Slow connection on Mikrotik

Estou tendo um ping alto ao acessar as rotas em minha RB3011.
Anyone with this problem?

image806×195 7.19 KB

I performed the procedure for opening UDP ports on the firewall and it did not solve it.

image607×616 13.1 KB

image613×628 13.3 KB

Some possible reasons I can think of might be heavy load and/or a congested (slow) link. How does you network topology look like ie link type and speed etc?

Please run this line in a terminal session and post output to this thread:

/zerotier/peer/print; /system/resource/print; /tool/profile duration=10

I have seven devices that connect via zerotier VPN to communicate with the company’s internal network.

To do this, create a route so that everything that arrives on the RB3011 is reached on the route 172.16.0.0/24 (company LAN IP)

Ping from one computer to another computer within the VPN

Ping from a Computer to RB3011 within the VPN

In addition to the high ping, I’m having problems with the first connection. Taking about 5 minutes to piggyback the RB for the first time.

Bandwidth is no more than 20 MB between Company and devices on the VPN

My connection is 300 MB Download and Upload.

My preliminary guess (so far) is that the latency is due to slow and congested 20 MB links like 1-4 while 5 and 8 seem quite ok atm. If possible, measure the utilization (at the remote site) on any of the affected links to verify if that is the root cause.

In general, if people start complaining that things are slow, you probably need to start prioritizing the traffic, especially on the 20 MB links. This can be done using for example FQ_codel or CAKE which is probably the easiest one to start with. Be aware that you need it on both ends to master traffic going outside the vpn. Mikrotik docs on the subject: Queues - RouterOS - MikroTik Documentation.

If you conclude traffic prioritizing is needed you probably get more help from the Mikrotik User Forum on how to setup and use CAKE, FQ_codel or how to prioritize traffic in general.

OK, I will check my queuing rules! thanks for the help.

Forgot to mention to also check that all zt nodes have link status “DIRECT”. Otherwise, the traffic will be redirected though an external server which will contribute to even higher latency and lower transfer speeds.

The most common reason for not getting a direct link is CG-NAT with an ISP that doesn’t allow hole punching. In case of CG-NAT and you want to troubleshoot why you are not getting a direct link, publish the necessary ZeroTier ports in the router to avoid double-nat in case the router might be part of the problem.

Unfortunately it’s currently not possible to get link status from within RoS but you can check it on any OS using the command “zerotier-cli peers”

$ sudo zerotier-cli peers
200 peers
<ztaddr> <ver>  <role> <lat> <link>   <lastTX> <lastRX> <path>
c192ce9b 1.10.6 LEAF     125 DIRECT   3638     3514     9.141.238/49329
f865ae71 -      PLANET   182 DIRECT   266894   38853    7.252.138/9993
23c2e9b6 1.10.6 LEAF      21 DIRECT   2644     2644     69.100.254/1105
8cde7190 -      PLANET   130 DIRECT   39035    38904    95.103.66/9993
a4c03768 1.10.6 LEAF       7 DIRECT   6468     6468     69.100.254/9993
fe04eba9 -      PLANET    32 DIRECT   3638     39003    17.53.155/9993
fe9efeb9 -      PLANET   176 DIRECT   39035    38865    194.8.134/9993
ddef6608 1.6.6  LEAF       5 DIRECT   92       92       128.132.19/51111
d84182c4 1.10.5 LEAF       7 DIRECT   4991     4982     169.100.24/62867
d8f9eec2 1.10.5 LEAF       9 DIRECT   6294     6294     169.100.254/20546
.   .   .
.   .   .

Ola

The only ones that are not direct are cell phones using 4G:

image726×278 10.5 KB

My RB3110:

a9dda3e298 1.6.6  LEAF      20 DIRECT   280      276      172.16.0.1/9993

My internet bandwidth is 300MB for download and upload, I have a pcq Queue rule. After office hours I will disable it and test the VPN connection.

Sounds good!

Do you have the RB3011 at your local offices as well? In that case it’s powerful enough to run fq_codel or cake which requires slightly more cpu than pcq and friends. We did some serious testing on some of our DSL/LTE links during the autumn and now we have switched to Cake completely in order to drop queue administration. So far so good (knock on wood ;- ).

Knocking on wood solved it

1º I changed the queue from pcq and friends to fq_codel/cake

image898×536 11.2 KB

image837×547 11.5 KB

image852×591 7.66 KB

image1218×622 25.3 KB

Ping Iphone > RB3011 used VPN (Connected by WiFi)

Imagem do WhatsApp de 2023-04-06 à(s) 07.38.18472×1024 58.3 KB

If you have any suggestions for optimizing the rules, that’s right.

Great news!

However, I’d let it run for a while and perhaps wait for feedback from the users until later this day before one might conclude that everything is solved (which it hopefully is, but you never know…)

One of the major advantages of Cake is the design philosophy of making it as self-contained and self-governing as possible. The only thing one might need to specify to give it a good start is the link speed.

Here are some links on the subject from the developers:

• Cake - Bufferbloat.net
• Codel Wiki - Bufferbloat.net
• What Can I Do About Bufferbloat? - Bufferbloat.net

And some from the Mikrotik forum (there are pleny of others)

• some quick comments on configuring cake - MikroTik
• CAKE, FQ-codel etc, which ROS7 queue is best in your testing? - MikroTik
• FQ_Codel and Mikrotik CCR CPU Utilization - MikroTik
• Which mikrotik for 1Gbps WAN, SOHO, and queue enabled (fqcodel / cake) - MikroTik

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.