I have strange problem
I have a routerOS 4.2 using for pppoe server (local auth - no radius) with 2000 sessions. Trafic up to 50Mbps. PPS up to 10000pps
CPU load is up to 25% , RAM 2 GB (used 10%)
on ether interface (my public network card) im geting RX drops up to 200 000 per day . This is afecting some realtime services
Any idea about this problem/bug ?
Where should a look in to ?
how much CPU cores? do you use some queues?
4 cores Quad AMD
i have upgrade to latest v4.5 , same things , more traffic more drops. I have change the network card but same again
queues? number of online users?
I use profiles with predefined speeds (128k, 512k, 1m, 2m, 3m, 4m)
every secret has profile which is giving client predefined speed and public ip address from pools
I have up to 1200 pppoe sesions active
1200 simple queues is madness. I think, you should move to PCQ:
create 2 pcq queues for each profile limit (upload and download), remove ‘Rate’ from the Profiles and add ‘Address List’. then mark packets according to dynamic address-lists and send them to appropriate queues
Please can you give me some examples especially on mark packets according to dyn address list .
I have about 20 profiles .
/ip firewall mangle add chain=forward src-address-list=group1 action=mark-packet new-packet-mark=group1_upload
/ip firewall mangle add chain=forward dst-address-list=group1 action=mark-packet new-packet-mark=group1_download
where ‘group1’ is address-list stated in Profile
Thank you Chupaka
But the problem is still here
i had use second mikrotik to be usermanager and move all secrets there
now i have no local auth. or queues . Just radius controled pppoe clients
So now PPPoE server is just pure pppoe concentrator .
And still seeing rx drops there .
Any idea ?
was CPU load lowered?
No
CPU load is same
I’m starting suspecting on hardware issues.
so now there’s no more simple queues in your router?
no
just active pppoe sessions controlled from another mikrotik usermanager.
nothing else . no more local authentications
Probably you still have 1200 dynamic change-mss rules in mangle - replace them by one global rule for all traffic.
yes
i have there about twice more
how i do that ?
I’m using this rule for my pppoe
/ip firewall mangle add action=change-mss chain=forward comment="Cut big packets for PPPoE" disabled=no new-mss=1440 protocol=tcp tcp-flags=syn tcp-mss=1441-65535
but I have same problems with Rx drops.
Then I use two integrated interface there is a little bit less drops then use only one. (ether1 - internet, ether2 - local clients vlans).
There are PPPoE,NAT,queue tree in my router and about 800 PPPoE clients with 200Mbit/s. Server is intel S3210SHLC with 1G RAM and Core2duo 3.0Ghz.
Any suggestions?
25% of 4 cores Quad cpu load is full load of one core. Mikrotik can’t proper work with 4 cores. This meas that can used only 1/4 from your cpu. maybe this is a point.
I’ve trying 4 and 2 core processors on Intel and HP server - same result on all of them. If cpu is 4 cores - max load is 25% if 2 cores - 50%.
Look at your cpu usage graf, I bet it nether up greater than 30% on average.
I have the same problem on some of my boxes.
Most of the times the problem came from having the speed and duplex auto-ngotiation on. What type of switch do you have connected to the box???
If it is a direct line set the speed and duplex your self and try again.
Some times the microtik reports that it is connected to 100 FDx but the switch on the other end is reporting 100 HDx.
Thanks,
Sotiris Ioannou
My mikrotik box connected to cisco catalyst 6500 series. I haven’t see any duplex problems in cisco logs or mikrotik box. There is 1Gbit full duplex on both end.
I’ve seen it with cisco before. Just try hard setting the options on both sides.
Sotiris