Greetings

I have a router that was stable until I added more traffic to it, ~10MB, and then added OSPF. It crashes every 4 days. I dropped back to 2.9.40. It crashed within 18 hours. I am back to 2.9.43 as of 15 hours ago but have disabled OSPF and am using static routes.

The router either quits updating ospf routes, cannot see interfaces or becomes unreachable.

On reboot, memory usage starts at about 20 mb and climbs to 31 mbs. CPU loading is about 40% peak. Total memory is 386Mb with plenty of hard disk space

The hardware is a 900mhz Dell with two 4 port boards. I have similar routers running OSPF but not with this much load. Does anyone have clues as to trouble shooting. I have sent support.rif files to tech support with no response to date.

Is OSPF a likely suspect? The problem occurs with either routing or routing-test packages installed

Joe

Greetings

Last night the router was seeing 18MB of traffic with CPU spiking routinely at about 90%. One other thing that distinguishes this router from others running 2.9.43 is that it was using ip firewall to inspect packets and create a couple of dynamic address lists that were then used to block or accept incoming traffic as appropriate.

I disabled the lists and CPU utilization was cut by at least half. Memory usage is still at about 31mb of 386 available. Spikes at peak time were 90% and then dropped to 40% after the change.

The dynamic address lists were intended to block addresses that created high number of connections to my spam filter box or were doing a syn flood. It may be possible that this has been causing the crashes.

Is there a command on the Router OS that is similar to the show proc cpu command in the Cisco IOS?

Cheers

Joe

We have a 2.9.43 box with a dynamic address-list of 60,000-100,000 entries. It's a rudimentary form of a smtp greylist. Anyhow, with 60-80mbps of traffic on that router it sits at 10-20% CPU. Possibly the way you are adding to the list (same ip over and over on every packet?) might be a problem. What NICs and what proc are you using?

changeip

Thanks for your note. You are correct. I was doing inspect, add to dynamic address list if appropriate, then drop if on address list and thus looking at every packet. I have put the drop ahead of the inspect.

I'll let you know what happens.

Joe

i would also add that 90% load is ok - that means - CPU is working, if CPU is near idle all the time, than you do not need so powerful machine there.

also, every time you see some weirdness going on, check configuration for optimisations (so that router does not need to do same job again and again and again)

in firewall check what rules are used the most and move them where to the upper most place where it still does what it has to do (like accept packets from established connections)

when marking packets make sure they are not remarked after first marking.

I was indeed doing inspect->add to list->drop. I now believe this was causing excessive CPU loading that resulted the crashes.

I reordered the ip firewall filter list to drop traffic from the dynamic address list and inspect later packets that made it through all the other "drops". drop->inspect->add to list

This lowered CPU utilization dramatically, from 90% max to about 20% max with no crashes to date. I have since re-enabled OSPF with no major increase in CPU. The router has been up for 4 days now.


Cheers

Joe

excellent. really paying attention to what is happening when the packets flow thru the router will help you optimize rules, mangling, etc. If you have 1000 mangle and firewall rules your router will be very vulernable to dos attacks as well as high CPU usage.