MikroTik Router Speedboost

A software update and a new firewall rule have more then doubled the throughput of MicoTik Routers.

Before:

Download 256.09 Mbit/s - Upload 317.57 MBit/s

After:

Download 551.99 Mbit/s - Upload 875.23 Mbit/s

Since about a year I have probably one of the best Internet connections worldwide. 1 Gbit/s symmetrical (which means Download and Upload have the same speed) for approx. EUR 740 / USD 830 per year without any additional connection fees. Dual stack IPv4/IPv6 and guaranteed net-neutrality included. Even support is a pleasant experience. Its almost a little irritating at first, but you don’t experience the usual struggle against a call center and its hostile agents. Instead you are supported by relaxed natural persons working at a friendly SME.

At the time I placed my order, I decided to include the recommended MikroTik Router, preconfigured and with all necessary fiber-optics cables and adapters included. Note: Fiber7 has of course no mandatory specifications and customers are free to use any equipment of their choice.

While the Fiber7-connection was activated just a few days later and worked seamless for a year, apart from two outages of their IPv6 DHCP servers, the ordered MikroTik router was a bit of a downer.

  • The web interface turned out to be close to be unusable.
  • Instead you need a Windows configuration program. While this works under Linux with Wine, it takes some getting used to.
  • You can also login with SSH on the Router, but that interface takes even more of getting used to it. If you are used to network and firewall configuration in Unix or Linux (OpenWRT, pfSense etc.) you will feel pretty helpless at first*.
  • Popular features such as OpenVPN are not directly supported. Apparently you can install OpenWRT or other firewall distributions as virtual machines, but I didn’t try that, as it sounded complicated and probably include a loss of performance.
  • Logging seems incomplete to me. I have not found a way on how I could be notified of the IPv6 outages.
  • Performance: With my 25 firewall rules and 25 port forwarding’s I usually get to a data throughput of 200 to max. 400 Mbit/s download and 300 to max. 500 Mbit/s upload. That’s close to the throughput my old Netgear WNDR3800 would have already had,  according to independent tests. But in contrast to the MikroTik it would be supported by OpenWRT.
  • Wireless support is anything but up to date (only 2GHz WLAN, no 5GHz, no 802.11ac)

Of course I would prefer an OpenWRT compatible device capable of handling fiber-optics natively and get close to about 900 Mbit/s throughput.

Now the new version 6.29.1 of RouterOS has been available since June 1st 2015:

In RouterOS v6.29 we introduced a very important update for our popular FastPath feature.
FastTrack is implemented as a new action for
firewall filter/mangle – “fasttrack-connection”. This
provides the flexibility necessary for users to combine
any existing firewall implementation with the new
FastTrack feature.
The “action=fasttrack-connection” works similar to
“action=mark-connection” – it flags connection tracking entries so that
following packets from these entries can be “FastTracked”.
In current implementation FastTrack can work with IPv4/TCP and
IPv4/UDP connection tracking entries.

After I triggered a software-update on the router I just added to following firewall rule on top:

Chain: forward
Connection State: established, related
Action: fasttrack connection

Went to do a speed-test just after that and what a nice surprise … The rate is more than twice as high.

Note that I have various constantly running services through this connection, the figures are therefore not to be understood as absolute values but more as “remaining available bandwidth”.

*Here is a small and “easy” example on how you display an IP address in Linux and in RouterOS:

Linux:

ip addr show dev eth0

MikroTIK Router OS

:put [/ip address get [find interface="eth0"] address];

 

5 thoughts on “MikroTik Router Speedboost

  1. :put [/ip address get [find interface=“eth0”] address];

    Quatsch.

    /ip address print where interface=eth0

    Muss man nur Englisch können für 😉

    IPv6-Ausfälle: Teste mal /tool netwatch.

  2. Is there a way to Fast Track only certain type of traffic? By IP or ether port?

  3. These are firewall rules like any other, so you should be able to add any selection criteria as in any other firewall rule. The only difference is the “Action” called “Fasttrack connection” instead of “Block” or “Drop” or “Forward”.

  4. how can i configure fasttrack for local website which has 192.168.99.6 ip address and its interface in mikrotik router board is “Break”
    note : the website contains a videos and this is why i need fasttrack

  5. The way I see it, these rules already apply to incoming and outgoing connections. I did not do any extensive testing, but I don’t see any restrictions to incoming only either.

Leave a Reply

Your email address will not be published. Required fields are marked *

You can encrypt your comment so that only Alain Wolf can read it.