Page 1 of 1

Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Wed Aug 21, 2019 7:41 am
by blackmetal
Hello,
I have a mikrotik ccr 1036-8g-2s+ with about 10 filter rule and per your datasheet on https://mikrotik.com/product/CCR1036-8G-2Splus in routing mode with 25 filter rule 1036 can handle 1.5gbps bps and 3m pps but the issue here is when i receive DDOS attack my CPU usage is %100,
the DDoS i received had 1m PPS and about 1gbps bps and i have analyzed the traffic, they were with spoofed IPs, they were on UDP and sometimes GRE protocol, they were on one DST IP.
as a note my uplinks are 2x 10gbps so I have 20gbps totally.
This is what i have on my router:
1. 6 enabled Ip Firewall Filter rules
2. 1 Mangle Rules
3. 9 enable ip firewall raw rules
4. bgp with no full table
5. 100 Vlans
6. BGP/OSPF
would you tell me, why does my cpu usages is %100 when i receive this amount ? its opposite of datasheet.
any idea to solution for solve this?

Thank you.

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 11:28 am
by abn
Hello,
I have a mikrotik ccr 1036-8g-2s+ with about 10 filter rule and per your datasheet on https://mikrotik.com/product/CCR1036-8G-2Splus in routing mode with 25 filter rule 1036 can handle 1.5gbps bps and 3m pps but the issue here is when i receive DDOS attack my CPU usage is %100,
the DDoS i received had 1m PPS and about 1gbps bps and i have analyzed the traffic, they were with spoofed IPs, they were on UDP and sometimes GRE protocol, they were on one DST IP.
as a note my uplinks are 2x 10gbps so I have 20gbps totally.
This is what i have on my router:
1. 6 enabled Ip Firewall Filter rules
2. 1 Mangle Rules
3. 9 enable ip firewall raw rules
4. bgp with no full table
5. 100 Vlans
6. BGP/OSPF
would you tell me, why does my cpu usages is %100 when i receive this amount ? its opposite of datasheet.
any idea to solution for solve this?

Thank you.
Hello,
I am facing the same problem please Mikrotik help us you can check that forum questions I'll put the link below
https://r.tapatalk.com/shareLink/topic? ... are_type=t

Sent from my Redmi Note 6 Pro using Tapatalk


Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 11:32 am
by blackmetal
This is really fantastic for me why does datasheet numbers are differents with productional enviroments!

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 11:35 am
by blackmetal
i sent an email to support@mikrotik.com but they suggested me some rules for fighting ddos, how ever i do not want protect my customers from ddos attacks and i want to transit this traffic to them because we do not offer ddos protection service! so i do not know why does datasheet numbers are really different in working enviroments!

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 12:20 pm
by sebastia
Hey

Do you have connection tracking enabled?
was the ddos on ipv6? there was an issue with that not so long ago (implementation in ROS), with a patch release. do you have it?

Edit: just noticed you don't have connection tracking enabled viewtopic.php?f=2&t=151403

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 12:25 pm
by blackmetal
connection tracking is disabled, an i have no ipv6 traffic even bgp ipv6 and all traffics are ipv4

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 12:54 pm
by sebastia
which version are you running? remember that there was a bug in ROS with regards to that;
Ros 6.45.1:
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 1:02 pm
by blackmetal
Hi
I am using latest version for both routerboot and ros

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 1:06 pm
by sebastia
remember something similar

viewtopic.php?f=2&t=126354&hilit=ccr+cpu

Re: Mikrotik CCR 1036 8G 2S+ Performance issue

Posted: Thu Aug 22, 2019 1:22 pm
by blackmetal
As i understand CCr can note route this amount of traffic to user due to linux kernel?