Route Cache Size Overflow, High CPU Usage, Internal IP Spam, UPNP XML? RB2011

lotnybartek · March 21, 2017, 11:04am

Hi there.

RB2011 here. Everything was wine for years until last month. Look at this:

To explain:

192.168.10.1 is RB2011 IP
192.168.10.113 is Windows 10 Pro Hyper-V Guest

So 192.168.10.113 is spamming router to the point, where CPU is on 100% (or vice versa?)constantly and cache entries are between 6000-10000, all looks the same as on screenshot. I can delete them manually but they are appearing almost every 30-40 seconds. Maybe the key is port number 2828? Like I said, never had this problem earlier, I think It happened after upgrading to 6.38.5 but I’m not 100% sure.

Can someone give any hint here?

UPDATE:

So, apparently, when you go to the link:

http://192.168.10.1:2828/gateway.xml

you’ll get some sort of XML file - something connected to UPNP service?

Bart

R1CH · March 21, 2017, 9:34pm

RouterOS runs UPNP TCP on a fixed port, 2828. Looks like something on your Hyper-V Guest is misbehaving and going crazy with UPNP requests. You can try to use TCPView on the guest to find out what’s connecting. Given the reply bytes are 0, are you sure there’s no firewall blocking the response? The client seems to be connecting every 30 secs, maybe assuming there’s a timeout. This shouldn’t cause high CPU use though if the connections are idle.

petterg · March 21, 2017, 11:19pm

I think I’ve seen a UPnP setting for each guest in hyper-v management. Look for it and see if it helps to change that setting.

lotnybartek · March 22, 2017, 10:21am

I’ve restarted Hyper-v Guest and Server and everything is fine now. Dunno what caused it.