Hello
I am running an ISP and we have about 4000 clients (all end users). The Mikrotik 1072-1G-8S+ does all the routing for them.
There are 17 VLANs that serve all the clients (each VLAN has a /16 network) There are multiple switches down the road that block intra-lan communication between the clients and the Mikrotik only sees the MAC addresses of those switches. I am also using Mikrobill to manage client connectivity.
The overall internet traffic that passes through the Mikrotik router is about 3-4 Gbps. The problem that I am facing is that the CPU usage reaches close to 70-80% when the traffic gets close to 4Gbps.
When looking at total cpu performance I see that the most usage comes from the following services:
total: 75
queuing: 30
networking: 25
firewall: 20
I'm having big issues when the usage reaches 70-80%. Any advice you can give to resolve this as I am certain that it is a configuration issue. Do you think it's a good idea that I'm using so few VLANs for such big networks? Maybe I can increase the number of VLANs and provide smaller segments if that will decrease the usage?
I'll appreciate any advice on this matter.
Thank you!
Re: Mikrotik 1072 cpu usage on a high bandwidth.
Biggest impact on performance is from queues and firewall. See if you can optimize the rules, reduce total amount of rules, use fasttrack, maybe use RAW firewall instead etc.
Re: Mikrotik 1072 cpu usage on a high bandwidth.
Thank you for your response.
We did try fasttrack and total cpu usage dropped to 20%, however now the problem is that bandwidth limiting doesn't work.
I've added the screenshot of the rule that we use for about 5000 clients.
Any chance you can tell me more (or a link to an article) about how I can go about optimizing the rules?
Also by RAW firewall do you mean a separate hardware that will do all the bandwidth limiting?
We did try fasttrack and total cpu usage dropped to 20%, however now the problem is that bandwidth limiting doesn't work.
I've added the screenshot of the rule that we use for about 5000 clients.
Any chance you can tell me more (or a link to an article) about how I can go about optimizing the rules?
Also by RAW firewall do you mean a separate hardware that will do all the bandwidth limiting?
You do not have the required permissions to view the files attached to this post.
Re: Mikrotik 1072 cpu usage on a high bandwidth.
Fasttrack is useful when you DON'T want to use Bandwidth Limiting.
Turn it off if you need Queues.
CPU usage dropped because it is no longer doing any bandwidth limiting. This is what Fasttrack is - disabling lots of processing stuff (like queues).
Turn it off if you need Queues.
CPU usage dropped because it is no longer doing any bandwidth limiting. This is what Fasttrack is - disabling lots of processing stuff (like queues).
Re: Mikrotik 1072 cpu usage on a high bandwidth.
Thank you that makes sense. In the previous message it was mentioned that I could use a RAW Firewall. Would this be a separate hardware that will do the bandwidth limiting? Does Mikrotik manufacture one?
Re: Mikrotik 1072 cpu usage on a high bandwidth.
RAW firewall is Raw table of firewall on your device.Thank you that makes sense. In the previous message it was mentioned that I could use a RAW Firewall. Would this be a separate hardware that will do the bandwidth limiting? Does Mikrotik manufacture one?
Processing there is done before all other things so packets dropped there never reach routing or serives, they are discarded as soon as they reach drop rule.
Also i would recommend to optimize queues to be very small(like 30 packets maximum, most often 5-15 packets size is working perfectly).
Smaller queue is less time it takes to process by router(less packet shifts in queue).