hi all,
I just started a small ISP and the CCR1009 is load balancing dualWAN (so 1 port per upstream provider) and then one other port goes to a switch for everyone else. we only have 200mb total upstream bandwidth and we always notice a discrepancy between total upload/download of the 2 wan ports and the port going to the subscribers (ranges from 8-18mb which on a 200mb network is incredibly significant) we’ve run IP accounting and found some mysterious addresses inside the network which we’ve then blocked. we used torched and discovered several inquiries from one external IP to another external IP that arent ones we are using. I would assume this was just traffic bouncing off but then the “discrepancy” should be symettrical right? but the gap from upstream RX to downstream TX goes from 8-18mb the gap from upstream TX to downstream RX is 1-3mb
we’re really struggling here because not all of us are still well versed with Mikrotik, any help at all would be appreciated.