picture from wikipedia

This article will explain the effect on RouterOS if you drop packets using l7-filter on mikrotik.

As we know from previous articles here,  mikrotik supports Regex for pattern matching. one of its purpose to match traffic based on information on layer 7 (application layer).

Mikrotik has wiki page that explain how the L7 filter works. and on that page, they already warns user that using l7-filter for dropping packet will increase CPU usage and cause router instability.

well, i just got a client who really experiencing this on their router. they use RB1100AHx2 and apply l7-filter to block youtube. ok, here is the script:

  1. they create l7-filter:
    /ip firewall layer7-protocol add name=youtube regexp=”^.+(||*\$”
  2. and then create firewall filter for it:
    /ip firewall filter add action=drop chain=forward comment=BLOK-YOUTUBE disabled=no layer7-protocol=youtube

What’s happening after the rule is executed? you can conclude by checking the picture below:

high cpu usage because l7 filterthe CPU usage soaring to more than 50%, and packet processing become slower.

I tried it also on my mikrotik RB750UP and its just stop working because the CPU usage is just straight to 100% even with low traffic.

So, whats the best practice of using l7-filter? here it is:

  1. create l7-filter matcher
  2. apply it on firewall, and put their IP address on address list
  3. based on the address-list above, we create action



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.