I've been looking for info to explain why an particular AP I have in service seems to intermittently give me astronomical ping times to random clients. Normally I would expect ping times on the order of 5ms to 15 ms , depending on the quality of the clients connection. What I see is that arbitrarily a random client may see ping times grow to in excess of 1 sec and possibly more along with pretty much total cessation of any data transfer. This box has a 433ah with 3 ubiquity SR2's connected to 3 120 degree hyperlink 17 dB sector antenna. Ok, maybe interference.... rotate channel assignments to antenna (1,6,11). Sometimes it helps, sometimes not. In watching this units behavior I'm inclined to believe that what I see is not so much attributed to interference but the 433's ability to handle 70 to 90 client radio connections ( which the majority of which are transmitting nothing more than ntp and normal protocol overhead ) simultaneously. This is in a rural setting on a grain handling facility about 130 ft. up. This site has been in service over 3 years and the only thing that has changed is the growing number of clients connected to it. This issue has surfaced in only the past few months.
Another item possibly worth noting is that to service some people I have incorporated "microcells". Remote AP's that are tucked in behind treelines that have LOS to the primary (AP mentioned above) and to clients , but that the client has no LOS to the primary. This has worked out rather well up until , again , just a very few months ago.
I'm just curious as to what I should have expected in a 433AH's ability to fluidly handle all these connection requests and what I may have to do to remedy the situation. Split the load to another 433AH or 2?? My sales rep seems to think that one 433AH should be able to handle this without a problem but I'd like to hear from users in the real world. Thanks..

hi there
i have the same problem
astronomical ping with rb433ah

I have a simple policy 1 X radio card = 1 X routerboard (433ah), and use something like RB750 to combine the sectors.

Microcells - is the sectors of your AP feeding these microcells direct or do you use a PTP link ?

Are you using dynamic ACK timeouts ?

The microcells are effectively just another client to the sector , and yes it is dynamic ACK.
I may have found a contributing issue in that I've discovered a couple of clients using bittorrent ,which I had created a filter rule to log then drop the packets. There were over 10K ip's listed in the log table! I'm not sure whether the OS uses this list in subsequent packet comparisons or not but it would definitely eat up memory resources that would require clock cycles to process that would be better utilized in getting legitimate traffic through the router. I deleted all the ip's. The verdict is still out on whether this has helped or not....

addendum:...no it didn't help , still seeing alot of +500ms pings...what's up with this behaviour Mikrotik?

torrents are hell.

I'd figure out who was running BT and cut them off for a bit and see what happens.

Been there in the past. Two people streaming Netflix at 3Mb per while 20 other people browse works fine. 1 person running bittorrent downloading 300k causes pings to go nuts over the entire AP.

The constant chatter of 1000+ connections, just the p2p connections, not even moving data, cause the AP to choke.

P2P is the bane of our existence. If it wasn't set to suck all of the available bandwidth all of the time, it would be different...

What OS version of Mikrotik, have you tried V4.13 with NV2?

Otherwise i would reboot the furthest away CPE and note ACK timeout if say it was 90 then it would insert a timeout on all CPE’s of 110 (furthest away + 20% as a rule for manual ) also set the AP to 110,

Remember the overall wireless network performance will be determined by the performance of the slowest CPE associated with the AP and in your case back to just one 433, a slow CPE (or hidden node issues?)on any of the 3 sectors will slow all 90 clients?

Also as mentioned 1 routerboard for 1 radio card, at present you have 1 X 433 and 3 radio cards, if the 433 was to fail then you would have 90 unhappy customers?

Bandwidth control how much is assigned to each CPE and to the microcell AP’s

Keep us posted on any developments on this issue.

I've severely limited the suspect torrent user(s) bandwidth and it has seemed to help. Still waiting for client(s) to call with "My internet connection has slowed" so I can read them the riot act. All my clients were told upon installation that bittorrent is absolutely off limits , but as soon as your out the door BAM , there on it so I don't feel any remorse in restricting them. Most (99%) comply with this request but as mentioned above it only takes one or two out of the group to wreck it for everyone.
Does anyone know if mikrotik actually uses the address lists generated by the filter rules to block ip traffic?

Most (99%) comply with this request but as mentioned above it only takes one or two out of the group to wreck it for everyone.

Exactly that is the reason + routerboard failure, why i would put on two extra 433ah and a RB750 to combine and then you not have as above one or two wreck it for all 90 clients,

Then you have 3 totally seperate sectors at your AP, and you can apply if required different setting/rules, etc to suit clients connected to that sector only?

torrents r hell i dont think any ap or mikrotik can handle too many simultaneous connections open. those who seek torrents give them PtP links. i hv tried dropping all tcp/udp ports and just allow the minimal 21,80,443,995, 8080, 5060 as open for those IP's that use torrents.
It helps.

As regards torrents effecting the performance of the AP and connected clients, just a thought could NV2 be configured to give a small “airtime” to the suspect client(s) ???

I've severely limited the suspect torrent user(s) bandwidth and it has seemed to help. Still waiting for client(s) to call with "My internet connection has slowed" so I can read them the riot act.

sometimes its teenagers who cause the problems and not the bill payer.

Ive managed to keep P2P allowed on my system with a simple tcp connection limiter. so far towers are quite stable when p2p is actively going (note the stable ones are the rb450`s feeding external ubiquity powerstation 2`s, my rb433ah/XR2's still have some major issues)

add action=drop chain=forward comment="tcp connection limit" \
connection-limit=80,32 disabled=no protocol=tcp

80 connections per user keeps even my busiest towers below 500 connections total usually. customers who get shitty inet when thier tcp limit is reached get told "well its either this or we disable bit torrent all-together"

Ive managed to keep P2P allowed on my system with a simple tcp connection limiter. so far towers are quite stable when p2p is actively going (note the stable ones are the rb450`s feeding external ubiquity powerstation 2`s, my rb433ah/XR2's still have some major issues)

add action=drop chain=forward comment="tcp connection limit" \
connection-limit=80,32 disabled=no protocol=tcp

80 connections per user keeps even my busiest towers below 500 connections total usually. customers who get shitty inet when thier tcp limit is reached get told "well its either this or we disable bit torrent all-together"

Good one. I second that. 80 connections is infact too many. Infact we have made separate plans and those who want to use torrents etc are offered a higher pay plan and r given a point to point link. No hassles and botheration for the rest. And what they do worse is they have their uploads open as well so it becomes more of a problem when on the main AP and ptmp links.

Good one. I second that. 80 connections is infact too many. Infact we have made separate plans and those who want to use torrents etc are offered a higher pay plan and r given a point to point link. No hassles and botheration for the rest. And what they do worse is they have their uploads open as well so it becomes more of a problem when on the main AP and ptmp links.

Good plan if there is no other competitors in the area ready to step in, and if the clients are prepared to pay the extra?

Interesting stuff here... It seems to be a question of survival even for a small isp as me.
I'm having the same problems as mentioned above and tried a while ago to limit connections. No Luck. One customer had over 1K open udp-connections and the tcp-limiter had of course very limited effect, if any. I then managed to find the IP-address of the p2p-PC, made it fixed and shaped him down to 300/300 kb. Of course if he is a smart guy he will set the home-router to dhcp and NAT, but for now his parents has internet and my other customers are happy. I also had a little chat with his parents and they thought it was OK.
Now I'm hoping some clever guys can find an easy way to limit udp-torrents without using all processor capasity on the client antenna. It's not so easy in mikrotik when u have to set number of new connections pr sec/min/hour (IP-Firewall).
I have tried to set 1 new connection/hour, and IP-phone/Youtube still works. Still there is too many udp-connections.
Is there anybody having a good idea? My network knowledge is VERY limited.
I'm now seriously concidering to build customers home-APs into the client antennas to get full control, and more happy customers. Anyone tried it? RB411AR seems to be made for this purpose.

Dear Guys,

You all seem to miss something:
A base station needs to be a pure Layer-2 device and does not need to run any L-3 feature.

Please ensure the following are not in use
1. Bridge firewall
2. Queue
3. Mangle
4. Filter

Finally make sure that Connection tracking is turned off.

I hope this will solve the unsolved.

Please let us know the test result.

Thanks,

Sudipta

thanks

Just to complement three big smileys..............

One my ISP client just replaced few Mikrotik Base Stations with Alcon Radios and the torrent issue has just disappeared.

Alcon Radios are just dumb L-2 radios with no traffic shaping/filtering/routing features.

My point is to replicate the same with Mikrotik radios.

L3 offers you client management....I had problems with mikrotik in bridge mode and put it in ruter mode. Mo more problems. An routerboard has enough power to handle nat, firewall, etc.
Why your ISP client dont just put mikrotik in bridge mode? Why he bought another radio? I believe because it wasnt that the problem.

The problem was due to thousands of entries in the connection table.

Point is to disable connection tracking. if this is done, filter/mangle/queue will not work.

also they did mistake in selecting ''use ip firewall'' in bridge setting which unnecessarily populating the connection table. This is the reason why the system used to malfunction when a couple of torrent users used to come online.

Unfortunately they did not consult us before replacing the mikrotik APs in the base station.

You all seem to miss something:
A base station needs to be a pure Layer-2 device and does not need to run any L-3 feature.

Give a client an inch and they will take a mile. The bandwidth is finite.

why using queue in the AP? you should either use another Mikrotik on a hardware with multi-core CPU connected to the AP for this or at best you can have a dedicated NAS hardware. Its all about how we are designing our network. In India most of the WISPs have a NAS for this and they use APs only for connecting the users.