RouterOS Version 6 introduced new tool "traffic generator", which allows to perform performance testing without expensive testing hardware. Traffic is generated from one more router in the network.

This article shows necessary configuration and hardware to perform the same tests published in

RB1100AHx2 Test setup

First step is to choose which ports we will be using for testing.


If we look at the diagram how ports are connected to CPU, fastest combinations are:

  • port from switch1 to port form switch chip2,
  • ether11 to switch chip,
  • ether12/13 to switch chip or to ether11.

To get the maximum out of RB1100AHx2 we will be running 6 streams in total:

  • from ether1 to ether6
  • from ether1 to ether11
  • from ether6 to ether1
  • from ether6 to ether11
  • from ether11 to ether6
  • from ether11 to ether1

In our test environment one RB1100AHx2 will be device under test (DUT) and other RB1100AHx2 will be Traffic generator device.

Connecting the routers

Connect cables like this: ether1 to ether1, ether6 to ether6, ether11 to ether11 and proceed with software configuration. Either it will be routing (layer3) testing or bridging (layer2) testing.

Routing Performance Testing

DUT Config

/ip address
add address= interface=ether1 network=
add address= interface=ether6 network=
add address= interface=ether11 network=

Traffic Generator Config

/ip address
add address= interface=ether1 network=
add address= interface=ether6 network=
add address= interface=ether11 network=

/tool traffic-generator packet-template
add name=r12 header-stack=mac,ip,udp ip-gateway= ip-dst=
add name=r13 header-stack=mac,ip,udp ip-gateway= ip-dst=
add name=r21 header-stack=mac,ip,udp ip-gateway= ip-dst=
add name=r23 header-stack=mac,ip,udp ip-gateway= ip-dst=
add name=r32 header-stack=mac,ip,udp ip-gateway= ip-dst=
add name=r31 header-stack=mac,ip,udp ip-gateway= ip-dst=

Note: To force MAC address re-discovery (on device/configuration change, just apply emply "set" command to necessary packet-templates)

Running Tests

/tool traffic-generator
quick tx-template=r12,r13,r21,r23,r31,r32 packet-size=60 mbps=300

We are specifying 60byte packet in traffic generator to get 64 byte packet on ethernet.

[admin@TrafficGen] > /tool traffic-gen quick tx-template=r12,r13,r21,r23,r31,r32 packet-size=60 
24     0         185 422  91.9Mbps       185 190  88.8Mbps                     232   3.0Mbps 16us   
24     1         213 397 105.8Mbps       212 747 102.1Mbps                     650   3.7Mbps 10.6us 
24     2         186 245  92.3Mbps       186 185  89.3Mbps                      60   3.0Mbps 16.4us 
24     3         213 685 105.9Mbps       212 961 102.2Mbps                     724   3.7Mbps 10.8us 
24     4         249 142 119.5Mbps       180 400  86.5Mbps                  68 742  32.9Mbps 13.2us 
24     5         249 141 119.5Mbps       193 158  92.7Mbps                  55 983  26.8Mbps 11.1us 
24     TOT     1 297 032 635.3Mbps     1 170 641 561.9Mbps                 126 391  73.4Mbps 10.6us 

You can also check in the DUT if forwarding is actually happening:

[admin@DUT] > /interface monitor-traffic aggregate,ether1,ether6,ether11
                     name:               ether1    ether6   ether11
    rx-packets-per-second:  1 235 620   481 094   487 045   267 469
      rx-drops-per-second:          0         0         0         0
     rx-errors-per-second:          0         0         0         0
       rx-bits-per-second:  593.0Mbps 230.9Mbps 233.7Mbps 128.3Mbps
    tx-packets-per-second:  1 233 862   360 750   360 402   512 692
      tx-drops-per-second:          0         0         0         0
     tx-errors-per-second:          0         0         0         0
       tx-bits-per-second:  603.9Mbps 178.9Mbps 178.7Mbps 246.0Mbps

After running the test you can see that total throughput of 64byte packets are 1 170 641pps which is a lot faster than shown in results.

This is because by default fast-path mode is enabled.

Lets enable connection tracking on DUT:

/ip firewall connection tracking set enabled=yes

And run the test again. As you can see now it is close to advertised pps rate.

46     0         249 793 123.8Mbps       127 410  61.1Mbps                 122 383  62.7Mbps 3.22ms 
46     1         249 791 123.8Mbps        87 232  41.8Mbps                 162 559  82.0Mbps 5.2ms  
46     2         249 792 123.8Mbps       127 424  61.1Mbps                 122 368  62.7Mbps 3.15ms 
46     3         249 792 123.8Mbps        87 219  41.8Mbps                 162 573  82.0Mbps 5.18ms 
46     4         249 792 119.9Mbps        40 492  19.4Mbps                 209 300 100.4Mbps 5.54ms 
46     5         249 791 119.8Mbps        46 736  22.4Mbps                 203 055  97.4Mbps 5.41ms 
46     TOT     1 498 751 735.3Mbps       516 513 247.9Mbps                 982 238 487.4Mbps 3.15ms

We can now add more firewall rules, queues and any other configuration and see how much router can actually handle.

Lets add some firewall rules

We will take the customer protection rules from the manual

Start by adding default rules that should present on any firewall:

/ip firewall filter
add chain=forward protocol=tcp connection-state=invalid \
	action=drop comment="drop invalid connections"  
add chain=forward connection-state=established action=accept \
	comment="allow already established connections"  
add chain=forward connection-state=related action=accept \
	comment="allow related connections"  

We get approximately 40Mbps less

TOT    TOT    13 926 377 1138.0...     2 586 802 206.9Mbps              11 339 575 215.3Mbps 41.6us 

Now add more rules from the manual to see how count of firewall rules influence performance of the board

/ip firewall filter
add chain=forward protocol=icmp action=jump jump-target=icmp 

add chain=icmp protocol=icmp icmp-options=0:0 action=accept \
 	comment="echo reply"  
add chain=icmp protocol=icmp icmp-options=3:0 action=accept \
 	comment="net unreachable"  
add chain=icmp protocol=icmp icmp-options=3:1 action=accept \
 	comment="host unreachable"
add chain=icmp protocol=icmp icmp-options=3:4 action=accept \
 	comment="host unreachable fragmentation required"  
add chain=icmp protocol=icmp icmp-options=4:0 action=accept \
 	comment="allow source quench"  
add chain=icmp protocol=icmp icmp-options=8:0 action=accept \
 	comment="allow echo request"  
add chain=icmp protocol=icmp icmp-options=11:0 action=accept \
 	comment="allow time exceed"  
add chain=icmp protocol=icmp icmp-options=12:0 action=accept \ 
 	comment="allow parameter bad"  
add chain=icmp action=drop comment="deny all other types"  

TOT    TOT    16 309 055 1142.4...     2 978 839 204.2Mbps              13 330 216 324.5Mbps 53.3us 

There are almost no performance changes. You can add further any amount of rules and see that there are minimum influence on performance of the router.

Perform the same test with different packet sizes:

/tool traffic-generator
quick tx-template=r12,r13,r21,r23,r31,r32 packet-size=508 mbps=500
/tool traffic-generator
quick tx-template=r12,r13,r21,r23,r31,r32 packet-size=1514 mbps=500


Note: mind that speed in quick mode is specified per stream, so if you have two streams per port, you need to send 1/2 of traffic per stream

Bridging Performance Testing

DUT Config

/interface bridge add
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether11

Traffic Generator Config

/ip address
add address= interface=ether1 network=
add address= interface=ether6 network=
add address= interface=ether11 network=

/tool traffic-generator packet-template
add header-stack=mac,ip,udp ip-src= ip-dst= name=b12
add header-stack=mac,ip,udp ip-src= ip-dst= name=b13
add header-stack=mac,ip,udp ip-src= ip-dst= name=b21
add header-stack=mac,ip,udp ip-src= ip-dst= name=b23
add header-stack=mac,ip,udp ip-src= ip-dst= name=b31
add header-stack=mac,ip,udp ip-src= ip-dst= name=b32

Running Tests

/tool traffic-generator
quick tx-template=b12,b13,b21,b23,b31,b32 packet-size=60 mbps=200
/tool traffic-generator
quick tx-template=b12,b13,b21,b23,b31,b32 packet-size=508 mbps=500
/tool traffic-generator
quick tx-template=b12,b13,b21,b23,b31,b32 packet-size=1514 mbps=500

