Community discussions

MikroTik App
just joined
Topic Author
Posts: 3
Joined: Wed Jan 15, 2014 3:53 pm
Location: Saint-Petersburg, Russia

NAT. "Kernel failure. Out of memory condition was detected."

Mon Dec 07, 2015 8:59 pm

Device: 951G-2HnD (Memory: 128Mb.) (100Mb+ free while idle)
Version: 6.15 (other not tested)
Problem: router reboot
Cause: too many "connection tracker" connections
Context: stress test(curiosity). not geneal usage.
jan/01/2002 04:00:07 system,error,critical System rebooted because of kernel failure 
jan/01/2002 04:00:08 system,error,critical Out of memory condition was detected 
jan/01/2002 04:00:08 system,error,critical router was rebooted without proper shutdown
ip-firewall-connections-Max Entries: 220952

Since "conntrack.UDP default timeout" is 30 seconds... we can easily abuse/stress it.

Goal: create huge amount of NAT records.
Details: send many UDP packets through NAT (connection tracker ON) with different dest./src ports.

Tested with script:
Each 100ms. until port 65535:
1. From 100 local UDP sockets send packet to IP to port range 50000 - 50300.
2. Change port offset by +300.

(65535 - 50000) * 100 NAT records. 30000(theoretical) records per second.
Free memory => 0
"/ip firewall connection" count => 1553500 :lol:
Router => reboot
For me: ~40000 "firewall connections" already consume 90Mb.(no Queues enabled, no mangle rules enabled)

Empirical result:
Kernel failure. Out of memory. Router rebooted.

Desired result:
Drop packets. Don't try to create new NAT records when no more memory.

Nodejs script:
Usage: node udp_stress.js IP_WITH_NAT

In script file: change PORT_START and SOCKETS_COUNT to be more stressfull.
You do not have the required permissions to view the files attached to this post.
just joined
Posts: 11
Joined: Mon Aug 05, 2013 11:39 pm

Re: NAT. "Kernel failure. Out of memory condition was detected."

Sat Sep 10, 2016 6:33 pm

I had this problem twice for past 12 hours on Cloud Core 1009-8G. This router has 1GB of RAM. Running RouterOS 6.28.

So, this posible problem was reported almost year ago and MikroTik did nothing to fix it?

Who is online

Users browsing this forum: bpwl, yogitarneha and 74 guests