Wireless Service Providers → Mikrotik NAT Speed TCP Performance

Is anyone able to obtain greater than 30 megs of TCP traffic, specifically downstream traffic, using Mikrotik with NAT and Connection Tracking enabled?

For a single customer, or overall? I'm doing over 50 megs on an old RB450G with NAT and Conntrack enabled, but that's split up between all my customers. The most I've seen on a single customer has been around 15 megs, but that's been limited by the AP.

Router to Router speed test.

everything i have ever read said not to use it, as the cpu can't provide enough power. everyone said use iperf.

what kind of hardware you using?

Yup I can pin my Up and Downstream with a NATted connection and TCP RouterRouter BW Test using only '20 connections' in the tool.

So 100Mbps both ways between two RB1100AHx2's across the Net.

There are lower numbers on the smaller RB's. Usually CPU is pinned.

Thats the weird thing. I'm only hitting the wall on download traffic and TCP. With UDP I can max the switchport speed and spike damn near 100 megs on the download side. Upload TCP same deal almost 100 megs. Its only the download TCP speed that hits a brick wall at 30 megs. Or, if I go router to router same deal. Granted, its traversing across fiber but the ports are running clean and I'm nowhere near capacity on that front. The CPU is only hitting about 40% when I try on the RB951Ui and like 3% on the x86 box from Baltic which has a dual-core.

I am using the 20 connection count as well. I've tried speed testing between my two routers and I've also tried speed testing out to the server that was posted in another thread across the net.

Just tried running speed test from both routers at the same time across the Internet and I had a solid 30 megs each so its not my upstream becoming saturated either.

There seemed to be some mention about hitting a wall with TCP and Mikrotik and the issue lying with connection tracking. Is there a way to optimize the connection tracking or am I off base with that?

I only get an extra 6 megs with tracking disabled. No cigar there.

With a connection count of 100 I can hit 62 megs but why do I need so many connections to start saturating the connection?

Sorry for all the posts, this is driving me nuts.

I don't know, but you are on to something.

I've seen that before and never quite figured it out either.

I do have a 2011 routerboard doing NAT with connection tracking that does 230Mbps both ways.

So it's not inherit in the NAT, it's something else...

Starting to realize that. Disabled NAT - no difference. Disabled Connection tracking - no difference. Disabled firewall rules - no difference. Played with Interface Queue types - no difference. I'm really at a loss here.

I would agree, it's something else.

We've never run into any limitations with NAT. On the CCRs, we can easily sustain 200mbps+ TCP when behind NAT.

do you have like 0 rules? LOL im doing 30/6 and i see 30-40% cpu usage on max. i would be sitting at 100 near 100mbit.

my rb750 on a similar connection, is doing close to 70% cpu at full speed.

guess i run alot of rules and que's

Are your devices directly connected to each other ? If not then maybe it's the interface queue on the switch your going through not the MT.

Also, sometimes i get better results using btest from two clients/laptops connected behind the two endpoints, than I do from the endpoints themselves.

I have seen the same thing with the SXT's. About 30 Meg with a single connection and 85 Meg with 10 or 20 connections. I have always wondered why but didn't spend enough time searching for the reasons.

I have a wild assumption that high-end wireless bridges have some kind of 'aggregation' that if implemented in MikroTik would drive the cost up significantly. Of course, assumptions are for people who don't know what they are talking about

Perfectly understandable since the router CPU can concentrate on passing traffic instead of running the bandwidth test as well.

Today I am pulling together a Cisco router for the edge to replace the Mikrotik. I will do side by side tests using a laptop to run the test through the respective routers and post the results.