Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-11 Thread Dennis Burgess via Mikrotik-users 
So you using 1,5 and sp1 gives you 1 Gb max throughput though the unit.   
Depending on packet size etc.Thats the max per the physical unit can do on 
those ports.  1481 meg is max with 1500 bytes packets, and 860 is max with 512 
bypte packets.

I’m sure you had plenty of users etc.  I would except between 300-500meg max.  
depednign on the packet size, 116meg is 64 byte, so really depends on the 
average packet size at that point.


[LTI-Full_175px]
Dennis Burgess, Mikrotik Certified Trainer
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE, MTCSE, HE IPv6 Sage, Cambium ePMP Certified
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270  Website: 
http://www.linktechs.net<http://www.linktechs.net/>
Create Wireless Coverage’s with www.towercoverage.com

From: mikrotik-users-boun...@wispa.org  On 
Behalf Of Nick Bright via Mikrotik-users
Sent: Wednesday, July 10, 2019 6:03 PM
To: Mikrotik Users 
Subject: [Mikrotik Users] RB2011UiAS Performance Tuning


Had a CCR1009 get blown by lightning today. The only thing I had with an SFP to 
swap in its place was an RB2011UiAS.

Typically running peak of about 500Mbps in traffic in the evenings.

I have disabled the LCD, turned off connection tracking, disabled all mangle 
rules, and disabled as many filter rules as possible without compromising 
security (3 simple port filter rules remain). All services are disabled except 
SSH and Winbox for management. No NAT rules are enabled (some are configured, 
but they are disabled).

BGP is in use with one peer, receiving only a default route by filter (peer 
sends all routes, but I'm filtered for only default).

The only interfaces in use are ether1, ether5 and sfp1. All are routed (no 
switch or bridges configured). Each interface, except sfp1, has one VLAN for 
telemetry management.

I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with nearly 
all traffic falling in to Fast Path on 6.43.16 with the CPU set to 750MHz.

Have I missed any performance tuning options? I just need it to work half way 
decent for the night, I have a new CCR1009 on the way.

--

---

-  Nick Bright-

-  Vice President of Technology   -

-  Valnet -=- We Connect You -=-  -

-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -

-  Web http://www.valnet.net/ -

---

- Are your files safe?-

- Valnet Vault - Secure Cloud Backup  -

- More information & 30 day free trial at -

- http://www.valnet.net/services/valnet-vault -

---
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-11 Thread Nick Bright via Mikrotik-users 
Ended up with peak traffic around 300Mbps for the overnight, around 50% 
cpu while doing so.


On 7/11/2019 9:30 AM, David Jones wrote:
you are actually doing good with routing 150-200mbps with that router. 
I have never gotten mine to route over 185mbps. MPLS/VPLS around 600mbps.


On Wed, Jul 10, 2019 at 6:40 PM Mike Francis via Mikrotik-users 
mailto:mikrotik-users@wispa.org>> wrote:


Sorry, gotcha, was reading too many emails.  I feel your pain. I
toasted a Cisco 6509 once replacing a card. All we had laying
around was a rb450 and had to run our core on it until the
replacement 6509 chassis arrived. Not fun! It's a great Mikrotik
story though!

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com <mailto:supp...@wavefly.com>
Direct: +1-251-517-5069


*From:* mikrotik-users-boun...@wispa.org
<mailto:mikrotik-users-boun...@wispa.org>
mailto:mikrotik-users-boun...@wispa.org>> on behalf of Nick
Bright via Mikrotik-users mailto:mikrotik-users@wispa.org>>
*Sent:* Wednesday, July 10, 2019 7:50:29 PM
*To:* Mikrotik Users
    *Subject:* Re: [Mikrotik Users] RB2011UiAS Performance Tuning
Right, almost all of my traffic is showing up in the FastPath
counters; it appears to be turned on properly.

On 7/10/2019 6:47 PM, Mike Francis wrote:

I'm telling you, Fastpath is what you want.

https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-testresults

<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmikrotik.com%2Fproduct%2FRB2011UiAS-2HnD-IN%23fndtn-testresults=02%7C01%7Cmfrancis%40jmfsolutions.net%7Cc67386f7cd3343a1ce3c08d705917eef%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983994800232900=ri17k8ricT04gVsdqypgw1CpW12rJQqn1RhlbvD0XsI%3D=0>

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com <mailto:supp...@wavefly.com>
Direct: +1-251-517-5069


*From:* Josh Luthman 
<mailto:j...@imaginenetworksllc.com>
*Sent:* Wednesday, July 10, 2019 7:33:01 PM
*To:* Mike Francis; Mikrotik Users
    *Cc:* Nick Bright
    *Subject:* Re: [Mikrotik Users] RB2011UiAS Performance Tuning
Fast track.  Path is for switching.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 10, 2019, 7:16 PM Mike Francis via Mikrotik-users
mailto:mikrotik-users@wispa.org>> wrote:

You need fastpath.  You have to disable all rules for that to
happen. That's not a problem, especially if this is just a
router. Make sure you specific allowed subnets for your ssh
and win box services under UP Services. Get rid of all rules.
Go to IP Settings and make sure it has enabled fastpath.  If
not then you missed something.

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com <mailto:supp...@wavefly.com>
Direct: +1-251-517-5069


*From:* mikrotik-users-boun...@wispa.org
<mailto:mikrotik-users-boun...@wispa.org>
mailto:mikrotik-users-boun...@wispa.org>> on behalf of Nick
Bright via Mikrotik-users mailto:mikrotik-users@wispa.org>>
*Sent:* Wednesday, July 10, 2019 7:03:09 PM
*To:* Mikrotik Users
*Subject:* [Mikrotik Users] RB2011UiAS Performance Tuning

Had a CCR1009 get blown by lightning today. The only thing I
had with an SFP to swap in its place was an RB2011UiAS.

Typically running peak of about 500Mbps in traffic in the
evenings.

I have disabled the LCD, turned off connection tracking,
disabled all mangle rules, and disabled as many filter rules
as possible without compromising security (3 simple port
filter rules remain). All services are disabled except SSH
and Winbox for management. No NAT rules are enabled (some are
configured, but they are disabled).

BGP is in use with one peer, receiving only a default route
by filter (peer sends all routes, but I'm filtered for only
default).

The only interfaces in use are ether1, ether5 and sfp1. All
are routed (no switch or bridges configured). Each interface,
except sfp1, has one VLAN for telemetry management.

I'm still seeing 70-100% cpu usage at only around 150Mbps
(13kpps) with /nearly /all traffic falling in to Fast Path on
6.43.16 with the CPU set to 750MHz.

Have I missed an

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-11 Thread David Jones via Mikrotik-users 
you are actually doing good with routing 150-200mbps with that router. I
have never gotten mine to route over 185mbps. MPLS/VPLS around 600mbps.

On Wed, Jul 10, 2019 at 6:40 PM Mike Francis via Mikrotik-users <
mikrotik-users@wispa.org> wrote:

> Sorry, gotcha, was reading too many emails.  I feel your pain. I toasted a
> Cisco 6509 once replacing a card. All we had laying around was a rb450 and
> had to run our core on it until the replacement 6509 chassis arrived. Not
> fun! It's a great Mikrotik story though!
>
> John Michael Francis
> Entrepreneur & CEO
> JMF | WAVEFLY | DLI
> Main: +1-877-WAVEFLY
> Support: supp...@wavefly.com
> Direct: +1-251-517-5069
>
> --
> *From:* mikrotik-users-boun...@wispa.org 
> on behalf of Nick Bright via Mikrotik-users 
> *Sent:* Wednesday, July 10, 2019 7:50:29 PM
> *To:* Mikrotik Users
> *Subject:* Re: [Mikrotik Users] RB2011UiAS Performance Tuning
>
> Right, almost all of my traffic is showing up in the FastPath counters; it
> appears to be turned on properly.
>
> On 7/10/2019 6:47 PM, Mike Francis wrote:
>
> I'm telling you, Fastpath is what you want.
>
> https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-testresults
> <https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmikrotik.com%2Fproduct%2FRB2011UiAS-2HnD-IN%23fndtn-testresults=02%7C01%7Cmfrancis%40jmfsolutions.net%7Cc67386f7cd3343a1ce3c08d705917eef%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983994800232900=ri17k8ricT04gVsdqypgw1CpW12rJQqn1RhlbvD0XsI%3D=0>
>
> John Michael Francis
> Entrepreneur & CEO
> JMF | WAVEFLY | DLI
> Main: +1-877-WAVEFLY
> Support: supp...@wavefly.com
> Direct: +1-251-517-5069
>
> --
> *From:* Josh Luthman 
> 
> *Sent:* Wednesday, July 10, 2019 7:33:01 PM
> *To:* Mike Francis; Mikrotik Users
> *Cc:* Nick Bright
> *Subject:* Re: [Mikrotik Users] RB2011UiAS Performance Tuning
>
> Fast track.  Path is for switching.
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Wed, Jul 10, 2019, 7:16 PM Mike Francis via Mikrotik-users <
> mikrotik-users@wispa.org> wrote:
>
>> You need fastpath.  You have to disable all rules for that to happen.
>> That's not a problem,  especially if this is just a router. Make sure you
>> specific allowed subnets for your ssh and win box services under UP
>> Services. Get rid of all rules. Go to IP Settings and make sure it has
>> enabled fastpath.  If not then you missed something.
>>
>> John Michael Francis
>> Entrepreneur & CEO
>> JMF | WAVEFLY | DLI
>> Main: +1-877-WAVEFLY
>> Support: supp...@wavefly.com
>> Direct: +1-251-517-5069
>>
>> ------
>> *From:* mikrotik-users-boun...@wispa.org <
>> mikrotik-users-boun...@wispa.org> on behalf of Nick Bright via
>> Mikrotik-users 
>> *Sent:* Wednesday, July 10, 2019 7:03:09 PM
>> *To:* Mikrotik Users
>> *Subject:* [Mikrotik Users] RB2011UiAS Performance Tuning
>>
>>
>> Had a CCR1009 get blown by lightning today. The only thing I had with an
>> SFP to swap in its place was an RB2011UiAS.
>>
>> Typically running peak of about 500Mbps in traffic in the evenings.
>>
>> I have disabled the LCD, turned off connection tracking, disabled all
>> mangle rules, and disabled as many filter rules as possible without
>> compromising security (3 simple port filter rules remain). All services are
>> disabled except SSH and Winbox for management. No NAT rules are enabled
>> (some are configured, but they are disabled).
>>
>> BGP is in use with one peer, receiving only a default route by filter
>> (peer sends all routes, but I'm filtered for only default).
>>
>> The only interfaces in use are ether1, ether5 and sfp1. All are routed
>> (no switch or bridges configured). Each interface, except sfp1, has one
>> VLAN for telemetry management.
>>
>> I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with 
>> *nearly
>> *all traffic falling in to Fast Path on 6.43.16 with the CPU set to
>> 750MHz.
>>
>> Have I missed any performance tuning options? I just need it to work half
>> way decent for the night, I have a new CCR1009 on the way.
>>
>> --
>> ---
>> -  Nick Bright-
>> -  Vice President of Technology   -
>> -  Valnet -=- We Connect You -=-  -
>> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
>> -  Web http://www.valnet.net/ 
>>

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Mike Francis via Mikrotik-users 
Sorry, gotcha, was reading too many emails.  I feel your pain. I toasted a 
Cisco 6509 once replacing a card. All we had laying around was a rb450 and had 
to run our core on it until the replacement 6509 chassis arrived. Not fun! It's 
a great Mikrotik story though!

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com
Direct: +1-251-517-5069


From: mikrotik-users-boun...@wispa.org  on 
behalf of Nick Bright via Mikrotik-users 
Sent: Wednesday, July 10, 2019 7:50:29 PM
To: Mikrotik Users
Subject: Re: [Mikrotik Users] RB2011UiAS Performance Tuning

Right, almost all of my traffic is showing up in the FastPath counters; it 
appears to be turned on properly.

On 7/10/2019 6:47 PM, Mike Francis wrote:
I'm telling you, Fastpath is what you want.

https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-testresults<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmikrotik.com%2Fproduct%2FRB2011UiAS-2HnD-IN%23fndtn-testresults=02%7C01%7Cmfrancis%40jmfsolutions.net%7Cc67386f7cd3343a1ce3c08d705917eef%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983994800232900=ri17k8ricT04gVsdqypgw1CpW12rJQqn1RhlbvD0XsI%3D=0>

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com<mailto:supp...@wavefly.com>
Direct: +1-251-517-5069


From: Josh Luthman 
<mailto:j...@imaginenetworksllc.com>
Sent: Wednesday, July 10, 2019 7:33:01 PM
To: Mike Francis; Mikrotik Users
Cc: Nick Bright
Subject: Re: [Mikrotik Users] RB2011UiAS Performance Tuning

Fast track.  Path is for switching.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 10, 2019, 7:16 PM Mike Francis via Mikrotik-users 
mailto:mikrotik-users@wispa.org>> wrote:
You need fastpath.  You have to disable all rules for that to happen. That's 
not a problem,  especially if this is just a router. Make sure you specific 
allowed subnets for your ssh and win box services under UP Services. Get rid of 
all rules. Go to IP Settings and make sure it has enabled fastpath.  If not 
then you missed something.

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com<mailto:supp...@wavefly.com>
Direct: +1-251-517-5069


From: mikrotik-users-boun...@wispa.org<mailto:mikrotik-users-boun...@wispa.org> 
mailto:mikrotik-users-boun...@wispa.org>> on 
behalf of Nick Bright via Mikrotik-users 
mailto:mikrotik-users@wispa.org>>
Sent: Wednesday, July 10, 2019 7:03:09 PM
To: Mikrotik Users
Subject: [Mikrotik Users] RB2011UiAS Performance Tuning


Had a CCR1009 get blown by lightning today. The only thing I had with an SFP to 
swap in its place was an RB2011UiAS.

Typically running peak of about 500Mbps in traffic in the evenings.

I have disabled the LCD, turned off connection tracking, disabled all mangle 
rules, and disabled as many filter rules as possible without compromising 
security (3 simple port filter rules remain). All services are disabled except 
SSH and Winbox for management. No NAT rules are enabled (some are configured, 
but they are disabled).

BGP is in use with one peer, receiving only a default route by filter (peer 
sends all routes, but I'm filtered for only default).

The only interfaces in use are ether1, ether5 and sfp1. All are routed (no 
switch or bridges configured). Each interface, except sfp1, has one VLAN for 
telemetry management.

I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with nearly 
all traffic falling in to Fast Path on 6.43.16 with the CPU set to 750MHz.

Have I missed any performance tuning options? I just need it to work half way 
decent for the night, I have a new CCR1009 on the way.

--
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web 
http://www.valnet.net/<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2F=02%7C01%7Cmfrancis%40jmfsolutions.net%7Cc67386f7cd3343a1ce3c08d705917eef%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983994800232900=mSqzGUuykYKbrGBuBZjZHtkmxe40uS2wWHzXTWg33FY%3D=0>
 -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
- 
http://www.valnet.net/services/valnet-vault<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2Fservices%2Fvalnet-vault=02%7C01%7Cmfrancis%40jmfsolutions.net%7Cc67386f7cd3343a1ce3c08d705917eef%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Josh Luthman via Mikrotik-users 
Wouldn't that just be broadcast traffic?

On Wed, Jul 10, 2019, 7:47 PM Mike Francis 
wrote:

> I'm telling you, Fastpath is what you want.
>
> https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-testresults
>
> John Michael Francis
> Entrepreneur & CEO
> JMF | WAVEFLY | DLI
> Main: +1-877-WAVEFLY
> Support: supp...@wavefly.com
> Direct: +1-251-517-5069
>
> --
> *From:* Josh Luthman 
> *Sent:* Wednesday, July 10, 2019 7:33:01 PM
> *To:* Mike Francis; Mikrotik Users
> *Cc:* Nick Bright
> *Subject:* Re: [Mikrotik Users] RB2011UiAS Performance Tuning
>
> Fast track.  Path is for switching.
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Wed, Jul 10, 2019, 7:16 PM Mike Francis via Mikrotik-users <
> mikrotik-users@wispa.org> wrote:
>
>> You need fastpath.  You have to disable all rules for that to happen.
>> That's not a problem,  especially if this is just a router. Make sure you
>> specific allowed subnets for your ssh and win box services under UP
>> Services. Get rid of all rules. Go to IP Settings and make sure it has
>> enabled fastpath.  If not then you missed something.
>>
>> John Michael Francis
>> Entrepreneur & CEO
>> JMF | WAVEFLY | DLI
>> Main: +1-877-WAVEFLY
>> Support: supp...@wavefly.com
>> Direct: +1-251-517-5069
>>
>> --
>> *From:* mikrotik-users-boun...@wispa.org <
>> mikrotik-users-boun...@wispa.org> on behalf of Nick Bright via
>> Mikrotik-users 
>> *Sent:* Wednesday, July 10, 2019 7:03:09 PM
>> *To:* Mikrotik Users
>> *Subject:* [Mikrotik Users] RB2011UiAS Performance Tuning
>>
>>
>> Had a CCR1009 get blown by lightning today. The only thing I had with an
>> SFP to swap in its place was an RB2011UiAS.
>>
>> Typically running peak of about 500Mbps in traffic in the evenings.
>>
>> I have disabled the LCD, turned off connection tracking, disabled all
>> mangle rules, and disabled as many filter rules as possible without
>> compromising security (3 simple port filter rules remain). All services are
>> disabled except SSH and Winbox for management. No NAT rules are enabled
>> (some are configured, but they are disabled).
>>
>> BGP is in use with one peer, receiving only a default route by filter
>> (peer sends all routes, but I'm filtered for only default).
>>
>> The only interfaces in use are ether1, ether5 and sfp1. All are routed
>> (no switch or bridges configured). Each interface, except sfp1, has one
>> VLAN for telemetry management.
>>
>> I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with 
>> *nearly
>> *all traffic falling in to Fast Path on 6.43.16 with the CPU set to
>> 750MHz.
>>
>> Have I missed any performance tuning options? I just need it to work half
>> way decent for the night, I have a new CCR1009 on the way.
>>
>> --
>> ---
>> -  Nick Bright-
>> -  Vice President of Technology   -
>> -  Valnet -=- We Connect You -=-  -
>> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
>> -  Web http://www.valnet.net/ 
>> <https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2F=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974259695=FsrR%2BfVkGREzRYrDIZ9khOWIwk4t34S8J0u9KDSGhew%3D=0>
>>  -
>> ---
>> - Are your files safe?-
>> - Valnet Vault - Secure Cloud Backup  -
>> - More information & 30 day free trial at -
>> - http://www.valnet.net/services/valnet-vault 
>> <https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2Fservices%2Fvalnet-vault=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974259695=Lv%2FwEoDD66W65nH417%2BCIko%2F8wf2uLyn3LRMxxhmJ6g%3D=0>
>>  -
>> ---
>>
>> ___
>> Mikrotik-users mailing list
>> Mikrotik-users@wispa.org
>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>> <https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.wispa.org%2Fmailman%2Flistinfo%2Fmikrotik-users=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974269681=wSD7QDYKknLHkQW5bdKhZGV3tPzm2PDAjDYETOmhxqs%3D=0>
>>
>
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Nick Bright via Mikrotik-users 
Right, almost all of my traffic is showing up in the FastPath counters; 
it appears to be turned on properly.


On 7/10/2019 6:47 PM, Mike Francis wrote:

I'm telling you, Fastpath is what you want.

https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-testresults

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com
Direct: +1-251-517-5069


*From:* Josh Luthman 
*Sent:* Wednesday, July 10, 2019 7:33:01 PM
*To:* Mike Francis; Mikrotik Users
*Cc:* Nick Bright
*Subject:* Re: [Mikrotik Users] RB2011UiAS Performance Tuning
Fast track.  Path is for switching.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 10, 2019, 7:16 PM Mike Francis via Mikrotik-users 
mailto:mikrotik-users@wispa.org>> wrote:


You need fastpath.  You have to disable all rules for that to
happen. That's not a problem,  especially if this is just a
router. Make sure you specific allowed subnets for your ssh and
win box services under UP Services. Get rid of all rules. Go to IP
Settings and make sure it has enabled fastpath.  If not then you
missed something.

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com <mailto:supp...@wavefly.com>
Direct: +1-251-517-5069


*From:* mikrotik-users-boun...@wispa.org
<mailto:mikrotik-users-boun...@wispa.org>
mailto:mikrotik-users-boun...@wispa.org>> on behalf of Nick
Bright via Mikrotik-users mailto:mikrotik-users@wispa.org>>
*Sent:* Wednesday, July 10, 2019 7:03:09 PM
    *To:* Mikrotik Users
*Subject:* [Mikrotik Users] RB2011UiAS Performance Tuning

Had a CCR1009 get blown by lightning today. The only thing I had
with an SFP to swap in its place was an RB2011UiAS.

Typically running peak of about 500Mbps in traffic in the evenings.

I have disabled the LCD, turned off connection tracking, disabled
all mangle rules, and disabled as many filter rules as possible
without compromising security (3 simple port filter rules remain).
All services are disabled except SSH and Winbox for management. No
NAT rules are enabled (some are configured, but they are disabled).

BGP is in use with one peer, receiving only a default route by
filter (peer sends all routes, but I'm filtered for only default).

The only interfaces in use are ether1, ether5 and sfp1. All are
routed (no switch or bridges configured). Each interface, except
sfp1, has one VLAN for telemetry management.

I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps)
with /nearly /all traffic falling in to Fast Path on 6.43.16 with
the CPU set to 750MHz.

Have I missed any performance tuning options? I just need it to
work half way decent for the night, I have a new CCR1009 on the way.

-- 
---

-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Webhttp://www.valnet.net/  
<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2F=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974259695=FsrR%2BfVkGREzRYrDIZ9khOWIwk4t34S8J0u9KDSGhew%3D=0>
  -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
-http://www.valnet.net/services/valnet-vault  
<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2Fservices%2Fvalnet-vault=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974259695=Lv%2FwEoDD66W65nH417%2BCIko%2F8wf2uLyn3LRMxxhmJ6g%3D=0>
  -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org <mailto:Mikrotik-users@wispa.org>
http://lists.wispa.org/mailman/listinfo/mikrotik-users

<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.wispa.org%2Fmailman%2Flistinfo%2Fmikrotik-users=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974269681=wSD7QDYKknLHkQW5bdKhZGV3tPzm2PDAjDYETOmhxqs%3D=0>



--
---
-  Nick Bright-
-  Vice Pr

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Mike Francis via Mikrotik-users 
I'm telling you, Fastpath is what you want.

https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-testresults

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com
Direct: +1-251-517-5069


From: Josh Luthman 
Sent: Wednesday, July 10, 2019 7:33:01 PM
To: Mike Francis; Mikrotik Users
Cc: Nick Bright
Subject: Re: [Mikrotik Users] RB2011UiAS Performance Tuning

Fast track.  Path is for switching.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 10, 2019, 7:16 PM Mike Francis via Mikrotik-users 
mailto:mikrotik-users@wispa.org>> wrote:
You need fastpath.  You have to disable all rules for that to happen. That's 
not a problem,  especially if this is just a router. Make sure you specific 
allowed subnets for your ssh and win box services under UP Services. Get rid of 
all rules. Go to IP Settings and make sure it has enabled fastpath.  If not 
then you missed something.

John Michael Francis
Entrepreneur & CEO
JMF | WAVEFLY | DLI
Main: +1-877-WAVEFLY
Support: supp...@wavefly.com<mailto:supp...@wavefly.com>
Direct: +1-251-517-5069


From: mikrotik-users-boun...@wispa.org<mailto:mikrotik-users-boun...@wispa.org> 
mailto:mikrotik-users-boun...@wispa.org>> on 
behalf of Nick Bright via Mikrotik-users 
mailto:mikrotik-users@wispa.org>>
Sent: Wednesday, July 10, 2019 7:03:09 PM
To: Mikrotik Users
Subject: [Mikrotik Users] RB2011UiAS Performance Tuning


Had a CCR1009 get blown by lightning today. The only thing I had with an SFP to 
swap in its place was an RB2011UiAS.

Typically running peak of about 500Mbps in traffic in the evenings.

I have disabled the LCD, turned off connection tracking, disabled all mangle 
rules, and disabled as many filter rules as possible without compromising 
security (3 simple port filter rules remain). All services are disabled except 
SSH and Winbox for management. No NAT rules are enabled (some are configured, 
but they are disabled).

BGP is in use with one peer, receiving only a default route by filter (peer 
sends all routes, but I'm filtered for only default).

The only interfaces in use are ether1, ether5 and sfp1. All are routed (no 
switch or bridges configured). Each interface, except sfp1, has one VLAN for 
telemetry management.

I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with nearly 
all traffic falling in to Fast Path on 6.43.16 with the CPU set to 750MHz.

Have I missed any performance tuning options? I just need it to work half way 
decent for the night, I have a new CCR1009 on the way.

--
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web 
http://www.valnet.net/<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2F=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974259695=FsrR%2BfVkGREzRYrDIZ9khOWIwk4t34S8J0u9KDSGhew%3D=0>
 -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
- 
http://www.valnet.net/services/valnet-vault<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2Fservices%2Fvalnet-vault=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974259695=Lv%2FwEoDD66W65nH417%2BCIko%2F8wf2uLyn3LRMxxhmJ6g%3D=0>
 -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org<mailto:Mikrotik-users@wispa.org>
http://lists.wispa.org/mailman/listinfo/mikrotik-users<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.wispa.org%2Fmailman%2Flistinfo%2Fmikrotik-users=02%7C01%7Cmfrancis%40jmfsolutions.net%7C721ac4c7dc0d4f42363d08d7058eface%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C0%7C636983983974269681=wSD7QDYKknLHkQW5bdKhZGV3tPzm2PDAjDYETOmhxqs%3D=0>
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Josh Luthman via Mikrotik-users 
Not sure but I think NO tracking is least CPU consumption, then fast track,
then regular whatever.  So that makes sense it would jump to 100.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 10, 2019, 7:41 PM Nick Bright  wrote:

> On 7/10/2019 6:33 PM, Josh Luthman wrote:
> > Fast track.  Path is for switching.
>
> Do you have any configuration suggestions?
>
> I tried the configuration example from
> https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack and all it did was
> nail my CPU to the ceiling (100%).
>
> --
> ---
> -  Nick Bright-
> -  Vice President of Technology   -
> -  Valnet -=- We Connect You -=-  -
> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
> -  Web http://www.valnet.net/ -
> ---
> - Are your files safe?-
> - Valnet Vault - Secure Cloud Backup  -
> - More information & 30 day free trial at -
> - http://www.valnet.net/services/valnet-vault -
> ---
>
>
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Nick Bright via Mikrotik-users 
On 7/10/2019 6:33 PM, Josh Luthman wrote:
> Fast track.  Path is for switching.

Do you have any configuration suggestions?

I tried the configuration example from 
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack and all it did was 
nail my CPU to the ceiling (100%).

-- 
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web http://www.valnet.net/ -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
- http://www.valnet.net/services/valnet-vault -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Josh Luthman via Mikrotik-users 
Well hopefully you don't need it, but are you close to an operator or
distributor for a better response time?

On Wed, Jul 10, 2019, 7:37 PM Nick Bright via Mikrotik-users <
mikrotik-users@wispa.org> wrote:

> I have a replacement coming overnight already, yes.
>
> RB2011 shows 87MB available RAM.
>
> On 7/10/2019 6:33 PM, Josh Luthman wrote:
>
> Do you have available memory?  Can you get a CCR same day or tomorrow?
> Where are you?
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Wed, Jul 10, 2019, 7:04 PM Nick Bright via Mikrotik-users <
> mikrotik-users@wispa.org> wrote:
>
>> Had a CCR1009 get blown by lightning today. The only thing I had with an
>> SFP to swap in its place was an RB2011UiAS.
>>
>> Typically running peak of about 500Mbps in traffic in the evenings.
>>
>> I have disabled the LCD, turned off connection tracking, disabled all
>> mangle rules, and disabled as many filter rules as possible without
>> compromising security (3 simple port filter rules remain). All services are
>> disabled except SSH and Winbox for management. No NAT rules are enabled
>> (some are configured, but they are disabled).
>>
>> BGP is in use with one peer, receiving only a default route by filter
>> (peer sends all routes, but I'm filtered for only default).
>>
>> The only interfaces in use are ether1, ether5 and sfp1. All are routed
>> (no switch or bridges configured). Each interface, except sfp1, has one
>> VLAN for telemetry management.
>>
>> I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with 
>> *nearly
>> *all traffic falling in to Fast Path on 6.43.16 with the CPU set to
>> 750MHz.
>>
>> Have I missed any performance tuning options? I just need it to work half
>> way decent for the night, I have a new CCR1009 on the way.
>>
>> --
>> ---
>> -  Nick Bright-
>> -  Vice President of Technology   -
>> -  Valnet -=- We Connect You -=-  -
>> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
>> -  Web http://www.valnet.net/ -
>> ---
>> - Are your files safe?-
>> - Valnet Vault - Secure Cloud Backup  -
>> - More information & 30 day free trial at -
>> - http://www.valnet.net/services/valnet-vault -
>> ---
>>
>> ___
>> Mikrotik-users mailing list
>> Mikrotik-users@wispa.org
>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>>
>
> --
> ---
> -  Nick Bright-
> -  Vice President of Technology   -
> -  Valnet -=- We Connect You -=-  -
> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
> -  Web http://www.valnet.net/ -
> ---
> - Are your files safe?-
> - Valnet Vault - Secure Cloud Backup  -
> - More information & 30 day free trial at -
> - http://www.valnet.net/services/valnet-vault -
> ---
>
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Nick Bright via Mikrotik-users 

I have a replacement coming overnight already, yes.

RB2011 shows 87MB available RAM.

On 7/10/2019 6:33 PM, Josh Luthman wrote:
Do you have available memory?  Can you get a CCR same day or 
tomorrow?  Where are you?


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 10, 2019, 7:04 PM Nick Bright via Mikrotik-users 
mailto:mikrotik-users@wispa.org>> wrote:


Had a CCR1009 get blown by lightning today. The only thing I had
with an SFP to swap in its place was an RB2011UiAS.

Typically running peak of about 500Mbps in traffic in the evenings.

I have disabled the LCD, turned off connection tracking, disabled
all mangle rules, and disabled as many filter rules as possible
without compromising security (3 simple port filter rules remain).
All services are disabled except SSH and Winbox for management. No
NAT rules are enabled (some are configured, but they are disabled).

BGP is in use with one peer, receiving only a default route by
filter (peer sends all routes, but I'm filtered for only default).

The only interfaces in use are ether1, ether5 and sfp1. All are
routed (no switch or bridges configured). Each interface, except
sfp1, has one VLAN for telemetry management.

I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps)
with /nearly /all traffic falling in to Fast Path on 6.43.16 with
the CPU set to 750MHz.

Have I missed any performance tuning options? I just need it to
work half way decent for the night, I have a new CCR1009 on the way.

-- 
---

-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Webhttp://www.valnet.net/  -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
-http://www.valnet.net/services/valnet-vault  -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org 
http://lists.wispa.org/mailman/listinfo/mikrotik-users



--
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web http://www.valnet.net/ -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
- http://www.valnet.net/services/valnet-vault -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Josh Luthman via Mikrotik-users 
Do you have available memory?  Can you get a CCR same day or tomorrow?
Where are you?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 10, 2019, 7:04 PM Nick Bright via Mikrotik-users <
mikrotik-users@wispa.org> wrote:

> Had a CCR1009 get blown by lightning today. The only thing I had with an
> SFP to swap in its place was an RB2011UiAS.
>
> Typically running peak of about 500Mbps in traffic in the evenings.
>
> I have disabled the LCD, turned off connection tracking, disabled all
> mangle rules, and disabled as many filter rules as possible without
> compromising security (3 simple port filter rules remain). All services are
> disabled except SSH and Winbox for management. No NAT rules are enabled
> (some are configured, but they are disabled).
>
> BGP is in use with one peer, receiving only a default route by filter
> (peer sends all routes, but I'm filtered for only default).
>
> The only interfaces in use are ether1, ether5 and sfp1. All are routed (no
> switch or bridges configured). Each interface, except sfp1, has one VLAN
> for telemetry management.
>
> I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with 
> *nearly
> *all traffic falling in to Fast Path on 6.43.16 with the CPU set to
> 750MHz.
>
> Have I missed any performance tuning options? I just need it to work half
> way decent for the night, I have a new CCR1009 on the way.
>
> --
> ---
> -  Nick Bright-
> -  Vice President of Technology   -
> -  Valnet -=- We Connect You -=-  -
> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
> -  Web http://www.valnet.net/ -
> ---
> - Are your files safe?-
> - Valnet Vault - Secure Cloud Backup  -
> - More information & 30 day free trial at -
> - http://www.valnet.net/services/valnet-vault -
> ---
>
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Josh Luthman via Mikrotik-users 
Fast track.  Path is for switching.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 10, 2019, 7:16 PM Mike Francis via Mikrotik-users <
mikrotik-users@wispa.org> wrote:

> You need fastpath.  You have to disable all rules for that to happen.
> That's not a problem,  especially if this is just a router. Make sure you
> specific allowed subnets for your ssh and win box services under UP
> Services. Get rid of all rules. Go to IP Settings and make sure it has
> enabled fastpath.  If not then you missed something.
>
> John Michael Francis
> Entrepreneur & CEO
> JMF | WAVEFLY | DLI
> Main: +1-877-WAVEFLY
> Support: supp...@wavefly.com
> Direct: +1-251-517-5069
>
> --
> *From:* mikrotik-users-boun...@wispa.org 
> on behalf of Nick Bright via Mikrotik-users 
> *Sent:* Wednesday, July 10, 2019 7:03:09 PM
> *To:* Mikrotik Users
> *Subject:* [Mikrotik Users] RB2011UiAS Performance Tuning
>
>
> Had a CCR1009 get blown by lightning today. The only thing I had with an
> SFP to swap in its place was an RB2011UiAS.
>
> Typically running peak of about 500Mbps in traffic in the evenings.
>
> I have disabled the LCD, turned off connection tracking, disabled all
> mangle rules, and disabled as many filter rules as possible without
> compromising security (3 simple port filter rules remain). All services are
> disabled except SSH and Winbox for management. No NAT rules are enabled
> (some are configured, but they are disabled).
>
> BGP is in use with one peer, receiving only a default route by filter
> (peer sends all routes, but I'm filtered for only default).
>
> The only interfaces in use are ether1, ether5 and sfp1. All are routed (no
> switch or bridges configured). Each interface, except sfp1, has one VLAN
> for telemetry management.
>
> I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with 
> *nearly
> *all traffic falling in to Fast Path on 6.43.16 with the CPU set to
> 750MHz.
>
> Have I missed any performance tuning options? I just need it to work half
> way decent for the night, I have a new CCR1009 on the way.
>
> --
> ---
> -  Nick Bright-
> -  Vice President of Technology   -
> -  Valnet -=- We Connect You -=-  -
> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
> -  Web http://www.valnet.net/ 
> <https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2F=02%7C01%7Cmfrancis%40jmfsolutions.net%7C64f20e0eb3e641641db208d7058ae3b6%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C1%7C636983966417658782=jRS6wzcHrR0ev3K8g3FwJw%2FCPBYmgg8DxpAFHK09v6I%3D=0>
>  -
> ---
> - Are your files safe?-
> - Valnet Vault - Secure Cloud Backup  -
> - More information & 30 day free trial at -
> - http://www.valnet.net/services/valnet-vault 
> <https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.valnet.net%2Fservices%2Fvalnet-vault=02%7C01%7Cmfrancis%40jmfsolutions.net%7C64f20e0eb3e641641db208d7058ae3b6%7Cef6a42a2da2a4e8692465848d55305e4%7C0%7C1%7C636983966417658782=G1HK2ibyNbkW%2BU3948wZb5Ng3EsKOREAuD5C9e2Fho8%3D=0>
>  -
> ---
>
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Nick Bright via Mikrotik-users 

On 7/10/2019 6:15 PM, Mike Francis wrote:
You need fastpath.  You have to disable all rules for that to happen. 
That's not a problem,  especially if this is just a router. Make sure 
you specific allowed subnets for your ssh and win box services under 
UP Services. Get rid of all rules. Go to IP Settings and make sure it 
has enabled fastpath.  If not then you missed something.


John Michael Francis


I thought FP was on, since I'm seeing nearly all PPS/Mbps landing in the 
FP Tx, FP Rx, and FP Packets/s columns. However I did go ahead and 
disable the last three filter rules, and CPU usage went down dramatically.


My IP Settings are:

[admin@Router] /ip settings> pr
ip-forward: yes
send-redirects: yes
accept-source-route: no
accept-redirects: no
secure-redirects: yes
rp-filter: no
tcp-syncookies: no
max-neighbor-entries: 8192
arp-timeout: 30s
icmp-rate-limit: 10
icmp-rate-mask: 0x1818
route-cache: yes
allow-fast-path: yes
ipv4-fast-path-active: yes
ipv4-fast-path-packets: 14207533
ipv4-fast-path-bytes: 6644967942
ipv4-fasttrack-active: no
ipv4-fasttrack-packets: 0
ipv4-fasttrack-bytes: 0


--
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web http://www.valnet.net/ -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
- http://www.valnet.net/services/valnet-vault -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Nick Bright via Mikrotik-users 
On 7/10/2019 6:12 PM, Jesse DuPont via Mikrotik-users wrote:
> The only thing I can think of that might help is to set the interface 
> queue on the high-traffic interfaces from hardware-only to 
> ethernet-default and increase the packet count to 100 on the 
> ethernet-default queue type. Might get you another 50 Mbps.
Thanks, I applied your suggestion.

-- 
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web http://www.valnet.net/ -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
- http://www.valnet.net/services/valnet-vault -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

[Mikrotik Users] RB2011UiAS Performance Tuning

2019-07-10 Thread Nick Bright via Mikrotik-users 
Had a CCR1009 get blown by lightning today. The only thing I had with an 
SFP to swap in its place was an RB2011UiAS.


Typically running peak of about 500Mbps in traffic in the evenings.

I have disabled the LCD, turned off connection tracking, disabled all 
mangle rules, and disabled as many filter rules as possible without 
compromising security (3 simple port filter rules remain). All services 
are disabled except SSH and Winbox for management. No NAT rules are 
enabled (some are configured, but they are disabled).


BGP is in use with one peer, receiving only a default route by filter 
(peer sends all routes, but I'm filtered for only default).


The only interfaces in use are ether1, ether5 and sfp1. All are routed 
(no switch or bridges configured). Each interface, except sfp1, has one 
VLAN for telemetry management.


I'm still seeing 70-100% cpu usage at only around 150Mbps (13kpps) with 
/nearly /all traffic falling in to Fast Path on 6.43.16 with the CPU set 
to 750MHz.


Have I missed any performance tuning options? I just need it to work 
half way decent for the night, I have a new CCR1009 on the way.


--
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web http://www.valnet.net/ -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
- http://www.valnet.net/services/valnet-vault -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users