Route Cache disabled with Fast Path

berlo · November 1, 2017, 11:12pm

Dear Support,
in last months we spent a lot of time to find best solution that can handle lot pps during DDoS.

From kernel 3.6 route cache is disabled because is proven that can cause performance drop under high load.

With fast path enabled (route cache enabled) just 2gig syn flood can cause packet loss and 100% CPU usage on CCR1072. BUT, if we disable route cache we see no performance drop.

As route cache is abandoned project, why not update fast path to esclude route cache from requisites? I think this can improve every router a lot.

We see that if router have < 1kk routes with route cache enabled you get some % CPU saving. But if you use it for full bgp table or partial one, on >2mil pps router stop forwarding traffic. With route cache disabled you can hit router with 4mil pps without any degradation (probably more, but i not tested it).

Why not update fast path to remove route cache prerequisites or developing something similar that not require caching?

kometchtech · November 2, 2017, 5:26am

I’m sorry from the side.

It is very worrisome information.
If disabling Route cache does not affect performance and resources can be saved, I think it’s a pleasure.

I think that below points about fast-track, but I would like to obtain that information for the future as well.

Why not update fast path to remove route cache prerequisites or developing something similar that not require caching?

Best regards.

berlo · November 2, 2017, 8:50am

i just received reply that in v.7 they will update the kernel so route cache will be removed too.

I think that removing route cache will be a big improvements to all people that have partial or full route bgp setup.

msatter · November 6, 2017, 11:39am

I had disabled router cache and a day later I was puzzled by that my throughput dropped from 500/650 to 151/151 on my 750Gr3.

Because the new speed was symmetrical I knew it was something in the router and enabling router cache again brought back my speed.

I am on fast tracking and not on fast path.

hedele · November 6, 2017, 1:50pm

That is because as of ROS v6, Fastpath requires route-cache in order to work. If you disable route-cache, you disable fastpath (and by extension, fasttrack).

berlo · November 6, 2017, 3:47pm

check 750Gr3 performance.

Bridging none (fast path) 162.4 1,972.2 443.7 1,817.4 1039.1 532.0
Bridging 25 bridge filter rules 162.4 1,972.2 168.1 688.5 174.3 89.2
Routing none (fast path) 162.4 1,972.2 444.4 1,820.3 1035.0 529.9
Routing 25 simple queues 162.4 1,972.2 179.6 735.6 171.4 87.8

You can’t push 500/650 without fast path active. If you want to fix the forwarding issue under DDoS you need a device that is able to forward traffic in the slow path. I see that routerOS use kernel 3.3.5+, when they upgrade to at least 3.6+ version we should see improvement on this side.

ack · December 27, 2017, 2:41pm

Another MikroTik promise of RouterOS v7.00… but will it ever get released!?