Exactly this below. We used 1072 units as core Edge/BGP and OSPF/MPLS only, no connection tracking.
We upgraded from 1072 to 2116 units v7 on all edge units and 2004 v7 on all core units and also all access units using connection tracking. The 2004 units are great little processors of traffic, when they are in stock. From: AF <af-boun...@af.afmug.com> On Behalf Of Trey Scarborough Sent: Wednesday, April 12, 2023 9:06 AM To: af@af.afmug.com Subject: Re: [AFMUG] Tik 1072 watchdog reboot bug Its a known hardware issue with connection tracking enabled and hardware offload. It has a hard limit to the number of connections it supports that is pretty low. Its high enough you won't notice till you get significant traffic, but low enough it is a common issue. The fix is to turn off connection tracking I know this isn't the best solution, but its the only one that works. This and the hardware availability of the processor are the reason they are discontinued. The good news is that moving over to the newer generation seems to resolve this, but comes with a handful of version 7 quirks. On 4/11/2023 5:55 PM, Alex Kessler wrote: Been experiencing this bug for years while running NAT and connection tracking. Rebooting every few months while running v6 latest. Does v7 have any known fixes to resolve these watchdog reboots? ----------------------------------------------------------------------------------- From: "Colin Stanners" < cstanners at gmail.com > To: "af" < af at af.afmug.com > Sent: Monday, December 21, 2020 12:59:09 AM Subject: Re: [AFMUG] Mikrotik 1072 Frustrations This last year, I've seen a MikroTik CCR1072 switch from long being rock-solid to now having occasional random reboots (from watchdog) or 100% CPU usage, which strangles the BGP process. In the latter case, tools->profile would show the firewall taking 100% of CPU, even after temporarily disabling all firewall filter and NAT rules and connection tracking. Not fun. MT tech support did not seem super helpful or interested, mostly recommending to disable watchdog (unacceptable on a production router) or to upgrade firmware (without specifying the suspected cause of the problem or nature of the fix). Tried 1 update, that didn't seem to help, have now tried another... On Sun, Dec 20, 2020, 11:38 PM Steven Kenney < steve at wavedirect.org > wrote: MIkrotik has been rock solid for me for years. Until this year and the 1072's. Random reboots set off by watchdog timer on all of my 1072's. Some more than others. Threads in the forum all discuss the same problem exactly. Its a connection tracking issue.. however I need connection tracking on one particular router. I've adjusted everything I could. Firmware and board firmware all up to date etc. Happens randomly with low levels of traffic, high levels of traffic, sometimes a couple times a day, sometimes weeks. No DDOS evidence at all from upstream routers. Configs checked and rechecked by third party experts. I graph everything about the Mikrotik and there are no clues or anything abnormal happening before the crash. Plenty of memory, disk space, CPU etc. Replaces all the trannies, power cables and such. Not running BGP only OSPF on the one that is giving me the most trouble. Even have a serial console cable plugged into them to my opengear and set it to log pretty much everything to console including the kernel and nothing. A hard freeze. Then there is Mikrotik support... I've never needed their support before until now. So I put a ticket in and the shitty attitude I'm getting from them seems like they KNOW there is something wrong with the hardware and they are intentionally not being helpful. It is pretty clear to see with all the people reporting this issue that there IS an issue. If this is any indication of how things are going to go with Mikrotik on the newer hardware going forware I think its time to jump to an enterprise level system. Juniper most likely. Shame because they are just about keeping up with the demands with their hardware. Getting closer to 100Gbps etc and ROS7 ... but at their current pace I think we've outgrew them. All the threads discussing this issue has been absolutely quiet when it comes to Mikrotik jumping in to mention or try to help troubleshoot. I think they know they had bad hardware out there and do not want to honor warranties. I've heard rumors of bad batches of 1072's. Anyone else encounter this? -- Alex Alex Kessler / TECHNICAL OPERATIONS CENTER O (Ohio) 740.212.3773 / O (All other markets) 888.966.5690 / 145 Columbus Rd, Athens, OH 45701 / point-broadband.com<https://point-broadband.com/>
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
