Hi
1. High CPU load for a prolonged period of time. (previously the load is at the range of 1-5% with hardware offloading turned on)
2. IPv6 stopped working.
3. Very unstable connection, the router sometimes stopped routing packets for a few seconds which causes my YouTube stream to stop. I believe that this is due to the high CPU loads. Never had this when I'm using v1.7 to v1.9.
My configuration:
firewall {
all-ping enable
broadcast-ping disable
group {
network-group RFC1918 {
description ""
network 10.0.0.0/8
network 172.16.0.0/12
network 192.168.0.0/16
}
}
ipv6-name WAN6_IN {
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
}
ipv6-name WAN6_LOCAL {
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
rule 40 {
action accept
description "allow DHCPv6 client/server"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name Guest_IN {
default-action accept
description ""
rule 20 {
action drop
description "Block RFC1918"
destination {
group {
network-group RFC1918
}
}
log enable
protocol all
}
}
name WAN_IN {
default-action drop
description "WAN to LAN"
rule 1 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
enable-default-log
rule 1 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
related enable
}
}
rule 2 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
invalid enable
}
}
rule 3 {
action accept
description "Remote access"
destination {
port 80,443
}
log enable
protocol tcp_udp
}
rule 5 {
action accept
description SSH
destination {
port 122
}
log enable
protocol tcp_udp
}
rule 6 {
action accept
description Ping
log enable
protocol icmp
}
}
options {
mss-clamp {
interface-type all
mss 1412
}
mss-clamp6 {
interface-type all
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
description "TM UniFi HyppTV Bridge"
hello-time 2
max-age 20
priority 32768
promiscuous disable
stp false
}
ethernet eth0 {
description Internet
duplex auto
firewall {
in {
}
local {
}
}
speed auto
vif 500 {
description "TM UniFi Internet VLAN"
pppoe 0 {
default-route auto
dhcpv6-pd {
no-dns
pd 0 {
interface switch0 {
service dhcpv6-stateless
}
prefix-length 64
}
rapid-commit enable
}
firewall {
in {
ipv6-name WAN6_IN
name WAN_IN
}
local {
ipv6-name WAN6_LOCAL
name WAN_LOCAL
}
}
ipv6 {
dup-addr-detect-transmits 1
enable {
}
}
mtu 1492
name-server none
password ****************
user-id nsf6969@unifi
}
}
vif 600 {
bridge-group {
bridge br0
}
description "TM UniFi HyppTV VLAN"
}
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
bridge-group {
bridge br0
}
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 10.0.0.1/24
description Local
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag true
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth4 {
}
vlan-aware disable
}
vif 10 {
address 10.0.1.1/24
description Guest
firewall {
in {
name Guest_IN
}
}
mtu 1500
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
wan-interface pppoe0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name Guest {
authoritative disable
subnet 10.0.1.0/24 {
default-router 10.0.1.1
dns-server 10.0.1.1
dns-server 8.8.4.4
lease 86400
start 10.0.1.2 {
stop 10.0.1.254
}
}
}
shared-network-name LAN {
authoritative disable
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 10.0.0.1
dns-server 8.8.4.4
lease 86400
start 10.0.0.2 {
stop 10.0.0.254
}
static-mapping Chromecast {
ip-address 10.0.0.2
mac-address a4:77:33:5c:50:d0
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
listen-on switch0.10
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface pppoe0
protocol all
type masquerade
}
}
ssh {
port 122
protocol-version v2
}
upnp {
}
upnp2 {
listen-on switch0
nat-pmp enable
secure-mode enable
wan pppoe0
}
}
system {
config-management {
commit-archive {
}
commit-revisions 65535
}
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name ""
level admin
}
}
name-server 8.8.4.4
name-server 8.8.8.8
name-server 2001:4860:4860::8844
name-server 2001:4860:4860::8888
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
ipsec enable
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Asia/Kuala_Lumpur
traffic-analysis {
dpi enable
export enable
}
}
traffic-control {
}The CPU load:
Contact me if you guys need more information, I'm more than happy to cooperate.
Best regards,
Jack.