Page 1 of 1

How resilient is CCR1009

Posted: Thu Sep 19, 2019 3:53 pm
by Gombeen666
We have two CCR1009 and one is active but every few months we have to reboot it to fix dns error for our PPPoE clients?

An active CCR is using primary services - OSPF, L2 Bridged Vlans , Firewall , PPPoE server
The reason for L2 Bridged Vlans for PPPoE is because Mikrotik OSPF is not robust and was causing regular router lockups or router stuck in "init mode", even after numerous OSPF configuration modifications over a 5 year period the problem remains,

The CPU's were never running at 100% but yet a reboot solves the issue,

My opinion is that Mikrotik is very good at one function per router but activate extra functions and then reliability is reduced ,

My question is for opinions on using a hardware firewall before both of the CCR's ?

Re: How resilient is CCR1009

Posted: Thu Sep 19, 2019 4:15 pm
by muetzekoeln
It is very advisable to have each service (L2-switching, BRAS, firewalling, core-routing, edge-routing) on it's own (specialised) platform.
If you can afford it :-).

Re: How resilient is CCR1009

Posted: Thu Sep 19, 2019 4:33 pm
by paulct
It depends where this device is on your network. We have no issues with the following setup

building
ccr1009 (ospf, pppoe server, simple queues etc) + switches

>>fibre>>

Datacenter
Switch
CCR core (iBGP, OSPF etc)
CCR edge (ebgp, OSPF, simple firewall rules)
>>> peering internet

Re: How resilient is CCR1009

Posted: Thu Sep 19, 2019 4:52 pm
by chechito
It is very advisable to have each service (L2-switching, BRAS, firewalling, core-routing, edge-routing) on it's own (specialised) platform.
If you can afford it :-).


good advice

Re: How resilient is CCR1009

Posted: Thu Sep 19, 2019 4:52 pm
by chechito
ccr1009 very resilient, tested for years

most likely you have a configuration problem

RouterOS is very versatile platform that sometimes leads us to combine too many functionalities in the same box

Re: How resilient is CCR1009

Posted: Thu Sep 19, 2019 6:50 pm
by Gombeen666
Many thanks for the replies so far,

"...very advisable to have each service (L2-switching, BRAS, firewalling, core-routing, edge-routing) on it's own (specialised) platform."
Also forgot to mention BGP is also used

"...RouterOS is very versatile platform that sometimes leads us to combine too many functionalities in the same box"
I totally agree

For 800 clients can I ask what "....own (specialised) platform" is recommended

Re: How resilient is CCR1009

Posted: Thu Sep 19, 2019 7:10 pm
by pe1chl
It depends on what you combine and how heavily everything is loaded.
I run a CCR1009 for ~800 NAT clients plus BGP for a company VPN (*not* full internet routing tables but just some 25 routes and 8 endpoints), a number of VPN connections, and complicated firewall, and it runs just fine (2 250Mbps internet connections).
I would not pull in much more, e.g. L2 switching is better done by a dedicated switch, and when you want 800 PPPoE sessions that is probably done better on 1 or 2 separate boxes.
(but beware of having /32 routes for each session and updating them via auto-routing, that also causes issues)

Re: How resilient is CCR1009

Posted: Fri Sep 20, 2019 1:24 pm
by Gombeen666
(but beware of having /32 routes for each session and updating them via auto-routing, that also causes issues)
Could you explain a little more ?

Re: How resilient is CCR1009

Posted: Fri Sep 20, 2019 1:53 pm
by pe1chl
There is a MUM video presentation about this. I don't have the URL at hand but maybe others have.

Re: How resilient is CCR1009

Posted: Fri Sep 20, 2019 7:27 pm
by chechito