Hi
We are a small ISP, we have about 1000 users behind various RB1100AHx2 that all link in with fibre to the CCR1036.
Each RB1100AHx2 is acting as a BRAS with PPPoE server to the clients, masquerading to a public IP that resides on each of the RB1100AHx2.
The CCR1036 is the default gateway for all of these RB1100AHx2 on a public 41.x.x.1/25 subnets (we divided it into some /29 and one /26). On the uplink side the CCR1036 has one public IP on a /29 subnet.
So the CCR1036 is doing basic routing on IPv4. No routing protocols, no masquerade, no queue’s - basically just a vanilla CCR1036 routing IPv4 between 2 public IP’s. And two filter rules that prevent input access to the CCR1036 on either of these interfaces except if it comes from our own management IP - to prevent anybody from connecting directly to the CCR1036.
Now the CCR1036 works fast as long as the load is low but when the load picks up and goes over 15Mbps then HTTPS pages, SSL port 443 becomes very slow. When the load from our users goes up to 60Mbps then to load an HTTPS site like a banking website takes up to 16 seconds. And it is random but seems to follow the load. In the early evenings when our load is heaviest, the response on any https site is super slow.
So we have
Upstream bulk ISP Cisco Public IP ↔ CCR1036 IPv4 static routing ↔ Fibre link ↔ Public IP RB1100AHx2 ↔ PPPoE client on Private pool.
MTU on the interfaces are all default. MTU on the PPPoE servers of the clients are 1492.
We are using ROS 6.7 on the CCR1036. CPU sitting at 0%. RAM sitting at 3.5GB free of 4GB. So cant be resources?
Under connections it shows around 2000 items out of 17000, and Max entries 475264
Any thoughts?
Is the CCR1036 supposed to be able to handle this?
Anybody else have HTTPS or SSL routing issues on it?