v7.1rc3 [development] is released!

RouterOS version 7.1rc3 has been released in public “development” channel!

What’s new in 7.1rc3 (2021-Sep-08 13:29):

*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker ™ containers;
*) added Zerotier ™ support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelogs/development-release-tree

Container related topic: https://forum.mikrotik.com/viewtopic.php?f=1&t=178342&p=878204

Sweet! That makes the 5009 a whole lot more interesting

Hey! Docker support! Could you elaborate on how this can be done or maybe post some example in the Wiki?
Thanks for the super work done.

Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa…

Yup. No more complaints about shittly featureset of built-in DNS server … just run container with full-featured DNS server and you’re … hosed

mDNS proxy…
asterisk PBX…

Container documentation is coming soon. Basic steps to get you started with experimentation:

1. Get Docker image as tar archive and copy to router (currently there is no 'pull' command in RouterOS, so containers should be exported from a working Docker environment). Also note that container's architecture should match with the router's.
-----------------------------------------------------

  $ docker pull docker/example-container
  $ docker save docker/example-container > my-container.tar

2. Add veth interface for the container
---------------------------------------

  [admin@MikroTik] > /interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1


3. Create bridge for containers and add veth to it
--------------------------------------------------

  [admin@MikroTik] > /interface/bridge/add name=docker
  [admin@MikroTik] > /ip/address/add address=172.17.0.1/16 interface=docker
  [admin@MikroTik] > /interface/bridge/port add bridge=docker interface=veth1


4. Setup NAT for outgoing traffic
---------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=srcnat action=masquerade src-address=172.17.0.0/16


5. Create environment variables for container if needed
-------------------------------------------------------

  [admin@MikroTik] > /container/envs/add list=foo name=SECRET value=12345678
  [admin@MikroTik] > /container/envs/add list=foo name=FOO value=bar


6. Define mounts if needed
--------------------------

  [admin@MikroTik] > /container/mounts/add name=etc src=disk1/etc dst=/etc
  [admin@MikroTik] > /container/mounts/add name=opt src=disk1/opt dst=/opt

If ``src`` directory does not exist on first time use then it will be populated
with whatever container have in ``dst`` location.


7. Create container from image tar
----------------------------------

  [admin@MikroTik] > /container/add file=my-container.tar interface=veth1 envlist=foo root-dir=disk1/foo mounts=etc,opt

Use ``logging=yes`` to see container output in log with tags
``container,debug,info``.


8. Make sure container has been added and status is stopped
-----------------------------------------------------------

  [admin@MikroTik] > container/print

9. Redirect port 8080 traffic to container
------------------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=dstnat action=dst-nat to-addresses=172.17.0.2 to-ports=80 protocol=tcp dst-port=8080


10. Start container
-------------------

  [admin@MikroTik] > /container/start 0

rextended you seem excited about docker.
Can you please elaborate if this is a feature I can use at home or is this something for those running ISPs??

added Zerotier ™ support for ARM and ARM64;
added IPSec hardware acceleration support for RB5009;

This is super cool. My new RB5009 arrives tomorrow. Any chance to get hardware encryption of ZeroTire VPN on 5009?

**Please keep all Container related questions and feedback to the specific topic: http://forum.mikrotik.com/t/v7-1rc3-adds-container-support/151712/1

I just got 7.1 rc3 test images a couple of hours ago. Are they different from this?

Check if the build on system packages is the same to the latest (2021-Sep-08 13:29)

yes, this is a fresh build, upgrade please

What about you posting a quick guide on mDNS? Would be quiet helpful.

In the Web console the “Bridge → NAT” menu, the “Add new” button is broken, with the following JS error (on all browsers including chrome):

TypeError: undefined is not an object (evaluating 'me.table.getFilterValue')

Device: hex-s

After upgrade got build time September 8 10:29:39 is it the latest one?

Already writed, but if your timezone is negative, this is ISO time:
ISO:8601 2021-09-08T10:29Z (GMT / UTC)
ISO:8601 2021-09-08T13:29+03:00 (Riga, Latvia / EEST Eastern European Summer Time)
ISO:8601 2021-09-08T15:59+05:30 (New Delhi, India / India)

Is the Docker support an optional package? I can’t imagine many people wanting this, and it introduces massive security implications especially for all those hacked routers.

Since privilege escalation is pretty much a given, can we also allow root SSH access to RouterOS directly now? Running a single binary is greatly preferred to running an entire container.

Just like ZeroTier - Container is a seperate package

In winbox, attempting to add (clicking the +) or edit (double click the interface) a vpls interface closes winbox immediately.

CLI works fine.

winbox 64 3.29, tested on both a ccr2004 and a ccr1009

But atleast the vpls tunnel establishes!