Hello, why can there be 100 megabits per download instead of 300? 300 for upload. I tried all the firmware and 21.02.2. I also tried turning off the firewall. Enable SQM. All this does not give any result. When testing speed, the processor is not loaded. No additional packages are installed. On the stock firmware, the speeds are as they should be. Help me.
system board
{
"kernel": "5.4.179",
"hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "Xiaomi Mi Router AC2100",
"board_name": "xiaomi,mi-router-ac2100",
"release": {
"distribution": "OpenWrt",
"version": "21.02.2",
"revision": "r16495-bf0c965af0",
"target": "ramips/mt7621",
"description": "OpenWrt 21.02.2 r16495-bf0c965af0"
}
}
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd7f:efc3:45f1::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
Test and test №2
slh
August 25, 2024, 12:01am
2
A lot of development has happened over the last 3 years - and 21.02 is EOL and out of security support for over two years already, please upgrade first. There have (past tense) also been issues with DSA and stop frames in the past, which should be resolved now - so that may very well be your issue.
Never do that, not even for trying:
a) that is a huge security risk, and attackers from all over the world are constantly search for weak systems - you can get hacked that way within minutes (single digit)
b) the fireware is hard-required for NAT and routing decisions, by disabling it, you're breaking normal functionality.
win64exe:
Enable SQM.
300 MBit/s is probably a bit too much for mt7621, so don't even try until you know for sure that there aren't any other open issues or performance problems (so you can fine tine sqm according to your needs, being sure that there are no other moving bits and pieces or bottlenecks skewing your results). While sqm can help you with latencies under load, it can't speed up your throughput - nor will it improve the unloaded latency readings.
slh
August 25, 2024, 12:12am
4
Is that figure with- or without sqm?
slh
August 25, 2024, 12:27am
6
O.k., we're seeing two strange issues here:
a rather high latency in the unloaded case, what kind of WAN/ internet connection we're talking about here (wireless/ satellite?)
and quite obviously the slow download, while the upload seems to be at max. speed. Can you reproduce this significant asymmetry with other speedtest sites?
slh
August 25, 2024, 12:48am
8
Interesting.
So here you are also capped in the download direction, but your upload is almost 100 MBit/s faster than before and the latencies are also much better (~normal). This does at least hint at a routing/ peering issue being involved as well - what happens if you download a larger file (~500+ MB) from a local (in your country) server?
Another thing to check, keep htop
(opkg update && opkg install htop
) running during a speed test and check how the CPU utilization is (especially during the download phase).
There are other things to try (they shouldn't be necessary, but may provide interesting results), namely enabling packet steering and/ or hardware flow-offloading (all permutations). But at this point, it does look that your ISP's routing/ peering to the rest of the world is at least partially in the picture as well.
It is, for me it capped at around 240-250. But offloading is not that bad, I get 500 with stable A.
It's Russia (judging by Yota LLC), bufferbloat servers are too far away.
qBittorent downloads torrents at a low speed. On steam, games load at the same speed.
loading takes place in nvme storage with a capacity of 2TB.
This is one advantage of cloudflare's own 'speed' test, it shows the location of the used datacenter on a map, allowing some sanity checks...
True. Plus, it has datacenter at least in Moscow.
The weird thing is, the waveform test leverages cloudflare's CDN services so in theory could be identical to cloudflare's own, but in practice it is not....
Probably (and understandably) Waveform desided that their data will not be replicated to Russia. Similar to that story of Google Cache servers slowly duying in Russia because Google is bankrupt (again, in Russia) and new purchases are sanctioned.
Stock config frimware.
I can view the rest of the settings from the standard firmware. I have full ssh and scp access.
system board
{
"kernel": "3.10.14",
"hostname": "XiaoQiang",
"system": "MT7621",
"model": "Unknown",
"release": {
"distribution": "OpenWrt",
"version": "18.06-SNAPSHOT",
"revision": "unknown",
"target": "ramips\/mt7621",
"description": "OpenWrt 18.06-SNAPSHOT unknown"
}
}
network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.1'
config interface 'ifb'
option ifname 'ifb0'
config interface 'ready'
option proto 'static'
option ipaddr '169.254.29.1'
option netmask '255.255.255.0'
config interface 'wan'
option proto 'dhcp'
option mtu '1500'
option ifname 'eth1'
option macaddr '54:E1:AD:40:8B:88'
wireless
config wifi-device 'mt7603e'
option type 'mt7603e'
option vendor 'ralink'
option channel '0'
option bw '0'
option autoch '2'
option radio '1'
option hwband '2_4G'
option hwmode '11ng'
option disabled '0'
option country 'CN'
option region '1'
option aregion '0'
option txpwr 'mid'
option txbf '0'
config wifi-iface
option device 'mt7603e'
option ifname 'wl1'
option network 'lan'
option mode 'ap'
option disabled '0'
option ssid 'Zen'
option key '4455667788'
option bsd '0'
option encryption 'psk2'
option hidden '0'
config wifi-iface 'minet_ready'
option disabled '0'
option device 'mt7603e'
option ifname 'wl2'
option network 'ready'
option mode 'ap'
option ssid 'minet_ready'
option hidden '1'
option encryption 'none'
config wifi-iface 'guest_2G'
option disabled '1'
option device 'mt7603e'
option ifname 'wl3'
option network 'guest'
option mode 'ap'
option ap_isolate '1'
config wifi-device 'mt7615e5'
option type 'mt7615e5'
option vendor 'ralink'
option hwband '5G'
option radio '1'
option hwmode '11ac'
option country 'CN'
option region '1'
option aregion '0'
option txpwr 'max'
option txbf '3'
option disabled '0'
option channel '44'
option autoch '0'
option bw '40'
config wifi-iface
option device 'mt7615e5'
option ifname 'wl0'
option network 'lan'
option mode 'ap'
option disabled '0'
option ssid 'Zen_5G'
option key '4455667788'
option bsd '0'
option encryption 'psk2'
option hidden '0'
config wifi-iface
option device 'mt7615e5'
option ifname 'apclii0'
option network 'lan'
option mode 'sta'
option ssid 'Xiaomi_E7F0_180F_5G'
option encryption 'none'
option disabled '1'
dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '0'
option rebind_localhost '1'
option local '/lan/'
option expandhosts '1'
option nonegcache '1'
option authoritative '1'
option logqueries '0'
option logdhcp '0'
option allservers '1'
option clearonreload '1'
option cachesize '1000'
option negttl '300'
option maxttl '300'
option maxcachettl '1800'
option local_ttl '0'
option dnsforwardmax '300'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option client_update_ddns '1'
config dhcp 'lan'
option interface 'lan'
option force '1'
option leasetime '720m'
option start '30'
option limit '21'
option dhcpv6 'server'
option ra 'server'
option ra_default '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config dhcp 'ready'
option interface 'ready'
option start '10'
option limit '20'
option leasetime '5m'
option force '1'
config host '9c6b00578665'
option mac '9c:6b:00:57:86:65'
option name '9c6b00578665'
option ip '192.168.1.40'
config host '00226c10f656'
option mac '00:22:6c:10:f6:56'
option name '00226c10f656'
option ip '192.168.1.49'
config host '7cf6661d13ed'
option mac '7c:f6:66:1d:13:ed'
option name '7cf6661d13ed'
option ip '192.168.1.36'
config host 'd60ef1a4a1ca'
option mac 'd6:0e:f1:a4:a1:ca'
option name 'd60ef1a4a1ca'
option ip '192.168.1.45'
config host 'c87f54a9d578'
option mac 'c8:7f:54:a9:d5:78'
option name 'c87f54a9d578'
option ip '192.168.1.30'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host '9ebb4ce80ef2'
option mac '9e:bb:4c:e8:0e:f2'
option name '9ebb4ce80ef2'
option ip '192.168.1.50'
config host '7811dc786289'
option mac '78:11:dc:78:62:89'
option name '7811dc786289'
option ip '192.168.1.48'
firewall
config defaults
option syn_flood '0'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option drop_invalid '1'
option disable_ipv6 '1'
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule 'Forbidden_Wan_RA'
option name 'Forbidden_Wan_RA'
option dest 'wan'
option proto 'icmp'
option family 'ipv6'
option target 'REJECT'
list icmp_type 'router-advertisement'
config include 'webinitrdr'
option path '/lib/firewall.sysapi.loader webinitrdr'
option reload '1'
option enabled '1'
config include 'dnsmiwifi'
option path '/lib/firewall.sysapi.loader dnsmiwifi'
option reload '1'
option enabled '1'
config include 'macfilter'
option path '/lib/firewall.sysapi.loader macfilter'
option reload '1'
option enabled '1'
config include 'miqos'
option path '/lib/firewall.sysapi.loader miqos'
option reload '1'
config include 'xqfp'
option path '/lib/firewall.sysapi.loader xqfp'
option reload '1'
config include 'firewalluser'
option path '/etc/firewall.user'
option reload '1'
config include 'dmz_bypass_ctf'
option path '/lib/firewall.sysapi.loader dmz_bypass_ctf'
option reload '1'
config include 'rr_rule'
option path '/lib/firewall/rr.load reload'
option reload '1'
config include 'ipv6_masq'
option path '/lib/firewall.sysapi.loader ipv6_masq'
option reload '1'
config rule 'xunleiwantcpports'
option name 'xunlei wan accept tcp port 1080 4662 2080 2062'
option src 'wan'
option dest_port '1080 4662 2080 2062'
option proto 'tcp'
option family 'ipv4'
option target 'ACCEPT'
config rule 'xunleiwanudpports'
option name 'xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066'
option src 'wan'
option dest_port '4661 3027 888 666 2037 2061 2048 2066'
option proto 'udp'
option family 'ipv4'
option target 'ACCEPT'
config rule 'xunleiN_TCPports'
option name 'xunlei_port_limit_localhost 9000'
option src '*'
option dest_port '9000'
option proto 'tcp'
option family 'ipv4'
option target 'REJECT'
config rule 'guest_8999'
option name 'Hello wifi 8999'
option src 'guest'
option proto 'tcp'
option dest_port '8999'
option target 'ACCEPT'
config rule 'guest_8300'
option name 'Hello wifi 8300'
option src 'guest'
option proto 'tcp'
option dest_port '8300'
option target 'ACCEPT'
config rule 'guest_7080'
option name 'Hello wifi 7080'
option src 'guest'
option proto 'tcp'
option dest_port '7080'
option target 'ACCEPT'
config zone 'ready_zone'
option name 'ready'
option input 'DROP'
option forward 'DROP'
option output 'DROP'
list network 'ready'
config rule 'ready_dhcp'
option name 'DHCP for ready'
option src 'ready'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option target 'ACCEPT'
config rule 'ready_dhcp_out'
option name 'DHCP for ready'
option dest 'ready'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option target 'ACCEPT'
config rule 'ready_minet_in'
option name 'minet ready'
option src 'ready'
option dest_port '786'
option proto 'tcp'
option target 'ACCEPT'
config rule 'ready_minet_out'
option name 'minet ready'
option src 'ready'
option src_port '786'
option proto 'tcp'
option target 'ACCEPT'
config rule 'ptdownload'
option name 'ingress port for PT download'
option src 'wan'
option dest_port '51413'
option proto 'tcpudp'
option target 'ACCEPT'
option family 'ipv4'
config redirect 'wan19132rdr'
option proto 'tcpudp'
option src_dport '19132'
option dest_ip '192.168.1.40'
option dest_port '19132'
option src 'wan'
option name 'Minecraft'
option target 'DNAT'
option ftype '1'
option dest 'lan'
config include 'raw_notrack'
option path '/etc/firewall.d/raw_notrack'
option family 'any'
option type 'script'
option reload '1'
config include 'parentalctl'
option path '/lib/firewall.sysapi.loader parentalctl'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'IPv4'
option reload '1'
Can you show tc -s qdisc
output on OpenWrt just to make sure that there is no stupid mistake?