Today i tried shifting clients from some other vendor NAS to ccr1009 with about 1200 users / 1G Traffic and the CPU went 100%. All it does is authentication + queue. NAT is done on other router behind this ccr1009.
Queue process takes about 45%-50% CPU
Firewall process takes about 25%-30% CPU
Networking process takes about 15%-20% CPU
Here is the output of Firewall.
Code: Select all
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A" list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/3 comment="MC, Class D, IANA" list=bogons
/ip firewall filter
add action=drop chain=pre-hs-input connection-limit=10,32 dst-port=64872-64875 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=4444 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=4444 protocol=udp
add action=drop chain=virus comment="Infected UDP Flood" dst-port=58092 protocol=udp
add action=drop chain=virus comment="Infected UDP Flood" dst-port=43701 protocol=udp
add action=drop chain=virus comment="Infected UDP Flood" dst-port=54652 protocol=udp
add action=jump chain=forward comment="jump to the virus chain" jump-target=virus
add action=drop chain=input comment="Drop Invalid connections" connection-state=invalid
add action=accept chain=input comment="Allow Established connections" connection-state=established
add action=accept chain=input comment="Accept Related connections" connection-state=related
add action=drop chain=forward comment="Drop Invalid connections" connection-state=invalid
add action=accept chain=forward comment="allow already established connections" connection-state=established
add action=accept chain=forward comment="allow related connections" connection-state=related
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes