Page 1 of 1

RB1000 CPU problem

Posted: Wed Mar 24, 2010 6:06 pm
by m4rk0
Hello,

We have monthly at random time problems with RB1000...

CPU goes on 100% and RB1000 is unreachable after 30 mins or few hours RB1000 becomes normal CPU at about ~50% throughput is about 60Mbps...

I can't see anything in log... What should I do?

Re: RB1000 CPU problem

Posted: Thu Mar 25, 2010 11:59 am
by janisk
please check your configuration and look up posts here in forums or on wiki, what is best practices to do what you do. It looks like optimization problem to me since RB1000 can pass through 3.2Gbps and that is a lot bigger number than your 640Mbps.

Usual problem areas are - a lot of simple queues, firewall path not optimized.

Re: RB1000 CPU problem

Posted: Thu Mar 25, 2010 9:14 pm
by m4rk0
Hello janisk,

Our throughput is ~60Mbps at peak (not 640Mbps :D )...
And this problem happens in 15 days once... And we don't know what causes it or how does it stop, it just stop...

We have Queue Tree with 45 items...
Mangle 49 (marking http, smtp, ftp and other traffic)...
And 12 firewall rules (mainly blocking spam, and some scanners)...

When all this happens I disable all (mangle, queue, firewall) and nothing changes...

When I remove fibre-optic link (our gateway to world) from RB1000 everything comes fine... But after returning it problem come back and we can just wait...

Any other idea?

Re: RB1000 CPU problem

Posted: Fri Mar 26, 2010 12:39 pm
by janisk
make sure you are running latest version of RouterOS and create supout.rif file after or during the outage if possible and sent it to support@mikrotik.com

Re: RB1000 CPU problem

Posted: Wed Mar 31, 2010 12:29 pm
by roadrunner
When I remove fibre-optic link (our gateway to world) from RB1000 everything comes fine... But after returning it problem come back and we can just wait...
Perhaps a DDoS/DoS attack from your upstream link? It would need to be a large attack to max out the fast rb1000 CPU.

Re: RB1000 CPU problem

Posted: Thu Apr 01, 2010 3:45 pm
by hedele
The RB1000 sh*ts itself at 150kpps at the latest (routing+conntrack, some basic firewalling + ospf). that is not a large attack by any means.
Large attacks have around 500k to 1M packets per second :)

So in regards of DDoS, the RB1000 is not as robust as you would think.

Re: RB1000 CPU problem

Posted: Fri May 28, 2010 5:21 pm
by lavv17
RB1000 can pass through 3.2Gbps
I guess it is with a single ip route without connection tracking.

Here, with connection tracking, ip traffic-flow, 100 routes, bgp, ospf, no queues, single firewall line in input chain - it can barely cope with 60kpps and 300Mbps (in+out). After that cpu usage=100% and delay increases.

Re: RB1000 CPU problem

Posted: Sat May 29, 2010 5:56 pm
by meno
RB1000 can pass through 3.2Gbps
I guess it is with a single ip route without connection tracking.

Here, with connection tracking, ip traffic-flow, 100 routes, bgp, ospf, no queues, single firewall line in input chain - it can barely cope with 60kpps and 300Mbps (in+out). After that cpu usage=100% and delay increases.
yes Im agree with you so the RB1000 can passthrough "up to" 3.2Gbps in bridge mode with 1500byte size of packets

http://www.routerboard.com/pdf/routerbo ... tests.pdf[

Re: RB1000 CPU problem

Posted: Tue Jun 01, 2010 11:13 am
by janisk
you always can sit down and check confutation for possible optimizations. For example, firewall rules with largest packet count processed move to the top. Maybe it is worth to introduce some new chain for packet processing etc.

It seems like to much, but in the end it accumulates.

Re: RB1000 CPU problem

Posted: Wed Jun 02, 2010 6:17 pm
by Norman
We used RB1000 as our core router previously.
With standard configurations, efficient queues without conntracking off this router easily melts when facing small DDOS attacks.

We've not been able to duplicate the results of the Mikrotik performance brochures.

The RB1000 was used in a product environment with mixed packet sizes.
Even in a test-bed with dedicated systems behind it, the product was not up to the challenge.

Our peak periods used approx 700Mbit/s (mixed packet sizes, normal internet traffic with a mix of customers) and the RB1000 would fold easily behind the preassure.
The CPU would spike to 100% (as thread creator described) and get "stuck" even when traffic load decreased. Only a reboot of the RB1000 would solve this temporarily until it surfaced again.
We've tried different versions of RouterOS in the RB1000.

We replaced the RB1000 with a stock x86 Intel X3340 using the same configurations. It is able to stand the load without the "odd" CPU spikes and issues seen with RB1000. Due to the amount of people having similar problems as us, we can only conclude that the RB1000 has a common issue.
The uptime of this X86 system is roughly 192days now .
The RB1000 would at maximum have an uptime of maybe 30days before we had to reboot it.

We're reluctant in investing in the new RB1100 since according to the performance brochures its capacity is less than the RB1000.