Since the implementation of RPKI validation on RouterOS v7.x, we continue to experience problems. The refresh, by default set to 3600, is carried out approximately every 10 minutes even if modified. We tried setting even higher values, but it doesn’t change anything… With RPKI validation active, there is a very strange behavior of the RB and SNMP. Concurrently with the RPKI refresh, SNMP stops working for about 2-3 minutes and then recovers. This happens only and exclusively if RPKI validation is active. Otherwise, everything works perfectly. Naturally, this means that our Network Management immediately signals the anomaly of the RB being unreachable via SNMP, but in reality, it works regularly.
Has anyone else encountered this problem?
I assume that you have a large routing table and you are trying to monitor whole routing table via SNMP.
When routing filters, in this case RPKI in filters, is updating routing table SNMP will not be able to get data until calculation is done.
I also thought it might be an issue with the size of the routing table, but consider that I don’t receive any full routing table since the RB is located in an IXP.
So it receives about 140K x 2 in IPv4 and 50K x 2 in IPv6, plus the direct peering.
We’re talking about very few routes compared to IP transits, which typically involve receiving over 900K routes.
Additionally, there’s an issue with the refresh time… even if I set a value higher than 3600 (default), it still refreshes about every 10 minutes.
The SNMP problem is random… but most likely occurs in conjunction with RPKI validation.
The strange thing is that out of 3 RBs in 3 different IXPs, only two have the same problem and the configuration is almost identical.
Therefore, I agree with you that it could be a CPU issue during RPKI refresh, but considering that we’ve moved from mono core to multi core, it seems really absurd and I think it’s a bug.
Also, keep in mind that I’ve tried all the modes for Input/Output affinity, and the only one that’s less impactful is vrf, rather than main (which should be the most appropriate).
Thanks for your reply.
Today we upgraded to version 7.12.1 and it seems that the issue with SNMP stopping working when RPKI was active has been resolved.
Additionally, the problem of OSPF announcements timing out has been fixed.
Now, we hope that in a few hours the SNMP polling doesn’t go into a tilt again
False alarm
The RPKI refresh timing is still off and after about an hour the SNMP still goes into tilt for a couple of minutes. Disabling RPKI validation makes everything perfect.
Hoping for the next update.
