We have several Mikrotiks working in production like a champ, but we have one CCR-1009 that has memory leaks. When we reboot it, it consumes almost 200mb, but each several minute it eats 1megabyte more until it only remains 90MB more or less (10% memory). Suddenly it recovers 500MB, as you can see in graphic.
it is over dimensioned, CPU it never reach more than 5%, if you see the mont graphic it’s a line in 0%
It manages a three pppoe lines (300/300) with very little traffic, 20 hotspotclients, a SSTP server with 3 clients and very few traffic, 80 firewall rules, 54 mangle rules and 54 nat rules too.
Connections are always between 100-300: It’s an officce route: no p2p, no games … only dns, http
We run a CCR1009 (2GB) at work and the memory usage is absolutely steady. It does not have a BGP internet routing table so
most of the memory sits unused.
It must be related to one of the functions. We run NAT, DNS, DHCP, IPsec, L2TP, BGP (internal to our network), IPv6. Of course
with firewall (including a large dynamic address list), SNMP for monitoring. About 250 users.
Exact, that was what has astonished me. We have several hapLite working uninterrupted for more than a year in a very heavy conditions for its hardware without any problem.
Maybe SSTP ? It’s the first time we use a SSTP server, we normally used PPTP
I would try to isolate that e.g. by temporarily disabling the SSTP or by setting up a number of extra connections to see if that changes things.
We are running 6.35.2 with uptime of 20 weeks and internal graphing of CPU, memory etc. Memory is a flat plane on that graph with variation
up to 1-2 pixels. (probably due to the dynamic address list and the connection tracking that varies between 20 and 2000 active connections)
I will do it this evening, because different offices use SSTP to connect to us. I will use PPTP during some days to see if SSTP is the problem and report it if it was the problem
Actually there are not really convincing reasons to use SSTP because both parts are MK routers. We use them because they are layer 3, easy to configure and pretty secure. Now I have downgraded connections from AES to RC4 to see if it helps.
I think I will follow your advice and we will move SSTP.
We use L2TP over IPsec with a separate user per location and fixed peer address, then run BGP on the default private AS
number with a peer defined for every location to auto-route the subnets of every location.
Just define the BGP Networks you want to auto-route and the BGP Peers, and it all works.
Easy to deploy a new location and to modify and add subnets, routing is always OK everywhere.
After 24 hours it seems more stable, but we must follow it
]
What have we done? Really we have done two things: Downgrade firmware to 3.27 because this is the firmware with stable packages, and two, downgrade SSTP from AES to RC4
I run 6.35.2 software on that box and I remember that it improved some things relative to the software it came with.
The “firmware” level should not matter much, that is just the BIOS and bootloader. Behaviour like memory leaks should
be related to the RouterOS software version (the 6.xx number).
I think in your case, where you apparently do not want to run too fresh and dynamic software, I would install 6.35.4
