Community discussions

MUM Europe 2020
just joined
Topic Author
Posts: 15
Joined: Thu Jul 08, 2010 1:26 am

very slow RB1100AHx2

Sun Apr 01, 2012 7:24 pm

50k pps
cpu load 80+%!

Where from queuing 21.7%?
Where from firewall 25.7%?

[dobrofenix@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; ddos protect
chain=forward action=jump jump-target=detect-ddos connection-state=new

1 chain=detect-ddos action=return dst-limit=32,32,src-and-dst-addresses/10s

2 chain=detect-ddos action=add-dst-to-address-list address-list=ddosed

3 chain=detect-ddos action=add-src-to-address-list address-list=ddoser

4 chain=forward action=drop connection-state=new src-address-list=ddoser

5 ;;; SYN Flood protect
chain=forward action=jump jump-target=SYN-Protect tcp-flags=syn
connection-state=new protocol=tcp

6 chain=SYN-Protect action=accept tcp-flags=syn connection-state=new
protocol=tcp limit=100,5

7 chain=SYN-Protect action=drop tcp-flags=syn connection-state=new

8 ;;; limit
chain=input action=add-src-to-address-list protocol=tcp
address-list=blocked-addr address-list-timeout=1d connection-limit=25,32

9 chain=input action=tarpit protocol=tcp src-address-list=blocked-addr

10 ;;; Port scanners to list
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1
address-list=port scanners address-list-timeout=2d

11 ;;; NMAP FIN Stealth scan
chain=input action=add-src-to-address-list
tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
address-list=port scanners address-list-timeout=2w

12 ;;; SYN/FIN scan
chain=input action=add-src-to-address-list tcp-flags=fin,syn
protocol=tcp address-list=port scanners address-list-timeout=2w

13 ;;; SYN/RST scan
chain=input action=add-src-to-address-list tcp-flags=syn,rst
protocol=tcp address-list=port scanners address-list-timeout=2d

14 ;;; FIN/PSH/URG scan
chain=input action=add-src-to-address-list
tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp
address-list=port scanners address-list-timeout=2w

15 ;;; ALL/ALL scan
chain=input action=add-src-to-address-list
tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp
address-list=port scanners address-list-timeout=2w

16 ;;; NMAP NULL scan
chain=input action=add-src-to-address-list
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
address-list=port scanners address-list-timeout=2w

17 ;;; dropping port scanners
chain=input action=drop src-address-list=port scanners

18 ;;; Drop 80 DoS attack
chain=virus action=drop protocol=tcp src-address-list=spammer
connection-limit=4,32 limit=4,5

19 ;;; Drop 80 DoS attack
chain=virus action=add-src-to-address-list protocol=tcp
src-address-list=!smtpOK address-list=spammer address-list-timeout=2d
connection-limit=5,32 limit=5,5

20 chain=forward action=drop protocol=udp src-address=

21 chain=forward action=drop protocol=udp src-address=

22 chain=forward action=drop src-address=

23 chain=forward action=drop protocol=udp dst-port=27001

24 chain=forward action=accept
[dobrofenix@MikroTik] > queue simple print det
Flags: X - disabled, I - invalid, D - dynamic 
You do not have the required permissions to view the files attached to this post.
User avatar
Posts: 1122
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: very slow RB1100AHx2

Fri Apr 06, 2012 9:50 pm

What ROS version and what Firmware version?
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
just joined
Topic Author
Posts: 15
Joined: Thu Jul 08, 2010 1:26 am

Re: very slow RB1100AHx2

Mon Apr 09, 2012 12:27 pm


> system routerboard print
routerboard: yes
model: 1100AHx2
serial-number: 319E0147BFB1
current-firmware: 2.39
upgrade-firmware: 2.39
just joined
Posts: 23
Joined: Thu Apr 12, 2012 3:58 pm

Re: very slow RB1100AHx2

Thu Apr 12, 2012 4:40 pm

any update of the case ??

I plan to buy the RB1100AHx2, this post make me hesitate to buy..........
just joined
Posts: 4
Joined: Mon Feb 15, 2010 4:16 am
Location: Pinal County, AZ

Re: very slow RB1100AHx2

Tue Apr 17, 2012 12:53 am

We just placed 3 RB1100AHx2,s running 5.14 on our fiber based core LAN (with 10/100/1000 media converters in front of each) and then to a 4th x2 running 5.14 as the core router on a gigabit Metro Optical Ethernet circuit (200mbps active). COre router to an x2 at the other end of the MOE get's 199mbps. Any of the 3 x2 thru the core to the other side also 199mbps.

The 3 x2 are doing simple masquerade of to the public IP on the default route. 450gs through out our network CANNOT do a UDP bandwidth test to the core x2. Result is zero. Existing Aastra 6730; VOIP phones will not place outgoing calls through the x2's doing NAT. Grandstream ATAs will not register on ports 500/5061. Change ports to 5012 and they register.

Further, customer speed tests to the distant side of the MOE yield terribly slow results.

We replaced one x2 with a 450g running 5.14 and everything that was broken is fixed. We are now going to replace the other two x2's that are natting with 450Gs running 5.14 to see what happens...

Is ANYBODY else having issues with the x2's at 5.14????
User avatar
Posts: 473
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ

Re: very slow RB1100AHx2

Tue Apr 17, 2012 9:13 am

Working fine here. I have six deployed so far.

Who is online

Users browsing this forum: No registered users and 18 guests