A software update and a new firewall rule have more then doubled the throughput of MicoTik Routers.
Since about a year I have probably one of the best Internet connections worldwide. 1 Gbit/s symmetrical (which means Download and Upload have the same speed) for approx. EUR 740 / USD 830 per year without any additional connection fees. Dual stack IPv4/IPv6 and guaranteed net-neutrality included. Even support is a pleasant experience. Its almost a little irritating at first, but you don’t experience the usual struggle against a call center and its hostile agents. Instead you are supported by relaxed natural persons working at a friendly SME.
At the time I placed my order, I decided to include the recommended MikroTik Router, preconfigured and with all necessary fiber-optics cables and adapters included. Note: Fiber7 has of course no mandatory specifications and customers are free to use any equipment of their choice.
While the Fiber7-connection was activated just a few days later and worked seamless for a year, apart from two outages of their IPv6 DHCP servers, the ordered MikroTik router was a bit of a downer.
- The web interface turned out to be close to be unusable.
- Instead you need a Windows configuration program. While this works under Linux with Wine, it takes some getting used to.
- You can also login with SSH on the Router, but that interface takes even more of getting used to it. If you are used to network and firewall configuration in Unix or Linux (OpenWRT, pfSense etc.) you will feel pretty helpless at first*.
- Popular features such as OpenVPN are not directly supported. Apparently you can install OpenWRT or other firewall distributions as virtual machines, but I didn’t try that, as it sounded complicated and probably include a loss of performance.
- Logging seems incomplete to me. I have not found a way on how I could be notified of the IPv6 outages.
- Performance: With my 25 firewall rules and 25 port forwarding’s I usually get to a data throughput of 200 to max. 400 Mbit/s download and 300 to max. 500 Mbit/s upload. That’s close to the throughput my old Netgear WNDR–3800 would have already had, according to independent tests. But in contrast to the MikroTik it would be supported by OpenWRT.
- Wireless support is anything but up to date (only 2GHz WLAN, no 5GHz, no 802.11ac)
Of course I would prefer an OpenWRT compatible device capable of handling fiber-optics natively and get close to about 900 Mbit/s throughput.
Now the new version 6.29.1 of RouterOS has been available since June 1st 2015:
In RouterOS v6.29 we introduced a very important update for our popular FastPath feature.FastTrack is implemented as a new action forfirewall filter/mangle – “fasttrack-connection”. Thisprovides the flexibility necessary for users to combineany existing firewall implementation with the newFastTrack feature.The “action=fasttrack-connection” works similar to“action=mark-connection” – it flags connection tracking entries so thatfollowing packets from these entries can be “FastTracked”.In current implementation FastTrack can work with IPv4/TCP andIPv4/UDP connection tracking entries.
After I triggered a software-update on the router I just added to following firewall rule on top:
Connection State: established, related
Action: fasttrack connection
Went to do a speed-test just after that and what a nice surprise … The rate is more than twice as high.
Note that I have various constantly running services through this connection, the figures are therefore not to be understood as absolute values but more as “remaining available bandwidth”.
*Here is a small and “easy” example on how you display an IP address in Linux and in RouterOS:
ip addr show dev eth0
MikroTIK Router OS
:put [/ip address get [find interface="eth0"] address];