Hi all,
I've discovered a strange random packet loss spikes on my CCR1009-7G-1C. When connecting the same ISP cable directly to PC and ping 8.8.8.8, there is a stable ping and stable milliseconds characteristic. So no cable issue there. When I connect the same cable to my mikrotik, all ethernet-connected hosts sometimes lose 1-10 ping packages in a row randomly.
What I tried to do:
- ping from miktorik via ping tool - same behavior
- tried another more close resource to ping - same behavior
- enabled TX/RX flow control on my ISP mikrotik port (eth1) - no difference
- changed eth1 queue type from only-hardware-queue to pcq-download-default - no difference
- forcefully set up 100Mbps full duplex mode for eth1 - no difference.
CPU usage is less than 10% all the time.
Does anybody know what else in the Mikrotik may cause such an issue, whereas when ISP cable is connected directly to PC where are no problems with packet loss?
Re: Weird packet loss on CCR1009-7G-1C
Without configuration, impossible to guess well. My first guess would be an ambiguous addressing setup or ARP issues.
/export hide-sensitive file=whatever
Post contents of whatever.rsc here.
/export hide-sensitive file=whatever
Post contents of whatever.rsc here.
Re: Weird packet loss on CCR1009-7G-1C
@macsrwe please
Code: Select all
# mar/31/2020 16:43:01 by RouterOS 6.46.1
# software id = 47F2-FCLT
#
# model = CCR1009-7G-1C
# serial number = 94C40B1BF92C
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-full,1000M-full arp=proxy-arp \
auto-negotiation=no loop-protect=off rx-flow-control=on speed=100Mbps \
tx-flow-control=on
set [ find default-name=ether2 ] advertise=\
1000M-full,2500M-full,5000M-full,10000M-full arp=proxy-arp \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] arp=proxy-arp
set [ find default-name=ether4 ] arp=proxy-arp
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec peer
add name=l2tpserver passive=yes send-initial-contact=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 enc-algorithms=\
aes-256-cbc,aes-256-ctr,aes-256-gcm,3des
/ip pool
add comment="Pool for Server network" name=server-net-pool ranges=\
192.168.8.2-192.168.8.199
add comment="Pool for Smart Home network" name=smart-home-net-pool ranges=\
192.168.10.2-192.168.10.199
add comment="Pool for Main network" name=main-net-pool ranges=\
192.168.11.2-192.168.11.199
add comment="Pool for VPN clients" name=vpn-pool ranges=\
192.168.8.200-192.168.8.250
/ip dhcp-server
add address-pool=server-net-pool authoritative=after-2sec-delay disabled=no \
interface=ether2 lease-time=1w1d name=server-net-dhcp
add address-pool=smart-home-net-pool authoritative=after-2sec-delay disabled=\
no interface=ether4 lease-time=1w1d name=smart-home-net-dhcp
add address-pool=main-net-pool authoritative=after-2sec-delay disabled=no \
interface=ether3 lease-time=1w1d name=main-net-dhcp
/ppp profile
add local-address=vpn-pool name=ipsec_vpn remote-address=vpn-pool
/queue interface
set ether1 queue=pcq-download-default
set ether2 queue=pcq-download-default
set ether3 queue=pcq-download-default
set ether4 queue=pcq-download-default
/ip neighbor discovery-settings
set discover-interface-list=none
/interface detect-internet
set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface l2tp-server server
set allow-fast-path=yes authentication=mschap1,mschap2 default-profile=\
ipsec_vpn enabled=yes
/interface list member
add comment="SkyNet (Home WAN)" interface=ether1 list=WAN
add comment="Server LAN" interface=ether2 list=LAN
add comment="Main LAN" interface=ether3 list=LAN
add comment="Smart Home LAN" interface=ether4 list=LAN
/ip address
add address=192.168.8.1/24 comment="Route to Server network" interface=ether2 \
network=192.168.8.0
add address=192.168.11.1/24 comment="Route to Main network" interface=ether3 \
network=192.168.11.0
add address=192.168.10.1/24 comment="Route to Smart Home network" interface=\
ether4 network=192.168.10.0
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.11.11 client-id=1:66:66:66:66:66:66 mac-address=\
66:66:66:66:66:66 server=main-net-dhcp
add address=192.168.10.10 client-id=1:74:4d:28:7d:6a:15 mac-address=\
74:4D:28:7D:6A:15 server=smart-home-net-dhcp
add address=192.168.8.8 client-id=1:74:4d:28:f8:95:f8 mac-address=\
74:4D:28:F8:95:F8 server=server-net-dhcp
/ip dhcp-server network
add address=192.168.8.0/24 comment="Server network" dns-server=\
8.8.8.8,8.8.4.4 gateway=192.168.8.1 netmask=24
add address=192.168.10.0/24 comment="Smart Home network" dns-server=\
8.8.8.8,8.8.4.4 gateway=192.168.10.1 netmask=24
add address=192.168.11.0/24 comment="Main network" dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.11.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=add-src-to-address-list address-list=perebor_portov_drop \
address-list-timeout=30m chain=input comment=Perebor_portov_add_list \
dst-port=98 in-interface=ether1 log=yes log-prefix=Attack protocol=tcp
add action=drop chain=input comment=Perebor_portov_list_drop dst-port=80 \
in-interface=ether1 protocol=tcp src-address-list=perebor_portov_drop
add action=accept chain=input comment="Allow limited pings" in-interface=\
ether1 limit=50/5s,2:packet protocol=icmp
add action=drop chain=input comment="Excessive Pings Drop" in-interface=\
ether1 log=yes log-prefix="drop excessive pings" protocol=icmp
add action=add-dst-to-address-list address-list=connection-limit \
address-list-timeout=1d chain=input comment=Connection_limit \
connection-limit=200,32 in-interface=ether1 log=yes protocol=tcp
add action=drop chain=input comment=Adr_list_connection-limit_drop \
in-interface=ether1 log=yes log-prefix="connection limit" \
src-address-list=connection-limit
add action=drop chain=input comment=Port_scanner_drop src-address-list=\
"port scanners"
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface=ether1 log=yes protocol=\
tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface=ether1 log=yes protocol=\
tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface=ether1 log=yes protocol=\
tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface=ether1 log=yes protocol=\
tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface=ether1 log=yes protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface=ether1 log=yes protocol=\
tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface=ether1 log=yes protocol=\
tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input comment="accept ICMP" disabled=yes protocol=\
icmp
add action=accept chain=input comment="accept L2TP IPSec VPN" port=\
1701,500,4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=drop chain=input comment="drop all from WAN" in-interface=ether1 \
log-prefix="warn block"
add action=accept chain=input comment="accept established,related" \
connection-state=established,related
add action=fasttrack-connection chain=forward comment=\
"fasttrtack everything except VPN" connection-mark=!ipsec \
connection-state=established,related
add action=fasttrack-connection chain=forward comment=fasttrack \
connection-state=established,related disabled=yes
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface=ether1
/ip firewall mangle
add action=mark-connection chain=forward comment=\
"mark ipsec connections to exclude them from fasttrack" ipsec-policy=\
out,ipsec new-connection-mark=ipsec
add action=mark-connection chain=forward comment=\
"mark ipsec connections to exclude them from fasttrack" ipsec-policy=\
in,ipsec new-connection-mark=ipsec
/ip firewall nat
add action=dst-nat chain=dstnat comment="port forwarding SSH" dst-port=65022 \
in-interface=ether1 protocol=tcp to-addresses=192.168.88.88 to-ports=22
add action=dst-nat chain=dstnat comment="port forwarding MongoDB" dst-port=\
65017 in-interface=ether1 protocol=tcp to-addresses=192.168.88.88 \
to-ports=65017
add action=masquerade chain=srcnat comment="WAN NAT" out-interface-list=WAN
add action=dst-nat chain=dstnat comment="hairpin NAT SSH" dst-address=\
94.19.177.63 dst-port=65022 protocol=tcp src-address=192.168.0.0/16 \
to-addresses=192.168.88.88 to-ports=22
add action=dst-nat chain=dstnat comment="hairpin NAT MongoDB" dst-address=\
94.19.177.63 dst-port=65017 protocol=tcp src-address=192.168.0.0/16 \
to-addresses=192.168.88.88 to-ports=65017
add action=masquerade chain=srcnat comment="hairpin NAT" dst-address=\
192.168.0.0/16 src-address=192.168.0.0/16
/ip ipsec identity
add generate-policy=port-override peer=l2tpserver
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
/ip ssh
set strong-crypto=yes
/ip traffic-flow
set enabled=yes
/ppp secret
add name=trofiv profile=ipsec_vpn service=l2tp
add name=mitrofiv profile=ipsec_vpn service=l2tp
/routing rip interface
add interface=ether2 receive=v2
add interface=ether3 receive=v2
add interface=ether4 receive=v2
/routing rip network
add network=192.168.10.0/24
add network=192.168.11.0/24
add network=192.168.8.0/24
/system clock
set time-zone-autodetect=no time-zone-name=Etc/UTC
/system identity
set name=TrofivCloud
/system ntp client
set enabled=yes primary-ntp=85.21.78.91 secondary-ntp=37.193.156.169
/tool bandwidth-server
set enabled=no
/tool graphing interface
add interface=ether1
add interface=ether2
add interface=ether3
add interface=ether4
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
Re: Weird packet loss on CCR1009-7G-1C
Why setting arp=proxy-arp on ether ports?
Re: Weird packet loss on CCR1009-7G-1C
In order to make all connected network resources accessible to VPN clients
Re: Weird packet loss on CCR1009-7G-1C
I don't think you need that setting on WAN interface (ether1).
Re: Weird packet loss on CCR1009-7G-1C
Tried to change it to "enable", no difference
Re: Weird packet loss on CCR1009-7G-1C [SOLVED]
Quick update:
I examined high RX code errors and TX collisions. With half duplex mode packet loss was close to 0, but overall speed decreased nearly twice. Looks like I fixed my issue with switching my WAN port from ether1 to ether7. Also I configured all my firewall rules and etc. to use interface list WAN instead of direct ether1 interface binding. After all, I set up SFQ instead of PCQ for my WAN port.
Does anybody know why a single port may cause such a huge error rate?
My new config:
I examined high RX code errors and TX collisions. With half duplex mode packet loss was close to 0, but overall speed decreased nearly twice. Looks like I fixed my issue with switching my WAN port from ether1 to ether7. Also I configured all my firewall rules and etc. to use interface list WAN instead of direct ether1 interface binding. After all, I set up SFQ instead of PCQ for my WAN port.
Does anybody know why a single port may cause such a huge error rate?
My new config:
Code: Select all
# apr/01/2020 00:13:42 by RouterOS 6.46.1
# software id = 47F2-FCLT
#
# model = CCR1009-7G-1C
# serial number = 94C40B1BF92C
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-full,1000M-full arp=proxy-arp \
auto-negotiation=no full-duplex=no loop-protect=off rx-flow-control=on \
speed=100Mbps tx-flow-control=on
set [ find default-name=ether2 ] advertise=\
1000M-full,2500M-full,5000M-full,10000M-full arp=proxy-arp \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] arp=proxy-arp
set [ find default-name=ether4 ] arp=proxy-arp
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec peer
add name=l2tpserver passive=yes send-initial-contact=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 enc-algorithms=\
aes-256-cbc,aes-256-ctr,aes-256-gcm,3des
/ip pool
add comment="Pool for Server network" name=server-net-pool ranges=\
192.168.8.2-192.168.8.199
add comment="Pool for Smart Home network" name=smart-home-net-pool ranges=\
192.168.10.2-192.168.10.199
add comment="Pool for Main network" name=main-net-pool ranges=\
192.168.11.2-192.168.11.199
add comment="Pool for VPN clients" name=vpn-pool ranges=\
192.168.8.200-192.168.8.250
/ip dhcp-server
add address-pool=server-net-pool authoritative=after-2sec-delay disabled=no \
interface=ether2 lease-time=1w1d name=server-net-dhcp
add address-pool=smart-home-net-pool authoritative=after-2sec-delay disabled=\
no interface=ether4 lease-time=1w1d name=smart-home-net-dhcp
add address-pool=main-net-pool authoritative=after-2sec-delay disabled=no \
interface=ether3 lease-time=1w1d name=main-net-dhcp
/ppp profile
add local-address=vpn-pool name=ipsec_vpn remote-address=vpn-pool
/queue interface
set ether1 queue=pcq-download-default
set ether2 queue=pcq-download-default
set ether3 queue=pcq-download-default
set ether4 queue=pcq-download-default
set ether7 queue=hotspot-default
/ip neighbor discovery-settings
set discover-interface-list=none
/interface detect-internet
set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface l2tp-server server
set allow-fast-path=yes authentication=mschap1,mschap2 default-profile=\
ipsec_vpn enabled=yes
/interface list member
add comment="SkyNet (Home WAN)" interface=ether7 list=WAN
add comment="Server LAN" interface=ether2 list=LAN
add comment="Main LAN" interface=ether3 list=LAN
add comment="Smart Home LAN" interface=ether4 list=LAN
/ip address
add address=192.168.8.1/24 comment="Route to Server network" interface=ether2 \
network=192.168.8.0
add address=192.168.11.1/24 comment="Route to Main network" interface=ether3 \
network=192.168.11.0
add address=192.168.10.1/24 comment="Route to Smart Home network" interface=\
ether4 network=192.168.10.0
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=ether7
/ip dhcp-server lease
add address=192.168.11.11 client-id=1:66:66:66:66:66:66 mac-address=\
66:66:66:66:66:66 server=main-net-dhcp
add address=192.168.10.10 client-id=1:74:4d:28:7d:6a:15 mac-address=\
74:4D:28:7D:6A:15 server=smart-home-net-dhcp
add address=192.168.8.8 client-id=1:74:4d:28:f8:95:f8 mac-address=\
74:4D:28:F8:95:F8 server=server-net-dhcp
/ip dhcp-server network
add address=192.168.8.0/24 comment="Server network" dns-server=\
8.8.8.8,8.8.4.4 gateway=192.168.8.1 netmask=24
add address=192.168.10.0/24 comment="Smart Home network" dns-server=\
8.8.8.8,8.8.4.4 gateway=192.168.10.1 netmask=24
add address=192.168.11.0/24 comment="Main network" dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.11.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=add-src-to-address-list address-list=perebor_portov_drop \
address-list-timeout=30m chain=input comment=Perebor_portov_add_list \
dst-port=98 in-interface-list=WAN log=yes log-prefix=Attack protocol=tcp
add action=drop chain=input comment=Perebor_portov_list_drop dst-port=80 \
in-interface-list=WAN protocol=tcp src-address-list=perebor_portov_drop
add action=accept chain=input comment="Allow limited pings" \
in-interface-list=WAN limit=50/5s,2:packet protocol=icmp
add action=drop chain=input comment="Excessive Pings Drop" in-interface-list=\
WAN log=yes log-prefix="drop excessive pings" protocol=icmp
add action=add-dst-to-address-list address-list=connection-limit \
address-list-timeout=1d chain=input comment=Connection_limit \
connection-limit=200,32 in-interface-list=WAN log=yes protocol=tcp
add action=drop chain=input comment=Adr_list_connection-limit_drop \
in-interface-list=WAN log=yes log-prefix="connection limit" \
src-address-list=connection-limit
add action=drop chain=input comment=Port_scanner_drop src-address-list=\
"port scanners"
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface-list=WAN log=yes \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface-list=WAN log=yes \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface-list=WAN log=yes \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface-list=WAN log=yes \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface-list=WAN log=yes \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface-list=WAN log=yes \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input in-interface-list=WAN log=yes \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input comment="accept ICMP" disabled=yes protocol=\
icmp
add action=accept chain=input comment="accept L2TP IPSec VPN" port=\
1701,500,4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=drop chain=input comment="drop all from WAN" in-interface-list=WAN \
log-prefix="warn block"
add action=accept chain=input comment="accept established,related" \
connection-state=established,related
add action=fasttrack-connection chain=forward comment=\
"fasttrtack everything except VPN" connection-mark=!ipsec \
connection-state=established,related
add action=fasttrack-connection chain=forward comment=fasttrack \
connection-state=established,related disabled=yes
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=forward comment=\
"mark ipsec connections to exclude them from fasttrack" ipsec-policy=\
out,ipsec new-connection-mark=ipsec
add action=mark-connection chain=forward comment=\
"mark ipsec connections to exclude them from fasttrack" ipsec-policy=\
in,ipsec new-connection-mark=ipsec
/ip firewall nat
add action=dst-nat chain=dstnat comment="port forwarding SSH" dst-port=65022 \
in-interface-list=WAN protocol=tcp to-addresses=192.168.88.88 to-ports=22
add action=dst-nat chain=dstnat comment="port forwarding MongoDB" dst-port=\
65017 in-interface-list=WAN protocol=tcp to-addresses=192.168.88.88 \
to-ports=65017
add action=masquerade chain=srcnat comment="WAN NAT" out-interface-list=WAN
add action=dst-nat chain=dstnat comment="hairpin NAT SSH" dst-address=\
94.19.177.63 dst-port=65022 protocol=tcp src-address=192.168.0.0/16 \
to-addresses=192.168.88.88 to-ports=22
add action=dst-nat chain=dstnat comment="hairpin NAT MongoDB" dst-address=\
94.19.177.63 dst-port=65017 protocol=tcp src-address=192.168.0.0/16 \
to-addresses=192.168.88.88 to-ports=65017
add action=masquerade chain=srcnat comment="hairpin NAT" dst-address=\
192.168.0.0/16 src-address=192.168.0.0/16
/ip ipsec identity
add generate-policy=port-override peer=l2tpserver
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
/ip ssh
set strong-crypto=yes
/ip traffic-flow
set enabled=yes
/ppp secret
add name=trofiv profile=ipsec_vpn service=l2tp
add name=mitrofiv profile=ipsec_vpn service=l2tp
/routing rip interface
add interface=ether2 receive=v2
add interface=ether3 receive=v2
add interface=ether4 receive=v2
/routing rip network
add network=192.168.10.0/24
add network=192.168.11.0/24
add network=192.168.8.0/24
/system clock
set time-zone-autodetect=no time-zone-name=Etc/UTC
/system identity
set name=TrofivCloud
/system ntp client
set enabled=yes primary-ntp=85.21.78.91 secondary-ntp=37.193.156.169
/tool bandwidth-server
set enabled=no
/tool graphing interface
add interface=ether1
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6
add interface=ether7
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
Re: Weird packet loss on CCR1009-7G-1C
I cannot seem to find any /ip route anywhere. That would be a major omission.
Re: Weird packet loss on CCR1009-7G-1C
Basically I have dynamic routing via RIPI cannot seem to find any /ip route anywhere. That would be a major omission.
Could you please tell me me more about your concerns?
Re: Weird packet loss on CCR1009-7G-1C
You should at least have a default 0.0.0.0/0 route defined in /ip route, preferably also a small number of dependable static routes. One of your complaints was that you would lose some number of pings before establishing good traffic, that is a common symptom of having 100% dynamic routing. OSPF &c are not instantaneous.
-
-
maxwilloweb
just joined
- Posts: 2
- Joined:
Re: Weird packet loss on CCR1009-7G-1C
Hi, I had a similar issue with very high packet loss occurring randomly after replacing a Cisco 3560G that was acting as L2 switch and Inter-vlan router with SVI with a CCR1009-7G-1C.
I had the main uplink set on Ethernet1 and all the other downlinks on all the other Ethernet ports from 2 to 6.
I started doing some data gathering on interface stats, cpu load, uplink and downlinks, ran a series of parallel MTRs on different IP destination on the path to and through the CCR and the packet loss kept pointing to the CCR itself.
I read this thread and then decided to switch the uplink port from Ethernet1 to Ethernet7. Packet loss has been absent for the past 24hrs.
Question for Mikrotik, are the Ethernet ports ALL on the same ASIC? I can't quite understand the problem with Ethernet1 if there's one.
Thank you
I had the main uplink set on Ethernet1 and all the other downlinks on all the other Ethernet ports from 2 to 6.
I started doing some data gathering on interface stats, cpu load, uplink and downlinks, ran a series of parallel MTRs on different IP destination on the path to and through the CCR and the packet loss kept pointing to the CCR itself.
I read this thread and then decided to switch the uplink port from Ethernet1 to Ethernet7. Packet loss has been absent for the past 24hrs.
Question for Mikrotik, are the Ethernet ports ALL on the same ASIC? I can't quite understand the problem with Ethernet1 if there's one.
Thank you
Who is online
Users browsing this forum: Google [Bot] and 165 guests