We’ve been using the 1072 series now for a bit over a year, just below 2G sustained normal traffic on port 1 coming from a 10G upstream port. Nothing crazy traffic wise.
We are BGP announcing nothing major, 9 routes, 3 of which are IPv6. So nothing major route wise nor traffic wise. Everything has been good, no major issues. We aren’t using Queues except for two VLANs, but they have very minimal traffic and we are limiting them to 1G total each.
All of this being said, nothing has changed in our config, firewall, nothing other than removing one of our IP ranges in over 3 months! The only thing we do week to week is add or remove ranges, that’s it. Firewall rules haven’t changed in months.
As of this morning, everything was perfectly fine, at 10AM I took one v4 subnet off and stopped advertising it. That’s it, no other changes. For a reason I still cannot figure out at noonish the CPU started spiking like no ones business! Router never reboots or goes completely offline, but traffic gets slow, if I’m in winbox I get booted for a few seconds. When I get back in CPU is back down at 6% where it normally hovers 99.999% of the time, we never get CPU spikes. When its about to boot me it goes up to 80% then straight to like 95% and boots me from winbox.
I’ve checked likely culprits, traffic first, traffic is actually low for today, hovering around 1100Gbps. Logs, nothing out of the ordinary, no attack login attempts (which are blocked by firewall anyways), nothing crazy.
Checked firewall rules, of course no changes in it, only thing that is a bit odd is our blocking of port 23 (service is turned off anyways on CCR), large amount of packets today out of normal, but not crazy, like 300 in the past hour (that’s not normal), but still not stupid crazy amount.
I checked torch, nothing crazy traffic wise coming to our interface ip. I checked profile, it shows Firewall at 17 and total at 20, everything else down under 1, right before it spikes, then it spikes and disconnects me so I can’t see if any specific thing spiked. But when I got back in, nothing has changed much in our firewall packets for individual rules.
I went so far, I hated to but was out of options figured some bug in the OS was going crazy, I rebooted 
Came back up, same deal, nothing changed. I’m at a loss, nothing is jumping out and saying this is it. Not to mention, nothing other than removing an IP range has change today, everything was fine until noon. I figured if we had an attack I’d see traffic, and be able to catch it, nothing. Our DDoS filters before us upstream don’t catch anything today either, checked logs, nothing reported.
We are using ROS 6.48.6, same OS we’ve had on here for a year. Any thoughts? We’ve had the same config for a year, no issues, always runs at 6% roughly.
Every once in awhile when it boots me Winbox gives me this error: ERROR: Router does not support secure connection, please enable legacy mode if you want to connect anyways.
I simply his connect again and it goes. Is this a bug??
Very strange.