Hello,
we have a CCR 1016 when we enable connection tracking out cpu usage will be around %5-15 but some times every 2-3 hrs it will increase to %99 and we receive packet loss and when we disable connection tracking pcu usage will be %0
we have about 50mbps traffic on this ccr and it is in bridge mode and use as transparent firewall,
connection tracking show about 120.000 connections
we do not use any other features like queues or etc,
any idea how solve this problem ?
we need connection tracking for protect some of ddos attacks,
thanks,
Tracking is set to Auto or Enabled?
I have it on Auto with ~100k connections and an older MT and I do not have this problem.
Do you have any firewall rules to limit icmp based on time/amount?
Hi,
no it is set to yes,
also i know yes and auto does not have different when you have filter rules,
i have baout 10 filter rule,
i do not limit icmp but i block some ips in my rules for ddos attacks for X minutes,
1.my rules is when more than x pps receive then block src/dst ip
2. syn flood protect
3. connection limit (drop if any dst recevive more than 2000 connection)
thanks