TOP 10: Most underused and overused RouterOS features

TOP 10: Most underused and overused RouterOS features

To help you solve some of the most common RouterOS configuration issues, MikroTik has put together a list of the TOP 10 most underused and overused RouterOS features.

As we go through this list, you will:

  • Better understand and diagnose most RouterOS configuration issues
  • Learn the proper application of RouterOS features
  • Discover the latest RouterOS versions and newest features

Last week we covered the Top 2 RouterOS issues sent to support@mikrotik.com (Click here to recap)

Let’s continue with entries 3 & 4:

 

3. “High CPU load on PPPoE server”

  • 3000 pppoe-clients in 10.0.0.0/20 network.
  • Connected via 172.16.x.0/24 networks to other PPPoE servers with 10.x.0.0/20 PPPoE client network.
  • All PPPoE servers and gateway in the same backbone area with redistribute connected routes

/routing ospf network

add network=172.16.1.0/24 area=backbone

add network=10.0.0.0/20 area=backbone

WRONG!!!

 

Analysis of the problem

  • Problem:
    • CPU overload, PPPoE clients disconnect, clients can’t reach target speeds, sometimes can’t connect to the device.
  • Diagnosis:
    • /tool profile shows “routing” process holding one CPU core 100% all the time, all other cores sometumes can also reach 100% with “ppp” and “networking” processes.
  • Reason:
    • OSPF is spammed with PPPoE client /32 route updates

 

OSPF and PPPoE

  • All dynamic routing protocols (more precisely – routing table updates and protocol calculations) are limited to a single core.
  • Every time a pppoe-client connects or disconnects it creates or deletes a /32 route. If that route is a part of an OSPF network, OSPF update is initiated.
  • Every time a pppoe-client connects or disconnects pppoe-interface is added to or removed from OSPF interfaces, that also initiates OSPF update.

 

Passive OSPF interfaces and stub areas

  • Stub areas allow to reduce the amount of routing information flooded into areas – external routes are not flooded into and throughout a stub area, default route is used.
  • Area ranges are used to aggregate routing information on area boundaries, allows to create only one summary LSA for multiple routes and send only single advertisement into adjacent areas.
  • Passive interface flag if enabled, excludes interface from OSPF protocol communication.

Correct implementation

  • /routing ospf area

add area-id=0.0.0.1 authentication=none name=pppoe1 type=stub

  • /routing ospf network

add area=pppoe1 network=10.0.0.0/20

  • /routing ospf area range

add advertise=yes area=pppoe1 range10.0.0.0/20

  • /routing ospf interface

add interface=all passive=yes

4. “High CPU load on PPPoE server”

  • 3000 pppoe-clients in 10.0.0.0/20 network
  • Static public IP address on public interface
  • Masquerade rule
  • No other firewall

WRONG!!!

 

Analysis of the problem

  • Problem:
    • CPU overloaded, PPPoE clients disconnect, clients can’t reach target speeds, sometimes can’t connect to boards.
  • Diagnosis:
    • /tool profile shows “firewall” process dominating CPU load
  • Reason:
    • Improper use of masquerade

Masquerade

  • Firewall NAT action=masquerade is unique subversion of action=srcnat, it was designed for specific use in situations when public IP can randomly change – when public IP is dynamic.
  • Every time an interface disconnects and/or its IP address changes, router will search and purges connection tracking from connections related to that interface, to improve recovery time.

Correct implementation

  • /ip firewall nat

add action=src-nat chain=srcnat out-interface=<Public> to-addresses=<Public_IP>

 

 

Next week we look at the TOP 5 & 6 of the most underused and overused RouterOS features.