During my day job we use some MikroTik CHR deployments for (among other things) VPN session termination. The CHR’s are easy to spin up, offer a wide variety of VPN types, and for low traffic sessions can support upwards of 10,000 sessions on a single device.
In the event of an outage though, you would run into a problem – those 10,000 sessions all want to re-establish at once.. and the CPU on the MikroTik quickly bottlenecks until it becomes unable to cope and begins to drop connections quickly becoming a vicious cycle.
We initially dealt with this by defining a hard limit on the number of new sessions per second, using 2 simple firewall rules and the connection limit classifier to keep these under 10 per second – however this meant that after an outage it would take at absolute minimum, over 15 minutes for all the sessions to come back online! So we came up with a better solution. Continue reading Scriptlet: Bulk VPN connections on MikroTik with connection rate limiting→
Greg, Mike, Tomas, and Tom talk about Unimus, Tomas’ new backup application for Network equipment. It’s dead simple, so you no longer have an excuse NOT to have proper backups for your infrastructure. It’s the “up and running in less than 10 minutes” system!
Here’s the video:(if you don’t see it, hit refresh)
I’ve been playing around with v6.13rc12 over the last week on a CRS125-24G-1S and have put together a an example script for provisioning the unit with a user-vlan and an admin-vlan that are trunked back via the SFP port.
I’ve been waiting for a long time to have a usable and readable switch chip config on the CRS platform, so I hope this is useful for some of you guys too.
Contained in this post is a free copy of my 2013 QoS tree (compatible with v6.0) for anyone to do what they want with, I only ask that if you republish this you include a link to this post.
It is intended to work on a per-interface basis; with you specifying the WAN interface and the speed limit it is to have. You can then use simple-queues for your internal users for a full double-qos solution.