Then why did mine have a kernel panic when there is no connection tracking? Why is it solved with significantly more traffic and only changing the firewall?
On Wed, Apr 12, 2023 at 11:46 AM Trey Scarborough <t...@3dsc.co> wrote: > Its a known hardware issue with connection tracking enabled and hardware > offload. It has a hard limit to the number of connections it supports that > is pretty low. Its high enough you won't notice till you get significant > traffic, but low enough it is a common issue. The fix is to turn off > connection tracking I know this isn't the best solution, but its the only > one that works. This and the hardware availability of the processor are the > reason they are discontinued. The good news is that moving over to the > newer generation seems to resolve this, but comes with a handful of version > 7 quirks. > On 4/11/2023 5:55 PM, Alex Kessler wrote: > > Been experiencing this bug for years while running NAT and connection > tracking. Rebooting every few months while running v6 latest. Does v7 > have any known fixes to resolve these watchdog reboots? > > > > > > > ----------------------------------------------------------------------------------- > > > > > From: "Colin Stanners" < cstanners at gmail.com > > To: "af" < af at af.afmug.com > > Sent: Monday, December 21, 2020 12:59:09 AM > Subject: Re: [AFMUG] Mikrotik 1072 Frustrations > > This last year, I've seen a MikroTik CCR1072 switch from long being > rock-solid to now having occasional random reboots (from watchdog) or 100% > CPU usage, which strangles the BGP process. In the latter case, > tools->profile would show the firewall taking 100% of CPU, even after > temporarily disabling all firewall filter and NAT rules and connection > tracking. Not fun. > > MT tech support did not seem super helpful or interested, mostly > recommending to disable watchdog (unacceptable on a production router) or > to upgrade firmware (without specifying the suspected cause of the problem > or nature of the fix). > > Tried 1 update, that didn't seem to help, have now tried another... > > On Sun, Dec 20, 2020, 11:38 PM Steven Kenney < steve at wavedirect.org > > wrote: > MIkrotik has been rock solid for me for years. Until this year and the > 1072's. Random reboots set off by watchdog timer on all of my 1072's. Some > more than others. Threads in the forum all discuss the same problem > exactly. Its a connection tracking issue.. however I need connection > tracking on one particular router. I've adjusted everything I could. > Firmware and board firmware all up to date etc. Happens randomly with low > levels of traffic, high levels of traffic, sometimes a couple times a day, > sometimes weeks. No DDOS evidence at all from upstream routers. Configs > checked and rechecked by third party experts. I graph everything about the > Mikrotik and there are no clues or anything abnormal happening before the > crash. Plenty of memory, disk space, CPU etc. Replaces all the trannies, > power cables and such. Not running BGP only OSPF on the one that is giving > me the most trouble. > > Even have a serial console cable plugged into them to my opengear and set > it to log pretty much everything to console including the kernel and > nothing. A hard freeze. > > Then there is Mikrotik support... I've never needed their support before > until now. So I put a ticket in and the shitty attitude I'm getting from > them seems like they KNOW there is something wrong with the hardware and > they are intentionally not being helpful. It is pretty clear to see with > all the people reporting this issue that there IS an issue. > > If this is any indication of how things are going to go with Mikrotik on > the newer hardware going forware I think its time to jump to an enterprise > level system. Juniper most likely. Shame because they are just about > keeping up with the demands with their hardware. Getting closer to 100Gbps > etc and ROS7 ... but at their current pace I think we've outgrew them. > > All the threads discussing this issue has been absolutely quiet when it > comes to Mikrotik jumping in to mention or try to help troubleshoot. I > think they know they had bad hardware out there and do not want to honor > warranties. I've heard rumors of bad batches of 1072's. > > Anyone else encounter this? > > > -- > > *Alex* > Alex Kessler / TECHNICAL OPERATIONS CENTER > *O (Ohio)* 740.212.3773 / *O (All other markets)* 888.966.5690 / 145 Columbus > Rd, Athens, OH 45701 / point-broadband.com > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
