Its a known hardware issue with connection tracking enabled and hardware
offload. It has a hard limit to the number of connections it supports
that is pretty low. Its high enough you won't notice till you get
significant traffic, but low enough it is a common issue. The fix is to
turn off connection tracking I know this isn't the best solution, but
its the only one that works. This and the hardware availability of the
processor are the reason they are discontinued. The good news is that
moving over to the newer generation seems to resolve this, but comes
with a handful of version 7 quirks.
On 4/11/2023 5:55 PM, Alex Kessler wrote:
Been experiencing this bug for years while running NAT and connection
tracking. Rebooting every few months while running v6 latest. Does
v7 have any known fixes to resolve these watchdog reboots?
-----------------------------------------------------------------------------------
From: "Colin Stanners" < cstanners at gmail.com >
To: "af" < af at af.afmug.com >
Sent: Monday, December 21, 2020 12:59:09 AM
Subject: Re: [AFMUG] Mikrotik 1072 Frustrations
This last year, I've seen a MikroTik CCR1072 switch from long being
rock-solid to now having occasional random reboots (from watchdog) or
100% CPU usage, which strangles the BGP process. In the latter case,
tools->profile would show the firewall taking 100% of CPU, even after
temporarily disabling all firewall filter and NAT rules and connection
tracking. Not fun.
MT tech support did not seem super helpful or interested, mostly
recommending to disable watchdog (unacceptable on a production router)
or to upgrade firmware (without specifying the suspected cause of the
problem or nature of the fix).
Tried 1 update, that didn't seem to help, have now tried another...
On Sun, Dec 20, 2020, 11:38 PM Steven Kenney < steve at wavedirect.org
> wrote:
MIkrotik has been rock solid for me for years. Until this year and the
1072's. Random reboots set off by watchdog timer on all of my 1072's.
Some more than others. Threads in the forum all discuss the same
problem exactly. Its a connection tracking issue.. however I need
connection tracking on one particular router. I've adjusted everything
I could. Firmware and board firmware all up to date etc. Happens
randomly with low levels of traffic, high levels of traffic, sometimes
a couple times a day, sometimes weeks. No DDOS evidence at all from
upstream routers. Configs checked and rechecked by third party
experts. I graph everything about the Mikrotik and there are no clues
or anything abnormal happening before the crash. Plenty of memory,
disk space, CPU etc. Replaces all the trannies, power cables and such.
Not running BGP only OSPF on the one that is giving me the most trouble.
Even have a serial console cable plugged into them to my opengear and
set it to log pretty much everything to console including the kernel
and nothing. A hard freeze.
Then there is Mikrotik support... I've never needed their support
before until now. So I put a ticket in and the shitty attitude I'm
getting from them seems like they KNOW there is something wrong with
the hardware and they are intentionally not being helpful. It is
pretty clear to see with all the people reporting this issue that
there IS an issue.
If this is any indication of how things are going to go with Mikrotik
on the newer hardware going forware I think its time to jump to an
enterprise level system. Juniper most likely. Shame because they are
just about keeping up with the demands with their hardware. Getting
closer to 100Gbps etc and ROS7 ... but at their current pace I think
we've outgrew them.
All the threads discussing this issue has been absolutely quiet when
it comes to Mikrotik jumping in to mention or try to help
troubleshoot. I think they know they had bad hardware out there and do
not want to honor warranties. I've heard rumors of bad batches of 1072's.
Anyone else encounter this?
--
*Alex*
Alex Kessler/TECHNICAL OPERATIONS CENTER
*O (Ohio)*740.212.3773/*O (All other
markets)*888.966.5690/ 145 Columbus Rd, Athens, OH 45701
/point-broadband.com <https://point-broadband.com/>
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
