RB1100AHx2 bad performance, wired network with ping timeout.

gargola · Fri Apr 25, 2014 8:07 pm

Hello colleagues.
I searched for that, but they are only topics related to wireless.
This is my network:
RB750GL (Load Balance) --> RB1100AHx2 (Core router) ---> then, wireless to the clients.
I'm connected directly to the RB1100, tested various cables, and nothing, still have "ping timeout" to several domains.
FYI, two days ago, I had a RB951Ui-2HnD for the core router, but we replace it because the load of the CPU.
We have two networks, 10.0.0.0/23 (for management and CPE) and 10.0.2.0/23 (for clients routers).
Also, we have a slow browsing. So, I tried disabling DNS Cache, but didn't work.
Hope is something bad with the config, because at the moment I'm a little disappointed with the performance of the RB1100

Filter rules of the core router.

ros code

# apr/25/2014 11:00:42 by RouterOS 6.12
# software id = 7L0L-A3ZV
#
/ip firewall filter
add action=drop chain=input comment="DNS Flood from WAN" dst-port=53 \
    in-interface=ether1 protocol=udp
add action=drop chain=forward comment="DNS Flood from LAN" dst-port=53 \
    out-interface=!ether1 protocol=udp
add chain=input comment="Established Connections" connection-state=\
    established
add chain=input comment="Related Connections" connection-state=related
add action=drop chain=forward comment="Drop Invalid Connections" \
    connection-state=invalid
add action=drop chain=forward comment="Static IP Block" dst-address=0.0.0.0/0 \
    in-interface=ether6 out-interface=ether1 src-address=10.0.2.0/23 \
    src-address-list=!basico
add action=drop chain=forward dst-address=0.0.0.0/0 in-interface=ether6 \
    out-interface=ether1 src-address=10.0.0.0/23
add action=drop chain=forward comment="Block LAN to Ubiquiti Gears" \
    dst-address=10.0.0.0/23 in-interface=ether6 src-address=10.0.2.0/23 \
    src-address-list=!Admin
add action=drop chain=forward comment="Defaulters Clients" in-interface=\
    ether6 src-address=10.0.2.0/23 src-address-list=morosos
add action=drop chain=input comment="ICMP Flood Atack" packet-size=128-65535 \
    protocol=icmp
add action=drop chain=output packet-size=128-65535 protocol=icmp
add action=drop chain=forward comment="Virus Filter" src-address=!10.0.2.0/23 \
    src-address-list=Virus
add action=add-src-to-address-list address-list=Virus address-list-timeout=1w \
    chain=forward connection-limit=400,32 in-interface=ether6 protocol=tcp \
    src-address=!10.0.2.0/23 src-address-list=!Virus tcp-flags=syn
add action=drop chain=forward comment="P2P Block" p2p=all-p2p src-address=\
    !10.0.2.0/23 src-address-list="P2P Block"
add action=drop chain=input src-address=!10.0.2.0/23 src-address-list=\
    "P2P Block"
add action=add-src-to-address-list address-list="P2P Block" \
    address-list-timeout=1w chain=forward p2p=all-p2p src-address=\
    !10.0.2.0/23 src-address-list="!P2P Block"
add action=jump chain=forward comment="SYN Flood protect" connection-state=\
    new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add chain=SYN-Protect connection-state=new limit=400,5 protocol=tcp \
    tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp \
    tcp-flags=syn
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=135-139 \
    protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" dst-port=135-139 \
    protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 \
    protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 \
    protocol=udp
add action=drop chain=virus comment=________ dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" dst-port=1363 protocol=\
    tcp
add action=drop chain=virus comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=2283 protocol=\
    tcp
add action=drop chain=virus comment="Drop Beagle" dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" dst-port=2745 protocol=\
    tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=3127-3128 \
    protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" dst-port=3410 \
    protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" dst-port=8866 protocol=\
    tcp
add action=drop chain=virus comment="Drop Dabber.A-B" dst-port=9898 protocol=\
    tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=10000 protocol=\
    tcp
add action=drop chain=virus comment="Drop MyDoom.B" dst-port=10080 protocol=\
    tcp
add action=drop chain=virus comment="Drop NetBus" dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" dst-port=27374 protocol=\
    tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" dst-port=\
    65506 protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" jump-target=\
    virus

Filter rules of load balancer router.

ros code

# apr/25/2014 11:03:07 by RouterOS 6.7
# software id = R9AG-SV1U
#
/ip firewall filter
add action=drop chain=forward comment="ISP Router Block" dst-address=\
    192.168.0.1 in-interface=ether5-LAN
add action=drop chain=forward comment="Drop Invalid Connections" \
    connection-state=invalid
add action=drop chain=forward comment="ICMP Flood Atack" packet-size=\
    128-65535 protocol=icmp
add action=drop chain=input comment="DNS Atack" dst-port=53 protocol=udp
add chain=input dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input comment="Established Connections" connection-state=\
    established
add chain=input comment="Related Connections" connection-state=related
add action=jump chain=forward comment="SYN Flood protect" connection-state=\
    new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add chain=SYN-Protect connection-state=new limit=400,5 protocol=tcp \
    tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp \
    tcp-flags=syn

falestiny · Fri Apr 25, 2014 8:47 pm

maybe the internet source connection having problems.

CelticComms · Fri Apr 25, 2014 8:52 pm

Try a ping through the RB 1100 to a local address and look at the RB1100 CPU load. You haven't mentioned the nature of your ISP feed. Some context would be useful.

gargola · Fri Apr 25, 2014 11:18 pm

You were right. Days looking for the solution and the problem was in my cablemodem provider

Sometimes we just need another point of view.
I'm waiting my provider to give me another modem and do some tests.

Regards!

EDIT: After the change of the cablemodem , everything is working like a charm!

falestiny · Sat Apr 26, 2014 10:02 pm

You were right. Days looking for the solution and the problem was in my cablemodem provider
Sometimes we just need another point of view.
I'm waiting my provider to give me another modem and do some tests.

Regards!

EDIT: After the change of the cablemodem , everything is working like a charm!

Glad its works, maybe I deserve a karma here