CCR1072 100% CPU after PCQ

sunshuvo · December 23, 2020, 6:30am

I tried to: Configure PCQ on CCR1072 with the bandwidth of 5Gbps and connected 3000 Public IP

I saw this problem: CPU got 100% and network crush

I expected to see: Perfect operation after applying PCQ and L7 for youtube and Netflix

Steps to repeat this issue: Currently we disable the PCQ.

I want to know that is this model supports the PCQ with such traffic and client. If not then which Server (specification) we can purchase for RouterOS to serve PCQ with 10G traffic and 10000 public IP.

We planned to purchase http://www.deltaserverstore.com/dell-r820.html (item-16), is this model with RouterOS can serve our purpose.

tomaskir · December 23, 2020, 11:55am

Post the output of “/export hide-sensitive”, and it would be helpful to show us the output of “/tool profile” under load as well.

hel · December 23, 2020, 2:46pm

We have 1036 and even 300M link with attached PCQ queue loads up CPU to 100% from time to time. Maybe it is using only one core.

tomaskir · December 23, 2020, 2:58pm

Most issues with high load when using queues, and especially L7 come from using these features in a wrong way.

I highly recommend watching Janis’ presentation from MUM on how to properly debug and fix common performance issues on CCRs:
https://www.youtube.com/watch?v=3LmQYIQ5RoA

Right on page 5 (4 minutes in the video) of the presentation there is discussion of “High Layer7 load”.
This is in discussion for firewall, but same applies to Mangle for Queue Tree.

Kanta · December 25, 2020, 12:38pm

I had a simple config for queue tree, pcq and mangle on the CCR1036. Most basic stuff just to limit bandwidth. Once the bandwidth went above 1G (most likely ~1370Mbit/s or so) we hit a limit for single core performance on our CCR and I had the same problems. So what I did was create more of the same queue trees with ethernet/sfp interfaces as parent interfaces to balance the cores out, that solved the problem until the 10G sfp interface hit the single core limit again. Turns out that queue tree can only work with one core per queue tree(or multiple queue trees?) on the interface.

MikroTik made some changes to simple queues years ago that improved performance and gave them multi-core support (each simple queue item (or a group of them?) has a core for itself). So the solution was to use simple queues instead of queue trees. Oh boy and do I hate simple queues…well, turns out that adding about ~37500 simple queues halfbricks the router (reset needed) and the single core limit of ~1370Mbit/s still stands on the single core performance, so a single simple queue item can not limit more then the ~1370mbit/s on the ccr1036. And you need to have more then 32 simple queues for optimal load balancing on the cores, works ok with less tho.

Instead of just stacking simple queues you can improve the simple queue performance some more with grouping them into parent queues. It’s hard to find any documentation on it so I can only point you at this video https://www.youtube.com/watch?v=Ro3B1kQUokE as a reference.

As for the L7, can’t you just skip it and just pull all google/netflix ipv4/ipv6 into an adress list and shape traffic with that https://www.gstatic.com/ipranges/goog.json and just update the list from time to time? No L7, less issues. Or combine them both, not a google ip on the destination? no need to use l7 check on the packet.