Community discussions

MikroTik App
 
sunshuvo
just joined
Topic Author
Posts: 3
Joined: Wed Aug 09, 2017 7:34 am

CCR1072 100% CPU after PCQ

Wed Dec 23, 2020 8:30 am

I tried to: Configure PCQ on CCR1072 with the bandwidth of 5Gbps and connected 3000 Public IP

I saw this problem: CPU got 100% and network crush

I expected to see: Perfect operation after applying PCQ and L7 for youtube and Netflix

Steps to repeat this issue: Currently we disable the PCQ.

I want to know that is this model supports the PCQ with such traffic and client. If not then which Server (specification) we can purchase for RouterOS to serve PCQ with 10G traffic and 10000 public IP.

We planned to purchase http://www.deltaserverstore.com/dell-r820.html (item-16), is this model with RouterOS can serve our purpose.
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1146
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: CCR1072 100% CPU after PCQ

Wed Dec 23, 2020 1:55 pm

Post the output of "/export hide-sensitive", and it would be helpful to show us the output of "/tool profile" under load as well.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
hel
Member Candidate
Member Candidate
Posts: 184
Joined: Sun Jun 12, 2011 6:31 am
Location: Kirov, Russia

Re: CCR1072 100% CPU after PCQ

Wed Dec 23, 2020 4:46 pm

We have 1036 and even 300M link with attached PCQ queue loads up CPU to 100% from time to time. Maybe it is using only one core.
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1146
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: CCR1072 100% CPU after PCQ

Wed Dec 23, 2020 4:58 pm

Most issues with high load when using queues, and especially L7 come from using these features in a wrong way.

I highly recommend watching Janis' presentation from MUM on how to properly debug and fix common performance issues on CCRs:
https://www.youtube.com/watch?v=3LmQYIQ5RoA

Right on page 5 (4 minutes in the video) of the presentation there is discussion of "High Layer7 load".
This is in discussion for firewall, but same applies to Mangle for Queue Tree.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
Kanta
just joined
Posts: 4
Joined: Tue May 15, 2018 7:54 pm

Re: CCR1072 100% CPU after PCQ

Fri Dec 25, 2020 2:38 pm

I had a simple config for queue tree, pcq and mangle on the CCR1036. Most basic stuff just to limit bandwidth. Once the bandwidth went above 1G (most likely ~1370Mbit/s or so) we hit a limit for single core performance on our CCR and I had the same problems. So what I did was create more of the same queue trees with ethernet/sfp interfaces as parent interfaces to balance the cores out, that solved the problem until the 10G sfp interface hit the single core limit again. Turns out that queue tree can only work with one core per queue tree(or multiple queue trees?) on the interface.

MikroTik made some changes to simple queues years ago that improved performance and gave them multi-core support (each simple queue item (or a group of them?) has a core for itself). So the solution was to use simple queues instead of queue trees. Oh boy and do I hate simple queues...well, turns out that adding about ~37500 simple queues halfbricks the router (reset needed) and the single core limit of ~1370Mbit/s still stands on the single core performance, so a single simple queue item can not limit more then the ~1370mbit/s on the ccr1036. And you need to have more then 32 simple queues for optimal load balancing on the cores, works ok with less tho.

Instead of just stacking simple queues you can improve the simple queue performance some more with grouping them into parent queues. It's hard to find any documentation on it so I can only point you at this video https://www.youtube.com/watch?v=Ro3B1kQUokE as a reference.

As for the L7, can't you just skip it and just pull all google/netflix ipv4/ipv6 into an adress list and shape traffic with that https://www.gstatic.com/ipranges/goog.json and just update the list from time to time? No L7, less issues. Or combine them both, not a google ip on the destination? no need to use l7 check on the packet.

Who is online

Users browsing this forum: No registered users and 5 guests