Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Maxim Moseychuk2016-09-17 19:54:01
network hardware
Maxim Moseychuk, 2016-09-17 19:54:01

Why does Mikrotik FastTrack+NAT load the CPU during outgoing traffic?

I run a speed test, and when testing the incoming speed, the CPU is loaded on average by 20%. When testing the outgoing speed, the CPU is loaded at 100%.
At the same time, the counters in the firewall behave correctly, in both cases, the counters on the fast-track rule do not increase, because. packets do not go beyond this rule. Those. at first glance, fast-track is configured correctly.
Can NAT load the CPU so asymmetrically? There are no tricky rules here, only masquerading for 2 interfaces (pppoe and provider's local area network).

config
# sep/17/2016 19:16:25 by RouterOS 6.36.3
#
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] ....
/interface pppoe-client
add add-default-route=yes ....
/interface wireless security-profiles
set [ find default=yes ] ....
/ip pool
add name=dhcp ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan1
/ip settings
set tcp-syncookies=yes
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.8.4
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=input protocol=icmp
add action=accept chain=input in-interface=bridge1
add action=reject chain=input reject-with=icmp-port-unreachable
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
add interface=pppoe-out1 type=external
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=91.226.136.138 secondary-ntp=109.195.19.73 \
    server-dns-names=""
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
Maxim Moseychuk, 2016-09-17
@fshp

Disabled SNTP client, CPU usage dropped to 10%. I don’t understand how this is connected, but judging by the forums, the problem has been since version 4 of RouteOS, according to the profiler, the processes of the managenet group loaded the processor.

Similar questions
P
Pavel2013-05-07 18:11:59
When I pass by the router, the wi-fi connection is lost 7Reply
T
Teslan2016-01-28 19:06:38
How to set up an Ipsec tunnel between Mikrotik routers and a Windows 7 computer? 1Reply
V
Vladislav Tatarintsev2018-06-10 23:34:49
The switch breaks the connection, so for 5 minutes, what is the reason? 3Reply
A
alex911k2018-06-12 09:48:32
How to implement the transfer of two 24 port patch panels? 1Reply
M
Meliborn2018-06-14 19:01:21
How to set up a repeater with one Wi-Fi network? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question