Input firewall seems to be the right answer. Not updating. On Tue, Apr 11, 2023 at 6:59 PM Alex Kessler <akess...@intelliwave.com> wrote:
> Been experiencing this bug for years while running NAT and connection > tracking. Rebooting every few months while running v6 latest. Does v7 > have any known fixes to resolve these watchdog reboots? > > > > > > > ----------------------------------------------------------------------------------- > > > > > From: "Colin Stanners" < cstanners at gmail.com > > To: "af" < af at af.afmug.com > > Sent: Monday, December 21, 2020 12:59:09 AM > Subject: Re: [AFMUG] Mikrotik 1072 Frustrations > > This last year, I've seen a MikroTik CCR1072 switch from long being > rock-solid to now having occasional random reboots (from watchdog) or 100% > CPU usage, which strangles the BGP process. In the latter case, > tools->profile would show the firewall taking 100% of CPU, even after > temporarily disabling all firewall filter and NAT rules and connection > tracking. Not fun. > > MT tech support did not seem super helpful or interested, mostly > recommending to disable watchdog (unacceptable on a production router) or > to upgrade firmware (without specifying the suspected cause of the problem > or nature of the fix). > > Tried 1 update, that didn't seem to help, have now tried another... > > On Sun, Dec 20, 2020, 11:38 PM Steven Kenney < steve at wavedirect.org > > wrote: > MIkrotik has been rock solid for me for years. Until this year and the > 1072's. Random reboots set off by watchdog timer on all of my 1072's. Some > more than others. Threads in the forum all discuss the same problem > exactly. Its a connection tracking issue.. however I need connection > tracking on one particular router. I've adjusted everything I could. > Firmware and board firmware all up to date etc. Happens randomly with low > levels of traffic, high levels of traffic, sometimes a couple times a day, > sometimes weeks. No DDOS evidence at all from upstream routers. Configs > checked and rechecked by third party experts. I graph everything about the > Mikrotik and there are no clues or anything abnormal happening before the > crash. Plenty of memory, disk space, CPU etc. Replaces all the trannies, > power cables and such. Not running BGP only OSPF on the one that is giving > me the most trouble. > > Even have a serial console cable plugged into them to my opengear and set > it to log pretty much everything to console including the kernel and > nothing. A hard freeze. > > Then there is Mikrotik support... I've never needed their support before > until now. So I put a ticket in and the shitty attitude I'm getting from > them seems like they KNOW there is something wrong with the hardware and > they are intentionally not being helpful. It is pretty clear to see with > all the people reporting this issue that there IS an issue. > > If this is any indication of how things are going to go with Mikrotik on > the newer hardware going forware I think its time to jump to an enterprise > level system. Juniper most likely. Shame because they are just about > keeping up with the demands with their hardware. Getting closer to 100Gbps > etc and ROS7 ... but at their current pace I think we've outgrew them. > > All the threads discussing this issue has been absolutely quiet when it > comes to Mikrotik jumping in to mention or try to help troubleshoot. I > think they know they had bad hardware out there and do not want to honor > warranties. I've heard rumors of bad batches of 1072's. > > Anyone else encounter this? > > > -- > > *Alex* > Alex Kessler / TECHNICAL OPERATIONS CENTER > *O (Ohio)* 740.212.3773 / *O (All other markets)* 888.966.5690 / 145 Columbus > Rd, Athens, OH 45701 / point-broadband.com > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
