I'm testing RouterOS 7 on CCR2004 for our backbone. We are currently running some of our peering routers with RouterOS 6 on CCR2004 and are not really happy. Never get more than 300Mbit throughput when handling traffic that has to go to the outside while internal traffic (OSPF routes only) reaches near wirespeed. If it reaches that amount of traffic, packet loss is happening. Thought it might have something to do with bad BGP implemantation in RouteOS 6. So we decided to try v7 in a test setup.
We put a CCR2004 with RouterOS 7.2 at the edge of our network and integrated it in our OSPF/MPLS network. Which worked fine so far. After that we decided to build BGP sessions towards our route reflectors and one of our upstream providers. In this first test we do not announce any prefixes to upstream and route reflectors (output filters filter all prefixes). So the router does not attract any traffic.
It consumes 3x full bgp table (2x RR, 1x Upstream). The router reads those 2.4 million routes pretty fast and also installs them pretty fast. We expected high CPU load during this phase. But the load never really went down. It even got worser over time. Eventually it got that worse that even SNMP reads timed all out from our traffic monitoring.
Those 3 BGP full tables aren't static of course. They are real time live BGP feeds of the DFZ (Default Free Zone) with 5 to 20 updates per second. I've tried to play with affinity. All BGP processes in one process. All in main. One process per feed. No difference. Performance ist actually not present. It's just shit. The only traffic the router has to handle is OSPF/MPLS/BGP/Winbox/SNMP. If I disable all BGP sessions after a few minutes everything goes back to normal. But also of course all routes are gone.
The router used to have a v6 config which got upgraded and then tweaked to v7.
Also at the moment we are only analyzing IPv4. With also activated IPv6 BGP it got even worse.
Has anybody tried to achieve something similar? Any tipps and hints?
Here is the BGP part of the config:
Code: Select all
/routing bgp template
set default as=XXXXXX disabled=no input.affinity=instance output.affinity=instance \
.network=bgp-networks router-id=194.XXX.XXX.0 routing-table=main
/routing bgp connection
add address-families=ip as=XXXXXX cisco-vpls-nlri-len-fmt=auto-bits connect=yes \
disabled=yes input.affinity=instance listen=yes local.address=194.XXX.XXX.0 .role=\
ibgp name=NETZWERGE.RR01 output.affinity=instance .filter-chain=REJECT_ALL \
.network=bgp-networks remote.address=194.XXX.XXX.6/32 .as=XXXXXX .port=179 \
router-id=194.XXX.XXX.0 routing-table=main templates=default
add address-families=ip as=XXXXXX cisco-vpls-nlri-len-fmt=auto-bits connect=yes \
disabled=yes input.affinity=instance listen=yes local.address=194.XXX.XXX.0 .role=\
ibgp name=NETZWERGE.RR02 output.affinity=instance .filter-chain=REJECT_ALL \
.network=bgp-networks remote.address=194.XXX.XXX.7/32 .as=XXXXXX .port=179 \
router-id=194.XXX.XXX.0 routing-table=main templates=default
add address-families=ip as=XXXXXX cisco-vpls-nlri-len-fmt=auto-bits connect=yes \
disabled=yes listen=yes local.address=185.XXX.XXX.1 .role=ebgp name=AS-Upstream \
output.filter-chain=REJECT_ALL .network=bgp-networks remote.address=\
185.XXX.XXX.2/32 .as=YYYYYY .port=179 router-id=194.XXX.XXX.0 routing-table=main \
templates=default
/routing filter rule
add chain=REJECT_ALL disabled=no rule="reject;"