To help you solve some of the most common RouterOS configuration issues, MikroTik has put together a list of the TOP 10 most underused and overused RouterOS features.
As we go through this list, you will:
- Better understand and diagnose most RouterOS configuration issues
- Learn the proper application of RouterOS features
- Discover the latest RouterOS versions and newest features
Let’s continue with entries 3 & 4:
3. “High CPU load on PPPoE server”
- 3000 pppoe-clients in 10.0.0.0/20 network.
- Connected via 172.16.x.0/24 networks to other PPPoE servers with 10.x.0.0/20 PPPoE client network.
- All PPPoE servers and gateway in the same backbone area with redistribute connected routes
/routing ospf network
add network=172.16.1.0/24 area=backbone
add network=10.0.0.0/20 area=backbone
Analysis of the problem
- CPU overload, PPPoE clients disconnect, clients can’t reach target speeds, sometimes can’t connect to the device.
- /tool profile shows “routing” process holding one CPU core 100% all the time, all other cores sometumes can also reach 100% with “ppp” and “networking” processes.
- OSPF is spammed with PPPoE client /32 route updates
OSPF and PPPoE
- All dynamic routing protocols (more precisely – routing table updates and protocol calculations) are limited to a single core.
- Every time a pppoe-client connects or disconnects it creates or deletes a /32 route. If that route is a part of an OSPF network, OSPF update is initiated.
- Every time a pppoe-client connects or disconnects pppoe-interface is added to or removed from OSPF interfaces, that also initiates OSPF update.
Passive OSPF interfaces and stub areas
- Stub areas allow to reduce the amount of routing information flooded into areas – external routes are not flooded into and throughout a stub area, default route is used.
- Area ranges are used to aggregate routing information on area boundaries, allows to create only one summary LSA for multiple routes and send only single advertisement into adjacent areas.
- Passive interface flag if enabled, excludes interface from OSPF protocol communication.
- /routing ospf area
add area-id=0.0.0.1 authentication=none name=pppoe1 type=stub
- /routing ospf network
add area=pppoe1 network=10.0.0.0/20
- /routing ospf area range
add advertise=yes area=pppoe1 range10.0.0.0/20
- /routing ospf interface
add interface=all passive=yes
4. “High CPU load on PPPoE server”
- 3000 pppoe-clients in 10.0.0.0/20 network
- Static public IP address on public interface
- Masquerade rule
- No other firewall
Analysis of the problem
- CPU overloaded, PPPoE clients disconnect, clients can’t reach target speeds, sometimes can’t connect to boards.
- /tool profile shows “firewall” process dominating CPU load
- Improper use of masquerade
- Firewall NAT action=masquerade is unique subversion of action=srcnat, it was designed for specific use in situations when public IP can randomly change – when public IP is dynamic.
- Every time an interface disconnects and/or its IP address changes, router will search and purges connection tracking from connections related to that interface, to improve recovery time.
- /ip firewall nat
add action=src-nat chain=srcnat out-interface=<Public> to-addresses=<Public_IP>