This article will explain the effect on RouterOS if you drop packets using l7-filter on mikrotik.
As we know from previous articles here, mikrotik supports Regex for pattern matching. one of its purpose to match traffic based on information on layer 7 (application layer).
Mikrotik has wiki page that explain how the L7 filter works. and on that page, they already warns user that using l7-filter for dropping packet will increase CPU usage and cause router instability.
well, i just got a client who really experiencing this on their router. they use RB1100AHx2 and apply l7-filter to block youtube. ok, here is the script:
- they create l7-filter:
/ip firewall layer7-protocol add name=youtube regexp=”^.+(www.youtube.com|googlevideo.com|youtu.be).*\$”
- and then create firewall filter for it:
/ip firewall filter add action=drop chain=forward comment=BLOK-YOUTUBE disabled=no layer7-protocol=youtube
What’s happening after the rule is executed? you can conclude by checking the picture below:
I tried it also on my mikrotik RB750UP and its just stop working because the CPU usage is just straight to 100% even with low traffic.
So, whats the best practice of using l7-filter? here it is:
- create l7-filter matcher
- apply it on firewall, and put their IP address on address list
- based on the address-list above, we create action