How much Support RB3011

fivestar · March 23, 2019, 7:43pm

How many requests does an RB3011 support, I have a network of approximately 3000 to 4000 users divided into subnets, for the central network I have an RB3011 that is not supporting the traffic the CPU is set to 80% and there are no rules in the firewall or NAT , everything is by static routes, is that the RB3011 does not support that amount or is something wrong in the configuration, everything is for forward without anything in the firewall, and the Interfaces enter ether1 by VLANs and exit through the ether2 where the servers are

solar77 · March 23, 2019, 8:17pm

use fast track on forward chain, established and connected traffic.

https://mikrotik.com/product/RB3011UiAS-RM#fndtn-testresults
this is some indication for you.

sebastia · March 23, 2019, 8:35pm

List your config (/export hide-sensitive compact) for more in depth feedback.
Some idea’s:

use fast path: https://wiki.mikrotik.com/wiki/Manual:Fast_Path
disable connection tracking

fivestar · March 24, 2019, 5:53am

This my config, even when the CPU is at 40% the routerboard mising ping to any server connected to LAN

export.rsc (96 KB)

sebastia · March 24, 2019, 4:17pm

So:

no bridges/switches, all is routed through cpu (switch is only used for tagging)
there is use of queue simple
there is use of interface queues
there is mangling in place
be careful with “/ip proxy cache-on-disk=yes” it can bog down cpu with IO wait-states and kill the nand
using bgp & ospf which also taxes the cpu
connection tracking is enabled

There are some configuration inconsistencies (ex: fasttrack & simple queues) which need to be resolved. If you can disable firewall all the way it might be enough.

But overall, in my opinion the hardware is undersized for the job, CCR is probably a better match.

fivestar · April 2, 2019, 1:44pm

I change to a x86 intel xeon e5630 cpu with 2gb of ram and 3 network card pci express 1gb, but the traffic keeps is going down ever 10 or 20 min

sebastia · April 2, 2019, 4:39pm

you’re wan ip’s are fixed right? then you should be using src-nat instead of masquerade
do you propagate the dynamic client’s ip through dynamic routing? On /ip basis or by ranges? first one (/ip) could cause regular routing updates / sync on clients leaving / disconnecting

fivestar · April 3, 2019, 5:24am

This is my Interface photo, and my config on the x86, there is no problem of CPU Load is something that is failling maybe is the config

Backup2019.rsc (105 KB)
I think in change the config general to all but i dont know if another method of routing is more efficient
PD: Sorry for my english

sebastia · April 3, 2019, 9:36am

This is what I meant: https://mum.mikrotik.com/presentations/EU17/presentation_4058_1490948376.pdf
point 1: slide 23
point 2: slide 16

fivestar · April 4, 2019, 5:44am

Already here I discovered the problem, are the servers of the games, that when I put them on the gateway 192.168.16.254 that is the IP of the Routerboard through the interface they start to lose packets pinging everything in the network even at same 192.168.16.254 that is by cable, it will be some problem in the configuration of the Routerboard, because if the servers I put static route for the clients of the network without putting gateway to him they do not give those failures of pins neither of packages.

The problem is that I do not have NAT in any side of the network everything works by routes to catch the IPs of the clients, in which the configuration could be improved to avoid that

sebastia · April 4, 2019, 7:35am

in that case, have you this set?

/ip settings set rp-filter=strict

fivestar · April 4, 2019, 3:45pm

No, this option i dont have like that, i going to test and tell the results

fivestar · April 5, 2019, 12:38am

Hi put this option but no results, the network remaing the same, with loss of packets, is another thing that provocate this failure