Problem critical PPPoE server (ppp/active connections) High CPU!!!

mario988 · April 5, 2018, 10:52pm

Hi,

We have a server pppoe + radius (dma manager) with 2300 active connections. The problem is when 30~50 fail to ppp/active connection (fail electric in sector, reboot OLT device) then CPU usage of server high to 60%~80% and ppp/active connections fall to 500!!

This is a critical problem! please help me.

Anumrak · April 6, 2018, 7:45am

I think cause of this is using NAT Masq rule instead of src-nat. Masq rule need to flush all relative connections when link fails. And you have it 2k.

mario988 · April 6, 2018, 9:35pm

I have ip/firewall/nat/src-nat enable. Attachet hide sensitive

apr/05/2018 20:08:54 by RouterOS 6.39.2

software id =

/interface ethernet
set [ find default-name=ether1 ] name=10gb-ether1
set [ find default-name=ether2 ] auto-negotiation=no comment=conexion_control
name=10gb-ether2
set [ find default-name=ether3 ] comment=conexion_switch1_vlans name=ether1
set [ find default-name=ether4 ] comment=conexion-cisco name=ether2
set [ find default-name=ether5 ] comment=dns name=ether3
set [ find default-name=ether6 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=
radius_manager name=ether4
/interface vlan
add comment=admin_switch_vlans interface=ether1 name="Administracion Switch1"
vlan-id=700
add interface=ether1 name="Interconexion Switch1 Hub1 vlan 101" vlan-id=101
add interface=ether1 name="Interconexion Switch1 Hub1 vlan 102" vlan-id=102
add comment=hub1_olt2 interface=ether1 name=
"Interconexion Switch1 Hub1 vlan 103" vlan-id=103
add interface=ether1 name="Interconexion Switch1 Hub2 vlan 105" vlan-id=105
add comment=hub2_olt1 interface=ether1 name=
"Interconexion Switch1 Hub2 vlan 106" vlan-id=106
add interface=ether1 name="Interconexion Switch1 Hub2 vlan 107" vlan-id=107
add comment=hub4_olt1_x16 interface=ether1 name=
"Interconexion Switch1 Hub4 vlan 104" vlan-id=104
add comment=hub5_olt1 interface=ether1 name=
"Interconexion Switch1 Hub5 vlan 108" vlan-id=108
add comment=hub5_olt2 interface=ether1 name=
"Interconexion Switch1 Hub5 vlan 109" vlan-id=109
add comment=vlan_servicios interface=ether1 name=
"Interconexion Switch1 Servicios vlan 111" vlan-id=111
add comment=conexion_control interface=10gb-ether2 name=
"Interconexion VLAN-Control Banda" vlan-id=1000
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_pppoe.60 ranges=172.16.60.2-172.16.60.253
add name=pool_pppoe.61 ranges=172.16.61.2-172.16.61.253
add name=pool_pppoe.62 ranges=172.16.62.2-172.16.62.253
add name=pool_pppoe.99 ranges=172.16.99.2-172.16.99.253
add name=pool_pppoe.63 ranges=172.16.63.2-172.16.63.253
add name=pool_pppoe.55 ranges=172.16.55.2-172.16.55.253
add name=pool_pppoe.64 ranges=172.16.64.2-172.16.64.253
add name=pool1 ranges=172.16.80.2-172.16.80.253
add name=pool_pppoe.65 ranges=172.16.65.2-172.16.65.253
add name=pool_pppoe_hub5.90 ranges=172.16.90.2-172.16.90.253
add name=pool_pppoehfc79 ranges=172.16.79.2-172.16.79.253
add name=pool_pppoe_hub1.50 ranges=172.16.50.2-172.16.50.253
add name=pool_pppoe_hub3.70 ranges=172.16.70.2-172.16.70.253
add name=pool_pppoe_hub4.80 ranges=172.16.80.2-172.16.80.253
add name=pool_pppoe_hub1.52 ranges=172.16.52.2-172.16.52.253
add name=pool_pppoe_hub4.81 ranges=172.16.81.2-172.16.81.253
add name=pool2 ranges=172.16.80.2-172.16.80.253
add name=pool_pppoe_hub2.66 ranges=172.16.66.2-172.16.66.253
add name=pool_pppoe_hub2.68 ranges=172.16.66.2-172.16.66.253
add name=pool_pppoe_hub2.69 ranges=172.16.66.2-172.16.66.253
add name=pool_pppoe_hub1.54 ranges=172.16.54.2-172.16.54.253
add name=pool_pppoe_hub5.91 ranges=172.16.91.2-172.16.91.253
add name=pool_pppoe_hub1.53 ranges=172.16.53.2-172.16.53.253
add name=pool_pppoe_hub4.84 ranges=172.16.84.2-172.16.84.253
add name=pool_pppoe_hub3.74 ranges=172.16.74.2-172.16.74.253
add name=pool_pppoe_hub4.86 ranges=172.16.86.2-172.16.86.253
add name=pool_pppoe.59 ranges=172.16.59.2-172.16.59.253
add name=pool_pppoe_hub5.93 ranges=172.16.93.2-172.16.93.253
add name=pool_pppoe_hub5.92 ranges=172.16.93.2-172.16.93.253
/ppp profile
set *0 only-one=yes
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.60.1 name=
pppoe-172.16.60.1 only-one=yes remote-address=pool_pppoe.60
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.61.1 name=
pppoe-172.16.61.1 only-one=yes remote-address=pool_pppoe.61
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.62.1 name=
pppoe-172.16.62.1 only-one=yes remote-address=pool_pppoe.62
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.99.1 name=
pppoe-172.16.99.1 only-one=yes remote-address=pool_pppoe.99
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.63.1 name=
pppoe-172.16.63.1 only-one=yes remote-address=pool_pppoe.63
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.55.1 name=hfc-172.16.55.1
only-one=yes remote-address=pool_pppoe.55
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.64.1 name=
pppoe-172.16.64.1 only-one=yes remote-address=pool_pppoe.64
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.65.1 name=
pppoe-172.16.65.1 only-one=yes remote-address=pool_pppoe.65
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.90.1 name=
pppoe-hub5-172.16.90.1 only-one=yes remote-address=pool_pppoe_hub5.91
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.79.1 name=hfc-172.16.79.1
only-one=yes remote-address=pool_pppoehfc79
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.70.1 name=
pppoe-hub3-172.16.70.1 only-one=yes remote-address=pool_pppoe_hub3.70
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.80.1 name=
pppoe-hub4-172.16.80.1 only-one=yes remote-address=pool_pppoe_hub4.80
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.50.1 name=
pppoe-hub1-172.16.50.1 only-one=yes remote-address=pool_pppoe_hub1.50
add change-tcp-mss=yes dns-server=8.8.8.8,8.8.4.4 local-address=172.16.52.1
name=pppoe-hub1-172.16.52.1 only-one=yes remote-address=
pool_pppoe_hub1.52
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.81.1 name=
pppoe-hub4-172.16.81.1 only-one=yes remote-address=pool_pppoe_hub4.81
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.66.1 name=
pppoe-hub2-olt1-172.16.66.1 only-one=yes remote-address=
pool_pppoe_hub2.66
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.68.1 name=
pppoe-hub2-olt2-172.16.68.1 only-one=yes remote-address=
pool_pppoe_hub2.68
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.69.1 name=
pppoe-hub2-olt2-172.16.69.1 only-one=yes remote-address=
pool_pppoe_hub2.69
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.54.1 name=
pppoe-hub1-olt3-172.16.54.1 only-one=yes remote-address=
pool_pppoe_hub1.54
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.91.1 name=
pppoe-hub5-172.16.91.1 only-one=yes remote-address=pool_pppoe_hub5.91
add change-tcp-mss=yes dns-server=8.8.8.8,8.8.4.4 local-address=172.16.53.1
name=pppoe-hub1-172.16.53.1 only-one=yes remote-address=
pool_pppoe_hub1.53
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.74.1 name=
pppoe-hub3-olt3-172.16.74.1 only-one=yes remote-address=
pool_pppoe_hub3.74
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.84.1 name=
pppoe-hub4-olt2-172.16.84.1 only-one=yes remote-address=
pool_pppoe_hub4.84
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.86.1 name=
pppoe-hub4-olt2-172.16.86.1 only-one=yes remote-address=
pool_pppoe_hub4.86
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.59.1 name=
pppoe-172.16.59.1 only-one=yes remote-address=pool_pppoe.59
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.93.1 name=
pppoe-hub5-172.16.93.1 only-one=yes remote-address=pool_pppoe_hub5.93
add dns-server=8.8.8.8,8.8.4.4 local-address=172.16.92.1 name=
pppoe-hub5-olt2-172.16.92.1 only-one=yes remote-address=
pool_pppoe_hub5.92
/system logging action
set 3 remote=172.1.2.2 remote-port=714
add name=Syslog remote=172.1.2.2 remote-port=714 target=remote
/tool user-manager customer
set admin access=
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip firewall connection tracking
set tcp-time-wait-timeout=5s
/ip settings
set rp-filter=loose tcp-syncookies=yes
/interface pppoe-server server
add default-profile=pppoe-172.16.60.1 disabled=no interface=ether2 max-mru=
1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.60.1
add default-profile=pppoe-172.16.61.1 disabled=no interface=ether2 max-mru=
1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.61.1
add default-profile=pppoe-172.16.62.1 disabled=no interface=ether2 max-mru=
1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.62.1
add default-profile=pppoe-172.16.99.1 disabled=no interface=ether2 max-mru=
1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.99.1
add default-profile=pppoe-172.16.63.1 disabled=no interface=ether2 max-mru=
1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.63.1
add default-profile=hfc-172.16.55.1 disabled=no interface=ether2 max-mru=1480
max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.55.1
add default-profile=pppoe-172.16.64.1 disabled=no interface=ether2 max-mru=
1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.64.1
add default-profile=pppoe-172.16.65.1 disabled=no interface=ether2 max-mru=
1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.65.1
add authentication=mschap2 default-profile=pppoe-hub5-172.16.90.1 disabled=no
interface="Interconexion Switch1 Hub5 vlan 108" max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub5-172.16.90.1
add default-profile=hfc-172.16.79.1 disabled=no interface=ether2 max-mru=1480
max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-172.16.79.1
add default-profile=pppoe-hub3-172.16.70.1 disabled=no interface=ether2
max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-hub3-172.16.70.1
add authentication=mschap2 default-profile=pppoe-hub4-172.16.80.1 disabled=no
interface="Interconexion Switch1 Hub4 vlan 104" max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub4-172.16.80.1
add default-profile=pppoe-hub1-172.16.50.1 disabled=no interface=ether2
max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-hub1-172.16.50.1
add authentication=mschap2 default-profile=pppoe-hub1-172.16.52.1 disabled=no
interface="Interconexion Switch1 Hub1 vlan 103" max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub5-172.16.52.1
add authentication=mschap2 default-profile=pppoe-hub4-172.16.81.1 disabled=no
interface="Interconexion Switch1 Hub4 vlan 104" max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub4-172.16.81.1
add authentication=mschap2 default-profile=pppoe-hub2-olt1-172.16.66.1
disabled=no interface="Interconexion Switch1 Hub2 vlan 106" max-mru=1480
max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-hub2-172.16.66.1
add authentication=mschap2 default-profile=pppoe-hub2-olt2-172.16.68.1
disabled=no interface=ether2 max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub2-olt2-172.16.68.1
add authentication=mschap2 default-profile=pppoe-hub2-olt2-172.16.69.1
disabled=no interface=ether2 max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub2-olt2-172.16.69.1
add default-profile=pppoe-hub1-olt3-172.16.54.1 disabled=no interface=ether2
max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-hub1-olt3-172.16.54.1
add authentication=mschap2 default-profile=pppoe-hub5-172.16.91.1 disabled=no
interface="Interconexion Switch1 Hub5 vlan 108" max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub5-172.16.91.1
add authentication=mschap2 default-profile=pppoe-hub1-172.16.53.1 disabled=no
interface=ether4 one-session-per-host=yes service-name=
pppoe-fibra-hub5-172.16.53.1
add authentication=mschap2 default-profile=pppoe-hub3-olt3-172.16.74.1
disabled=no interface=ether2 max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub3-172.16.74.1
add authentication=mschap2 default-profile=pppoe-hub4-olt2-172.16.84.1
disabled=no interface=ether2 max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub4-olt2-172.16.84.1
add authentication=mschap2 default-profile=pppoe-hub4-olt2-172.16.86.1
disabled=no interface=ether2 max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub4-olt2-172.16.86.1
add default-profile=pppoe-172.16.59.1 disabled=no interface=ether2 max-mru=
1492 max-mtu=1492 one-session-per-host=yes service-name=
pppoe-fibra-172.16.59.1
add authentication=mschap2 default-profile=pppoe-hub5-172.16.93.1 disabled=no
interface="Interconexion Switch1 Hub5 vlan 109" max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=pppoe-fibra-hub5-172.16.93.1
add authentication=mschap2 default-profile=pppoe-hub5-olt2-172.16.92.1
disabled=no interface="Interconexion Switch1 Hub5 vlan 109" max-mru=1480
max-mtu=1480 one-session-per-host=yes service-name=
pppoe-fibra-hub5-olt2-172.16.92.1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=172.16.60.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.60.0
add address=172.16.61.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.61.0
add address=172.16.62.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.62.0
add address=172.16.99.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.99.0
add address=172.16.63.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.63.0
add address=10.0.20.1/24 comment="interconexion OLT" interface=ether2
network=10.0.20.0
add address=172.16.64.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.64.0
add address=172.16.62.77/24 comment="monitoreo wan" interface=ether2 network=
172.16.62.0
add address=172.16.65.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.65.0
add address=172.16.90.1/24 comment="CPE Clientes Hub5 - OLT1" interface=
"Interconexion Switch1 Hub5 vlan 108" network=172.16.90.0
add address=172.16.79.1/24 comment=HFC interface=ether2 network=172.16.79.0
add address=172.16.80.1/24 comment="CPE Clientes Hub4 - OLT1" interface=
ether2 network=172.16.80.0
add address=172.16.52.1/24 comment="CPE Clientes Mega - OLT2" interface=
ether2 network=172.16.52.0
add address=100.0.102.1/30 comment="ip_administracion mega-olt2" interface=
"Interconexion Switch1 Hub1 vlan 103" network=100.0.102.0
add address=172.1.1.1/30 interface="Interconexion Switch1 Servicios vlan 111"
network=172.1.1.0
add address=172.16.1.1/30 interface=
"Interconexion Switch1 Servicios vlan 111" network=172.16.1.0
add address=172.16.252.1/30 interface=
"Interconexion Switch1 Servicios vlan 111" network=172.16.252.0
add address=172.1.2.1/30 interface="Interconexion Switch1 Servicios vlan 111"
network=172.1.2.0
add address=172.1.4.1/30 interface="Interconexion Switch1 Servicios vlan 111"
network=172.1.4.0
add address=172.16.253.1/30 interface=
"Interconexion Switch1 Servicios vlan 111" network=172.16.253.0
add address=172.16.81.1/24 interface=ether2 network=172.16.81.0
add address=100.0.201.1/24 comment=Interconexion_olt_16p_hub4 interface=
ether2 network=100.0.201.0
add address=100.0.105.1/30 comment="ip_administracion hub2_olt1" interface=
ether2 network=100.0.105.0
add address=172.16.66.1/24 comment="CPE Clientes Hub2 - OLT1" interface=
"Interconexion Switch1 Hub2 vlan 106" network=172.16.66.0
add address=100.0.106.1/30 comment="ip_administracion hub2_olt2" interface=
ether2 network=100.0.106.0
add address=172.16.68.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.68.0
add address=100.0.206.1/30 comment=Interconexion_hub3_olt2 interface=ether2
network=100.0.206.0
add address=172.16.69.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.69.0
add address=100.0.205.1/30 comment=Interconexion_hub3_olt1 interface=ether2
network=100.0.205.0
add address=200.1.2.1/24 comment=administracion_switch_cisco_mega interface=
ether1 network=200.1.2.0
add address=222.0.1.1/30 comment=administracion_switch_normal_cisco1
interface=ether2 network=222.0.1.0
add address=111.0.15.1/30 comment=Interconexion_olt1_hub3 interface=ether2
network=111.0.15.0
add address=172.16.54.1/24 comment=pppoe_clientes interface=ether2 network=
172.16.54.0
add address=172.222.222.1/30 comment=pppoe_clientes interface=ether2 network=
172.222.222.0
add address=172.16.70.1/24 interface=ether2 network=172.16.70.0
add address=172.16.91.1/24 comment="CPE Clientes Hub5 - OLT1" interface=
"Interconexion Switch1 Hub5 vlan 108" network=172.16.91.0
add address=100.100.5.1/24 comment="ip_administracion hub4-olt1" interface=
ether2 network=100.100.5.0
add address=200.0.1.1/24 comment="ip_administracion hub4-olt1" interface=
"Interconexion Switch1 Hub4 vlan 104" network=200.0.1.0
add address=201.182.85.29/30 comment="BUSTOS CHILIQUINGA ROSA GUILLERMINA-FO"
interface=ether2 network=201.182.85.28
add address=201.182.85.25/30 comment="RS SUITES CIA. LTDA.-FO" interface=
ether2 network=201.182.85.24
add address=172.16.251.1/30 comment="SERVIDOR PLEX" interface=
"Interconexion Switch1 Servicios vlan 111" network=172.16.251.0
add address=172.1.100.1/30 interface=ether2 network=172.1.100.0
add address=201.182.85.33/30 comment="NUNEZ HERRERIA LUIS ALBERTO-FO"
interface=ether2 network=201.182.85.32
add address=201.182.85.37/30 comment="BANSHUY TOABANDA JOSE MANUEL #3-FO"
interface="Interconexion Switch1 Hub1 vlan 102" network=201.182.85.36
add address=201.182.85.41/30 comment=
"CONSTRUCCIONES CONSTRUCAIMAN CIA LTDA-FO" interface=ether2 network=
201.182.85.40
add address=223.0.1.1/24 comment=administracion_switch_vlans_cisco1
interface="Administracion Switch1" network=223.0.1.0
add address=201.182.85.45/30 comment="PAREDES TOASA GUILLERMO ENRIQUE-FO"
interface=ether2 network=201.182.85.44
add address=172.16.53.1/24 comment="CPE Clientes Mega - OLT2" interface=
ether4 network=172.16.53.0
add address=221.0.1.1/24 comment=administracion_switch_normal_cisco1
interface=ether3 network=221.0.1.0
add address=192.168.200.1/24 interface=ether1 network=192.168.200.0
add address=192.168.1.100/24 comment="ip_administracion hub2_olt2" interface=
"Interconexion Switch1 Hub5 vlan 108" network=192.168.1.0
add address=100.0.108.1/30 comment="ip_administracion hub5_olt1" interface=
"Interconexion Switch1 Hub5 vlan 108" network=100.0.108.0
add address=172.16.50.1/24 interface=ether2 network=172.16.50.0
add address=172.1.3.1/30 interface="Interconexion Switch1 Servicios vlan 111"
network=172.1.3.0
add address=100.0.207.1/24 comment=Interconexion_hub3_olt3 interface=ether2
network=100.0.207.0
add address=172.16.74.1/24 interface="Interconexion Switch1 Hub1 vlan 102"
network=172.16.74.0
add address=200.0.2.1/24 comment="ip_administracion hub4-olt2" interface=
"Interconexion Switch1 Hub2 vlan 106" network=200.0.2.0
add address=172.16.85.1/24 comment="ip_administracion hub4-olt2" interface=
ether2 network=172.16.85.0
add address=172.16.86.1/24 interface=ether2 network=172.16.86.0
add address=201.182.85.49/30 comment="FALCON RAMOS NANCY FABIOLA#2"
interface=ether2 network=201.182.85.48
add address=201.182.85.57/30 comment="GOMEZ ZULUAGA DIDIER ALEJANDRO-FO"
interface=ether2 network=201.182.85.56
add address=10.10.5.2/30 comment=conexion_control interface=
"Interconexion VLAN-Control Banda" network=10.10.5.0
add address=201.182.85.53/30 comment="PINZON VINTIMILLA MANUEL GONZALO #2-FO"
interface=ether2 network=201.182.85.52
add address=201.182.85.61/30 comment=
"SERVICIOS HOTELEROS DE MARIO SHD MARIO CIA. LTDA.-FO" interface=ether2
network=201.182.85.60
add address=172.16.59.1/24 comment="CPE Clientes Mega - OLT2" interface=
ether2 network=172.16.59.0
add address=201.182.85.65/30 interface=ether2 network=201.182.85.64
add address=100.0.109.1/30 comment="ip_administracion hub5_olt2" interface=
"Interconexion Switch1 Hub5 vlan 109" network=100.0.109.0
add address=172.16.93.1/24 comment="CPE Clientes Hub5 - OLT2" interface=
"Interconexion Switch1 Hub5 vlan 109" network=172.16.93.0
add address=172.16.92.1/24 comment=hub5_olt2 interface=
"Interconexion Switch1 Hub5 vlan 109" network=172.16.92.0
add address=10.10.100.1/30 interface=ether4 network=10.10.100.0
add address=10.102.2.1/30 comment="ip_administracion hub2_olt2" interface=
ether2 network=10.102.2.0
add address=20.0.30.1/24 comment="ip_administracion hub2_olt2" interface=
ether2 network=20.0.30.0
add address=10.102.1.1/30 comment="ip_administracion hub2_olt1" interface=
ether2 network=10.102.1.0
add address=201.182.85.69/30 comment="ROJAS CASTILLO SEGUNDO ALCIVAR-FO"
interface=ether2 network=201.182.85.68
add address=11.11.11.1/30 interface=ether2 network=11.11.11.0
/ip dns
set cache-size=204800KiB servers=8.8.8.8
/ip firewall nat
add action=dst-nat chain=dstnat comment=dns_google disabled=no dst-port=53
in-interface=!10gb-ether2 protocol=udp to-addresses=8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=
!10gb-ether2 protocol=tcp to-addresses=8.8.8.8 to-ports=53
/ip proxy
set port=9999
/ip route
add comment=ruta_clientes distance=1 dst-address=0.0.0.0/32 gateway=10.10.5.1
routing-mark=routing_clientes
add comment=ruta_mikrotik-qos distance=1 gateway=10.10.5.1
add distance=1 dst-address=182.16.200.2/32 gateway=11.11.11.2
/ip service
set telnet disabled=yes
set ftp port=2100
set www port=xxxx
set ssh disabled=yes
set api-ssl disabled=yes
/ppp secret
add comment=DATACENTER name=mario profile=pppoe-172.16.61.1 remote-address=
172.16.61.161 service=pppoe
add comment="Lenny Elizabeth Coro Balseca-FO" name=2100211099 profile=
pppoe-172.16.60.1 remote-address=172.16.60.227 service=pppoe
add comment="MU\D1OZ AVILES JOSE MODESTO-FO" name=0FC7F8 profile=
pppoe-172.16.60.1 remote-address=172.16.60.235 service=pppoe
add comment="MASEIRA BERNAL FRENCY TAMARA-FO" name=0FC7F6 profile=
pppoe-172.16.60.1 remote-address=172.16.60.232 service=pppoe
add comment="ESPANA PAREDES ROYDEN-FO" name=1711627354 profile=
pppoe-172.16.60.1 remote-address=172.16.60.231 service=pppoe
add comment="Gabriel Alexi Gutierrez Iquira #1-FO" name=0FC7F0 profile=
pppoe-172.16.60.1 remote-address=172.16.60.230 service=pppoe
add comment="CHICAIZA DEFAZ MARIA HILDA-FO" name=0FC7CA profile=
pppoe-172.16.60.1 remote-address=172.16.60.229 service=pppoe
add comment="CEDENO ALCIVAR OTTO JOSE-FO" name=1312302027 profile=
pppoe-172.16.60.1 remote-address=172.16.60.226 service=pppoe
/routing ospf network
add area=backbone network=172.16.97.0/24
add area=backbone network=10.0.20.0/29
add area=backbone network=172.1.2.0/30
add area=backbone network=172.16.253.0/30
add area=backbone network=100.0.206.0/30
add area=backbone network=100.0.205.0/30
add area=backbone network=172.16.252.0/30
add area=backbone network=172.222.222.0/30
add area=backbone comment="BUSTOS CHILIQUINGA ROSA GUILLERMINA-FO" disabled=
yes network=201.182.85.28/30
add area=backbone comment="RS SUITES CIA. LTDA.-FO" disabled=yes network=
201.182.85.24/30
add area=backbone network=172.16.251.0/30
add area=backbone comment="NUNEZ HERRERIA LUIS ALBERTO-FO" disabled=yes
network=201.182.85.32/30
add area=backbone comment="BANSHUY TOABANDA JOSE MANUEL #3-FO" disabled=yes
network=201.182.85.36/30
add area=backbone comment="CONSTRUCCIONES CONSTRUCAIMAN CIA LTDA-FO"
disabled=yes network=201.182.85.40/30
add area=backbone comment="PAREDES TOASA GUILLERMO ENRIQUE-FO" disabled=yes
network=201.182.85.44/30
add area=backbone network=222.0.1.0/30
add area=backbone network=100.0.108.0/30
add area=backbone network=172.1.3.0/30
add area=backbone network=100.0.207.0/24
add area=backbone comment="FALCON RAMOS NANCY FABIOLA#2" disabled=yes
network=201.182.85.48/30
add area=backbone comment="PINZON VINTIMILLA MANUEL GONZALO #2-FO" disabled=
yes network=201.182.85.52/30
add area=backbone comment=ospf_control disabled=yes network=10.10.5.0/30
add area=backbone comment="GOMEZ ZULUAGA DIDIER ALEJANDRO-FO" disabled=yes
network=201.182.85.56/30
add area=backbone network=223.0.1.0/24
add area=backbone network=172.16.1.0/24
add area=backbone network=172.1.4.0/30
add area=backbone comment=
"SERVICIOS HOTELEROS DE MARIO SHD MARIO CIA. LTDA.-FO" disabled=yes
network=201.182.85.60/30
add area=backbone comment="MEDINA CAICEDO DARWIN DAVID-FO" disabled=yes
network=201.182.85.64/30
add area=backbone network=100.0.109.0/30
add area=backbone network=10.102.2.0/30
add area=backbone network=10.102.1.0/30
add area=backbone comment="ROJAS CASTILLO SEGUNDO ALCIVAR" disabled=yes
network=201.182.85.68/30
add area=backbone network=10.10.100.0/30
add area=backbone network=11.11.11.0/30
/snmp
set enabled=yes location=public trap-version=2
/system clock
set time-zone-name=America/Guayaquil
/system identity
set name="Redes Fibra"
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set "Interconexion VLAN-Control Banda" disabled=yes display-time=5s
set "Interconexion Switch1 Servicios vlan 111" disabled=yes display-time=5s
set "Interconexion Switch1 Hub5 vlan 109" disabled=yes display-time=5s
set "Interconexion Switch1 Hub5 vlan 108" disabled=yes display-time=5s
set "10gb-ether1" disabled=yes display-time=5s
set "10gb-ether2" disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set "Interconexion Switch1 Hub4 vlan 104" disabled=yes display-time=5s
set disabled=yes display-time=5s
set "Interconexion Switch1 Hub2 vlan 107" disabled=yes display-time=5s
set disabled=yes display-time=5s
set pppoe-@iptv1 disabled=yes display-time=5s
set disabled=yes display-time=5s
set disabled=yes display-time=5s
set disabled=yes display-time=5s
set disabled=yes display-time=5s
set disabled=yes display-time=5s
set disabled=yes display-time=5s

aacable · April 7, 2018, 6:40am

This have been discussed several times in the forum. in short you need to do natting on different router to avoid high cpu usage on main pppoe server.
Read this.

http://forum.mikrotik.com/t/high-cpu-on-ccr1072-every-pppoe-client-go-down/117855/1

I sort this by using below method.
https://aacable.wordpress.com/2018/03/27/separating-natting-from-routing-in-mikrotik/