Processor thrashing

We have a routerboard 532A with a 564 daughterboard supplying two backhaul links and one distribution link (about 15 direct connections).

All of these connections get to the internet via one of the LAN ports.

The only configuration is 4 static IPs on different subnets and 5 routes including 1 default route to the internet.

There are no filter rules and very little of anything else.

The max traffic going through at any one time is about 13M alltogether in all directions.

The usual number of connections is between 5000 and 10000.

The problem is that as the traffic increases, so does the CPU to the extent that when the combined traffic gets to around 10M, the processor is averaging 80% and often hitting 100%.

When this is happening speed through the system is noticeably reduced.

We do have a fair ammount of P2P, but we find the P2P blocking functionality does little.

Is this expexted / normal?

I am surprised that the fastest routerboard available cannot handle more than this.

We are having to think about using two or three separate 532A boards instead of just one in this location, does this seem normall?

Thanks for any advice.

Lawrence

Yes, it’s probably normal, but there is room for improvement. I would suggest limiting p2p instead of blocking it, as if it’s blocked, people will immediately seek a workaround that is harder for you to deal with. p2p will consume all available bandwidth if allowed. That may restore some of your bandwidth.

If you are not running firewall rules, turn off connection tracking, or if you need it, reduce the various timeouts.

I would also check to see that your bandwidth test server is turned off. We see probes of that ocassionally, and running those tests will poke the CPU hard.

You could get a low power PC and a managed ethernet switch (using vlans) to provide ports for the direct users, and it would probably be several times more powerful than the rb532.