Community discussions

 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 180
Joined: Mon Aug 16, 2010 9:01 am

Mikrotik CCR 1036 8G 2S+ Performance issue

Wed Aug 21, 2019 7:41 am

Hello,
I have a mikrotik ccr 1036-8g-2s+ with about 10 filter rule and per your datasheet on https://mikrotik.com/product/CCR1036-8G-2Splus in routing mode with 25 filter rule 1036 can handle 1.5gbps bps and 3m pps but the issue here is when i receive DDOS attack my CPU usage is %100,
the DDoS i received had 1m PPS and about 1gbps bps and i have analyzed the traffic, they were with spoofed IPs, they were on UDP and sometimes GRE protocol, they were on one DST IP.
as a note my uplinks are 2x 10gbps so I have 20gbps totally.
This is what i have on my router:
1. 6 enabled Ip Firewall Filter rules
2. 1 Mangle Rules
3. 9 enable ip firewall raw rules
4. bgp with no full table
5. 100 Vlans
6. BGP/OSPF
would you tell me, why does my cpu usages is %100 when i receive this amount ? its opposite of datasheet.
any idea to solution for solve this?

Thank you.
 
abn
newbie
Posts: 36
Joined: Sun Sep 11, 2016 1:35 pm

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 11:28 am

Hello,
I have a mikrotik ccr 1036-8g-2s+ with about 10 filter rule and per your datasheet on https://mikrotik.com/product/CCR1036-8G-2Splus in routing mode with 25 filter rule 1036 can handle 1.5gbps bps and 3m pps but the issue here is when i receive DDOS attack my CPU usage is %100,
the DDoS i received had 1m PPS and about 1gbps bps and i have analyzed the traffic, they were with spoofed IPs, they were on UDP and sometimes GRE protocol, they were on one DST IP.
as a note my uplinks are 2x 10gbps so I have 20gbps totally.
This is what i have on my router:
1. 6 enabled Ip Firewall Filter rules
2. 1 Mangle Rules
3. 9 enable ip firewall raw rules
4. bgp with no full table
5. 100 Vlans
6. BGP/OSPF
would you tell me, why does my cpu usages is %100 when i receive this amount ? its opposite of datasheet.
any idea to solution for solve this?

Thank you.
Hello,
I am facing the same problem please Mikrotik help us you can check that forum questions I'll put the link below
https://r.tapatalk.com/shareLink/topic? ... are_type=t

Sent from my Redmi Note 6 Pro using Tapatalk

 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 180
Joined: Mon Aug 16, 2010 9:01 am

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 11:32 am

This is really fantastic for me why does datasheet numbers are differents with productional enviroments!
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 180
Joined: Mon Aug 16, 2010 9:01 am

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 11:35 am

i sent an email to support@mikrotik.com but they suggested me some rules for fighting ddos, how ever i do not want protect my customers from ddos attacks and i want to transit this traffic to them because we do not offer ddos protection service! so i do not know why does datasheet numbers are really different in working enviroments!
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1795
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 12:20 pm

Hey

Do you have connection tracking enabled?
was the ddos on ipv6? there was an issue with that not so long ago (implementation in ROS), with a patch release. do you have it?

Edit: just noticed you don't have connection tracking enabled viewtopic.php?f=2&t=151403
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 180
Joined: Mon Aug 16, 2010 9:01 am

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 12:25 pm

connection tracking is disabled, an i have no ipv6 traffic even bgp ipv6 and all traffics are ipv4
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1795
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 12:54 pm

which version are you running? remember that there was a bug in ROS with regards to that;
Ros 6.45.1:
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 180
Joined: Mon Aug 16, 2010 9:01 am

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 1:02 pm

Hi
I am using latest version for both routerboot and ros
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1795
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 1:06 pm

remember something similar

viewtopic.php?f=2&t=126354&hilit=ccr+cpu
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 180
Joined: Mon Aug 16, 2010 9:01 am

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Thu Aug 22, 2019 1:22 pm

As i understand CCr can note route this amount of traffic to user due to linux kernel?

Who is online

Users browsing this forum: No registered users and 73 guests