v6.36rc [release candidate] is released, wireless-fp package is discontinued!

timtasse · Tue May 31, 2016 1:15 am

i have tested the rc20 release on my rb3011.
interface flapping on ether6-10 is not solved.
now i have problems with fasttrack,
i have a mange rule to add a route mark to packets and if the connection is set to fasttrack it seems that is not added anymore, with stable this works without problems.

Tue May 31, 2016 8:09 am

timtasse - Please generate supout file on your device when it is not working as suspected and send this supout file to support@mikrotik.com together with problem description. We will try to find a solution.

netraider · Tue May 31, 2016 9:44 am

I`ve got hAP ac with RouterOS v6.35.2. But there`re some features in v6.36rc which are interesting me. What will you advice me ? Update to v6.36rc or wait for final release?

nkourtzis · Tue May 31, 2016 10:23 am

I`ve got hAP ac with RouterOS v6.35.2. But there`re some features in v6.36rc which are interesting me. What will you advice me ? Update to v6.36rc or wait for final release?

If it is a production unit, better wait. Say to yourself that v6.36 does not exist yet.

Tue May 31, 2016 11:17 am

On the other side if you don't mind to brick your device and play with netinstall or face the unwanted or unexpected behaviour you can try it. Your choice, but we have warned you.

Tue May 31, 2016 11:40 am

We are seeseeing issues with fasttrack on RB2011 with 6.36rc as well

I'll send support an email.

Tue May 31, 2016 3:39 pm

Version 6.36rc21 has been released.

Changes since previous version:
*) icmp - fixed kernel failure when icmp packet could not be processed on high load;
*) lte - Huawei MU609 must use latest firmware to work correctly;
*) lte - use only creg result codes as network status indications;
*) proxy - limit max ram usage to 80% for tile and x86 devices;
*) rb3011 - fixed reset button functionality;
*) snmp - fixed interface stats branch from MikroTik MIB;
*) snmp - report current access technology and cell id for lte modems;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Cha0s · Tue May 31, 2016 9:38 pm

*) firewall - added raw table to be able to disable connection tracking on selected packets or drop packets before connection tracking (CLI only)
Since 6.36rc8 it is possible to configure firewall rules in a raw table ("/ip firewall raw", "/ipv6 firewall raw"). These rules have two possible chains - prerouting and output which happens before connection tracking in packet flow.

There is action called "notrack". It means that you can select on which packets you want to use connection tracking. It is also possible to drop packets already before connection tracking.

These rules do not have firewall rule matchers that would depend on connection tracking like "connection-state".

Packets which match rules with action "notrack" also are not being fragmented. In past as soon as you loaded connection tracking packets were fragmented. Now even if connection tracking is on "notrack" packets are not being defragmented.

Now in regular firewall, there is new possible connection-state value called "untracked".

Basically, this raw firewall should be used to protect your devices against DDoS attacks.

I am trying to test this new feature but I haven't got any results yet.

I am matching udp packets on ports 2000-2100 to 'untrack' a bandwidth test passing through an RB850Gx2.
I don't see any difference in the cpu usage of firewall weather I enable or disable this 'untrack' rule.
It measures packets but no visible change in performance.

Can you provide any examples to play with?

Cha0s · Tue May 31, 2016 9:41 pm

Nevermind my previous question, I misunderstood what raw table is supposed to do.

Sob · Wed Jun 01, 2016 8:26 pm

*) firewall - allow to add domain name to address-lists (dynamic entries for resolved addresses will be added to specified list);

There's problem with CNAMEs, when more of them point to same host. If DNS contains records like this:

test.test.lan.   A       127.0.0.1
test1.test.lan.  CNAME   test.test.lan.
test2.test.lan.  CNAME   test.test.lan.

And you do:

/ip firewall address-list
add address=test1.test.lan list=test
add address=test2.test.lan list=test

Only one of them will get address resolved:

/ip firewall address-list print detail 
Flags: X - disabled, D - dynamic 
 0   list=test address=test1.test.lan dynamic=no 

 1 D ;;; test1.test.lan
     list=test address=127.0.0.1 dynamic=yes 

 2   list=test address=test2.test.lan dynamic=no

[/color]

Edit: On second thought, it's correct. It does not make sense to have same address in one list twice. With different lists it works fine. Sorry, my bad. The only valid concern might be when you add several hostnames and you don't know in advance that they resolve to same address, it might look like there's a problem, even though there isn't.

Thu Jun 02, 2016 12:59 am

Edit: On second thought, it's correct. It does not make sense to have same address in one list twice. With different lists it works fine. Sorry, my bad. The only valid concern might be when you add several hostnames and you don't know in advance that they resolve to same address, it might look like there's a problem, even though there isn't.

I was about to chime in with this

IntrusDave · Thu Jun 02, 2016 2:50 am

Version 6.36rc21 has been released.

Changes since previous version:
*) icmp - fixed kernel failure when icmp packet could not be processed on high load;
*) lte - Huawei MU609 must use latest firmware to work correctly;
*) lte - use only creg result codes as network status indications;
*) proxy - limit max ram usage to 80% for tile and x86 devices;
*) rb3011 - fixed reset button functionality;
*) snmp - fixed interface stats branch from MikroTik MIB;
*) snmp - report current access technology and cell id for lte modems;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Finally received my first RB3001 for testing. My first issue is minor....

/system resource print

is missing "cpu-frequency". Very minor, but I use it for my monitoring.

Vlad2 · Thu Jun 02, 2016 3:16 pm

Hello.
Working on equipment with CCR1016-12G
Use it in different offices, and in the configuration used Bonding and via bonding, I am use VLAN's and via VLAN's work with several ISP's and GRE-tunnels, of course in the logs there are errors, correcting for this error corrected already like, I'm talking about version 6.36rc21
*) bonding - fixed 802.3ad load balancing mode over tunnels;

Question to developers: is used as CCR - equipment, is it possible to early release the latest version (for example 6.35.3) very important and which are just needed now and urgently?
Sorry for English

JimmyNyholm · Fri Jun 03, 2016 10:45 am

*) tunnel - added option to auto detect tunnel local-address;

Can't Seem to find it?
Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that.

diorges · Sat Jun 04, 2016 7:34 pm

Please fix OSPFv3, Mikrotik isnt following the RFC.

https://tools.ietf.org/html/rfc5340#appendix-A.2

Zorro · Sat Jun 04, 2016 9:52 pm

Please fix OSPFv3, Mikrotik isnt following the RFC.

https://tools.ietf.org/html/rfc5340#appendix-A.2

perhaps you right, its "not completely imlemented" case. same about DNS, IPv6 stack and other things (like netfilter portions, RIP and etc generallty legacy stuff).

diorges · Sat Jun 04, 2016 10:26 pm

Please fix OSPFv3, Mikrotik isnt following the RFC.

https://tools.ietf.org/html/rfc5340#appendix-A.2
perhaps you right, its "not completely imlemented" case. same about DNS, IPv6 stack and other things (like netfilter portions, RIP and etc generallty legacy stuff).

I cant run OSPFv3 with an EdgeRouter, because of wrong RFC implementation of the Mikrotik.

Wed Jun 08, 2016 5:59 pm

Version 6.36rc27 has been released.

Changes since previous version:
*) dude - (changes discussed here: forum.mikrotik.com/viewtopic.php?f=8&t=108083 );
*) dude - server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from our cloud. So workstations on which client is used will require access to wan. Alternatively upgrade must be done by reinstalling the client on each new release;
*) address-list - make "dynamic=yes" as read-only option;
*) bonding - fixed bonding privmary slave assignment for ovpn interfaces after startup;
*) disk - added support for Plextor PX-G128M6e(A) SSD on CCR1072;
*) firewall - do not show disabled=no in export;
*) firewall - fixed spelling in built-in firewall commentary;
*) gps - fixed longitude seconds part;
*) lcd - reduced lowest backlight-timeout value from 5m to 30s;
*) logs - increase excessive multicast/broadcast warning threshold every time it is logged;
*) lte - removed option allow-roaming for Huawei ME909u and MU609 devices;
*) userman - fixed crash on database upload;
*) wireless-rep - fixed crash on nv2 reconnect;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

bajodel · Thu Jun 09, 2016 12:41 am

Version 6.36rc27 has been released.
.. cut ..
If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Rb3011 still doesn't see usb disk and partition's tool doesn't work..
[Ticket#2016052566000541]

Chupaka · Thu Jun 09, 2016 1:54 pm

*) address-list - make "dynamic=yes" as read-only option;

why-y-y?..

how to add dynamic entry in this version? the goal is excluding such entries from export and NOT writing them to NAND

it's also not possible to add it with very big timeout:

[admin@TestPlace] /ip firewall address-list> ad ad=99.88.77.77 list=test timeout=3000w
[admin@TestPlace] /ip firewall address-list> pr
Flags: X - disabled, D - dynamic 
 #   LIST                  ADDRESS                         TIMEOUT             
 0 D test                  99.88.77.77                     17w2d16h28m43s

looks like timeout=-1 works, but will it be supported in future?

Zorro · Sat Jun 11, 2016 2:37 pm

as for "dynamic-only" adress-list options - i still don' get whole idea of removing tweaking that option from ROS

if its used not for operrational management(eg marking and balancing, routing traffic)but for example for tracking emerging threats, then persistent elements in adress-lists - a must(preferably with timestamp in). i think that should remain tweakable. but not on "record-level" but on "adress-list level" to adjust it for Both purposes, depend needs.

JimmyNyholm · Sun Jun 12, 2016 3:40 am

*) tunnel - added option to auto detect tunnel local-address;

Can't Seem to find it?
Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that.

Bump... No Comment. Neither Winbox 3.4 nor the CLI is displaying anything on any tunnel interface about this feature. What is is about and where can I explore it?

IntrusDave · Sun Jun 12, 2016 7:31 am

as for "dynamic-only" adress-list options - i still don' get whole idea of removing tweaking that option from ROS
if its used not for operrational management(eg marking and balancing, routing traffic)but for example for tracking emerging threats, then persistent elements in adress-lists - a must(preferably with timestamp in). i think that should remain tweakable. but not on "record-level" but on "adress-list level" to adjust it for Both purposes, depend needs.

Address lists can still be dynamic. Creating an item with a timeout makes it dynamic. it really should not be a big issue. My scripts only required very minor changes.

Chupaka · Sun Jun 12, 2016 2:34 pm

Address lists can still be dynamic. Creating an item with a timeout makes it dynamic. it really should not be a big issue.

And what if I need infinite timeout?

IntrusDave · Sun Jun 12, 2016 6:37 pm

Address lists can still be dynamic. Creating an item with a timeout makes it dynamic. it really should not be a big issue.
And what if I need infinite timeout?

Wouldn't that be, by definition, static?

Chupaka · Sun Jun 12, 2016 10:23 pm

the answer was posted earlier:

how to add dynamic entry in this version? the goal is excluding such entries from export and NOT writing them to NAND

I don't want to backup some data that is continuously synced to billing system. and I don't want to kill NAND by writing that data to persistent storage

IntrusDave · Sun Jun 12, 2016 10:40 pm

That doesn't make sense. You want an item permanently in an address list, but you don't want it backed up and you don't want it saved?
Oh well.

There is always a work-around. We all know MT is going to do what they feel is best and we have to live with that. It sounds like your only option is to write a script that will refresh your permeant-dynamic lists.

Chupaka · Mon Jun 13, 2016 1:34 am

That doesn't make sense

well, config versioning and NAND resource doesn't make sense for you? welcome to the world of telecom

You want an item permanently in an address list, but you don't want it backed up and you don't want it saved?

exactly. if your router reboots once a year just for OS upgrade and in a few dozens seconds after that your billing system recreates all dynamic lists - you don't want them to disturb you in your everyday work

It sounds like your only option is to write a script that will refresh your permeant-dynamic lists.

sounds like working spike-nail, but the main question is: why silly destroy what was working before?

Mon Jun 13, 2016 11:52 am

v6.36rc28 has been released.

What's new in 6.36rc28 (2016-Jun-10 12:12):

*) dude - (changes discussed here: forum.mikrotik.com/viewtopic.php?f=8&t=108083 );
*) ipsec - add dead ph2 detection exception for windows msgid noncompilance with rfc;
*) lte - added cinterion pls8 support;
*) lte - fixed connection for huawei without cell info;
*) supout - erase panic data properly on Netinstall;

jondavy · Mon Jun 13, 2016 7:50 pm

and when we have this fundamental detail for monitoring the CAPs can be used professionally?

*) CapsMAN added CCQ field into Registration Table

I'm not the only one you need, this was already asked many times in the forum
because that way I will not use or recommend to my business clients

Zorro · Tue Jun 14, 2016 12:07 am

sounds like working spike-nail, but the main question is: why silly destroy what was working before?

thats EXACTLY my point.
there was number of situations, where you may need BOTH "dynamic" OR "static" entries in adress lists, used.

proximus · Tue Jun 14, 2016 3:36 pm

*) address-list - make "dynamic=yes" as read-only option;
why-y-y?..

how to add dynamic entry in this version? the goal is excluding such entries from export and NOT writing them to NAND

EXACTLY! This change was also made in 6.35.4. It makes no sense to eliminate a configuration capability that was working just fine. Perhaps MT could explain what the problem was that needed to be resolved by total removal of a configuration option.

raffav · Tue Jun 14, 2016 4:09 pm

Hello,
I am little lost what is that you are talking about, what was before and there is no more on address list

Chupaka · Tue Jun 14, 2016 6:35 pm

Before you was able to manually add dynamic entry without timeout. Now there's no such possibility.

Tue Jun 14, 2016 6:51 pm

*) tunnel - added option to auto detect tunnel local-address;

Can't Seem to find it?
Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that.
Bump... No Comment. Neither Winbox 3.4 nor the CLI is displaying anything on any tunnel interface about this feature. What is is about and where can I explore it?

Haven't played with this feature, but I would presume that leaving "local address" field empty is the way to invoke the auto detection....

raffav · Tue Jun 14, 2016 7:12 pm

Before you was able to manually add dynamic entry without timeout. Now there's no such possibility.

Thanks

But how was possible? Never used this function
Because I always set ip and hit ok for me that is a static entry

Tue Jun 14, 2016 7:17 pm

Before you was able to manually add dynamic entry without timeout. Now there's no such possibility.
Thanks

But how was possible? Never used this function
Because I always set ip and hit ok for me that is a static entry

He was adding them via command line, and including dynamic=yes in the command. Mikrotik has removed this ability going forward, so if you've never used this ability before, it's probably a bad idea to fall in love with it now.

raffav · Tue Jun 14, 2016 7:23 pm

Before you was able to manually add dynamic entry without timeout. Now there's no such possibility.
Thanks

But how was possible? Never used this function
Because I always set ip and hit ok for me that is a static entry
He was adding them via command line, and including dynamic=yes in the command. Mikrotik has removed this ability going forward, so if you've never used this ability before, it's probably a bad idea to fall in love with it now.

Thanks,
It just a curiosit,
maybe Mt removed for some reason/conflict or will be back with some improvements.

Zorro · Wed Jun 15, 2016 10:56 pm

*) address-list - make "dynamic=yes" as read-only option;
why-y-y?..

how to add dynamic entry in this version? the goal is excluding such entries from export and NOT writing them to NAND
EXACTLY! This change was also made in 6.35.4. It makes no sense to eliminate a configuration capability that was working just fine. Perhaps MT could explain what the problem was that needed to be resolved by total removal of a configuration option.

yeah. i used that in 3 things: 1. store 2rd stage emergin threats, detected. 2. entries for advertisment filtering, fetched and upadted periodically. 3. full bogons list. 4. unconditional "funky/hostile" datacenters, companies(spammers, offenders, malware, whatever else you may encounter in. aside moving to asia, chinaand pacific from central and east europe now its greatly shifted to NA and Africa s-holes in terms of percentage generated threats)
amount of oboard memory, l1, l2 cache size (&cores count), memory controller bandwidth - slightly limit usage for that, but its remain mainstream thing in other platforms for me aswell.

Wed Jun 15, 2016 11:49 pm

When the mystical unicorn that is ROSv7 comes out, it's supposed to have an enhancement to the routing filters with a new action of add prefix to address list.
This will open the gates for amazing dynamic realtime blacklists distributed via BGP, and would totally obviate the problem with the adding-as-dynamic issue (as being discussed here anyway)

alexjhart · Thu Jun 16, 2016 12:00 am

I'm wondering about v7 and v6.36

Chupaka · Thu Jun 16, 2016 4:22 am

This will open the gates for amazing dynamic realtime blacklists distributed via BGP, and would totally obviate the problem with the adding-as-dynamic issue (as being discussed here anyway)

I don't like the idea of establishing BGP peer to my billing system, sometime in a future. I prefer RouterOS API and now

notToNew · Thu Jun 16, 2016 7:52 pm

After Upgrade from 3.34.6, all NAT rules got
an non existing "in-interface-list" set.
Example

in-interface-list=*1389

resulting in all rules stopped working. The number (1389) is increasing in each rule.
when i remove this manually, everything seems to work.
I could only see this in NAT rules, all other firewall rules are ok.

Edit: After restoring a Backup, I had the same issue again. I wasn't able to set the int-interface-list with winbox. as soon as i applied the change, the int-interface-list switched to "unknown". In the CLI i saw again a strange value. Setting it with CLI worked as expected.

JimmyNyholm · Fri Jun 17, 2016 7:21 pm

*) tunnel - added option to auto detect tunnel local-address;

Can't Seem to find it?
Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that.
Bump... No Comment. Neither Winbox 3.4 nor the CLI is displaying anything on any tunnel interface about this feature. What is is about and where can I explore it?
Haven't played with this feature, but I would presume that leaving "local address" field empty is the way to invoke the auto detection....

OK. Then it is not possible with ipsec witch i was hoping for. when are we going to be able to set upp crypted tunnels from a dynamic localpoint without hasseling with scripts?

Fri Jun 17, 2016 8:06 pm

You may be able to accomplish what you want by using GRE or L2TP with hooks to IPSec available in those services.

andlommy · Sat Jun 18, 2016 12:09 pm

Problem reported earlier persists.

An L2TP tunnel stops routing traffic when any version later than 6.35 is installed.
Seems like fastpath/fasttrack isn't working.

Starting packet sniffer on the interface and all is working again. Stop packet sniffer - all breaks.
Revert back to 6.35 - all works

Sat Jun 18, 2016 4:44 pm

L2TP tunnel stops routing traffic when any version later than 6.35 is installed.
Seems like fastpath/fasttrack isn't working.

Do you use L2TP over IPsec? In case you do, please make sure your inner-tunnel IPsec traffic isn't fasttracked (otherwise it bypasses the IPsec policies). This is the expected behaviour.

Zorro · Mon Jun 20, 2016 7:26 pm

When the mystical unicorn that is ROSv7 comes out, it's supposed to have an enhancement to the routing filters with a new action of add prefix to address list.
This will open the gates for amazing dynamic realtime blacklists distributed via BGP, and would totally obviate the problem with the adding-as-dynamic issue (as being discussed here anyway)

that wasn't option in several applications "at all". also BGP usage imply rather bigger resource consumption, while adress lists implementation - would(and actually was. except DNS static overrides since i think ~ 6.10 or 6.11 somewhere)work perfectly even on mid to low -grade devices(sometimes with moderate impact on boottime, but that expected consequences/drawback).
that would eventually shit to writing stuff working over API, sadly. or switching vendor, which is even easier in most cases.
i use BGP-based stuff on some of my devices(usually that was fullbogons lists and portion of advertisement filtering), but that esentially Way more powerful things, generally CCR-grade stuff (or CCR's itself sometimes). whole beauty(despite overhead and amount efforts) of static lists is both wider range of platforms, where they usable, simplicity(they work even if whole BGP things collapse apart

and amount of control(pretty easy to overcome/hijack BGP stuff),security.
for similar purposes for exactly - even ancient things like RIP protocol - still had some use. they "not perfect" but lightweigh and "implemented anywhere"(compared to) and ~ working.
(not all SOHO devices had say for example OSPV 1/2/3 properly working or BGP, or LDP, let alone ancient things like EGP(that you may found yet in some "legacy" projects, sadly), but RIP 1/2 and RIPng - nearly anywhere).

JimmyNyholm · Wed Jun 22, 2016 12:19 am

You may be able to accomplish what you want by using GRE or L2TP with hooks to IPSec available in those services.

No I can't becaus if I specify crypto on tunnel interface then routeros complaint and localendpoint must be specified. This is truely unintuitive. I do understand that it is because of reasons with ipsec engine not able to handle dns and other stuff. But, if I want an encrypted tunnel with a dynamic internet connection it is messy to be polite. I can offcoruse solve this by using script but it is a bad user experience and the tunnel will surly go down till script is triggered again. This SHOULD be leaner, meaner, greater implemented with tunnels and ipsec supporting dns on local endpoint as they are now with remote end point. so why not the local endpoint?

Wed Jun 22, 2016 10:52 am

Version 6.36rc30 has been released.

Changes since previous version:

*) certificate - do not exit after card-verify;
*) console - fixed get false function;
*) dude - (changes discussed here: forum.mikrotik.com/viewtopic.php?f=8&t=108083 );
*) ipsec - fixed windows msgid check on x86 devices;
*) lte - added support for Huawei E3531;
*) lte - fixed modem init when pin request present;
*) mesh - fixed crash when connection references a mesh network but it is not available any more;
*) modem - added support for SpeedUP SU-900U modem;
*) queue - reset queue type on interfaces which default queue type changes to no-queue after upgrade;
*) rb3011 - fixed usb driver load (introduced in 6.36r22);
*) route - added suppport for more than 8 bits of options;
*) ssl - do not exit while there still are active sessions;
*) timezone - updated timezone information from tzdata2016e release;
*) upnp - fixed nat rule dst-port by making it visible again;
*) wireless-rep - fixed nstreme reset on poll timeout;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash

bajodel · Wed Jun 22, 2016 11:30 am

Version 6.36rc30 has been released.
*) rb3011 - fixed usb driver load (introduced in 6.36r22);

If you experience version related issues.. [cut]..

RB3011 on 6.36rc30 (rebooted 2 times after) doesn't see usb disk (USB kingston datatraveler 8GB); item present in system resources usb list but not in system disks.
Exactly the same as in [Ticket#2016052566000541] previosly submitted.

When do you plan to make partitions work on RB3011/ARM ?

Wed Jun 22, 2016 12:26 pm

bajodel - This is different fix for other issue.

bajodel · Wed Jun 22, 2016 1:21 pm

bajodel - This is different fix for other issue.

I got it, so I must wait..

Please.. answer.. when do you plan to make partitions work on RB3011/ARM ?

diablothebest · Tue Jun 28, 2016 12:49 pm

Last 24 hours Im update my x86 system to 6.36rc30.
Today we have issue with user manager! Web interface works - but anyone cant login, and admin to!
I send my server to reboot - and can't connect anymore! Man on another side power cycle server to normal boot!

Wed Jun 29, 2016 12:10 pm

Version 6.36rc33 has been released.

Changes since previous version:
*) dude - (changes discussed here: forum.mikrotik.com/viewtopic.php?f=8&t=108083 );
*) email - fixed send from winbox;
*) log - make logging process less aggressive on startup;
*) wap-ac - fixed performance problems with 2.4GHz wireless (additional reboot after upgrade required);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash

Cha0s · Wed Jun 29, 2016 1:35 pm

Hello,

I just gave IPFIX a try on version 6.36rc19 on a RB2011UAS and it seems that it exports the flows with 'random' timestamps in the year 1970.
The time on the RB2011 is correct (double checked).

Timestamp: Jul  5, 1970 11:05:20.000000000 GTB Daylight Time
Timestamp: Jul  5, 1970 11:38:40.000000000 GTB Daylight Time
Timestamp: Jul  5, 1970 12:12:00.000000000 GTB Daylight Time

Those netflow packets where exported to wireshark by mikrotik every 2 seconds.

The full capture:

No.     Time           Source                Destination           Protocol Length Info
 383778 748.591451000  10.10.153.218         10.26.35.34           CFLOW    542    IPFIX partial flow (500/5 bytes)

Frame 383778: 542 bytes on wire (4336 bits), 542 bytes captured (4336 bits) on interface 0
Ethernet II, Src: Routerbo_XX:XX:XX (XX:XX:XX:XX:XX:XX), Dst: YY:YY:YY:YY:YY:YY (YY:YY:YY:YY:YY:YY)
Internet Protocol Version 4, Src: 10.10.153.218 (10.10.153.218), Dst: 10.26.35.34 (10.26.35.34)
User Datagram Protocol, Src Port: 2055 (2055), Dst Port: 2055 (2055)
Cisco NetFlow/IPFIX
    Version: 10
    Length: 5
    Timestamp: Jul  5, 1970 11:05:20.000000000 GTB Daylight Time
        ExportTime: 16013120
    FlowSequence: 384
    Observation Domain Id: 0
    Set 1
        FlowSet Id: (Data) (258)
        FlowSet Length: 484
        Flow 1
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16010.600000000 seconds
                EndTime: 16010.600000000 seconds
            Packets: 3
            Octets: 192
            SrcPort: 2000
            DstPort: 39216
            InputInt: 4
            OutputInt: 0
            Protocol: 6
            IP ToS: 0x00
            TCP Flags: 0x18
            Destination Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            Post Source Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            SrcAddr: 10.10.153.217 (10.10.153.217)
            DstAddr: 10.10.153.218 (10.10.153.218)
            NextHop: 10.10.153.218 (10.10.153.218)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 64
            UDP Length: 0
            TCP Sequence Number: 1439408172
            TCP Acknowledgement Number: 786858282
            TCP Windows Size: 905
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.217 (10.10.153.217)
            Post NAT Destination IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 2
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16011.120000000 seconds
                EndTime: 16011.120000000 seconds
            Packets: 2
            Octets: 1056
            SrcPort: 2055
            DstPort: 2055
            InputInt: 0
            OutputInt: 4
            Protocol: 17
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.26.35.34 (10.26.35.34)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 255
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 528
            UDP Length: 508
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.26.35.34 (10.26.35.34)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 3
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16011.120000000 seconds
                EndTime: 16011.120000000 seconds
            Packets: 2
            Octets: 800
            SrcPort: 2055
            DstPort: 2055
            InputInt: 0
            OutputInt: 4
            Protocol: 17
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.69.110.21 (10.69.110.21)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 255
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 400
            UDP Length: 380
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.69.110.21 (10.69.110.21)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 4
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16012.000000000 seconds
                EndTime: 16012.000000000 seconds
            Packets: 3
            Octets: 194
            SrcPort: 33353
            DstPort: 179
            InputInt: 0
            OutputInt: 4
            Protocol: 6
            IP ToS: 0xc0
            TCP Flags: 0x18
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.10.153.217 (10.10.153.217)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 71
            UDP Length: 0
            TCP Sequence Number: 131047850
            TCP Acknowledgement Number: 1912585720
            TCP Windows Size: 1016
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.10.153.217 (10.10.153.217)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 5
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16012.000000000 seconds
                EndTime: 16012.000000000 seconds
            Packets: 3
            Octets: 175
            SrcPort: 179
            DstPort: 33353
            InputInt: 4
            OutputInt: 0
            Protocol: 6
            IP ToS: 0xc0
            TCP Flags: 0x10
            Destination Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            Post Source Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            SrcAddr: 10.10.153.217 (10.10.153.217)
            DstAddr: 10.10.153.218 (10.10.153.218)
            NextHop: 10.10.153.218 (10.10.153.218)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 52
            UDP Length: 0
            TCP Sequence Number: 1912585720
            TCP Acknowledgement Number: 131047869
            TCP Windows Size: 1082
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.217 (10.10.153.217)
            Post NAT Destination IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0

No.     Time           Source                Destination           Protocol Length Info
 384733 750.593356000  10.10.153.218         10.26.35.34           CFLOW    638    IPFIX partial flow (596/6 bytes)

Frame 384733: 638 bytes on wire (5104 bits), 638 bytes captured (5104 bits) on interface 0
Ethernet II, Src: Routerbo_XX:XX:XX (XX:XX:XX:XX:XX:XX), Dst: YY:YY:YY:YY:YY:YY (YY:YY:YY:YY:YY:YY)
Internet Protocol Version 4, Src: 10.10.153.218 (10.10.153.218), Dst: 10.26.35.34 (10.26.35.34)
User Datagram Protocol, Src Port: 2055 (2055), Dst Port: 2055 (2055)
Cisco NetFlow/IPFIX
    Version: 10
    Length: 6
    Timestamp: Jul  5, 1970 11:38:40.000000000 GTB Daylight Time
        ExportTime: 16015120
    FlowSequence: 385
    Observation Domain Id: 0
    Set 1
        FlowSet Id: (Data) (258)
        FlowSet Length: 580
        Flow 1
            IPVersion: 04
            [Duration: 1.820000000 seconds]
                StartTime: 16011.220000000 seconds
                EndTime: 16013.040000000 seconds
            Packets: 3
            Octets: 288
            SrcPort: 0
            DstPort: 0
            InputInt: 4
            OutputInt: 0
            Protocol: 1
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            Post Source Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            SrcAddr: 10.69.110.16 (10.69.110.16)
            DstAddr: 10.10.153.218 (10.10.153.218)
            NextHop: 10.10.153.218 (10.10.153.218)
            SrcMask: 0
            DstMask: 0
            IP TTL: 63
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 96
            UDP Length: 0
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 8
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.69.110.16 (10.69.110.16)
            Post NAT Destination IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 2
            IPVersion: 04
            [Duration: 1.820000000 seconds]
                StartTime: 16011.220000000 seconds
                EndTime: 16013.040000000 seconds
            Packets: 3
            Octets: 288
            SrcPort: 0
            DstPort: 0
            InputInt: 0
            OutputInt: 4
            Protocol: 1
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.69.110.16 (10.69.110.16)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 96
            UDP Length: 0
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.69.110.16 (10.69.110.16)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 3
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16013.120000000 seconds
                EndTime: 16013.120000000 seconds
            Packets: 2
            Octets: 1056
            SrcPort: 2055
            DstPort: 2055
            InputInt: 0
            OutputInt: 4
            Protocol: 17
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.26.35.34 (10.26.35.34)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 255
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 528
            UDP Length: 508
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.26.35.34 (10.26.35.34)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 4
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16013.120000000 seconds
                EndTime: 16013.120000000 seconds
            Packets: 2
            Octets: 800
            SrcPort: 2055
            DstPort: 2055
            InputInt: 0
            OutputInt: 4
            Protocol: 17
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.69.110.21 (10.69.110.21)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 255
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 400
            UDP Length: 380
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.69.110.21 (10.69.110.21)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 5
            IPVersion: 04
            [Duration: 1.010000000 seconds]
                StartTime: 16012.600000000 seconds
                EndTime: 16013.610000000 seconds
            Packets: 4
            Octets: 256
            SrcPort: 2000
            DstPort: 39216
            InputInt: 4
            OutputInt: 0
            Protocol: 6
            IP ToS: 0x00
            TCP Flags: 0x18
            Destination Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            Post Source Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            SrcAddr: 10.10.153.217 (10.10.153.217)
            DstAddr: 10.10.153.218 (10.10.153.218)
            NextHop: 10.10.153.218 (10.10.153.218)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 64
            UDP Length: 0
            TCP Sequence Number: 1439408196
            TCP Acknowledgement Number: 786858306
            TCP Windows Size: 905
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.217 (10.10.153.217)
            Post NAT Destination IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 6
            IPVersion: 04
            [Duration: 2.030000000 seconds]
                StartTime: 16011.580000000 seconds
                EndTime: 16013.610000000 seconds
            Packets: 9
            Octets: 528
            SrcPort: 39216
            DstPort: 2000
            InputInt: 0
            OutputInt: 4
            Protocol: 6
            IP ToS: 0x00
            TCP Flags: 0x18
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.10.153.217 (10.10.153.217)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 64
            UDP Length: 0
            TCP Sequence Number: 786858282
            TCP Acknowledgement Number: 1439408184
            TCP Windows Size: 913
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.10.153.217 (10.10.153.217)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0

No.     Time           Source                Destination           Protocol Length Info
 385861 752.592360000  10.10.153.218         10.26.35.34           CFLOW    830    IPFIX partial flow (788/8 bytes)

Frame 385861: 830 bytes on wire (6640 bits), 830 bytes captured (6640 bits) on interface 0
Ethernet II, Src: Routerbo_XX:XX:XX (XX:XX:XX:XX:XX:XX), Dst: YY:YY:YY:YY:YY:YY (YY:YY:YY:YY:YY:YY)
Internet Protocol Version 4, Src: 10.10.153.218 (10.10.153.218), Dst: 10.26.35.34 (10.26.35.34)
User Datagram Protocol, Src Port: 2055 (2055), Dst Port: 2055 (2055)
Cisco NetFlow/IPFIX
    Version: 10
    Length: 8
    Timestamp: Jul  5, 1970 12:12:00.000000000 GTB Daylight Time
        ExportTime: 16017120
    FlowSequence: 386
    Observation Domain Id: 0
    Set 1
        FlowSet Id: (Data) (258)
        FlowSet Length: 772
        Flow 1
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16014.870000000 seconds
                EndTime: 16014.870000000 seconds
            Packets: 2
            Octets: 192
            SrcPort: 0
            DstPort: 0
            InputInt: 4
            OutputInt: 0
            Protocol: 1
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            Post Source Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            SrcAddr: 10.69.110.16 (10.69.110.16)
            DstAddr: 10.10.153.218 (10.10.153.218)
            NextHop: 10.10.153.218 (10.10.153.218)
            SrcMask: 0
            DstMask: 0
            IP TTL: 63
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 96
            UDP Length: 0
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 8
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.69.110.16 (10.69.110.16)
            Post NAT Destination IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 2
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16014.870000000 seconds
                EndTime: 16014.870000000 seconds
            Packets: 2
            Octets: 192
            SrcPort: 0
            DstPort: 0
            InputInt: 0
            OutputInt: 4
            Protocol: 1
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.69.110.16 (10.69.110.16)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 96
            UDP Length: 0
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.69.110.16 (10.69.110.16)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 3
            IPVersion: 04
            [Duration: 27.660000000 seconds]
                StartTime: 15987.450000000 seconds
                EndTime: 16015.110000000 seconds
            Packets: 411
            Octets: 32667
            SrcPort: 65470
            DstPort: 8291
            InputInt: 4
            OutputInt: 0
            Protocol: 6
            IP ToS: 0x00
            TCP Flags: 0x18
            Destination Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            Post Source Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            SrcAddr: 10.26.35.34 (10.26.35.34)
            DstAddr: 10.10.153.218 (10.10.153.218)
            NextHop: 10.10.153.218 (10.10.153.218)
            SrcMask: 0
            DstMask: 0
            IP TTL: 61
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 523
            UDP Length: 0
            TCP Sequence Number: 537131081
            TCP Acknowledgement Number: 3081807626
            TCP Windows Size: 65184
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.26.35.34 (10.26.35.34)
            Post NAT Destination IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 4
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16015.120000000 seconds
                EndTime: 16015.120000000 seconds
            Packets: 2
            Octets: 1248
            SrcPort: 2055
            DstPort: 2055
            InputInt: 0
            OutputInt: 4
            Protocol: 17
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.26.35.34 (10.26.35.34)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 255
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 624
            UDP Length: 604
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.26.35.34 (10.26.35.34)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 5
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16015.120000000 seconds
                EndTime: 16015.120000000 seconds
            Packets: 2
            Octets: 936
            SrcPort: 2055
            DstPort: 2055
            InputInt: 0
            OutputInt: 4
            Protocol: 17
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.69.110.21 (10.69.110.21)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 255
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 468
            UDP Length: 448
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.69.110.21 (10.69.110.21)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 6
            IPVersion: 04
            [Duration: 0.000000000 seconds]
                StartTime: 16015.600000000 seconds
                EndTime: 16015.600000000 seconds
            Packets: 3
            Octets: 192
            SrcPort: 2000
            DstPort: 39216
            InputInt: 4
            OutputInt: 0
            Protocol: 6
            IP ToS: 0x00
            TCP Flags: 0x18
            Destination Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            Post Source Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            SrcAddr: 10.10.153.217 (10.10.153.217)
            DstAddr: 10.10.153.218 (10.10.153.218)
            NextHop: 10.10.153.218 (10.10.153.218)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 64
            UDP Length: 0
            TCP Sequence Number: 1439408232
            TCP Acknowledgement Number: 786858342
            TCP Windows Size: 905
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.217 (10.10.153.217)
            Post NAT Destination IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 7
            IPVersion: 04
            [Duration: 8.370000000 seconds]
                StartTime: 16007.320000000 seconds
                EndTime: 16015.690000000 seconds
            Packets: 50
            Octets: 3700
            SrcPort: 42989
            DstPort: 161
            InputInt: 4
            OutputInt: 0
            Protocol: 17
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            Post Source Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            SrcAddr: 10.69.110.15 (10.69.110.15)
            DstAddr: 10.10.153.218 (10.10.153.218)
            NextHop: 10.10.153.218 (10.10.153.218)
            SrcMask: 0
            DstMask: 0
            IP TTL: 63
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 74
            UDP Length: 54
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.69.110.15 (10.69.110.15)
            Post NAT Destination IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0
        Flow 8
            IPVersion: 04
            [Duration: 6.340000000 seconds]
                StartTime: 16009.350000000 seconds
                EndTime: 16015.690000000 seconds
            Packets: 48
            Octets: 3600
            SrcPort: 161
            DstPort: 42989
            InputInt: 0
            OutputInt: 4
            Protocol: 17
            IP ToS: 0x00
            TCP Flags: 0x00
            Destination Mac Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
            Post Source Mac Address: Routerbo_ZZ:ZZ:ZZ (ZZ:ZZ:ZZ:ZZ:ZZ:ZZ)
            SrcAddr: 10.10.153.218 (10.10.153.218)
            DstAddr: 10.69.110.15 (10.69.110.15)
            NextHop: 10.10.153.217 (10.10.153.217)
            SrcMask: 0
            DstMask: 0
            IP TTL: 64
            IsMulticast: 0
            IP Header Length: 5
            IP Total Length: 75
            UDP Length: 55
            TCP Sequence Number: 0
            TCP Acknowledgement Number: 0
            TCP Windows Size: 0
            IGMP Type: 0
            IPv4 ICMP Type: 0
            IPv4 ICMP Code: 0
            Post NAT Source IPv4 Address: 10.10.153.218 (10.10.153.218)
            Post NAT Destination IPv4 Address: 10.69.110.15 (10.69.110.15)
            Post NAPT Source Transport Port: 0
            Post NAPT Destination Transport Port: 0

Reverting back to NetFlow v9 the timestamp fields contain the right date/time.

Those bad timestamps cause software like nfacct/pmacct to insert bad data to the database.
Also it discards many flows due to bad sequence number (although checking the capture the sequence numbers seem ok. Maybe nfacct consults the timestamp along with the sequence number to detect if a received flow is valid)

Here's my traffic flow configuration:

> /ip traffic-flow export verbose
# may/29/2016 22:35:09 by RouterOS 6.36rc19
# software id = 
#
/ip traffic-flow
set active-flow-timeout=1m cache-entries=32k enabled=yes inactive-flow-timeout=1s interfaces=ether3-ibgp
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes \
    icmp-type=yes igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes ipv6-flow-label=yes is-multicast=yes \
    last-forwarded=yes nat-dst-address=yes nat-dst-port=yes nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes \
    protocol=yes src-address=yes src-address-mask=yes src-mac-address=yes src-port=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes \
    tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip traffic-flow target
add disabled=no dst-address=10.69.110.21 port=2055 src-address=0.0.0.0 v9-template-refresh=20 v9-template-timeout=1m version=9
add disabled=no dst-address=10.26.35.34 port=2055 src-address=0.0.0.0 v9-template-refresh=20 v9-template-timeout=1m version=ipfix

[Ticket#2016052966000463]

Any news on that?

Cha0s · Wed Jun 29, 2016 1:38 pm

Or any news on this? http://forum.mikrotik.com/viewtopic.php ... te#p527731

Ticket #2016052566000621

It's been over a month and I haven't even got a response on that ticket...

skl · Thu Jun 30, 2016 9:46 pm

*) wap-ac - fixed performance problems with 2.4GHz wireless (additional reboot after upgrade required);
After update signal become worse (wAP-ac working as repeater, main router hap AC). wAP-ac loosing connections constantly...

barkas · Fri Jul 01, 2016 10:45 am

bajodel - This is different fix for other issue.
I got it, so I must wait..
Please.. answer.. when do you plan to make partitions work on RB3011/ARM ?

Please

Naurislv · Fri Jul 01, 2016 11:34 am

*) wap-ac - fixed performance problems with 2.4GHz wireless (additional reboot after upgrade required);
After update signal become worse (wAP-ac working as repeater, main router hap AC). wAP-ac loosing connections constantly...

Did you enable wireless-rep package and upgrade firmware ? If it does no help, please write to support and add supout file in attachment.

skl · Fri Jul 01, 2016 11:00 pm

Yes wirelles -rep was enables. Version 6.36rc30 - everything was ok.

kimdobranski · Sun Jul 03, 2016 6:05 pm

Hi,

Would love it if WAN MAC address of Router was available as a form variable for the hotspot system.

Zorro · Wed Jul 06, 2016 12:57 am

comparing old "static entries" in adress-lists and "dynamic entries" with negative lifetime(basically ~ same functionality so far) i would admit that last one - make routers boot-up a LOT faster. so if you have say 15-50(and up to 0.4m on CCR's isn't extraordinary thing, but generally uncommon)k entries in you adress lists - you will notice it, perhaps.

Wed Jul 06, 2016 2:09 pm

Version 6.36rc36 has been released.

Changes since previous version:
*) clock - fixed time keeping for SXT ac, 911L, cAP, mAP lite, wAP;
*) dude - (changes discussed here: forum.mikrotik.com/viewtopic.php?f=8&t=108083);
*) ipsec - show remote peer address in error messages when possible;
*) lte - display message in lte,error log if no response received;
*) lte - display message in lte,error log when PIN is required;
*) modem - added support for Alcatel OneTouch X600;
*) upnp - fixed firewall rules not being dynamic;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash

Cha0s · Wed Jul 06, 2016 5:17 pm

Version 6.36rc36 has been released.

Changes since previous version:
*) clock - fixed time keeping for SXT ac, 911L, cAP, mAP lite, wAP;

I just tested my mAP Lite and clock works fine now.

Thanks!

diablothebest · Thu Jul 07, 2016 7:24 pm

We test this RC on two X86 machines! Use netinstall to make USB RoS flash! All machines reboot after RoS boot to login screen!

diablothebest · Thu Jul 07, 2016 8:24 pm

I'm try to install this RC to VM and get error in the end of instalation!
6.34.6 installs fine.

Fri Jul 08, 2016 2:57 pm

Version 6.36rc37 has been released.

Changes since previous version:
*) dude - (changes discussed here: forum.mikrotik.com/viewtopic.php?f=8&t=108083);
*) l2tp - fixed crash when rebooting or disabling l2tp while there are still active connections;
*) rb3011 - fixed usb storage mounting;
*) webfig - reduced refresh time for wireless registration table to 1 second;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash

ganewbie · Fri Jul 08, 2016 3:43 pm

*) l2tp - fixed crash when rebooting or disabling l2tp while there are still active connections;

Hello,
Is this issue is the one related to LNS setup?
Thanks,

I will answer my own question, yes, it is concerning the LNS setup, I got confirmation from Mikrotik.

solaoxo · Fri Jul 08, 2016 7:38 pm

/ip firewall nat
add action=masquerade chain=srcnat out-interface=!pppoe-out1 src-address=\
    192.168.88.8

This rule itself is outside the limit of pppoe-out1, why pppoe-out1 will fail after the break.

Zorro · Sat Jul 09, 2016 12:06 am

can i make suggestion about newly-implemented "raw table"?
its lack support for dragging/re-ordering rules there like in "firewall" and "nat", "mangle" was. that would be helpful i think.

Cha0s · Sat Jul 09, 2016 1:06 pm

can i make suggestion about newly-implemented "raw table"?
its lack support for dragging/re-ordering rules there like in "firewall" and "nat", "mangle" was. that would be helpful i think.

Re-ordering works the same as in the other tables.

Probably you don't have the raw table sorted by '#'. If it's sorted by any other field then you cannot move any rules. That goes for all tables, not just raw.

AICOM · Sat Jul 09, 2016 2:07 pm

I noticed lots of issues with the RB3011 router board, and unanswered questions. I'm new to the product and wondering if Mikrotik will provide adequate support for errors released on it's behalf. Are all of the bugs with RB3011 cured yet?

Cha0s · Sat Jul 09, 2016 2:16 pm

I noticed lots of issues with the RB3011 router board, and unanswered questions. I'm new to the product and wondering if Mikrotik will provide adequate support for errors released on it's behalf. Are all of the bugs with RB3011 cured yet?

To which bugs are you referring to?

I have an RB3011 and I don't have any issues. If you check the changelog you'll see that some 3011 related bugs are being fixed from release to release. So it's not an abandoned product.

kd6icz · Mon Jul 11, 2016 8:02 pm

UPnP stopped working after upgrading to rc37... Any suggestions? I'm dead in the water.

kd6icz · Tue Jul 12, 2016 12:17 am

Do you have a link to let me roll back my 3011 to rc30? The new build broke my UPnP and now my Plex isn't working. I just want to get it working again and rc30 worked great.

Thanks.

Tue Jul 12, 2016 7:20 am

kd6icz - Please send supout file from your device to support@mikrotik.com. UPnP in general is working with this version in our lab. Seems like it should be something specific.

Tue Jul 12, 2016 2:16 pm

Version 6.36rc39 has been released.

Changes since previous version:

*) chr - fixed CHR seeing its own system disk mounted as additional data disk;
*) dude - (changes discussed here: forum.mikrotik.com/viewtopic.php?f=8&t=108083);
*) ethernet - fixed incorrect ether1 link speed after reboot on rb4xx series routers;
*) firewall - fixed interface list matcher showing incorrect name for NAT rules;
*) lte - added support for ZTE ZM8620;
*) lte - added use-peer-dns option (will work only combined with add-default-route);
*) netinstall - fixed netinstall and cd install for x86 (broken since 6.36rc27);
*) pppoe - do not allow to send out bigger packets than l2mtu if mrru is provided;
*) rb2011 - fixed ether6-ether10 flapping when two ports from both switch chips are in the same bridge;
*) winbox - added arp-timeout setting to all ethernet like interfaces;
*) winbox - added domain name support for IPv6 address list;
*) winbox - do not allow to specify vlan-mode=no-tag in capsman datapath config;
*) winbox - do not show mode setting for WDS interfaces;
*) winbox - fixed crash when using ctrl+d;
*) winbox - make local-address optional for eoipv6, 6to4, ipip, ipipv6 & grev6;
*) winbox - renamed IPv6 "Raw rules" section to "Raw";
*) winbox - set default sa-learning value to "yes" for CRS Ingress VLAN Translation rules;
*) wireless - fixed multiple wireless packages enabled at the same time after upgrade;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash

solaoxo · Tue Jul 12, 2016 7:18 pm

/ip firewall nat
add action=masquerade chain=srcnat out-interface=!pppoe-out1 src-address=\
   192.168.88.8

This rule itself is outside the limit of pppoe-out1, why pppoe-out1 will fail after the break.

notToNew · Tue Jul 12, 2016 10:56 pm

Upgrade to rc39 changed all my FILTER-Firewall rules with interface-lists to "unknown", resulting in a not working
internet connection after the upgrade. NAT-Rules seem to be corrected, as this changelog tells.

I'm currently manually correcting them for 400 rules. My last compact-export is 6 days old.

*) firewall - fixed interface list matcher showing incorrect name for NAT rules;

NetHorror · Wed Jul 13, 2016 8:43 am

*) lte - added use-peer-dns option (will work only combined with add-default-route);

works fine on sxt lte. thanks (Ticket#2016062466000121)

zryny4 · Wed Jul 13, 2016 11:27 am

I see 90% of cpu load on hap ac lite, firewall drop and udp-flood about 25k p/s at 100mbit. On other router (EdgeRouter X) cpu load about 6%... tested with beststresser at 100mbit channel. Some people see 100% cpu load on hap ac at ~200mbit udp flood (firewall drop, not routing!)...
I can email profile screenshot.

Wed Jul 13, 2016 12:20 pm

Don't you have dns service opened to the wan port, do you?

Wed Jul 13, 2016 12:30 pm

Version 6.36rc40 has been released.

Changes since previous version:
*) dude - (changes discussed here: forum.mikrotik.com/viewtopic.php?f=8&t=108083);
*) lte - fixed modem network configuration version checks;
*) nat - fixed nat rule disappearance after reboot if interface-list was used (introduced in 6.36rc39);
*) pppoe - allow to set MTU and MRU higher than 1500 for PPPoE;
*) tunnel - fixed rare crash by specifying minimal header length immediately at tunnel initialization;
*) winbox - added 2ghz-g/n band for wireless-rep;
*) winbox - added icons to bridge filter actions similar to ip firewall;
*) winbox - do not show filter for combined fields like bgp-vpn4 RD;
*) winbox - improve filtering on list fields;
*) winbox - show action column as first in bridge firewall;
*) winbox - show error when telnet is not allowed because of permissions;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash

zryny4 · Wed Jul 13, 2016 5:04 pm

Don't you have dns service opened to the wan port, do you?

No, this is service beststresser.com. My firewall:

/ip firewall filter
add action=accept chain=input comment="default configuration" connection-state=established,related \
    log-prefix=""
add action=accept chain=input comment="default configuration" icmp-options=!5:0-255 log-prefix="" \
    protocol=icmp
add action=accept chain=input comment="igmp proxy" log-prefix="" protocol=igmp
add action=accept chain=input comment=traceroute connection-state=new dst-port=33430-33530 \
    log-prefix="" protocol=udp
add action=drop chain=input comment="default configuration" in-interface=wan1 log-prefix=""
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=\
    established,related log-prefix=""
add action=accept chain=forward comment="default configuration" connection-state=established,related \
    log-prefix=""
add action=drop chain=forward comment="default configuration" connection-state=invalid log-prefix=""
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat \
    connection-state=new in-interface=wan1 log-prefix=""

kez · Wed Jul 13, 2016 5:32 pm

Hello MTguys
I know Mikrotik has changed the ARP menu to show incomplete ARP entries, now we see 00:00:00:00:00:00 as ARP for non used IP addresses.
However, sometimes this behavior doesn't help, for example, a quick MAC auditing/counting. The default behavior for a lot of years has been changed.

Please, could you make a new setting inside IP -> Settings to hide incomplete ARP entries?

As you can see, mine is already enabled!

Thank you!

solaoxo · Wed Jul 13, 2016 6:42 pm

/ip firewall nat
[size=85][font=monospace]add action=masquerade chain=srcnat out-interface=!pppoe-out1 src-address=\[/font][/size]
   192.168.88.8

This rule itself is outside the limit of pppoe-out1, why pppoe-out1 will fail after the break.

diablothebest · Thu Jul 14, 2016 3:06 pm

Please Fix WebFig to correct view in ActiveConnections menu

Zorro · Thu Jul 14, 2016 11:25 pm

does anyone else had not working "Manual/Wiki" within WinBox since rc40? (on say HAP and HEX for example)
its not big deal, but quite unusual/infrequent for.
but delay/netflow jitter kinda decreased(unlikely MT backported some patches to kernel, but build with different config kinda may had same impact in countering bloatbuffering).

Olytitor · Fri Jul 15, 2016 2:08 pm

Guys, does not work (6.36rc40, wirwless-rep - yes)

/ interface wireless scan 0 save-file = file

Please check.
Thank you!

KBV · Tue Jul 19, 2016 12:48 pm

Firewall rules with interface list is not updated to version 6.36rc40

[admin@MikroTik-CHR-Dude] > /interface export compact
# jul/19/2016 15:29:29 by RouterOS 6.36rc30
# software id = 
#
/interface list
add name=TEST
/interface list member
add interface=ether1 list=TEST

admin@MikroTik-CHR-Dude] > /ip firewall export compact 
# jul/19/2016 15:29:36 by RouterOS 6.36rc30
# software id = 
#
/ip firewall filter
add action=accept chain=input in-interface-list=TEST log-prefix=""

[admin@MikroTik-CHR-Dude] > /interface export compact 
# jul/19/2016 15:31:53 by RouterOS 6.36rc40
# software id = 
#
/interface list
add name=TEST
/interface list member
add interface=ether1 list=TEST

admin@MikroTik-CHR-Dude] > /ip firewall export compact 
# jul/19/2016 15:32:01 by RouterOS 6.36rc40
# software id = 
#
/ip firewall filter
add action=accept chain=input in-interface-list="" log-prefix=""

After the update: add action=accept chain=input in-interface-list="" log-prefix=""

notToNew · Wed Jul 20, 2016 9:23 am

After the update: add action=accept chain=input in-interface-list="" log-prefix=""

Same here... router was not accessible after upgrade because of this. I had to write a script to manually add all interface-lists from a rc38 backup-file again.

Wed Jul 20, 2016 10:34 am

About interface list issue. While developing this feature we had to make some changes and now it works little bit differently than it did before. In rc40 you might lose inteface-list matcher value on firewall, but, if you will set it back, then in future after upgrades you should not lose it any more

anuser · Wed Jul 20, 2016 2:02 pm

So I upgraded from 6.35.2 to 6.36rc40 and now OSPFv3 doesn´t redistribute any connected routes, although I can see any other external routes but without any gateway displayed within Routing => OSPFv3 => Routes State is shown "full".

LynxChaus · Wed Jul 20, 2016 2:55 pm

strods, where your programmers found BROADCASTS addresses in IPv6?
Why in this configuration

/ipv6 address add address=fc00::1/126 advertise=no interface=vlan4091

ipv6 stack reply ITSELF for pings?

[admin@MikroTik] > ping fc00::0 count=5
  SEQ HOST                       SIZE TTL TIME  STATUS                                                                   
    0 fc00::1                      56  64 0ms   echo reply                                                               
    1 fc00::1                      56  64 0ms   echo reply                                                               
    2 fc00::1                      56  64 0ms   echo reply                                                               
    3 fc00::1                      56  64 0ms   echo reply                                                               
    4 fc00::1                      56  64 0ms   echo reply                                                                
    sent=5 received=5 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

Same for stable branch.

Thu Jul 21, 2016 10:41 am

Version 6.36 [current] has been released:
http://forum.mikrotik.com/viewtopic.php ... 88#p548188

Who is online