I recently upgraded to 1.8.5 but after the upgrade I am not able to get more then 93 mbps on a loadbalaced setup with two 500 mbps connections.
Before the upgrade I was able to max out the connection.
Any ideas ?
Here is my config:
firewall {
all-ping enable
broadcast-ping disable
group {
address-group eth0_only_internet_access {
address 192.168.0.101
address 192.168.0.102
description ""
}
address-group eth1_only_internet_access {
description ""
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 10 {
action modify
modify {
lb-group eth0_preferred
}
source {
group {
address-group eth0_only_internet_access
}
}
}
rule 20 {
action modify
modify {
lb-group eth1_preferred
}
source {
group {
address-group eth1_only_internet_access
}
}
}
rule 30 {
action modify
description "Do not loadbalance HTTPS traffic, use eth1 as preferred WAN"
destination {
port 443
}
modify {
lb-group eth1_preferred
}
protocol tcp
}
rule 40 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description http
destination {
port 80
}
log disable
protocol tcp_udp
}
rule 22 {
action accept
description ssh
destination {
port 22
}
log disable
protocol tcp_udp
}
rule 23 {
action accept
description virtualmin
destination {
port 10000
}
log disable
protocol tcp_udp
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description icmp
log disable
protocol icmp
}
rule 22 {
action accept
description http
destination {
port 80
}
log disable
protocol tcp_udp
}
rule 23 {
action accept
description ssh
destination {
port 22
}
log disable
protocol tcp_udp
}
rule 24 {
action accept
description "ssh router"
destination {
port 2222
}
log disable
protocol tcp_udp
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description RDS
duplex auto
poe {
output off
}
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
out {
}
}
mtu 1492
name-server auto
password ****************
user-id *****************
}
speed auto
}
ethernet eth1 {
address dhcp
description Romtelecom
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
out {
}
}
poe {
output off
}
speed auto
}
ethernet eth2 {
description Backup
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
description "Uplink Switch"
duplex auto
poe {
output 24v
}
speed auto
}
ethernet eth4 {
description "Uplink AP"
duplex auto
poe {
output 48v
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.0.1/24
description Local
firewall {
in {
modify balance
}
}
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
}
}
}
load-balance {
group G {
interface eth1 {
weight 20
}
interface pppoe0 {
weight 80
}
}
group eth0_preferred {
interface eth1 {
failover-only
}
interface pppoe0 {
}
}
group eth1_preferred {
interface eth1 {
}
interface pppoe0 {
failover-only
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.0.0/24 {
default-router 192.168.0.1
dns-server 192.168.0.1
lease 86400
start 192.168.0.40 {
stop 192.168.0.100
}
static-mapping Microtik_Switch {
ip-address 192.168.0.3
mac-address 4c:5e:0c:74:a9:a1
}
static-mapping Printer {
ip-address 192.168.0.4
mac-address 44:1c:a8:05:18:ab
}
static-mapping Unifi_AP {
ip-address 192.168.0.2
mac-address 44:d9:e7:fc:b9:78
}
static-mapping *********** {
ip-address 192.168.0.102
mac-address 50:af:73:20:51:22
}
static-mapping *********** {
ip-address 192.168.0.101
mac-address 90:fb:a6:2a:e8:2e
}
unifi-controller 192.168.0.2
}
}
}
dns {
dynamic {
interface eth1 {
service dyndns {
host-name **********.dyndns.org
login ********
password ****************
}
}
interface pppoe0 {
service dyndns {
host-name **********.dyndns.org
login ********
password ****************
}
}
}
forwarding {
cache-size 150
listen-on switch0
name-server 8.8.8.8
name-server 8.8.4.4
}
}
gui {
https-port 443
}
nat {
rule 1 {
description "http ***********"
destination {
group {
address-group ADDRv4_eth1
}
port 80
}
inbound-interface eth1
inside-address {
address 192.168.0.102
port 80
}
log disable
protocol tcp_udp
type destination
}
rule 2 {
description "http ************"
destination {
group {
address-group ADDRv4_pppoe0
}
port 80
}
inbound-interface pppoe0
inside-address {
address 192.168.0.101
port 80
}
log disable
protocol tcp_udp
type destination
}
rule 3 {
description "ssh ********"
destination {
group {
address-group ADDRv4_eth1
}
port 22
}
inbound-interface eth1
inside-address {
address 192.168.0.102
port 22
}
log disable
protocol tcp_udp
type destination
}
rule 4 {
description "ssh ***********"
destination {
group {
address-group ADDRv4_pppoe0
}
port 22
}
inbound-interface pppoe0
inside-address {
address 192.168.0.101
port 22
}
log disable
protocol tcp_udp
type destination
}
rule 5 {
description "ssh router"
destination {
port 2222
}
inbound-interface eth1
inside-address {
address 192.168.0.1
port 22
}
log disable
protocol tcp_udp
type destination
}
rule 6 {
description "virtualmin **********"
destination {
group {
address-group ADDRv4_pppoe0
}
port 10000
}
inbound-interface pppoe0
inside-address {
address 192.168.0.101
port 10000
}
log disable
protocol tcp_udp
type destination
}
rule 7 {
description "virtualmin **********"
destination {
group {
address-group ADDRv4_eth1
}
port 10000
}
inbound-interface eth1
inside-address {
address 192.168.0.102
port 10000
}
log disable
protocol tcp_udp
type destination
}
rule 5000 {
outbound-interface pppoe0
type masquerade
}
rule 5002 {
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
host-name edgerouter
login {
user ******** {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name "******** ************"
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipv4 {
forwarding enable
pppoe enable
}
}
package {
repository squeeze {
components "main contrib non-free"
distribution squeeze
password ****************
url http://ftp.us.debian.org/debian/
username ""
}
repository squeeze-updates {
components "main contrib"
distribution squeeze/updates
password ****************
url http://security.debian.org/
username ""
}
}
static-host-mapping {
host-name ********** {
inet 192.168.0.1
}
host-name ********** {
inet 192.168.0.102
}
host-name ********** {
inet 192.168.0.102
}
host-name ********** {
inet 192.168.0.102
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Bucharest
traffic-analysis {
dpi enable
export enable
}
}