We are regularly seeing our RB800 hitting 100% CPU load at peak times and I’d like to see what the best choice would be to fix this.
CPU is mainly being used by “firewall” and to a lesser extent “Queuing” (as shown by the Tools → Profile tool).
We don’t do any Queuing and we have no firewall rules but we do handle perhaps 100 PPPoE user sessions (remote radius server) on a handful of “ether” ports. I am guessing that the “firewall” usage must be the firewall packet mangle rules that PPPoE puts in and that Queuing must be sometime similar (interface queues for each PPPoE interface or something?) - although I don’t see any queuing entries at all.
This router only does OSPF routing and PPPoE server.
So to find the best for for this problem: Is is possible/easy to offload the PPPoE into a separate router? Or is the best choice multiple routers for PPPoE on the different interfaces? Or is there any easy performance tweaks that can be done ?
That’s an interesting one all right (change-tcp-mss). I have that enabled normally and I can see the rules having an effect in the IP → Firewall → Manage list.
When I disable it I do get lower CPU usage but also lower total throughput. What worries me here is that the customer routers (TP Link WiFi routers) might have their MTU to big and packets may be fragmenting unless I have change-tcp-mss switched on. I’d rather buy a more power router, or more routers, than have my overall network speed and efficiency go down.
So, to summarise, I’m afraid to leave “change-tcp-mss” switched off.
BTW I do have all the other encryption, compression options turned off because they should like they’d load the routerboard
That isnt your fault nor is it your problem unless there is something on your network that stops users from getting 1492 byte MTU.
Telling users the PPPoE MTU is just as essential as telling them their login credentials, if they can’t figure it out then too bad ask the router vendor.