Long time lurker, first time poster. I finally just got around to replacing my dying USG3 with a brand new RB5009UPr+S+, however I am seeing what I can only explain as pretty dismal performance. I have ATT fiber for my ISP with symmetrical 1Gbps service, but the RB for some reason won't do more than 50Mbps download. I have gone through all of the basic stuff at the lower end of the OSI model (cables, negotiation etc..,) and I don't see anything physically wrong (at least that is apparent).
ATT ONT <=> ATT Modem (5268AC) in DMZ+ <=> RB5009 <=> US-8 <=> Clients (wired and wireless)
The interface on the RB facing the 5268AC is on the SFP+ port with an S-RJ01 inserted and is reporting negotiation at 1Gbps on both devices on each side. TX/RX flow control is off on this interface on the RB. I have tried modifying the available speeds on the SFP+ port to no avail to see if that would change anything. I have tried setting the ingress/egress rate on the interfaces as well to see if that had any effect.
Downstream the US-8 is connected on ether2 (non-2.5Gb port). I have tried other ports and the problem follows all ports.
Connecting directly to the ATT Modem I can get close to the expected 940Mbps in both directions, connecting to the RB5009 directly I get 50Mbps down (from both speedtest.net, fast.com and other sites), and connecting to the US-8 I can get 50Mbps down. The odd part is that sometimes in the upload direction from the RB or the US-8 I am able to see 160-200Mbps (still not close to the limit of the service).
If I run a bandwidth test server on a wired client off the US-8, I am able to get 958Mbps on the Rx and 929Mbps on the Tx as reported from the RB when running each test individually.
I have used the tools/profile to make sure there is no a CPU that is being overwhelmed, and things are perfectly fine I believe at less than 10% utilization during testing.
My next step is to use my fluke to test out all of the cables just to be sure, and maybe change the WAN port away from the SFP+ interface to see if anythning changes.
Would appreciate anyone's thoughts as to what I could be doing wrong or have not configured correctly. This is my first Mikrotik system, so there is a high chance there is a problem with the user, I am more used to Cisco/Arista/Juniper systems.
Configuration is below here, its pretty stock out of the box:
ATT ONT <=> ATT Modem (5268AC) in DMZ+ <=> RB5009 <=> US-8 <=> Clients (wired and wireless)
The interface on the RB facing the 5268AC is on the SFP+ port with an S-RJ01 inserted and is reporting negotiation at 1Gbps on both devices on each side. TX/RX flow control is off on this interface on the RB. I have tried modifying the available speeds on the SFP+ port to no avail to see if that would change anything. I have tried setting the ingress/egress rate on the interfaces as well to see if that had any effect.
Downstream the US-8 is connected on ether2 (non-2.5Gb port). I have tried other ports and the problem follows all ports.
Connecting directly to the ATT Modem I can get close to the expected 940Mbps in both directions, connecting to the RB5009 directly I get 50Mbps down (from both speedtest.net, fast.com and other sites), and connecting to the US-8 I can get 50Mbps down. The odd part is that sometimes in the upload direction from the RB or the US-8 I am able to see 160-200Mbps (still not close to the limit of the service).
If I run a bandwidth test server on a wired client off the US-8, I am able to get 958Mbps on the Rx and 929Mbps on the Tx as reported from the RB when running each test individually.
I have used the tools/profile to make sure there is no a CPU that is being overwhelmed, and things are perfectly fine I believe at less than 10% utilization during testing.
My next step is to use my fluke to test out all of the cables just to be sure, and maybe change the WAN port away from the SFP+ interface to see if anythning changes.
Would appreciate anyone's thoughts as to what I could be doing wrong or have not configured correctly. This is my first Mikrotik system, so there is a high chance there is a problem with the user, I am more used to Cisco/Arista/Juniper systems.
Configuration is below here, its pretty stock out of the box:
Code:
# 2024-01-07 15:02:27 by RouterOS 7.13# software id = **ELIDED**## model = RB5009UPr+S+/interface bridgeadd admin-mac=**ELIDED** auto-mac=no comment=defconf name=bridge port-cost-mode=short/interface ethernetset [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-fullset [ find default-name=sfp-sfpplus1 ] advertise=1G-baseT-full rx-flow-control=auto tx-flow-control=auto/interface ethernet switch portset 8 egress-rate=1024.0Mbps ingress-rate=1024.0Mbps/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/interface bridge portadd bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10add bridge=bridge interface=ether1 internal-path-cost=10 path-cost=10/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd interface=sfp-sfpplus1 list=WAN/ip addressadd address=192.168.1.254/24 comment=defconf interface=bridge network=192.168.1.0/ip dhcp-clientadd comment=defconf interface=sfp-sfpplus1/ip dnsset servers=192.168.1.15/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN/system clockset time-zone-name=America/New_York/system identityset name=gateway223/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=0.pool.ntp.orgadd address=1.pool.ntp.orgadd address=2.pool.ntp.orgadd address=3.pool.ntp.org/tool bandwidth-serverset authenticate=no enabled=no/tool graphing interfaceadd/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANStatistics: Posted by mikrotikmandatory — Sun Jan 07, 2024 10:38 pm