Community discussions

MikroTik App
 
chubbs596
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 72
Joined: Fri Dec 06, 2013 6:07 pm

to many winbox/dude sessions

Thu Mar 22, 2018 11:25 am

Hi Guys

We currently use a chr router for a central upgrade server using the Auto upgrade feature, I have written a script that wil check for software and firmware

/system upgrade upgrade-package-source
add address=x.x.x.x user=upgrade
/system upgrade refresh
/system upgrade print
/system upgrade download-all reboot-after-download=yes

We now face a issue where we will see the below error in the log file for the central upgrade CHR

mar/21 02:00:01 warning too many winbox/dude sessions, drop connect from 10.192.1.102
mar/21 02:00:01 warning too many winbox/dude sessions, drop connect from 10.192.0.30
mar/21 02:00:02 warning too many winbox/dude sessions, drop connect from 10.192.0.254
mar/21 02:00:02 warning too many winbox/dude sessions, drop connect from 10.192.0.34
mar/21 02:00:02 warning too many winbox/dude sessions, drop connect from 10.192.0.190
mar/21 02:00:02 warning too many winbox/dude sessions, drop connect from 10.215.0.18

Where can we increase this session count?
 
chubbs596
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 72
Joined: Fri Dec 06, 2013 6:07 pm

Re: to many winbox/dude sessions

Fri Mar 23, 2018 2:33 pm

Anybody that can give me some info or advice?
 
chubbs596
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 72
Joined: Fri Dec 06, 2013 6:07 pm

Re: to many winbox/dude sessions

Fri Mar 30, 2018 7:38 pm

Anybody that can give me some info or advice?
 
chubbs596
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 72
Joined: Fri Dec 06, 2013 6:07 pm

Re: to many winbox/dude sessions

Fri Mar 30, 2018 7:40 pm

This is the scripts used to do the upgrade check everynight at 2am,

/system script
add name=upgrade owner=master policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global pkdowned 2\r\
\n:global davailable 2\r\
\n:global indownload 2\r\
\n:global adone 2\r\
\n:global dgrade 2\r\
\n:global ugrade 2\r\
\n/system upgrade refresh\r\
\n:delay 10\r\
\n:foreach i in=[/system upgrade find] do={\r\
\n:if ([/system upgrade get \$i version] < [/system package update get installed-version]) do={:set \$dgrade 1;} else={:set \$dgrade 0}\r\
\n:if ([/system upgrade get \$i version] > [/system package update get installed-version]) do={:set \$ugrade 1;} else={:set \$ugrade 0}\r\
\n:if ([/system upgrade get \$i version] = [/system package update get installed-version]) do={file remove [find where name ~ \"routeros-\"];:set \$ado\
ne 1;} else={:set \$adone 0}\r\
\n:if ([/system upgrade get \$i status]=\"available\") \tdo={:log warning \"RouterOS available\"; :set \$davailable 1;} else={:set \$davailable 0}\r\
\n:if ([/system upgrade get \$i status]=\"downloaded\") do={:log warning \"RouterOS downloaded\"; :set \$pkdowned 1;} else={:set \$pkdowned 0}\r\
\n/;}\r\
\n:delay 2\r\
\n:while (\$davailable=1) do={\r\
\n :delay 10\r\
\n :foreach i in=[/system upgrade find] do={\r\
\n :if ([/system upgrade get \$i status]=\"available\") do={:log warning \"RouterOS start download\"; /system upgrade download numbers=\$i;}\r\
\n\t :if ([/system upgrade get \$i status]=\"downloading\") do={:log warning \"RouterOS downloading\"; :set \$indownload 1;}\r\
\n\t :if ([/system upgrade get \$i status]=\"downloaded\") do={:log warning \"RouterOS downloaded \"; :set \$pkdowned 1; :set \$davailable 0;}\r\
\n }\r\
\n}\r\
\n:if ((\$pkdowned=1 && \$ugrade=1)) do={:log error \"reboot for upgrade\"; /system reboot;}\r\
\n:if ((\$pkdowned=1 && \$dgrade=1)) do={:log error \"reboot for downgrade\"; /system package downgrade;}\r\
\n:if (\$adone=1) do={:log warning \"RouterOS upto Date\"}\r\
\n:set pkdowned;\r\
\n:set davailable;\r\
\n:set indownload;\r\
\n:set adone;\r\
\n:set dgrade;\r\
\n:set ugrade;\r\
\n"
/system scheduler
add interval=1d name=sched_upgrade_software on-event=upgrade policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/01/1970 start-time=02:00:00
 
User avatar
Karas
just joined
Posts: 9
Joined: Sat Apr 21, 2012 2:53 am
Location: Port Elizabeth, South Africa

Re: to many winbox/dude sessions

Tue Feb 05, 2019 8:10 am

Having the same issue here.
Ironically, its also at 2am even...
Any advise from anyone?
 
User avatar
Deantwo
Member
Member
Posts: 320
Joined: Tue Sep 30, 2014 4:07 pm

Re: to many winbox/dude sessions

Tue Mar 19, 2019 11:04 am

I don't see any options to set or increase the limit of sessions. I didn't even know there was one.

One thing you could do is spread the update checks out over a larger time period so all the requests don't come at the same time.
Change your schedulers to have a start-time that depends on the router's IP address or something else unique.
For example I use this in one of mine:
/system scheduler {
    :local calculation 
    :local lanIP [/ip address get [:pick [/ip address find interface="bridge"] 0] address]
    :local dotPos
    
    :set dotPos [:find $lanIP "." -1]
    :set lanIP [:pick $lanIP ($dotPos + 1) 15]
    :set dotPos [:find $lanIP "." -1]
    :set calculation [:pick $lanIP 0 $dotPos]
    :set lanIP [:pick $lanIP ($dotPos + 1) 15]
    :set dotPos [:find $lanIP "." -1]
    :set calculation (([:pick $lanIP 0 $dotPos] * 256) + $calculation)
    
    :set calculation ($calculation * 20)
    :set calculation ((($calculation / 3600) % 19) . ":" . \
        (($calculation / 60) % 60) . ":" . ($calculation % 60))
    :put $calculation
    
    remove [find name="myScheduler"]
    add interval=1w name="myScheduler" on-event="myScript" \
        start-date=jan/04/1970 start-time=$calculation
}
Far from perfect, but it gives a little less stress. This script was however originally made to make a weekly script run on any hour during sunday and the script relies on the LAN IP-address scheme I use, so you'll have to change the calculation to suit your needs.

I am slowly gearing up to make a mass upgrade of my ~300 routers, so I guess I'll get to see some of this issue here soon enough.
I wish my FTP was FTL.
 
User avatar
Deantwo
Member
Member
Posts: 320
Joined: Tue Sep 30, 2014 4:07 pm

Re: to many winbox/dude sessions

Tue Mar 19, 2019 4:55 pm

/system scheduler {
    :local uptime [/system resource get uptime]
    :set uptime [:pick $uptime ([:len $uptime] - 5) [:len $uptime]]

    :local calculation (([:tonum [:pick $uptime 0 2]] + [:tonum [:pick $uptime 3 5]]) * 40)
    :set calculation [:totime $calculation]
    :set calculation (04:00:00 + $calculation)

    remove [find name="myScheduler"]
    add interval=1d name="myScheduler" on-event="myScript" \
        start-date=jan/01/1970 start-time=$calculation
}
My predecessor has again been clever when making our setup. Found this snippet in our configuration script (and simplified it a little bit for readability).
Reason for using uptime being that it is the most random thing you have on the router.
It should give a time somewhere between 04:00:00 and 05:00:00 I think.
I wish my FTP was FTL.
 
kenjix
just joined
Posts: 13
Joined: Wed Aug 28, 2019 5:31 pm

Re: to many winbox/dude sessions

Wed Mar 11, 2020 11:14 pm

I just started to get this message on mine too. I'm having a different problem, but I'm thinking it has to do with the same thing. After 7 hrs my Dude Client won't connect and won't let me in through Winbox, but if I have an open session it will work, but won't let me do changes to anything, example Read, but no Write.
 
loloski
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Mar 15, 2021 9:10 pm

Re: to many winbox/dude sessions

Wed Jun 23, 2021 4:57 pm

after few years.... bump anyone from MT can answer or fix this? i hope the answer is not reboot the router itself
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 4654
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: to many winbox/dude sessions

Wed Jun 23, 2021 5:11 pm

This is the users forum and if anyone wants to contact MikroTik they should write to support@mikrotik.com
instead to write here on the hope someone of MikroTik staff read this.

That said, it is not a RouterOS error, but it is b...t that users do because they do not think that doing
the same thing at the same time to the same server is equivalent to a DDoS attack done to themselves.

If one is a professional, the time is distributed from 1am to (for example) 6am, one peripheral at a time every 1 minute (for example).

The starting time is not set from the script/scheduler saved on routerboard,
but is created on the fly with some function inside the script pasted on terminal, for add the script/scheduler with a determined time of execution.

So things have to be done wisely, if the problem is too many simultaneous connections, it means that something in the scripts is badly designed.


For example, if the CPE are 300 from 1am to 6am are 300 minutes, and updating 1 device each minute cant'be a problem.

And then the time must not be RANDOM, but well defined.
A random number can come back the same, otherwise it would not be RANDOM...

Better to rely on the 6 Bytes of the MAC address ...
Each peripheral has its own and they are never the same.
 
loloski
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Mar 15, 2021 9:10 pm

Re: to many winbox/dude sessions

Wed Jun 23, 2021 6:25 pm

This is the users forum and if anyone wants to contact MikroTik they should write to support@mikrotik.com
instead to write here on the hope someone of MikroTik staff read this.

That said, it is not a RouterOS error, but it is b...t that users do because they do not think that doing
the same thing at the same time to the same server is equivalent to a DDoS attack done to themselves.

If one is a professional, the time is distributed from 1am to (for example) 6am, one peripheral at a time every 1 minute (for example).

The starting time is not set from the script/scheduler saved on routerboard,
but is created on the fly with some function inside the script pasted on terminal, for add the script/scheduler with a determined time of execution.

So things have to be done wisely, if the problem is too many simultaneous connections, it means that something in the scripts is badly designed.


For example, if the CPE are 300 from 1am to 6am are 300 minutes, and updating 1 device each minute cant'be a problem.

And then the time must not be RANDOM, but well defined.
A random number can come back the same, otherwise it would not be RANDOM...

Better to rely on the 6 Bytes of the MAC address ...
Each peripheral has its own and they are never the same.
In my case it's not a script but "the dude" is polling a lot of information on my router that exhibit this behavior, i'm fairly new here but i can attest that the support is virtually does not exist and workaround for this problem is to connect via romon, just found out as of this writting
 
Cablenut9
Member
Member
Posts: 456
Joined: Fri Jan 08, 2021 5:30 am

Re: to many winbox/dude sessions

Wed Jun 23, 2021 6:45 pm

What license level do you have? Depending on it, you can only have so many sessions at one time.
Serial question asker
 
loloski
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Mar 15, 2021 9:10 pm

Re: to many winbox/dude sessions

Thu Jun 24, 2021 2:50 am

What license level do you have? Depending on it, you can only have so many sessions at one time.
level6 because this is CCR-1072
 
loloski
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Mar 15, 2021 9:10 pm

Re: to many winbox/dude sessions

Thu Jun 24, 2021 11:27 am

What license level do you have? Depending on it, you can only have so many sessions at one time.
level6 because this is CCR-1072
this is getting serious, even after we stop "the dude" and reboot the router still not accepting connection via IP

https://mikrotik.com/client/support/SUP-53175

Who is online

Users browsing this forum: Baidu [Spider] and 121 guests