlan tagged=bridge,ether5 untagged=ether2,ether3,ether4 vlan-ids=10
add bridge=bridge comment=iot-vlan tagged=bridge,ether5 vlan-ids=20
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=main-vlan list=LAN
add interface=iot-vlan list=LAN
add interface=main-vlan list=MGMT
/ip address
add address=10.0.10.1/24 interface=main-vlan network=10.0.10.0
add address=10.0.20.1/24 interface=iot-vlan network=10.0.20.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dns
set allow-remote-requests=yes servers=10.0.10.1,1.1.1.1
/ip dns static
<redacted>
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allow main-vlan/MGMT access to all router services" in-interface-list=MGMT
add action=accept chain=input comment="Allow VLAN DHCP" dst-port=67 in-interface-list=LAN log=yes log-prefix=VLANDHCP protocol=udp
add action=accept chain=input comment="Allow VLAN DNS UDP" dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="Allow VLAN DNS TCP" dst-port=53 in-interface-list=LAN protocol=tcp
add action=drop chain=input comment="Drop all other traffic"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="Block internet access for clients" log=yes log-prefix="Block internet" out-interface-list=WAN src-address-list=\
"Block internet access"
add action=accept chain=forward comment="VLAN Internet Access Only" connection-state=new in-interface-list=LAN log-prefix="VLAN ACCESS" out-interface-list=\
WAN
add action=accept chain=forward comment="Allow access to IoT devices from main-vlan" in-interface=main-vlan out-interface=iot-vlan src-address-list=\
"Access IoT devices"
add action=accept chain=forward comment="Allow MQTT to HA" dst-address=10.0.10.251 dst-port=1883 protocol=tcp src-address-list=\
"MQTT traffic to main-vlan HA"
add action=accept chain=forward comment="TF: Allow Wireguard traffic" dst-port=51820 fragment=no in-interface=ether1 log=yes log-prefix=Wireguard \
out-interface=main-vlan protocol=udp
add action=drop chain=forward comment="Drop all other traffic" log=yes log-prefix="Drop all forward"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="TF: Port forward Wireguard to PiVPN" dst-port=51820 fragment=no in-interface-list=WAN protocol=udp to-addresses=\
10.0.10.51 to-ports=51820
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl address=10.0.10.0/24 certificate=terraform
/ip ssh
set strong-crypto=yes
/ipv6 firewall filter
add action=drop chain=input comment="Drop all" log=yes log-prefix=IPV6
add action=drop chain=forward comment="Drop all" log=yes log-prefix=IPV6
/system clock
set time-zone-name=Europe/Helsinki
/system identity
set name=RouterOS
/system ntp client
set enabled=yes
/tool bandwidth-server
set enabled=no
/tool graphing interface
add allow-address=10.0.10.0/24 interface=main-vlan
add allow-address=10.0.10.0/24 interface=iot-vlan
/tool graphing resource
add allow-address=10.0.10.0/24
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
/tool mac-server ping
set enabled=no