Already done at Ticket#2014030766000056Begetan, please email support with these details and supout.rif file. Thanks!
ipsec - enable hardware acceleration for aes-cbc-128 + md5|sha1|sha256 aead on tilera cpus;
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Hardware_encryption
Which version of RoS?Hello,
I am interested in status of IPSec hardware acceleration. In the beginning of this topic you have mentioned that this will be available soon.
Today I have tested to encrypt traffic between two CCR1036 and the best result was about 300Mbps.
Regards,
1. uptime: 1w14h8m27s (I started using it for NAT a week ago).ners, thank you for reply!
Could you provide please some more details:
1. What is maximum utime?
2. Current version of ROS.
3. Does NAT utilise multi cores or single core?
# CPU LOAD IRQ DISK
0 cpu0 7% 7% 0%
1 cpu1 5% 5% 0%
2 cpu2 4% 4% 0%
3 cpu3 6% 6% 0%
4 cpu4 7% 7% 0%
5 cpu5 4% 4% 0%
6 cpu6 3% 3% 0%
7 cpu7 3% 3% 0%
8 cpu8 4% 4% 0%
9 cpu9 8% 8% 0%
10 cpu10 9% 9% 0%
11 cpu11 7% 7% 0%
12 cpu12 7% 7% 0%
13 cpu13 9% 9% 0%
14 cpu14 5% 5% 0%
15 cpu15 4% 4% 0%
16 cpu16 6% 6% 0%
17 cpu17 8% 8% 0%
18 cpu18 7% 7% 0%
19 cpu19 8% 7% 0%
20 cpu20 7% 7% 0%
21 cpu21 4% 4% 0%
22 cpu22 4% 4% 0%
23 cpu23 5% 5% 0%
24 cpu24 8% 8% 0%
25 cpu25 3% 3% 0%
26 cpu26 4% 4% 0%
27 cpu27 9% 9% 0%
28 cpu28 9% 9% 0%
29 cpu29 1% 1% 0%
30 cpu30 9% 9% 0%
31 cpu31 7% 7% 0%
32 cpu32 11% 11% 0%
33 cpu33 9% 9% 0%
34 cpu34 4% 4% 0%
35 cpu35 5% 5% 0%
ners, I think this is useful information for all. Please update information after 1 month of stable work.
I had previously RB1100AHx2 with uptime of 300 days running on ROS 5.18. Hope CCR should be the same.
v6.5 is the best 6.x release so farners, I think this is useful information for all. Please update information after 1 month of stable work.
I had previously RB1100AHx2 with uptime of 300 days running on ROS 5.18. Hope CCR should be the same.
I have CCR1036-12G-4S. Doing 81 NATs over 19 EoIP tunnels and 62 VLANs. Total bandwidth it currently serves is a bit below 700Mbps, sometimes peaking 750Mbps, but thats not CCRs limitation, its mine. Load rarely exceeds 30%. Uptime over 2 months. Rebooted recently, because added one package. v6.5 Running more or less stable.
Interesting, we are running about 20 VRF's with around 50 interfaces in them on 6.5, pushed around 1700TB through it and it has been really stable!not if using vfr's. Router hang after puting an Interface to a vrf.
all after 6.5 is best. I have seen no big problem to the latest 6.8-9-10. 10 the best couse of partly fixes cisco non gigabit issue
installed new firmware?My CCR1036 suddenly erupts this morning, I don't know why..
I did and experienced a very weird bug. Suddenly some vlan interfaces stopped working. They just wouldn't pass traffic at all although shown as running and I could ping their addresses and also PPPoE service was working fine over them. When I deleted the affected vlan interface and tried to recreate it, it wouldn't let me, said there was already such an item (although really there wasn't). After a reboot the VLAN came back on its own and started passing traffic again, but after 30 minutes or so, it stopped working again.anyone tried 6.11 on ccr? i am still stuck at 6.7 because 6.9 and 6.10 run unstable. max uptime was about 4 days.
I never open the case. Other device from the same power cord is fine.wow! I would take a guess there was a short on the board between that component and the ground. Depending on the cause. if manufacture fault then yes. if foreign object then no
Last time I installed 6.10 and upgrade to that firmware..installed new firmware?My CCR1036 suddenly erupts this morning, I don't know why..
I am still at 6.7 because ist more stable than 6.9 and 6.10 but today the router stopped working properly.Posted in the other thread, I am on 6.3, which is mostly stable. Am I right in saying 6.7 is the most stable now at the moment?
/system routerboard print
For CloudCoreRouterI'm having stability issues with my CCR (CCR1016-12G) after upgrading from ROS 6.5 to 6.10 and also 6.11. The CCR will run for a few days (as little as 2 days and as long as 7 days) before it loses connectivity. I can't ping or access via Winbox. Sometimes the touchscreen and serial console are unresponsive as well. Only solution is to unplug power and plug back in. Sometimes (though less frequent) I lose the connectivity, but touchscreen and serial console work.
I noticed today when this happened and I still had serial connectivity thatshowed the firmware version was 3.10 with version 3.12 available. I updated the firmware to 3.12 and rebooted. Here's to hoping this solves the issue. If not, I'm going to revert back to 6.5 or possibly 6.7. Does anyone know where I can download older versions of ROS?Code: Select all/system routerboard print
From all the reports on here, yes.we are going to put 2 CCR into production with 6.11 code
primary use bonding, vlan, vrrp and bgpd
bad move?
We have a similar setup but we don't touch the new releases as they are simply unstable. Mikrotik's public releases seem to be betas now days.we are going to put 2 CCR into production with 6.11 code
primary use bonding, vlan, vrrp and bgpd
bad move?
uptime: 5w5d20h25m43s
version: 6.9
build-time: Jan/31/2014 11:18:19
free-memory: 3483.3MiB
total-memory: 3969.0MiB
cpu: tilegx
cpu-count: 36
cpu-frequency: 1200MHz
cpu-load: 15%
free-hdd-space: 903.6MiB
total-hdd-space: 1024.0MiB
architecture-name: tile
board-name: CCR1036-12G-4S
platform: MikroTik
In ROS 6.x bad performance DNS server. Try not to use DNS ROS 6.x.I have a CCR1036-12G-4S with the following running on it;
hotspot
PCC load balancing
2 Nat rules
I am seeing slow load times on webpages and I suspect a possible issue with DNS Caching. I am on v6.1 with firmware version 3.09. All packages installed are running v6.1 including user-manager.
Should I update to a newer version to possibly resolve the dns issue? If so what version seems to be the most stable, I see a lot of 6.5's possibly?
I have several CCR's in production now, all of them are running similar setups and seeing similar performance. all of them are on v6.1
I have RP Filter set to no currently. PCC setups are not designed to work if RP Filter is enabledmaybe SRPF impact. try disable RP filtering if used(usual/reasonal for bras/cpe only), temporally.
1Gb/sec NAT is fine for 1036.Does anybody use CCR for NAT?
I need about 1G of NAT.
Thank you. This is fantastic stuff. Where can we find more of this sort of thing? I highly suggest this is more visible to people like us browsing the forums. It actually answered a lot of my questions.Very useful information about CCR is available here:
http://mum.mikrotik.com/presentations/RU14/megis.pdf
Come to the MUM, that is what it's forThank you. This is fantastic stuff. Where can we find more of this sort of thing? I highly suggest this is more visible to people like us browsing the forums. It actually answered a lot of my questions.Very useful information about CCR is available here:
http://mum.mikrotik.com/presentations/RU14/megis.pdf
I am in New Zealand... not quite possible lol Maybe the next one in Australia.Come to the MUM, that is what it's forThank you. This is fantastic stuff. Where can we find more of this sort of thing? I highly suggest this is more visible to people like us browsing the forums. It actually answered a lot of my questions.Very useful information about CCR is available here:
http://mum.mikrotik.com/presentations/RU14/megis.pdf
+1Hello all
since yesterday I am using (in production environment) a CCR1016-12G with 6.13, as BGP router connected to two peers
anybody else using a CCR as BGP router, with a recent build, can report that the initial issues had been solved? I am a bit worried... since in the first four months of 2014 we tried several 6.x builds, and with most of them BGP was not error-free (the router crashed suddendly and needed a power cycling to restart; we have two other CCRs in production, without BGP, and they all have several months uptime with no issue at all)
Leo
I suspect it was this however it happened so quickly we could not check in real time. Our ccr usually ran at around 4-5%, however on the cacti graphs before a reboot I could see it hitting 70%. I know in V6 bgp is not multicore....What did CPU utilization for BGP look like during these outages?
SureJust out of curiosity, could you share your watchdog settings?
It's a tough one. Our CCR for BGP is also in our DC which is around 15min car drive from our office. We were originally running one CCR for OSPF, BGP, firewall rules, queues, natting etc which I think was our issue. Though it ran fine for +- 5 months like this. All of a sudden we were getting random reboots to an extent that it would reboot 10-15 times a day. We pulled the CCR out, put a new one in, copied config - same issue. We thought there may be a short in one of the cables comming from the roof of the DC to some of our antennas so we redid the cabling - same issue. Decided new config was need, disabled all config that was "bloat" - same issue. Swapped the SFP's - same issue. Ran BGP only on one SFP instead of three vlans over two SFP's - same issue. Eventually we decided to remove BGP off the CCR and revert to our unused Cisco7200 which we used when there was no such thing as a CCR. This ran fine for 2months. So diagnosed the issue was with BGP and the CPU which was backed up by our cacti graphs showing spikes before a reboot.we never enabled a watchdog on any MT router
should I do it, on the bgp ccr?
can I safely assume that, if I enable watchdog, next time that the ccr will have a BIG problem, it will reboot by itself, instead of crashing and needing somebody run there to power cycle it?
of course, I would be happier, if MT has sorted things out and with RC13 has already solved this issue; I am an optimistic person; I like to risk... actually I have already ordered one more ccr, a brand new CCR1016-12S-1S+, and would like to use it as our main bgp router
So far so good, touch woodHi paulsa,
What is your latest result?
No issues so far.keep us posted paulsa.
I suggest you to use RB1100AHx2 for this. This device is absolutelly stable - I got uptime more than 1 year for it with one Full BGP table for ROS 5.x and traffic up to 300M.Thanks for the information, I am shopping for a low cost router for my new colo space, I ordered 2 100MB connections and will use BPG. I was debating using the Cloud router however I need something 100% stable. The other products I was looking at was either a Ubiquiti Edgemax Pro, A pfsence box, or getting a used Cisco or Juniper router on ebay.
in 6.13 vpn implementation is far from stable. so if you Need this you have to use an older version. the most stable until now is 6.7 (at least for my usecase)So v6.13 seems stable? Anyone using a hotspot with usermanager? Anyone using PCC and needing to use allow remote dns use?
It is even the same deal with this in my eyes!Our redundant concentrator running 4.17 on a RB1000 has been working perfectly for years.
Thank you for sharing this information with us!in our case, UNTIL NOW, 6.13 seems stable, when used as BGP router; uptime 9 days
Yup, V6.13 seems stable for BGPin our case, UNTIL NOW, 6.13 seems stable, when used as BGP router; uptime 9 days
@dddIt is even the same deal with this in my eyes!Our redundant concentrator running 4.17 on a RB1000 has been working perfectly for years.
If they (MikroTik) is not inserting many new features the half of the crowd is crying loud,
and if all this fine things find their way in RouterOS and there are some failures or issues
the rest of the crowed is crying loud! And what to do now if you don´t want to loose clients?
-Would the way UBNT was going the right thing?
Fiddle out all things and then delivering the CCR Series
-Is this way the right one? But I really thing they (MikroTik) will never be able to test out
all different situations and set ups their clients are using and having installed in the field.
So less features, options and functions should be the goal?
For the other versions of RouterOS, likes x86, MIPSBE and PPC it would be right, I considerIn my opiniion sorting out major bugs has the highest priority and comes long before adding features.
Ok right and this was my question to the user ddd, should they do it like UBNT was doingthe situation now is that ccr is not usable in production because every new update that should solve some anoying bugs intruduces new bugs you have to work around. and it doesnot seem to get a lot better over time.
(selling only if the router is stable)
.
Ok quick and dirty, but the true, that was exactly what I personally want to know.If a product is not fit for purpose then it shouldn't be sold.
But this is a nearly unclear answer and on top in the total other direction, why?If a user wants to unlock the full feature set they can do so at their own risk.
For sure I consider, this could be a risk for MikroTik but if they get this device ready to workThe current stability issues are going it very difficult to trust these routers again.
(selling only if the router is stable)
.
If a product is not fit for purpose then it shouldn't be sold.
In the case of the CCR it seems its only stable under certain configurations. I believe it would be best to release a cut back version of the firmware that only allows tested and stable configuration / packages.
If a user wants to unlock the full feature set they can do so at their own risk.
The current stability issues are going it very difficult to trust these routers again.
I really respect your mind and I also must consider in some points, but not all as I want to say also.in my opinion the problem is the release cycle where they mix up versions with new features with bugfixes.(selling only if the router is stable)
.
If a product is not fit for purpose then it shouldn't be sold.
In the case of the CCR it seems its only stable under certain configurations. I believe it would be best to release a cut back version of the firmware that only allows tested and stable configuration / packages.
If a user wants to unlock the full feature set they can do so at their own risk.
The current stability issues are going it very difficult to trust these routers again.
i would like to see a 6.7.10 for example. 6.7 was stable, compared to the next versions and they should have fixed the bugs there and released some minor-minor version until 6.7.x is stable.
And this is the part I can´t consider to you, related to the circumstance that aso everybody would be happy and this plan would take some pressure from the development team to finally get out the "one first stable version" quickly.
But with this strategy i can decide if there is a stable Version with the Features i Need and if so i got to the shop an buy a MikroTik-router. otherwise i can always decide to take the risk of a Version with more features, but not so stable.And this is the part I can´t consider to you, related to the circumstance that a
first stable version with only the half activated feature set offered by RouterOS
or in other words without all from RouterOS given options and functions, only to
tell the whole public, "we have now the first reallystable release!"
Absolutely sure, I consider this is right! For us both or some peoples this would be perhapsBut with this strategy i can decide if there is a stable Version with the Features i Need and if so i got to the shop an buy a MikroTik-router. otherwise i can always decide to take the risk of a Version with more features, but not so stable.And this is the part I can´t consider to you, related to the circumstance that a
first stable version with only the half activated feature set offered by RouterOS
or in other words without all from RouterOS given options and functions, only to
tell the whole public, "we have now the first reallystable release!"
now i dont have the choice.
My CCR1009 is working great with 3 different subnets ... 1 on the bridge linking ether1-4 as switch group + ether 5 & 6 bonded for LACP + SFP+, ether 7 and 8 have their own subnets, with ether 8 actually leading to another router as backup WAN. Primary WAN (500Mbps symmetrical fibre) is on SFP.I have a very big problem with my CCR1009 with ROS 6.15, I prefix that I've bought it now so I test only with 6.12 and 6.15 but the problem persists.
The situation is this:
-ether1 with subnet 192.168.88.1/24
-ether2 with subnet 192.168.0.5/24
If a connect 2PC or router on the 2 different subnet I can't access the other subnet and I can't also ping.
The conf is very simply and with my rb951 work good with all versione of ros inclused 6.15.
I've already tried to do this, so I don't know what's the problem.My CCR1009 is working great with 3 different subnets ... 1 on the bridge linking ether1-4 as switch group + ether 5 & 6 bonded for LACP + SFP+, ether 7 and 8 have their own subnets, with ether 8 actually leading to another router as backup WAN. Primary WAN (500Mbps symmetrical fibre) is on SFP.I have a very big problem with my CCR1009 with ROS 6.15, I prefix that I've bought it now so I test only with 6.12 and 6.15 but the problem persists.
The situation is this:
-ether1 with subnet 192.168.88.1/24
-ether2 with subnet 192.168.0.5/24
If a connect 2PC or router on the 2 different subnet I can't access the other subnet and I can't also ping.
The conf is very simply and with my rb951 work good with all versione of ros inclused 6.15.
I'm not sure how you configure your CCR1009 but perhaps you can try putting the 2nd subnet on the non-switch group (i.e. ether 5 to 8 ).
ROS 6.15 / Firmware 3.13.I've already tried to do this, so I don't know what's the problem.
What ROS version and firmware do you have?
The firewall are disabled on every device.I would check firewalls on both PCs: Windows Firewall blocks ICMP not from local subnet at least in WinXP, for example
you can check with Tools -> Torch on both interfaces - I'm sure, there are packets received and transmitted
The default gateway of PC is 192.168.88.1, the ata has no gateway set like the other routerboard that I tried instead of the ata I putThis really should have been in a separate thread.
What is the default gateway on the 192.168.88.253 PC?
What is the default gateway on the 192.168.0.250 ATA?
Can the PC ping 192.168.0.5?
/ip route
add gateway=192.168.0.5
I forgotten the gatewayOn the 192.168.0.251 mikrotik,
If the 192.168.0.0/24 hosts don't know how to get back to 192.168.88.0/24, how can they respond to pings and traceroutes and web requests from devices in 192.168.88.0/24 or any other non-192.168.0.0/24 hosts?Code: Select all/ip route add gateway=192.168.0.5
Now that I'm on a real screen and not the smartphone...I forgotten the gateway :shock:On the 192.168.0.251 mikrotik,
Code: Select all/ip route add gateway=192.168.0.5
So now I added it and from the mikrotik 951 (192.168.0.251/24) I can reach the ccr1009 192.168.0.5 but not 192.168.88.0/24.
From the ccr1009 (precisely 192.168.88.1) I can't reach 192.168.0.251 despite I added the rule
Perhaps is needed static routing indirect?Code: Select alladd distance=1 gateway=192.168.0.251
If I set gateway 192.168.0.5 on rb951 it says me reachable but I can't reach 192.168.88.1.Now that I'm on a real screen and not the smartphone...I forgotten the gatewayOn the 192.168.0.251 mikrotik,
Code: Select all/ip route add gateway=192.168.0.5
So now I added it and from the mikrotik 951 (192.168.0.251/24) I can reach the ccr1009 192.168.0.5 but not 192.168.88.0/24.
From the ccr1009 (precisely 192.168.88.1) I can't reach 192.168.0.251 despite I added the rule
Perhaps is needed static routing indirect?Code: Select alladd distance=1 gateway=192.168.0.251
According to what you wrote, you told the 951 that it was its own default gateway. Set the gateway to 192.168.0.5.
I think really it would be better to look at the website from Tilera and not in the forum ofHi everyone,
I'm looking for detailed implementation information for the Tilera architecture.
Bare Metal and functions could be found in this white paper here:Basically, while considering CCRs as candidates to offload some tasks from Cisco and Juniper boxes, we'd like to get some deterministic scales based on the number of cores involved in each and avery bare-metal-implemented feature.
This can be revealed by this white paper from Tilera:Which features are implemented on bare tiles ? How many tiles per feature's scalability (i.e. core per x thousand L2TP session, core per y Gbps of switched or sampled traffic, etc...) ? Is there a dynamic ressource allocator or is it hardcoded ? If dynamic, how to proritize when oversubscribing ?
This is able to handle by a RB1100AHx2 without problems and by any kind of CCR200Mb on my WAN side.
about 300 customers connected using pppoe
not very complex firewall rules (35 filter rules, 25 nat rules and 15 mangle rules)
and 30 simple queues using pcq.
But my concern is that i will serve inet connection to my customers using JUST ONE ETHERNET on the LAN side.
More than 1 GBit/s it will not be passing if you only use one ethernet LAN port.Does it affect to the performance a MULTICORE router can afford?
It would not speeding up the entire and only 1 GBit/s uplink!Make sense to get a 16 or 32 core router with this topology limitation ?
Surely it can do the job also, but for a little bit more reserve I would suggest the 16 core orAs far as i can see a 9 core router can accomplish the load without issues...
Got yesterday a CCR-1009 8G 1SFP+1SFP and spent half an day for some documentations and manual,...Come to the MUM, that is what it's forThank you. This is fantastic stuff. Where can we find more of this sort of thing? I highly suggest this is more visible to people like us browsing the forums. It actually answered a lot of my questions.Very useful information about CCR is available here:
http://mum.mikrotik.com/presentations/RU14/megis.pdf
So made the mistake to get myself a CCR1036-8G-2S+
6.22 (3.19 firmware) *all* Ethernet ports connect at 10/Half Duplex (multiple switches/servers, multiple cables), *all* Ethernet ports receives 0 frames/packets according to Interface statistics.
Upgraded to 6.23 (3.20 firmware) *exactly* the same issue.
Nice. I have a USD1K door stop...
Same problem on 6.24 and RB2011, about 40mbit traffic heavy cpu load, port flaps regularly every 10minutes. Downgrade to 6.20 resolve the issue. Keeping 6.24 and LCD DISABLED solves the issue too.helloAnybody with this port flapping on the CCR, can you try disabling the LCD screen, and see if anything changes at all ?
we have this problem on x86 with v6.6rc1 28/10/2013 without package lcd
a+
Thierry
The Tilera CPU supports it, but motherboard - not supports. This document describes differences of pinouts ECC and not-ECC SoDIMM. So i was trying set up the modules KVR13LSE9S8/4 in my CCR1036-12G-4S and router does not work with them. Wrote this because could not found information about support ECC in CCR routers.The Tilera CPU supports it from the DDR3 controllers onboars, so it should work.Dear Normis!
The CCR-1036 support SO-DIMM ECC RAM memory ?
(...like: Kingston SO-DIMM 8 GB ECC DDR3-1333 x2)
What type of SO-DIMM memory is the best for the CCR-1036 ?
(ECC vs. NON ECC, 1333MHz vs. 1600MHz)
Please help choosing between these...
Thx.
Attila