Router Mikrotik RB750Gr3 para conexión 1Gbs DIGI

O el MTU mal puesto, o no estás usando fasttrack.

Saludos!
 
Hola, creo que está activado:

Código:
/ip settings print
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: no
          tcp-syncookies: no
    max-neighbor-entries: 8192
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: yes
   ipv4-fast-path-active: no
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: yes
  ipv4-fasttrack-packets: 12233488
    ipv4-fasttrack-bytes: 14695385089

Las reglas de filtrado:

Código:
0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough

1    ;;; defconf: accept established,related,untracked
      chain=input action=accept
      connection-state=established,related,untracked

2    ;;; allow IPsec NAT
      chain=input action=accept protocol=udp dst-port=4500

3    ;;; allow IKE
      chain=input action=accept protocol=udp dst-port=500

4    ;;; allow l2tp
      chain=input action=accept protocol=udp dst-port=1701

5 X  ;;; allow pptp
      chain=input action=accept protocol=tcp dst-port=1723 log=no
      log-prefix=""

6    ;;; allow sstp
      chain=input action=accept protocol=tcp dst-port=443

7    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid

8    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp

9    ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1

10    ;;; accept vpn encrypted input traffic
      chain=input action=accept src-address=192.168.66.0/24
      ipsec-policy=in,ipsec

11    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN

12    ;;; defconf: accept in ipsec policy
      chain=forward action=accept ipsec-policy=in,ipsec

13    ;;; defconf: accept out ipsec policy
      chain=forward action=accept ipsec-policy=out,ipsec

14    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection
      connection-state=established,related

15    ;;; defconf: accept established,related, untracked
      chain=forward action=accept
      connection-state=established,related,untracked

16    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid

17    ;;; defconf: drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new
      connection-nat-state=!dstnat in-interface-list=WAN

Y la MTU de la interfaz PPPoE (si es la que te refieres):

Código:
Flags: D - dynamic, X - disabled, R - running, S - slave
#     NAME                                TYPE       ACTUAL-MTU L2MTU
0  R  ether1                              ether            1500  1596
1  RS ;;; Portatil ASUS
       ether2                              ether            1500  1596
2  RS ;;; AP Salon
       ether3                              ether            1500  1596
3   S ;;; DS218Plus
       ether4                              ether            1500  1596
4  RS ;;; AP Despacho
       ether5                              ether            1500  1596
5  R  ;;; defconf
       bridge                              bridge           1500  1596
6  R  pppoe-out1                          pppoe-out        1480
7  R  vlan20                              vlan             1500  1592

Ves algo raro?
 
Edita la configuración del cliente PPPoE y lo pones a 1492, tanto MTU como MRU.

Saludos!
 
Si ves que eso tampoco, clona además la MAC del router de DiGi en la interfaz que conecte al mundo WAN.

Saludos!
 
Si ves que eso tampoco, clona además la MAC del router de DiGi en la interfaz que conecte al mundo WAN.

Saludo
Nada, he cambiado MTU y MRU, he puesto la MAC de DIGI en ether1 y la descarga igual que en la primera imagen de los test. Me rindo :(
 
Nada, he cambiado MTU y MRU, he puesto la MAC de DIGI en ether1 y la descarga igual que en la primera imagen de los test. Me rindo :(
Dale un export al equipo. También dime dónde estás conectándolo, si a una ont o a un router en modo bridge.

Saludos!
 
Aquí te lo dejo, gracias.
Estoy conectado a una ONT Huawei HG8010H (va bien con otros routers probados)

Código:
# feb/18/2021 16:00:29 by RouterOS 6.48.1
# software id = 0Q6W-WCEY
#
# model = RB750Gr3
# serial number = CCXXXXXXXXE6
/interface bridge
add admin-mac=08:55:31:XX:XX:XX auto-mac=no comment=defconf name=bridge \
    protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] mac-address=90:FD:73:XX:XX:XX  # MAC cambiada por router DIGI
set [ find default-name=ether2 ]
set [ find default-name=ether3 ]
set [ find default-name=ether4 ]
set [ find default-name=ether5 ]
/interface vlan
add interface=ether1 name=vlan20 vlan-id=20
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan20 max-mru=1492 max-mtu=\
    1492 name=pppoe-out1 service-name=ftth use-peer-dns=yes user=\
    XXXXXXXXX@digi
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec peer
add exchange-mode=ike2 name=ike2-peer passive=yes
/ip pool
add name=dhcp ranges=192.168.50.10-192.168.50.254
add name=vpn-pool ranges=192.168.89.2-192.168.89.254
add name=ikev2-pool ranges=192.168.66.10-192.168.66.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1d name=defconf
/ip ipsec mode-config
add address-pool=ikev2-pool address-prefix-length=32 name=ike2-config
/ppp profile
add change-tcp-mss=yes interface-list=LAN local-address=192.168.89.1 name=\
    vpn-profile remote-address=vpn-pool use-encryption=yes
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn-pool
/queue simple
add name="" target=192.168.50.97/32
add name="" target=192.168.50.242/32
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set authentication=mschap2 default-profile=vpn-profile enabled=yes use-ipsec=\
    yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.50.1/24 comment=defconf interface=bridge network=\
    192.168.50.0
/ip arp
add address=192.168.50.246 interface=bridge \
    mac-address=4C:ED:FB:8C:09:D0
add address=192.168.50.249 interface=bridge mac-address=\
    30:5A:3A:4E:29:40
add address=192.168.50.242 interface=bridge \
    mac-address=00:11:32:B8:3A:0B
add address=192.168.50.97 interface=bridge \
    mac-address=54:13:79:0E:2F:22
add address=192.168.50.248 interface=bridge \
    mac-address=00:0E:C6:51:16:A1
add address=192.168.50.238 interface=bridge \
    mac-address=E0:CC:F8:E7:90:4A
add address=192.168.50.244 interface=bridge \
    mac-address=D4:91:0F:23:36:C3
/ip cloud
set ddns-enabled=yes ddns-update-interval=30m
/ip dhcp-client
add comment=defconf interface=ether1 use-peer-dns=no
/ip dhcp-server config
set store-leases-disk=1d
/ip dhcp-server lease
add address=192.168.50.246 client-id=1:4c:ed:fb:8c:9:d0 mac-address=\
    4C:ED:FB:8C:09:D0 server=defconf
add address=192.168.50.249 client-id=1:30:5a:3a:4e:29:40 mac-address=\
    30:5A:3A:4E:29:40 server=defconf
add address=192.168.50.242 client-id=1:0:11:32:b8:3a:b mac-address=\
    00:11:32:B8:3A:0B server=defconf
add address=192.168.50.248 client-id=1:0:e:c6:51:16:a1 mac-address=\
    00:0E:C6:51:16:A1 server=defconf
add address=192.168.50.97 client-id=1:54:13:79:e:2f:22 mac-address=\
    54:13:79:0E:2F:22 server=defconf
/ip dhcp-server network
add address=192.168.50.0/24 comment=defconf gateway=192.168.50.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.50.1 comment=defconf name=router.lan
/ip firewall address-list
add address=ccXXXXXXXXXe6.sn.mynetname.net list=public-ip
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
    protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" disabled=yes dst-port=1723 \
    protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="accept vpn encrypted input traffic" \
    ipsec-policy=in,ipsec src-address=192.168.66.0/24
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=hairpin-nat dst-address=\
    192.168.50.0/24 src-address=192.168.50.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
    192.168.89.0/24
add action=masquerade chain=srcnat comment=masquerade-ovpn src-address=\
    192.168.66.0/24
add action=dst-nat chain=dstnat comment=NAS-Open-80 dst-address-list=\
    public-ip dst-port=80 protocol=tcp to-addresses=192.168.50.242 to-ports=\
    80
add action=dst-nat chain=dstnat comment=NAS-Admin dst-address-list=public-ip \
    dst-port=5000,5001 protocol=tcp to-addresses=192.168.50.242
add action=dst-nat chain=dstnat comment=NAS-WebDAV dst-address-list=public-ip \
    dst-port=5005,5006 protocol=tcp to-addresses=192.168.50.242
add action=dst-nat chain=dstnat comment=NAS-VPN dst-address-list=public-ip \
    dst-port=1194 protocol=udp to-addresses=192.168.50.242
add action=dst-nat chain=dstnat comment=NAS-notifpush dst-address-list=\
    public-ip dst-port=8089 protocol=tcp to-addresses=192.168.50.242
add action=dst-nat chain=dstnat comment=DownloadStation dst-address-list=\
    public-ip dst-port=16881 protocol=tcp to-addresses=192.168.50.242
add action=dst-nat chain=dstnat comment=DownloadStation dst-address-list=\
    public-ip dst-port=6881 protocol=udp to-addresses=192.168.50.242
add action=dst-nat chain=dstnat comment=DownloadStation dst-address-list=\
    public-ip dst-port=8003 protocol=tcp to-addresses=192.168.50.242
add action=dst-nat chain=dstnat comment=DownloadStation dst-address-list=\
    public-ip dst-port=9500 protocol=tcp to-addresses=192.168.50.97 to-ports=\
    9500
add action=dst-nat chain=dstnat comment=ActiveBackup dst-address-list=\
    public-ip dst-port=28005,28006 protocol=tcp to-addresses=192.168.50.242
/ip ipsec identity
add auth-method=digital-signature certificate=vpn-server comment=PC \
    generate-policy=port-strict match-by=certificate mode-config=ike2-config \
    peer=ike2-peer remote-certificate=vpn-client
add auth-method=digital-signature certificate=vpn-server comment=Android \
    generate-policy=port-strict match-by=certificate mode-config=ike2-config \
    peer=ike2-peer remote-certificate=vpn-client-android
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=0.0.0.0/0 port=8081
set ssh port=79
set api disabled=yes
set winbox address=0.0.0.0/0
set api-ssl disabled=yes
/ip smb
set enabled=yes
/ppp secret
add name=vpn
add name=perikito profile=vpn-profile service=l2tp
/system clock
set time-zone-name=Europe/Madrid
/system package update
set channel=development
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Buhh compi, qué poco me gusta esa configuración. Guarda backup y export. Dale un reset y configura sólo el pppoe, con 1492 como mtu/mru sobre la vlan 20.

Pruebas y me dices.

Saludos!
 
Buhh compi, qué poco me gusta esa configuración. Guarda backup y export. Dale un reset y configura sólo el pppoe, con 1492 como mtu/mru sobre la vlan 20.

Pruebas y me dices.

Saludos!
Nada. Con la configuración básica y con los datos que me has indicado tengo 123/907, lo mismo está mal este router, no lo entiendo.

No tiene sentido que con otros routers si pase de 900/900.

Gracias de todas formas por tu interés @pokoyo
 
¿Has probado con otros cables, a ver si están chungos? ¿Me puedo fiar de esa prueba de velocidad, son servidores de digi?

Sino, abre la terminal con el router recién reseteado y configurado con salida a internet, y tira este comando. Estarás haciendo uso de un servidor público de un tipo, así que ojo con abusar de ello que te banean rápido. Haz una prueba, y listo, y le pegas un pantallazo al resultado que te salga por la terminal:
Código:
/tool bandwidth-test address=87.121.0.45 user=neterra password=neterra duration=30s direction=both

Saludos!
 
Hola.

Lo que te pasa no tiene mucho sentido, la verdad. Yo probaría lo siguiente: pon la configuración básica tras un reset, si, pero no metas ninguna VPN. Configuras el pppoe como te ha dicho pokoyo. Además, después, entras en el bridge le quitas el protocolo de bridge, poniéndolo a “none“. De esta manera verás que los puertos 2 a 5 están todos con la H de que está en Hadrware Offloading activado. Y prueba entonces.
suerte
 
Claro claro, lo del hardware offloading, que se me olvidaba, eso también: reset + vlan + pppoe mtu/mru 1492 + protocol mode=none en el bridge. Y prueba con lo que te he dado, mejor que con speedtest.

Saludos!
 
Arriba