Hi guys i have found some similar threads but without detailed information
we currently have a CCR1009 in deployment with around 650 PPPOE connections fiber clients with isp plans from 100mbps to 600mbps..
on tools profiling we can see firewall draining almost all of the cpus.. so we have removed CGNAT to another box.. which helped and dropped connections.. we do not use masquerade nor src-nat on the internet wan port..
we only have some filter rules for virus drop atm, if i enable fastrack cpu drops from 60% to about 20% but.. still struggle with speeds tests..
we currently have 1 switch CRS317 16 SFP+ ports running switchOS mode. and we have vlan setup to forward from OLT fiber clients to pppoe-server via VLAN interface on the CCR1009 SFP+
and also have another VLAN interface on same SFP+ interface to receive link from the BGP device..
we use static route, we dont have OSFP enable at all.. so we are not flooding with OSFP pppoe broacast, we dont use masquerade or src-nat, we also removed the CGNAT /23 with Public IP /28 to another separate box which helped reduning just around 20 to 25% of firewall traffic..
or is it simply just too much connections on PPPOE-CLIENT server for one CCR1009 ? we basically just use the SFP+ port with 2 separate vlans.. then the UPlink port of OLT 10G also connected to switch CRS with specific vlan tagged to VLAN interface pppoe-server on mikrotik.
We donĀ“t use OSFP.. we have static routing..
and on IP/route we only have the CGNAT IP route on dst-address: 100.64.xxx.xx/22 to go out via the gatewa IP from the VLAN which connects to the CGNAT box. instead of using 0.0.0.0/0 on dst-address.. like most users do.