we seem to get hit by DDoS attacks to a large number of IPs at the same time.
Some are assigned IPs and many are not.
In any case, we want the ability to black hole several hundred IPs at once.
Our upstream allows upto 200 at the moment.
However, with 100 or so /32 prefixes on the Mikrotik (CCR1072 running 6.42.6), the MT gets really bogged down and starts doing things like not accepting API connections and the Terminal windows is running is super slow mode. So clearly its overloading the CCR.
Anyone have any idea why this drags the MT to its knees?