Packet loss on CCR1009
Posted: Mon May 22, 2017 1:50 pm
Hi
I have two CCR1009. One is backup device, second is a gateway to 10 servers in data center. The traffic is about 100-150Mb/s with 20 000 packets/s. The CPU on active router in rush hours comes to 10%. Backup device is completely unused. I have two dedicated ports to DC switch. Each for one router. Routers has own IPs with the same subclass. If the main router break down I will add IP that has routing of public servers IPs to backup device and everything would be working ok.
I have problem with losing packets. When I’m pinging router public address or server behind routers I get 1-10% packets loss. The same situation is when i’m pinging the backup device (without any traffic). I have no idea what is going on. The DC staff claims that is everything in their network.
When i’m pinging default gateway of our network on DC side - I also have the same - 1-10% pacets loss.
This is firewall configuration on both routers:
/ip firewall filter
add action=accept chain=input comment="Accept input established, related" connection-state=established,related
add action=accept chain=forward comment="Accept forward established, related" connection-state=established,related
add action=accept chain=forward comment="Accept forward interface PUBLIC <> PUBLIC" in-interface=PUBLIC out-interface=PUBLIC
add action=accept chain=forward comment="Accept forward interface PUBLIC -> INTERNET" in-interface=PUBLIC out-interface=INTERNET
add action=accept chain=forward comment="Accept forward interface INTERNET -> PUBLIC" in-interface=INTERNET out-interface=PUBLIC
add action=accept chain=input comment="Accept input protocol ICMP" protocol=icmp
add action=drop chain=input comment="Default input drop"
add action=drop chain=forward comment="Default forward drop”
PUBLIC - interface with servers
INTERNET - network of DC
I have two CCR1009. One is backup device, second is a gateway to 10 servers in data center. The traffic is about 100-150Mb/s with 20 000 packets/s. The CPU on active router in rush hours comes to 10%. Backup device is completely unused. I have two dedicated ports to DC switch. Each for one router. Routers has own IPs with the same subclass. If the main router break down I will add IP that has routing of public servers IPs to backup device and everything would be working ok.
I have problem with losing packets. When I’m pinging router public address or server behind routers I get 1-10% packets loss. The same situation is when i’m pinging the backup device (without any traffic). I have no idea what is going on. The DC staff claims that is everything in their network.
When i’m pinging default gateway of our network on DC side - I also have the same - 1-10% pacets loss.
This is firewall configuration on both routers:
/ip firewall filter
add action=accept chain=input comment="Accept input established, related" connection-state=established,related
add action=accept chain=forward comment="Accept forward established, related" connection-state=established,related
add action=accept chain=forward comment="Accept forward interface PUBLIC <> PUBLIC" in-interface=PUBLIC out-interface=PUBLIC
add action=accept chain=forward comment="Accept forward interface PUBLIC -> INTERNET" in-interface=PUBLIC out-interface=INTERNET
add action=accept chain=forward comment="Accept forward interface INTERNET -> PUBLIC" in-interface=INTERNET out-interface=PUBLIC
add action=accept chain=input comment="Accept input protocol ICMP" protocol=icmp
add action=drop chain=input comment="Default input drop"
add action=drop chain=forward comment="Default forward drop”
PUBLIC - interface with servers
INTERNET - network of DC