We run several mikrotik routers on our WAN. We’ve noticed that when there is significant traffic happening that segments of the WAN will cut out and stop responding until the traffic has stopped or be cleared out.
This can be icmp traffic or who knows what, and that is the basis for my question.
Is there a way to monitor traffic more closely through a mikrotik router and be able to find what it is and perhaps put in some traps of some sort to stop traffic that causes problems?
For instance, we have a router running 2.9.17 and if you see the packet count go above 1500pps (on the interface screen, the RX or TX Packet Rate) then that segment of our WAN will start to fail. In torch you can watch for certain types of traffic like an icmp attack, but that isn’t always fool proof as it doesn’t always show what the traffic issue is (meaning you can see the packet rate climbing, but torch doesn’t show a corresponding packet count).
I’m a complete novice and so I’m hoping some of you with large networks have run into some of these types of issues and have some things you could recommend to try.
We have to be able to pass icmp packets across our WAN as that is how some of our monitoring software checks the status of remote locations, but again, icmp traffic isn’t the only problem. I’m hoping to find a way to be able to look in the router and determine more easily what is going on and then how to combat it.
Thanks for the help and hopefully I wasn’t too vague on what I’m hoping for.