Good afternoon! Excuse me for the long foreword..

We use x86 the computer on the basе of CoreDuo, network
cards - Marvel 8056, Realtek 8169. We receive from two
uplink two complete BGP tables and one more cut down. About 80 Mbit of
traffic totally, 20-30 kpps. The system is installed on USB
FlashDrive. The problem consists that through casual time the computer
hangs up. Does not reboot, it is not switched off - also all simply
freezes. Helps only reset. At first suspected hardware failure - have
substituted completely the computer on another. Has not helped. Have
then thought on network cards - tried different combinations - that
result. With periodicity from three till 18 o'clock mikrotik hangs.
Have then thought that version 3.17 is unstable - have transferred
consistently on 3.13 then on 3.11 - the same result. Hangs not at
o'clock of maximum loading - during absolutely casual time. Hangs even
at night when under schedules was all about 10 Mbit of Traffic Tried
to disable-enаble multicore - has not helped. On the same computer has
been installed Mikrotik with SATA HDD a disk which without problems
worked with terminate PPPTP tunnels of users (nearby 400
simultaneously) without any problems earlier.
I'm install version 3.17 to new SATA Drive and buy new level 5 license,
disable one bgp uplink (only one work). After 36hours router freeze. ;-((

As has officially bought two licences Level 5 from the microtic - I have tried to address to the limited technical support on e-mail. Has sent the necessary information and files. But useful except "Try another network adapter Intel for example" or "Try to disable multi core support" (though I wrote that already tried it) I have not received ANYTHING

The more I experimented - the understood that a problem in the software instead of in the equipment more.

By analogy with Cisco I use for blocking and a traffic distribution of users dynamic access lists which are formed each five minutes by a following script:

/ip firewall address-list set [find list=block_ip] list=block_ip_old
/ip firewall address-list remove [find list=block_ip]
/tool fetch address=192.168.11.1 mode=ftp src-path =/iplistupdate.rsc user=mikrotik password=mikrotik3
:delay 2
/import iplistupdate.rsc
/ip firewall address-list remove [find list=block_ip_old]

Further the given traffic was marked with the help mangle rules and pointed in blackhole a route.

Flags: X - disabled, I - invalid, D - dynamic
0 X;;; mark from block-ip
chain=prerouting action=mark-routeing new-routeing-mark=blackhole
passthrough=yes src-address-list=block_ip

1 X chain=prerouting action=mark-routeing new-routeing-mark=blackhole
passthrough=yes src-address-list=block_ip_old

2 X;;; mark to block-ip
chain=prerouting action=mark-routeing new-routeing-mark=blackhole
passthrough=yes dst-address-list=block_ip

3 X chain=prerouting action=mark-routeing new-routeing-mark=blackhole
passthrough=yes dst-address-list=block_ip_old


Also it is necessary for me outgoing traffic of users from subnet y.y.y.y to point strictly through a certain router.
For this purpose I use a following rule:

6;;; mark from old-static-network
chain=prerouting action=mark-routeing new-routeing-mark=from_old
passthrough=yes src-address-list=old_netw dst-address-list =! dmz_zone
in-interface=ether1

When I have switched off these rules - the router has ceased to hang and works without problems a week. But the matter is that this is necessary for me functionality. I realised blocking through Firewall but what to do with routeing on a source I do not know.
Besides I in general am afraid to use now mangle prerouting rules as I do not wish to leave without the Internet some thousand users. I read a subject here at a forum in which was spoken that use L7 of filters in a combination with prerouting rules led similar lags and I consider that at a problem common roots.

I will be glad if here somebody can help me.
Excuse for English - it is translated by the translator.

I have certainly bought and I wait for delivery Intel <EXPI9404PT> PRO/1000 PT Quad Port as I was advised by Mikrotik technical support, but something prompts to me that it will not help me.

start graphing the memory usage so you can tell if its just running out of memory slowly. also disable all bios devices not in use; usb, floppy drive, ide controllers (secondary), audio, com ports, etc. also turn off plug and play in the bios.

This the first on what I have thought. I'm using two different motherboard, the first is disable all unused device and try different variant BIOS. I also tried various combinations network adapter (in different PCI slots). I constantly pool a router about quantity of used memory by means of SNMP - is almost constantly occupied about 250 Mb of memory and this value does not vary almost, even at the moment of freeze.

Hi, shouldn't the mangle rules have "passthrough=no"? It looks like your packets are getting through the complete chain. Can you explain in more detail on what you do? We've done policy based routing before where we had to market packets / connection through mangle then route them to different upstream providers, and have faced no problems whatsoever.

just trying to help you thru the situation, so if some of the ideas seem dumb we'll keep trying...

action=mark-routeing

Is the above true? I didn't think that action was valid since it's misspelled. Did you copy/paste or type that in ?

Also, if you left all rules in place, but skipped the actual 'fetch' command do you still have problems? I am kind of leaning towards a problem with that part of it - maybe it can't write the file or the disk is corrupted in that spot or something.

Also, how much logging do you have going on? I've seen routers lockup under bgp updates because system topic=bgp is turned on and it's too much to keep up with. Make sure any logging is set to a minimum, and try to use limit parameters on those that remain.

Also, hopefully you aren't polling routes via snmp or other script - or anything to do with how many routes. I've also seen querying via snmp something about the routing table and it really makes things busy.

What happens on the console of the router when it is locked up / crashed ? Does it reboot automatically or is there a kernel dump on the screen ?

I used to have this kind of problem. Receiving only default route from BGP peer will help.

All the month long continue attempts to reveal and and to eliminate this a problem. Now I can tell that a problem unambiguously in the software, not in the hardware(version mikrotik, Multicpu, ACPI, IRQ). I have installed on the separate computer syslog a server and have included the remote registration of events in a Mikrotik.
Here output of events in during those moments when a router hangs up:

Jan 26 08:21:15 192.168.2.14 system, info address list entry changed
Jan 26 08:21:16 192.168.2.14 last message repeated 1191 times
Jan 26 08:21:16 192.168.2.14 info fetch: file "iplistupdate.rsc" created
Jan 26 08:21:19 192.168.2.14 system, info address list entry added
Jan 26 08:21:19 192.168.2.14 last message repeated 1190 times
Jan 26 08:21:19 192.168.2.14 system, info address list entry removed
Jan 26 08:21:20 192.168.2.14 last message repeated 873 times
This normal script operation

Jan 26 08:26:15 192.168.2.14 system, info address list entry changed
Jan 26 08:26:16 192.168.2.14 last message repeated 877 times
Jan 26 08:26:16 192.168.2.14 info fetch: file "iplistupdate.rsc" created
Jan 26 08:26:19 192.168.2.14 system, info address list entry added
Jan 26 08:26:19 192.168.2.14 last message repeated 83 times
router freezing

Jan 28 20:13:18 192.168.2.14 system, info address list entry changed
Jan 28 20:13:19 192.168.2.14 last message repeated 790 times
Jan 28 20:13:24 192.168.2.14 info fetch: file "iplistupdate.rsc" created
Jan 28 20:13:27 192.168.2.14 system, info address list entry added
Jan 28 20:13:27 192.168.2.14 last message repeated 913 times
Jan 28 20:13:32 192.168.2.14 system, info address list entry removed
Jan 28 20:13:38 192.168.2.14 last message repeated 209 times
router freezing

And so on. Time in two-three days a router hangs up on script operation - and is is concrete on list removal-modification ip access-list. (The script works each 5 minutes).

Modification by a script ip the list a length nearby 1000-2000 seems to me that during passing of traffic and leads to any locking and as a result to Mikrotik freezing.

Hi,
Did this ultimately solve?

-Sudipta