Mikrotik Config review

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Mikrotik Config review

Kelsey

12 posts

Geek

#270100 23-Apr-2020 11:44

Hey Team,

Have been long term lent a Mikrotik CRS125-24G-1S I have followed the guide to get it all setup. I am connected to the internet, getting data in and out to clients. My problem is SPEED! I am on Gig up and down with Spark and regularly hit 980-995 both directions on the Spark supplied router. Since putting in the Mikrotik, I was getting 100/100ish. I added a Fasttrack rule to the firewall and now getting around 300\300(to 500).

Is there anyone will to have a quick look over my config? Or is it just this is not suitable hardware?

ps I understand everyone working from home will be having an impact, but not that much.....at all times!

Thanks

# apr/23/2020 11:08:35 by RouterOS 6.46.5
# software id = DKRZ-CHEN
#
# model = CRS125-24G-1S
# serial number = 624E050337BA
/interface bridge
add admin-mac=E4:8D:8C:A6:A1:BD auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=ether1 name="Spark UFB" vlan-id=10
/interface pppoe-client
add add-default-route=yes disabled=no interface="Spark UFB" name=pppoe-out1 \
user=user@xtrabb.co.nz
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.2-192.168.0.250
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=3d10m name=\
dhcp1
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp1
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.0.89 client-id=1:a8:db:3:7:34:9 mac-address=\
A8:DB:03:07:34:09 server=dhcp1
add address=192.168.0.86 mac-address=DC:4F:22:0B:81:F1 server=dhcp1
add address=192.168.0.21 client-id=MitchTrans mac-address=00:0C:29:5A:C0:A1 \
server=dhcp1
add address=192.168.0.83 client-id=1:9c:5c:f9:1e:c1:cf comment=\
mac-address=9C:5C:F9:1E:C1:CF server=dhcp1
add address=192.168.0.8 mac-address=00:0C:29:2C:FA:95 server=dhcp1
add address=192.168.0.13 client-id=\
ff:9f:6e:85:24:0:2:0:0:ab:11:10:f4:72:8f:6a:d1:b:59 mac-address=\
00:0C:29:E9:77:C0 server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
/ip dns
set servers=192.168.0.30,192.168.0.31
/ip firewall address-list
add address=192.168.0.0/24 list=support
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward comment=\
"DEFAULT: Accept established, related, and untracked traffic." \
connection-state=established,related,untracked
add action=accept chain=input comment=\
"DEFAULT: Accept established, related, and untracked traffic." \
connection-state=established,related,untracked
add action=accept chain=forward comment="DEFAULT: Accept In IPsec policy." \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="DEFAULT: Accept Out IPsec policy." \
ipsec-policy=out,ipsec
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment="DEFAULT: Accept ICMP traffic." \
protocol=icmp
add action=drop chain=input comment="DEFAULT: Drop invalid traffic." \
connection-state=invalid
add action=drop chain=input comment=\
"DEFAULT: Drop all other traffic not coming from LAN." in-interface-list=\
!LAN
add action=drop chain=forward comment="DEFAULT: Drop invalid traffic." \
connection-state=invalid
add action=drop chain=forward comment=\
"DEFAULT: Drop all other traffic from WAN that is not DSTNATed." \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=Pacific/Auckland
/system routerboard settings
set silent-boot=yes
/system script
add dont-require-permissions=no name=script1 owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
ip firewall\r\
\nadd action=accept chain=input comment=\"defconf: accept established,rela\
ted,untracked\" connection-state=established,related,untracked;\r\
\nadd action=drop chain=input comment=\"defconf: drop invalid\" connection\
-state=invalid;\r\
\nadd action=accept chain=input comment=\"defconf: accept ICMP\" protocol=\
icmp;\r\
\nadd action=drop chain=input comment=\"defconf: drop all not coming from \
LAN\" in-interface-list=!LAN;"

1 | 2

1466 posts

Uber Geek

Trusted

Lifetime subscriber

#2468527 23-Apr-2020 11:54

Haven't even looked at your config - It's a CRS. They're switches that support Level 3 Routing through Router OS but they are SLOW. You need a CCR or a Routerboard.

Take a look at this comparison of hardware between a RB750Gr3 and that switch

It's significantly slower, and if you look at the test results on each page you'll see by how much.

Anything I say is the ramblings of an ill informed, opinionated so-and-so, and not representative of any of my past, present or future employers, and is also probably best disregarded.

nztim

3816 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#2468528 23-Apr-2020 11:54

you have a cloud core switch, not a router so you wont be getting much routing speed over it

Regards

Tim

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

cyril7

9058 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2468529 23-Apr-2020 11:58

Hi, this device is not really suited to what you are doing, firstly it only has a 1G link between the switching chip and the CPU, therefore all routing is limited to roughly half that, and lastly it is a single core 600MHz device, which will stuggle to process PPPoE at much more than 100-200Mb/s as it has no hardware offload for that. I recommend you look at an RB4011 this will achieve the speeds you are after

Cyril

Kelsey

12 posts

Geek

#2468530 23-Apr-2020 11:58

Wow thanks for such a rapid response. I thought it would be a hardware issue rather than a config. I was amazed at how much a differnce the fastrack made though.

So time to save up for a 4011 or RB705 and use the CRS as a switch in bridge mode!

Thanks again team

nztim

3816 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#2468531 23-Apr-2020 11:59

toejam316:

Haven't even looked at your config - It's a CRS. They're switches that support Level 3 Routing through Router OS but they are SLOW. You need a CCR or a Routerboard.

Take a look at this comparison of hardware between a RB750Gr3 and that switch

It's significantly slower, and if you look at the test results on each page you'll see by how much.

For Gig Connections that use PPPoE the RB4011 is the way to go RB750Gr3 is good for Gig on IPoE (DHCP Connections)

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

RunningMan

8955 posts

Uber Geek

#2468534 23-Apr-2020 12:03

The CRS125 is pretty much equivalent to the RB2011 series in terms of routerOS performance, so at the lower end of things. Generally OK for up to about 200 Mb/s depending on what you are doing with it. It's certainly more powerful than a switch, but not really up to gig throughput for anything complex.

There's also no hardware acceleration for IPsec, so that will bog it down a bit. Your performance will really depend on the traffic and how much fastrack can offload from the CPU.

Check system/resources to see the CPU load.

You might want to put the 192.168.0.1 address on the bridge, rather than port 2.

nztim

3816 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#2468535 23-Apr-2020 12:03

Kelsey:

Wow thanks for such a rapid response. I thought it would be a hardware issue rather than a config. I was amazed at how much a differnce the fastrack made though.

So time to save up for a 4011 or RB705 and use the CRS as a switch in bridge mode!

Thanks again team

RB4011 is king of bang for buck, it also has a SFP+ port directly to the CPU for when those 10Gbps connections come online :)

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

Tradepub

Free professional, reference and technical white papers (affiliate link).

nitro

657 posts

Ultimate Geek

#2468558 23-Apr-2020 12:35

RunningMan:

The CRS125 is pretty much equivalent to the RB2011 series in terms of routerOS performance, so at the lower end of things.

it's not even as good as the rb2011 when it comes to routing packets. i have one of these too, and it's great as a switch. the rb3011 is what i have on duty and i use the crs125 as my test router - before i deploy any config live on the 3011.

OP:

as you have heard above, while it can pitch in in an emergency, it's not really up to the task for GigE.

nitro

657 posts

Ultimate Geek

#2468562 23-Apr-2020 12:38

nztim:

you have a cloud core switch, not a router so you wont be getting much routing speed over it

Regards

Tim

actually, it's officially a Cloud Router Switch... so any confusion is easily forgiven. :)

nztim

3816 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#2468564 23-Apr-2020 12:41

nitro:

nztim:

you have a cloud core switch, not a router so you wont be getting much routing speed over it

Regards

Tim

actually, it's officially a Cloud Router Switch... so any confusion is easily forgiven. :)

That simply means it is running RouterOS, that has nothing to do with the fact the hardware is not up to the task of routing

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

nitro

657 posts

Ultimate Geek

#2468612 23-Apr-2020 13:27

nztim:

That simply means it is running RouterOS, that has nothing to do with the fact the hardware is not up to the task of routing

agreed.

but mikrotik doesn't say that (unless you look at the test results page). in fact, they call it the "Perfect SOHO gateway router, switch, all in one box", leading those who pick it up believe it's suitable for routing.

nztim

3816 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#2468626 23-Apr-2020 13:41

nitro:

nztim:

That simply means it is running RouterOS, that has nothing to do with the fact the hardware is not up to the task of routing

agreed.

but mikrotik doesn't say that (unless you look at the test results page). in fact, they call it the "Perfect SOHO gateway router, switch, all in one box", leading those who pick it up believe it's suitable for routing.

False Advertising IMHO

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

chevrolux

4962 posts

Uber Geek
Inactive user

#2468647 23-Apr-2020 14:01

I would say the RB750Gr3 is pretty dam hard to beat - $100 for something that can do 800Mbps PPPoE, and a few hundred Mbps over IPsec. Is it worth paying double for the 4011 just for another 100-ish Mbps?

I use an Rb750 with a CRS328-24P-4S, get 10Gbps off the switch SFP+'s to my home server. And then just a couple of ports in a LAG to uplink the RB750.

The only reason I will go to a 4011 is so I can rack mount and swap th LAG for a 10Gbps SFP.

RunningMan

8955 posts

Uber Geek

#2468766 23-Apr-2020 16:40

nztim:

That simply means it is running RouterOS, that has nothing to do with the fact the hardware is not up to the task of routing

I disagree. It is up to the task of routing, but not on a gig connection. It's certainly well underpowered for the OP's needs but on a 100 Mb/s connection it would be perfectly adequate. It's also a few years old now and demand for bandwidth has increased a lot with time.

@chevrolux only problem with rackmounting the 4011 is the massive rack ears which waste space in a smaller rack. Without the ears and sitting on a shelf (yeah, untidy I know) there's room for other gear next to it.

cyril7

9058 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2468774 23-Apr-2020 16:46

Hi, there is a distict differnce between dual mode Mikrotik hardware (ie that can boot either RouterOS and SwitchOS) that typically run RouterOS like a dog, and this device in question here, which does not run SwitchOS, and runs RouterOS pretty reasonably for a single core 600MHz device, however has limited switch function compared to a full on SwitchOS device.

Cyril

1 | 2