Hi,
i would like to changemy bgp router ccr1072 with a xeon server because when i have ddos attack cpu go to 100% and I loss packets.
there is a pci that mikrotik support for have at least 4x 10G ports?
thank you
Hi
I have pretty much same problem with you before but I have found out that when you drop attack traffic with IP > Firewall > Raw CPU will come down and not having loss.
And I have use x86 RouterOS on Xeon E3 with Intel X520 before and still have problem when under attack.
Software router with small packets (especially attack traffic) are not going well. My advice is getting wire speed L3 switch with BGP. or Try use dst-limit to limit pps per IP.
I would consider a packet scrubber in between the upstream peer and the border router. This is what they are designed for.
We’ve used these successfully with both CCRs and CHRs to defend against DDoS attacks and use RTBH