Community discussions

MikroTik App
  4. RouterOS
  5. General

Slow LAN-to-WAN with CRS125-24G-1S

Post Reply
 
hobbes1069
newbie
Topic Author
Posts: 29
Joined: Sun Aug 16, 2015 3:43 pm

Slow LAN-to-WAN with CRS125-24G-1S

Mon Feb 10, 2020 12:37 am

I've been using my CRS125-24G-1S for a few years now and I was usually getting up to 64Mbps but recently it's dropped to 30-40Mbps. I had not changed anything in my configuration. I tried updating to the latest firmware (currently 6.46.2) with no change.

I now added FastTrack and can get up to 125Mbps (but my internet is Xfinity 1000GB). I also tried hooking my computer directly up to the cable modem for a quick speed test and got >250Mbps.

The CPU usage peaked at 25% without FastTrack and 28% with and in all cases I had about 99MB of 128MB free memory.

So if the CPU and memory aren't the problem, where should I look?

Here's my current firewall rules mostly put togehter from various posts and MikroTik wiki:
Code: Select all
/ip firewall filter
add action=accept chain=input comment="Accept established and related connections" connection-state=established,related
add action=drop chain=input comment="Drop invalid connection packets" connection-state=invalid in-interface=ether24-wan
add action=accept chain=input comment="Whitelist addresses that should have full access" in-interface=bridge1 src-address-list=admin-access
add action=accept chain=input comment="Accept but rate limit pings" connection-limit=100,0 limit=1,5:packet protocol=icmp
add action=drop chain=input comment="Drop external DHCP requests" dst-port=68 in-interface=ether24-wan protocol=udp
add action=drop chain=input comment="Detect and drop port scan attempts" in-interface=ether24-wan protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="Supress DoS attacks" connection-limit=3,32 in-interface=ether24-wan protocol=tcp src-address-list=black_list
add action=add-src-to-address-list address-list=black_list address-list-timeout=23h59m chain=input comment="Detect DoS attack" connection-limit=10,32 in-interface=ether24-wan protocol=tcp
add action=drop chain=input comment="Block incoming DNS requests (udp)" dst-port=53 in-interface=ether24-wan protocol=udp
add action=drop chain=input comment="Block incoming DNS requests (tcp)" dst-port=53 in-interface=ether24-wan protocol=tcp
add action=accept chain=input comment="Accept anything coming from inside" in-interface=bridge1 log=yes log-prefix="other internal"
add action=drop chain=input comment="Drop everything else" in-interface=ether24-wan log=yes log-prefix="DROP INPUT"
add action=accept chain=forward comment="Accept dstnat established and related connections" connection-nat-state=dstnat connection-state=established,related in-interface=ether24-wan
add action=drop chain=forward comment="Drop invalid connections" connection-state=invalid in-interface=ether24-wan
add action=drop chain=forward comment="Drop new connections which are not dstnat" connection-nat-state=!dstnat connection-state=new in-interface=ether24-wan
add action=fasttrack-connection chain=forward connection-state=established,related
If this can't handle gigabit then my plan is likely to get a Ubiquity USG since I have two of their APs and already run Unifi on my CentOS 7 box.

Thanks,
Richard
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13084
Joined: Thu Mar 03, 2016 10:23 pm

Re: Slow LAN-to-WAN with CRS125-24G-1S

Mon Feb 10, 2020 9:58 am

Your firewall filter rules are not exactly optimal. However, CRS is a switch not a router, so it won't be able to handle nowhere near gigabit ... official test results taken with a pinch of salt indicate that your device could route something like 200-250Mbps with optimal firewall filter rules.
Top
Post Reply
  4. RouterOS
  5. General