Hello,
I have a few RB1100 running full-table BGP (BGP sessions with 7 routers, only IBGP).
I'm doing ~100Mbps traffic currently and I have a few questions about CPU usage:
Question 1: I check the "/system resource", I see:
[admin@rb1100-1] /system resource> print
... cpu-load: 26%
When I compare this with /tool profile, I get:
[admin@rb1100-1] > /tool profile duration=10
NAME USAGE
ethernet 0.5%
console 0.5%
firewall 4%
winbox 0%
management 1%
idle 86%
profiling 0.5%
queuing 7%
routing 0.5%
unclassified 0%
Where is this difference coming from?
Question 2: I do not use the queuing. But it adds 'ethernet-default' to all ethernet interfaces and 'default' to all vlan interfaces. Is it possible to disable queuing completely and save the CPU used this way?
Question 3: I only use the firewall to allow SSH and Winbox from some specific IPs, so this is only on the input chain:
/ip firewall filter
add action=accept chain=input disabled=no src-address=ip1
add action=accept chain=input disabled=no src-address=ip2
add action=accept chain=input disabled=no src-address=ip3
add action=accept chain=input disabled=no src-address=ip4
add action=reject chain=input disabled=no dst-port=8291 protocol=tcp reject-with=tcp-reset
add action=reject chain=input disabled=no dst-port=22 protocol=tcp reject-with=tcp-reset
Why is the firewall still using 4% CPU when there's almost no traffic to the box itself, only FORWARD traffic?
Re: CPU usage "/tool profile" vs. "/system resources"
Bump. Anybody have any idea regarding any of my questions?
Re: CPU usage "/tool profile" vs. "/system resources"
Thanks for your answer, but that does not answer the questions,because its RB1100 - its office router and this router not very powerfull )
1) Why is there an almost 100% difference in output of CPU usage between "/tool profile" and "/system resources"?
2) Can I disable queuing completely? If so, how?
3) Why is the firewall using 4% CPU when there's only INPUT rules and just a few Kbps of traffic directly to the router?
Re: CPU usage "/tool profile" vs. "/system resources"
1) do not know. I would strongly suspect only MT can tell you, from a supout.rif
2) no, you cannot.
3) 'firewall' likely includes connection tracking. You may be able to turn that off depending on what your router is used for. http://wiki.mikrotik.com/wiki/Manual:Co ... n_tracking lists the affected facilities, the most important one to be affected being NAT.
2) no, you cannot.
3) 'firewall' likely includes connection tracking. You may be able to turn that off depending on what your router is used for. http://wiki.mikrotik.com/wiki/Manual:Co ... n_tracking lists the affected facilities, the most important one to be affected being NAT.
Re: CPU usage "/tool profile" vs. "/system resources"
1) Ok, thank you, I'll contact them.1) do not know. I would strongly suspect only MT can tell you, from a supout.rif
2) no, you cannot.
3) 'firewall' likely includes connection tracking. You may be able to turn that off depending on what your router is used for. http://wiki.mikrotik.com/wiki/Manual:Co ... n_tracking lists the affected facilities, the most important one to be affected being NAT.
2) Ok
3) connection tracking is disabled on this device. Any other idea?
Re: CPU usage "/tool profile" vs. "/system resources"
Have you checked all the submenus under /ip firewall? Are there any nat or mangle rules, including dynamic ones (tcp mss adjustments on vpn links)?3) connection tracking is disabled on this device. Any other idea?
Re: CPU usage "/tool profile" vs. "/system resources"
And where do you see the difference in CPU Usage!?
From /system resource you have 26%
and from /tool profile you have 14%
The idle process taking 86% is just idle, doing nothing.
I wouldn't agree that this is a office router, it's very powerfull with 800MHz of CPU
in default, but can reach 1066MHz.
It is always a good idea to activate the graphs, so you can see how the router is performing
along the day, week, month and so on.
From /system resource you have 26%
and from /tool profile you have 14%
The idle process taking 86% is just idle, doing nothing.
I wouldn't agree that this is a office router, it's very powerfull with 800MHz of CPU
in default, but can reach 1066MHz.
It is always a good idea to activate the graphs, so you can see how the router is performing
along the day, week, month and so on.
Re: CPU usage "/tool profile" vs. "/system resources"
I agree, there is no differenceWhere is this difference coming from?
Re: CPU usage "/tool profile" vs. "/system resources"
This is the entire output:Have you checked all the submenus under /ip firewall? Are there any nat or mangle rules, including dynamic ones (tcp mss adjustments on vpn links)?3) connection tracking is disabled on this device. Any other idea?
Code: Select all
[admin@rb1100-1] /ip firewall> export
# feb/22/2011 16:20:09 by RouterOS 5.0rc9
# software id = K5SQ-1FFG
#
/ip firewall connection tracking
set enabled=no generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=\
10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input disabled=no dst-address=xx
add action=accept chain=input disabled=no src-address=xx
add action=accept chain=input disabled=no src-address=xx
add action=accept chain=input disabled=no src-address=xx
add action=accept chain=input disabled=no src-address=xx
add action=reject chain=input disabled=no dst-port=8291 protocol=tcp reject-with=tcp-reset
add action=reject chain=input disabled=no dst-port=22 protocol=tcp reject-with=tcp-reset
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@rb1100-1] /ip firewall> And where do you see the difference in CPU Usage!?
From /system resource you have 26%
and from /tool profile you have 14%
The idle process taking 86% is just idle, doing nothing.
I wouldn't agree that this is a office router, it's very powerfull with 800MHz of CPU
in default, but can reach 1066MHz.
It is always a good idea to activate the graphs, so you can see how the router is performing
along the day, week, month and so on.
See the attached picture.I agree, there is no difference
profile says 93% idle (so, 7% in use)
resources says 21% in use.
This is a difference of 3 times.
You do not have the required permissions to view the files attached to this post.
Re: CPU usage "/tool profile" vs. "/system resources"
From your attached picture I see CPU Frequency=1199MHz.
Is this a RB1100 or sth else?
As for the difference, could it be that the profiler is calculating the CPU usage
based on the average for a period of time? Just a guess, like in the graphs.
Is this a RB1100 or sth else?
As for the difference, could it be that the profiler is calculating the CPU usage
based on the average for a period of time? Just a guess, like in the graphs.
Re: CPU usage "/tool profile" vs. "/system resources"
It's an overclocked RB1100. But clocking it back to 800MHz makes no difference.From your attached picture I see CPU Frequency=1199MHz.
Is this a RB1100 or sth else?
The profiler is consistantly far lower than the total usage given by resources. If I watch it for a minute, profiler is never near or over resources.As for the difference, could it be that the profiler is calculating the CPU usage
based on the average for a period of time? Just a guess, like in the graphs.
Re: CPU usage "/tool profile" vs. "/system resources"
In my RB1100 I see the option of overclocking up to 1066MHz, so
I don't know how you get it to 1199MHz.
Have you activated the graphs? What do they show about the CPU?
I don't know how you get it to 1199MHz.
Have you activated the graphs? What do they show about the CPU?
-
-
omidkosari
Trainer
- Posts: 640
- Joined:
- Location: Canada, Toronto
Re: CPU usage "/tool profile" vs. "/system resources"
I have same problem . There is huge difference between /tools profile and /system resources .
As you see in first image , /system resources shows 90% load for cpu0 but /tools profile shows 42.5% idle !!
in second image /system resources shows 96% load but /tools profile shows 63.5% idle for it !!
As you see in first image , /system resources shows 90% load for cpu0 but /tools profile shows 42.5% idle !!
in second image /system resources shows 96% load but /tools profile shows 63.5% idle for it !!
You do not have the required permissions to view the files attached to this post.
Re: CPU usage "/tool profile" vs. "/system resources"
I have a rb1200 in a datacenter and was wondering about this despondency that im seeing too. After upgrading to 5.7 from 5.2, overall the router is using much less cpu (i was never maxing out before tho).
This is just a guess, but are these CPUS dual cores maybe? (my RB1200, which i bought a month ago, shows PowerPC 460GT as the CPU and shows CPU count as 1, but that doesnt mean there are not 2 cores).
Overall ive been very happy with the rackmount RB1200, i always though mikrotik needed a solid, powerful LAN only routerboard and it seems they are having success with this product.
tks
This is just a guess, but are these CPUS dual cores maybe? (my RB1200, which i bought a month ago, shows PowerPC 460GT as the CPU and shows CPU count as 1, but that doesnt mean there are not 2 cores).
Overall ive been very happy with the rackmount RB1200, i always though mikrotik needed a solid, powerful LAN only routerboard and it seems they are having success with this product.
tks
Re: CPU usage "/tool profile" vs. "/system resources"
No, they are not dual core devices. The first dual core device that we will have, will be RB1100AHx2 (dual core indicated by x2)