Hello,
I’ve got very burdensome problem. For about 1 month RB760iGS running/leaking out of free memory. It starts with around 210MiB and after 5-10 minutes it has 60-90MiB and still goes down. After less than 10MiB it’s restarting and these restarts happens 3-4 times a day.
I was trying to replace it by other iGS but the same problem occuring. I even upgrade new one using netinstall, disabled unnecessary packages. This router is connected to the switch. There’s L2TP tunnel for monitoring and 2 more bridges - nothing more. I’m using 6.48.5 version.
Also logs from that error looks like below on both routers (old and new one):
router was rebooted without proper shutdown
kernel failure in previous boot
out of memory condition was detected
Is it possible that one of the clients has any malware or attacks on their network which causes that situation? I suspect that one of my clients could have one because I received some e-mails with vulnerabilities from their IP. Blocking forward traffic caused the connection count decreased to 198k.
Of course it is possible. Whether it is the real reason depends on the size of your network and the “legal” traffic of the clients.
Depending on what “blocking forward traffic” actually means, you may have prevented new connections from getting established (if you blocked just the packets establishing new connections), or you may have prevented existing connections from transporting any data, which will lead to existing connections to die out gradually.
I don’t know what is the best starting point, but probably sniffing of LAN traffic to a connected PC and using Wireshark to display statistics.
Or maybe /ip firewall connection print count-only where repl-packets<3 is another good starting point.
The idea is that the connections get created but do not succeed, which means they exist until timeout (which may be hours long) and new ones are created.
Thank you for your first answer and your explanations. Connecting e-mails with vulnerabilities and your command which you’ve sent in your first answer I solved the problem by blocking client who caused all this mess.
I torched potential IP address and in one minute it was around 45k entries. Blocking all forward traffic and rebooting the router solved the problem of running out of free memory. Right now it looks like that:
You could have removed connections initiated by that client using /ip firewall connection remove [find where src-address~“ip.of.that.client”] without annoying the other clients by the reboot, but let’s hope you won’t need this advice in near future
Well, of course the router should not crash under such circumstances but should have a more reasonable reaction to running out of memory.
(probably difficult to have a behavior that does not harm other users in some way, e.g. refusing new connections is not going to help much more than crashing)
On the other hand, I am often surprised that people run networks “for clients” (probably not their son or daughter) on such a tiny router…
