Hello,
We have a Mikrotik CCR 1072 and some days ago we had some ddos attack then we announce the attacked prefixes towards our ddos protected IP transits but after time about 1-2 days later we cpu our cpu usages are about %40-45 and our memory normally is 15g but its 14g then we found out that the issue is with IP route cache , when i disable that my cpu usages back to under %6-8 and memory back to 15g so:
if i keep route cache disabled do i face any issue? i just disable connection tracking and i have some bgp and clans and routing protocols, so disabling route cache does not cause any issue?
do you have any idea how to fix this by enable IP route cache?
Thanks,
Do you use fastpath or fast track? Apparently they won’t run with route cache turned off.
However I’m not actually 100% sure if that’s actually the case for bridges, MPLS etc.
We have had the route cache turned off for years now, we use MPLS, OSPF and BGP.
Performance issues, we haven’t noticed any difference with it turned off.
no i do not use fastpath or fast-track because always my connection tracking is off and i do not need them i have just following items :
bgp , ospf ,
200x vlans
10 filter rules , 10x raw filter (they are only for control permit and deny towards my network and they have no special config)
300x VLans
so if it will be off you think there is no performance issue or performance degree ?
because honestly sometimes route cache bother me too much due to high cpu usages and when i turn it off my cpu usages will degree from %50 to under %8
I think you have answered your own question…
Turning route cache off has not impacted performance for us, ping times and browsing performance remains the same.
This could be different for other platforms, however for the CCR it has made no noticeable difference.
route cache has been removed from newer linux kernels because of the performance impact under load.
Turn route cache off, your router will survive a bit better in a DDoS with it disabled.
