Back to a CHR?

Friday 13th was an exciting one in my household! Not only did I kill the internet for everyone for a good 3 hour period whilst I swapped from an Ikea Lack table to a “real” 6U cabinet causing huge disruption when my planned single patch panel turned into 3! I also fired up old faithful and stuck on a fresh copy of the latest (6.42.6) CHR into my VM box.

Now I have my spare ESXi box housed in the attic in a real rack it means I don’t need it screaming away in the cave so I can finally move back to a CHR build and keep it. My rough maths says the CHR unit will have around 4-5 times the performance of the RB3011 which will now get moved to the cave as a dedicated VLAN breakout switch (or maybe sold) but ultimately I can employ some far more complex queues without worrying that I’m running the CPU up too far.

My long term plan is to SFQ my LAN traffic but then pick out particular traffic types from that and SFQ them against each other whilst doing some PFIFO pulling them all together. I’ll try to document as much as I can but in short it will be a huge amount of packet marking so CPU grunt is needed. I’m even now tempted to look at upgrading the CPU so it’s more than a dual core!

Fun times ahead.

hAP Mini Configuration

I’ve recorded my hAP Mini config video a couple of times so far and still not found a version I like. It is in the pipelines though however I’m thinking that trying to include low powered device optimisation into the same video is a bad thing. Maybe that should be it’s own video?

Either way I’ve configured my new “toy” a couple of times now and have been really amazed by what I was able to push through it. Bearing in mind this is a low powered single core unit out of the box with a handful of firewall rules and NAT it was able to push 94Mb whilst maintaining only 88% of CPU utilisation (minus whatever it was using for me watching Winbox).

Testament to my previous fasttrack learning curve though, once I put a couple of fasttrack rules into the firewall that same 94Mb was achieved on just 22% of CPU utilisation (again whilst I had Winbox open so minus a few % for that.

I seem to be finding 94Mb as a limitation though, this will no doubt be in part due to the unit only being 10/100 and losing some overhead from that but I’m amazed how viable this thing is, even to the point that it would be able to be used for VDSL in the UK with no detriment.

Please keep your eyes peeled for some soon to come videos regarding the hAP mini, potentially a config and then a more broad stroke efficiency ideas.

MikroTik Fast Track Learning Experience

Free performance enhancement? Must be a catch….

I’ve recently had to investigate making some lower powered MikroTik devices route at decent speeds, there is a much longer story which I won’t be going in to but in short I had a task of making a CRS112 (low powered 400Mhz single core CPU) able to route 100Mb services.

A little background is the CRS112 is primarily a switch, using hardware offload you can easily switch at line rate (Gigabit) however they don’t really do too well in routing or anything CPU oriented. For example viewing Winbox uses 20% CPU resources as does running FTP, Telnet and WWW services!

For basic NAT masquerade and a simple 12 line firewall rule my initial testing was only yielding speed test results in the 30-40Mb region. The first 2 lines of my firewall were as follows to try and be as efficient as I could be;

/ip firewall filter

add action=accept chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

The goal was to route at least 50Mb through the CRS so I picked up something I left alone a long time ago as then there was no need to use CPU limited products and the cons outweighed the gains.

Fasttrack is a powerful little tool you can use to vastly improve throughputs on CPU limited devices, the plus sides of it are that my CRS112 that was only previously capable of routing 30Mb was now being limited by my PPP account at 150Mb and it still had gas in the tank! The device suddenly becomes a much more viable router however the draw back to this is that fast track effectively allows the packet “through the gates” and then takes no further part in it’s journey. Connection tracking is disabled meaning any further mangling of packets and queues simply do not know about the packets we have just expedited.

In most situations fasttrack is probably going to break more things than you’d like whilst trying to squeeze the last bit out of your router however on heavily CPU limited tasks where you only need a basic router it will certainly help.

The final firewall configuration only needed 2 lines adding (yes I tried without the accept rules and it won’t work);

/ip firewall filter

add action=fasttrack-connection chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=fasttrack-connection chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

So to summarise, fasttrack is the devil unless you have a low powered device. Connection tracking is probably more valuable than making your under specced kit last an extra couple of weeks but a very good learning experience.

Broadband Upgrade

I’ve been a little bit AFK over the last month or so, real life duties have had to take priority and then more recently broadband issues! I’ve now had to take the step and put in a copper based line however me being me wanted to use MikroTik kit. to do this I needed to use a stand alone modem so opted for an ex-BT Huawei HG612 3B and then used a PoE splitter to power it so I didn’t have any nasty power supplied stringing around my front room.

A 50cm Tandy high quality twisted pair DSL cable took the duty of getting the service form my master socket to my modem.

Although not the full 80/20 I am now getting a good packet loss free 55/16

Bank Holiday PC Build For Dad

Little bit of a show off post. Dad had seen a HP Pavillion All-In-One on PC world website and spoke to me about getting an updated PC, I told him not to be silly and I can build significantly better for similar money. So I did. The Pavillion was built on older Gen hardware with a 27″ screen, 7700T i7 CPU, 16GB RAM and a 2TB HDD. That was the benchmark to beat so ended up with the following build;

i5 8600, MSI GTX1050Ti Graphics card, 16GB DDR4 3200Mhz RAM, 500GB SSD boot drive, 2TB HDD for data storage, Seasonic 550W Gold rated PSU, Corsair Carbide 275R case and a Dell P2717H monitor. I ordered up a new keyboard and mouse from Asus as well just because it’s nice to have a new everything.

Pics of the build are below, it was a dream to put together.

Much better room layout

Whilst rebuilding the PC I had a stupid idea that my room needed moving around to generate more space and give better room for some upcoming videos and projects that I have brewing. Last night was one of my “extended” gaming sessions so I took the opportunity to get everything pulled apart and reconnected in a different place.

Before:

 

After:

 

Changing the PC around

Well I’m in a completely different place to where I thought I would be right now. I was expecting to be super hyped over the new AMD Ryzen 2700X release but going through multiple benchmarks and early benchmarks the reality of it is that it won’t be that different to Gen 1. It;s going to clock higher certainly but is that as high enough to take the crown from Intel. No is the answer. It’ll be good but it won’t be the best.

So I’ve had to rebuild, the AMD has gone and in it’s place there is now a shiny Intel Core i7 8700K and the reinstall has been finished and I’m just awaiting opportunity to have a really good extended gaming session on it to get it bedded in!

I didn’t get many pictures from the rebuild but I am thoroughly happy to be back on team Blue!