What needs changed with the firewall?
On 4/12/2023 9:27 AM, Josh Luthman wrote:
Input firewall seems to be the right answer. Not updating.
On Tue, Apr 11, 2023 at 6:59 PM Alex Kessler
<akess...@intelliwave.com> wrote:
Been experiencing this bug for years while running NAT and
connection tracking. Rebooting every few months while running v6
latest. Does v7 have any known fixes to resolve these watchdog
reboots?
-----------------------------------------------------------------------------------
From: "Colin Stanners" < cstanners at gmail.com <http://gmail.com> >
To: "af" < af at af.afmug.com <http://af.afmug.com> >
Sent: Monday, December 21, 2020 12:59:09 AM
Subject: Re: [AFMUG] Mikrotik 1072 Frustrations
This last year, I've seen a MikroTik CCR1072 switch from long
being rock-solid to now having occasional random reboots (from
watchdog) or 100% CPU usage, which strangles the BGP process. In
the latter case, tools->profile would show the firewall taking
100% of CPU, even after temporarily disabling all firewall filter
and NAT rules and connection tracking. Not fun.
MT tech support did not seem super helpful or interested, mostly
recommending to disable watchdog (unacceptable on a production
router) or to upgrade firmware (without specifying the suspected
cause of the problem or nature of the fix).
Tried 1 update, that didn't seem to help, have now tried another...
On Sun, Dec 20, 2020, 11:38 PM Steven Kenney < steve at
wavedirect.org <http://wavedirect.org> > wrote:
MIkrotik has been rock solid for me for years. Until this year and
the 1072's. Random reboots set off by watchdog timer on all of my
1072's. Some more than others. Threads in the forum all discuss
the same problem exactly. Its a connection tracking issue..
however I need connection tracking on one particular router. I've
adjusted everything I could. Firmware and board firmware all up to
date etc. Happens randomly with low levels of traffic, high levels
of traffic, sometimes a couple times a day, sometimes weeks. No
DDOS evidence at all from upstream routers. Configs checked and
rechecked by third party experts. I graph everything about the
Mikrotik and there are no clues or anything abnormal happening
before the crash. Plenty of memory, disk space, CPU etc. Replaces
all the trannies, power cables and such. Not running BGP only OSPF
on the one that is giving me the most trouble.
Even have a serial console cable plugged into them to my opengear
and set it to log pretty much everything to console including the
kernel and nothing. A hard freeze.
Then there is Mikrotik support... I've never needed their support
before until now. So I put a ticket in and the shitty attitude I'm
getting from them seems like they KNOW there is something wrong
with the hardware and they are intentionally not being helpful. It
is pretty clear to see with all the people reporting this issue
that there IS an issue.
If this is any indication of how things are going to go with
Mikrotik on the newer hardware going forware I think its time to
jump to an enterprise level system. Juniper most likely. Shame
because they are just about keeping up with the demands with their
hardware. Getting closer to 100Gbps etc and ROS7 ... but at their
current pace I think we've outgrew them.
All the threads discussing this issue has been absolutely quiet
when it comes to Mikrotik jumping in to mention or try to help
troubleshoot. I think they know they had bad hardware out there
and do not want to honor warranties. I've heard rumors of bad
batches of 1072's.
Anyone else encounter this?
--
*Alex*
Alex Kessler/TECHNICAL OPERATIONS CENTER
*O (Ohio)*740.212.3773/*O (All other
markets)*888.966.5690/ 145 Columbus Rd, Athens, OH 45701
/point-broadband.com <https://point-broadband.com/>
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<https://point-broadband.com/>
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com