Community discussions

MikroTik App

Search found 156 matches

by schadom
Tue Sep 14, 2021 9:24 pm
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 161570

Re: v7.1rc3 adds Docker (TM) compatible container support

Because it supports protocols that RouterOS doesn't? I wonder what's the point? Running container with routing engine ... on a router? Why not take a decent RPI (more RAM, user can choose decently sized storage) and run FRR there? Pair RPI with a decent managed switch and you have a winning combina...
by schadom
Wed Feb 03, 2021 11:24 pm
Forum: General
Topic: How to implement blackhole IPv6?
Replies: 2
Views: 1410

Re: How to implement blackhole IPv6?

Any updates on this?
by schadom
Sat Jan 30, 2021 4:25 pm
Forum: RouterOS beta
Topic: Feature request: per interface rp-filter
Replies: 9
Views: 4870

Re: Feature request: per interface rp-filter

+1111111111111
by schadom
Thu Jun 18, 2020 12:26 am
Forum: RouterOS beta
Topic: ROSv7b8 and RPKI
Replies: 10
Views: 4593

Re: ROSv7b8 and RPKI

Seems to be unfunctional / broken ...
by schadom
Tue Jun 16, 2020 2:44 am
Forum: Forwarding Protocols
Topic: Unicast Reverse Path Forwarding
Replies: 10
Views: 12263

Re: Unicast Reverse Path Forwarding

Mikrotik please consider making uRPF configurable on a per-interface basis instead of globally only. Like Cisco and others have it. The current implementation breaks asymmetric routing. Thanks
by schadom
Fri Apr 17, 2020 8:08 pm
Forum: RouterOS beta
Topic: Feature Request - BGP RPKI
Replies: 21
Views: 10883

Re: Feature Request - BGP RPKI

Hi mrz, Do you have an estimate of the release date for BGP in the development channel? Even if it's full of bugs or without RPKI ... but so that we have an idea of performance. Several of my clients have asked me for alternatives to Mikrotik because of the RouterOS 6's poor performance in learning...
by schadom
Sun Mar 15, 2020 3:41 am
Forum: RouterOS beta
Topic: Feature Request - BGP RPKI
Replies: 21
Views: 10883

Re: Feature Request - BGP RPKI

Any news on RPKI Route Origin Validation on ROS? As written above, there's an open source C library available under MIT license... http://rpki.realmv6.org/
by schadom
Mon Jan 27, 2020 8:22 pm
Forum: RouterOS beta
Topic: Feature Request - BGP RPKI
Replies: 21
Views: 10883

Re: Feature Request - BGP RPKI

Really excited to see some BGP development in V7 RPKI would be awesome. But I would be more than happy with decent BGP performance, including route ingestion and interactive lookup. By replacing their custom routing implementation (Quagga fork or whatever) with something more recent like the frrout...
by schadom
Thu Jan 23, 2020 9:31 pm
Forum: Wireless Networking
Topic: Any plans for 5G (cellular) products from MT yet?
Replies: 2
Views: 2908

Any plans for 5G (cellular) products from MT yet?

Asking for a friend... :)
by schadom
Thu Jan 23, 2020 8:51 pm
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 62849

Re: v6.46.2 [stable] is released!

Pride comes before a fall . Companies much larger than MikroTik have had to learn this valuable lesson. One more time ... please hire a Product Manager who understands your users . Yes, but please also some software QA guys that write automated tests to make at least some of the "fixed xxx int...
by schadom
Thu Jan 23, 2020 8:43 pm
Forum: RouterOS beta
Topic: Feature Request - BGP RPKI
Replies: 21
Views: 10883

Re: Feature Request - BGP RPKI

+1 Open-Source RPKI/RTR implementation in C available over at http://rpki.realmv6.org/
by schadom
Wed Jan 22, 2020 12:25 am
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 62849

Re: v6.46.2 [stable] is released!

SNMP related problem with CRS328-4C-20S-4S+ and combo ports. If combo ports´ copper port is used SNMP shows notPresent(6) although copper port is physically up and traffic flows. ... When I plug SFP in combo3 and use the copper port, then correct port status is reported. Correct status is also repo...
by schadom
Mon Jan 20, 2020 8:03 pm
Forum: Forwarding Protocols
Topic: Further BGP improvements?
Replies: 4
Views: 2971

Re: Further BGP improvements?

Yes, we are working on BGP at the moment. First beta with enabled BGP is coming soon.
Finally some great news, thanks!
by schadom
Mon Jan 20, 2020 3:30 am
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 62849

Re: v6.46.2 [stable] is released!

Looks like something has been changed with the SNMP MIKROTIK-MIB / IF-MIBs too. Starting with v6.46.x, combo interfaces are not visible within Observium monitoring anymore. Could you please update http://download2.mikrotik.com/Mikrotik.mib? mikrotikExperimentalModule MODULE-IDENTITY LAST-UPDATED &qu...
by schadom
Sat Jan 18, 2020 4:59 pm
Forum: Virtualization
Topic: vmware vsan connecting each host to two switch
Replies: 2
Views: 4868

Re: vmware vsan connecting each host to two switch

We have basically have the same setup just that we are using two CRS305-1G-4S+. No problems at all with VMWare, but we do not have both switches connected together directly. Each server has two 10G NICs, one connected to Switch A and one connected to switch B. Our storage is connected to both Switch...
by schadom
Sat Jan 18, 2020 4:18 pm
Forum: Forwarding Protocols
Topic: Further BGP improvements?
Replies: 4
Views: 2971

Further BGP improvements?

Are there any plans for further improvements to the current BGP routing implementation (like overall stability, convergence time, BGP4 SNMP MIBs, security features like RPKI and ROV, etc.) or can we safely replace all of our CCRs with frrouting in 2020? New features like Cloud, LoRa, etc. are intere...
by schadom
Thu Aug 08, 2019 9:16 pm
Forum: RouterBOARD hardware
Topic: Switch stacking?
Replies: 9
Views: 19025

Re: Switch stacking?

What about virtual stacking?
by schadom
Wed Aug 07, 2019 12:55 pm
Forum: Announcements
Topic: Newsletter #90
Replies: 55
Views: 40411

Re: Newsletter #90

You can choose between our legendary feature-packed RouterOS for booting or a simpler, but still powerful SwOS.
I LOL'd. Legendary in terms of what - the ROS v7 joke?
But the new switches are imho really sexy! Just fix the software please :-)
by schadom
Sun Aug 04, 2019 8:21 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 60824

Re: v6.45.3 [stable] is released!

*) crs317 - fixed multicast packet receiving (introduced in v6.45); *) hotspot - fixed default profile values not being used (introduced in v6.45); *) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2); *) supout - fixed SIM slot printing (introduced in v6.45); and once again mostly fixe...
by schadom
Fri Jul 26, 2019 2:31 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 205
Views: 86940

Re: v6.45.2 [stable] is released!

OpenVPN is not working anymore for us after upgrading to 6.45.1 and 6.45.2. OpenVPN clients are unable to get traffic from the OpenVPN-Net (10.10.10.x/24) to the Management Network (10.80.80.x/24). The IP Firewall in Winbox shows the following message on the rules which include the ovpn-instance: i...
by schadom
Fri Jul 26, 2019 2:22 pm
Forum: General
Topic: Ovpn server on separate pool cannot reach lan
Replies: 4
Views: 2406

Re: Ovpn server on separate pool cannot reach lan

Try adding this to the top of your mangle rules: /ip firewall mangle add action=accept chain=prerouting dst-address=10.255.255.0/24 in-interface=bridge I believe your rules are too loose and catching any traffic from your LAN to VPN IP ranges. That's what we get if the openvpn client tries to ping ...
by schadom
Fri Jul 26, 2019 1:54 pm
Forum: General
Topic: Ovpn server on separate pool cannot reach lan
Replies: 4
Views: 2406

Re: Ovpn server on separate pool cannot reach lan

We're experiencing the same problem after upgrading to 6.45.1 ...
It's time to finally throw all Mikrotik devices out of the window.
by schadom
Sun Jul 21, 2019 9:10 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 205
Views: 86940

Re: v6.45.2 [stable] is released!

OpenVPN is not working anymore for us after upgrading to 6.45.1 and 6.45.2. OpenVPN clients are unable to get traffic from the OpenVPN-Net (10.10.10.x/24) to the Management Network (10.80.80.x/24). The IP Firewall in Winbox shows the following message on the rules which include the ovpn-instance: in...
by schadom
Fri Apr 05, 2019 9:20 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 256007

Re: RouterOS v7.0 beta1 - when?

viewtopic.php?p=725088#p725088 — isn't that about authenticity? :)

dude, honestly i'm not here for the lulz. we work with business customers and we expect clear statements from MT so that we can plan our next hardware purchases.
by schadom
Fri Apr 05, 2019 6:55 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 256007

Re: RouterOS v7.0 beta1 - when?


@normis can you confirm the authenticity of this video? if real, this would be very nice!
by schadom
Wed Mar 13, 2019 2:14 pm
Forum: General
Topic: Feature request: BGP4-MIB (RFC 4273)
Replies: 34
Views: 11623

Re: Feature request: BGP4-MIB (RFC 4273)

Hey MT, any updates on BGP4 MIBs? This feature has been requested numerous times for over a decade now. Thanks
by schadom
Thu Mar 07, 2019 2:26 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2019: new hardware
Replies: 66
Views: 28496

Re: MUM Europe 2019: new hardware

No updates concerning ROSv7
No announcements on new CCR hardware with ARM64
No announcements on new RB hardware with ARM64

I feel blue.
by schadom
Thu Feb 28, 2019 9:42 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 256007

Re: RouterOS v7.0 beta1 - when?

+1 for increased BGP performance and security:
- faster routing table updates !!!
- faster route matching (via /ip route print where x)
- RPKI ROV support (see https://rpki.realmv6.org)
by schadom
Tue Feb 26, 2019 8:26 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 218
Views: 96534

Re: v6.44 [stable] is released!

Updated a CCR1009 and RB4011 without any issues. Great work MT!
Now please make us happy with some BGP improvements in 6.45 :-)
by schadom
Mon Feb 18, 2019 11:33 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 90
Views: 122488

Re: hardware idea for a multiport switch

Although higher port density would be nice, the design doesn't seem feasible to me. In my opinion you should better focus on new RB or CCR/CRS models which can be dual-mounted in 1U. I definitely see a market for such devices in cases where redundancy is required but budget and space are limited (fo...
by schadom
Mon Feb 18, 2019 11:28 pm
Forum: RouterBOARD hardware
Topic: RB4011 twin-tray 1U
Replies: 7
Views: 3242

Re: RB4011 twin-tray 1U

You might benefit from simply modding it yourself (take the board out and put it in a custom case).
No. I think a twin-tray version would sell very well.
by schadom
Sat Feb 16, 2019 2:06 pm
Forum: RouterBOARD hardware
Topic: RB4011 twin-tray 1U
Replies: 7
Views: 3242

RB4011 twin-tray 1U

I think it would be very nice to have smaller RBs4011s in the future which can be dual-mounted in 1U. This would be very beneficial in situations where space is limited but redundancy is required. Currently the RB4011iGS+RM has width of 228mm. Shrinking it to ~216mm width per unit would be awesome. ...
by schadom
Sat Feb 16, 2019 1:48 am
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN/CRS305-1G-4S+IN Tandem Tray
Replies: 9
Views: 3055

Re: CRS112-8P-4S-IN/CRS305-1G-4S+IN Tandem Tray

+1

i would love to have a future tandem-tray capable RB4011 or CCR router

Image
by schadom
Sun Feb 03, 2019 3:38 am
Forum: Forwarding Protocols
Topic: BGP tuning
Replies: 3
Views: 2501

Re: BGP tuning

Hi Mrz, Is this correct? chain=in prefix=8.8.8.0/24 prefix-length=24 invert-match=no action=passthrough set-bgp-weight=100 set-bgp-prepend-path="" I would apply this to the BGP1? Thanks! https://wiki.mikrotik.com/wiki/Manual:Routing/BGP https://wiki.mikrotik.com/wiki/Manual:BGP_Best_Path_...
by schadom
Fri Jan 11, 2019 1:08 am
Forum: Forwarding Protocols
Topic: Improve CLI route matching performance
Replies: 0
Views: 1586

Improve CLI route matching performance

Hello, could BGP route matching might be optimized in a future ROS release? For example ip route print detail without-paging where bgp-as-path~"15169\$" which should return all ~485 IPv4 prefixes for Google's AS15169 takes around 30 minutes for full output on an CCR1016 with two BGP full t...
by schadom
Fri Dec 14, 2018 8:34 pm
Forum: Forwarding Protocols
Topic: BGP w/ route filters issues
Replies: 2
Views: 1720

Re: BGP w/ route filters issues

Without actually having a look on your config it's hard to tell.
Please provide the output of /routing filter export and /routing bgp peer export hide-sensitive
by schadom
Fri Dec 07, 2018 10:35 am
Forum: General
Topic: Crowd Funding of v7
Replies: 32
Views: 12041

Re: Crowd Funding of v7

Mikrotik might consider dividing their software into different releases like Cisco does with IOS, IOS-XR and the SMB stuff.
You mean, like RouterOS and SwOS? :)
Lol yeah...
by schadom
Thu Dec 06, 2018 7:04 pm
Forum: General
Topic: RouterOS v7 Beta testers
Replies: 2
Views: 2025

RouterOS v7 Beta testers

Where to sign up? :)
by schadom
Thu Dec 06, 2018 7:00 pm
Forum: General
Topic: Crowd Funding of v7
Replies: 32
Views: 12041

Re: Crowd Funding of v7

Mikrotik might consider dividing their software into different releases like Cisco does with IOS, IOS-XR and the SMB stuff.
Requirements are simply too different. CCR as BGP edge router, an access point or a home router are simply not comparable.
by schadom
Mon Dec 03, 2018 10:36 pm
Forum: Virtualization
Topic: The CPU has been disabled by the guest operating system
Replies: 32
Views: 16502

Re: The CPU has been disabled by the guest operating system

We've encountered this particular error message already with other VMs after kernel panics occurred. As a workaround, you could try to edit the CPUID mask settings and check if the CHR-VM might boot again: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vm_admin.doc/GUID-E64FC69D-E8...
by schadom
Mon Dec 03, 2018 10:26 pm
Forum: Announcements
Topic: v6.43.7 [stable] is released!
Replies: 53
Views: 33839

Re: v6.43.7 [stable] is released!

What's new in 6.43.6 (2018-Nov-07 10:40):

(factory only release)

What's new in 6.43.5 (2018-Oct-25 12:37):

(factory only release)

Just wondering why two versions have been skipped? Never seen that before :-o
by schadom
Sun Dec 02, 2018 8:35 am
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631770

Re: Feature requests

I'd love to see some routing and BGP-related improvements and features (like RPKI Origin Validation). According to ROS changelogs, it's now almost over a year ago since the last BGP-related fix has been released: What's new in 6.41 (2017-Dec-22 11:55): ... *) bgp - added 32-bit private ASN support; ...
by schadom
Sun Dec 02, 2018 8:30 am
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 67
Views: 48178

Re: OpenVPN SHA256 + UDP

WTF?!?! I thinked that mikrotik realy cool device... this is unreal, openvpn client without support UDP!!! Without support SHA512 and SHA256. Same mikrotik don't support DoH (DNS over HTTPS) such as cloudflare and google! What kind of stupid developers creating and updating reuterOS ?! Calm down. A...
by schadom
Mon Nov 26, 2018 7:47 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 46393

Re: v6 RC and v7 BETA

BGP BGP BGP BGP BGP BGP BGP BGP.... \:D/
Agree with that. +1 for improved BGP performance and RPKI/ROV support.
by schadom
Fri Nov 23, 2018 9:15 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50775

Re: v6.43.4 [stable] is released!

Already tried that, no difference. From my perspective a reject rule without any attributes (inculding address-family) should always reject everything. address-family="" on the reject rule would only reject routes where address-family = NULL, which should never be true. If you want it to ...
by schadom
Fri Nov 23, 2018 9:09 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50775

Re: v6.43.4 [stable] is released!

I think the address-family="" in your reject rule is probably causing it to not match anything.
Already tried that, no difference. From my perspective a reject rule without any attributes (inculding address-family) should always reject everything.
by schadom
Fri Nov 23, 2018 8:47 pm
Forum: General
Topic: Crowd Funding of v7
Replies: 32
Views: 12041

Re: Crowd Funding of v7

Development takes time and resources. And when I say resources, I mean people-hours and brainpower. We are working on it, don't worry. @normis: Personally I believe that most of the issues are due to the closed source and properitary nature of most of the components used within ROS. Instead of re-i...
by schadom
Fri Nov 23, 2018 8:09 pm
Forum: Forwarding Protocols
Topic: BGP - Filtering 16-/32-bit Private-ASNs in AS_PATH
Replies: 1
Views: 1476

BGP - Filtering 16-/32-bit Private-ASNs in AS_PATH

Hello, we are currently using something like ... 0 chain=ixp-peer-in bgp-as-path=^6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5]$ invert-match=no action=discard 1 chain=ixp-peer-in bgp-as-path=^420[0-9][0-9][0-9][0-9][0-9][0-9][0-9]$ invert-match=no action=discar...
by schadom
Fri Nov 23, 2018 7:33 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50775

Re: v6.43.4 [stable] is released!

BGP route filtering seems broken starting with v6.43.x. Eample below. IXP Peering: > routing bgp peer print detail where name=AS_SOMEPEER Flags: X - disabled, E - established 0 E name="AS_SOMEPEER" instance=default remote-address=x.x.x.x remote-as=12345 tcp-md5-key="xxx" nexthop-...
by schadom
Wed Nov 21, 2018 1:07 am
Forum: Virtualization
Topic: Proxmox and CHR
Replies: 8
Views: 11356

Re: Proxmox and CHR

@ghusson As you are a consultant for proxmox. Can you please tell me the performance of proxmox on Mikrotik running as pppoe-server. I got very poor performance on all the servers. Mikrotik couldnt give me any answer other than "try hyper-V". In proxmox performance degrades after 800 pppo...
by schadom
Wed Nov 21, 2018 1:05 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 46393

Re: v6 RC and v7 BETA

And hopefully some new ARM64-based hardware as CCR replacement.
by schadom
Fri Nov 09, 2018 2:55 pm
Forum: General
Topic: Old kernel. Why?
Replies: 5
Views: 1960

Re: Old kernel. Why?

I hope they focus on developing their proprietary stuff in a way, so that kernel upgrades will be less of a hassle in the future like 4.x to 5.x
by schadom
Sun Nov 04, 2018 4:42 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 31528

Re: Newsletter #84

Have MikroTik ever had a discussion about the format of rackmounts. So to be able to mount TWO instead of only ONE RBx00x device in 1 rack-unit ? Would love to have the option of mounting 2 RBx00x devices in 1U instead of having to use 2U. See this example from Juniper SRX100: https://rickmur.com/w...
by schadom
Sat Nov 03, 2018 10:43 am
Forum: Virtualization
Topic: Where in US host Virtual RouterOS [SOLVED]
Replies: 7
Views: 15824

Re: Where in US host Virtual RouterOS [SOLVED]

AWS costs is around 10 EUR per month. Is there any other cheaper Cloud service dedicated or supported for RouterOS?

cheaper? serious? :lol:
by schadom
Fri Nov 02, 2018 2:18 pm
Forum: Virtualization
Topic: Where in US host Virtual RouterOS [SOLVED]
Replies: 7
Views: 15824

Re: Where in US host Virtual RouterOS [SOLVED]

AWS, Azure, Google, Rackspace, etc ...

AWS has an official CHR image on their marketplace: https://aws.amazon.com/marketplace/pp/B01E00PU50
by schadom
Wed Oct 31, 2018 9:09 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631770

Re: Feature requests

RPKI/ROV guys, please. No need to re-invent the wheel.
See RTRlib for a lightweight, open-source C library: http://rpki.realmv6.org/

PS: Perfect for a weekend hackathon @ Mikrotik HQ while the weather outside is bad ;-)
by schadom
Wed Oct 31, 2018 9:07 pm
Forum: General
Topic: RPKI
Replies: 49
Views: 19873

Re: RPKI

I'm sure it's just a matter of time before we cannot even peer in the in exchange without it. If you have valid ROAs for all your routes, no need to worry with IXPs or routeservers for now, although ultimately we also need to increase ROV adoption among networks, therefore we need routing software ...
by schadom
Wed Oct 31, 2018 8:54 pm
Forum: Forwarding Protocols
Topic: Feature request: RPKI/ROV
Replies: 2
Views: 1789

Feature request: RPKI/ROV

RPKI/ROV guys, please. No need to re-invent the wheel.
See RTRlib for a lightweight, open-source C library: http://rpki.realmv6.org/
by schadom
Tue Oct 23, 2018 1:55 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 46393

Re: v6 RC and v7 BETA

Screenshot 2018-10-23 at 08.41.39.png
And now a screenshot from a folder one level deeper please.
Just to make sure those are not empty folders ;-)
by schadom
Tue Oct 23, 2018 3:42 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 46393

Re: v6 RC and v7 BETA

Not yet, but soon
Image
by schadom
Mon Oct 22, 2018 4:55 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 64
Views: 38020

Re: MIkrotik BGP Monitoring

They are aware but they don't care :lol: According to their job listings page they are still looking for C/C++ and embedded systems devlopers in Latvia for over six months now! Frankly, to me it seems their development team is fully occupied with other stuff (ARM/NV2-mess, w60g, etc.) and they urge...
by schadom
Mon Oct 22, 2018 4:19 pm
Forum: General
Topic: RPKI
Replies: 49
Views: 19873

Re: RPKI

Some Internet Exchanges are going to start requiring RPKI validation to participate in 2019. MIKROTIK NEEDS TO RELEASE A RELIABLE RPKI IMPLEMENTATION BY THE END OF THE YEAR! Yes, SwissIX for example. MT please really consider to implement RPKI in ROS. Most other vendors already have it and the tren...
by schadom
Mon Oct 22, 2018 4:14 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 64
Views: 38020

Re: MIkrotik BGP Monitoring

Any update on BGP4 SNMP MIBs?
by schadom
Mon Oct 22, 2018 4:02 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50775

Re: v6.43.4 [stable] is released!

CCR1009, memory usage higher then normal and keep increasing slowly when compare to 6.42.7, I am talking about 100MB+ different, as I had schedule reboot so dunno if it just higher memory usage or leak. Upgraded our CCR1009s to 6.43.4 yesterday and no issues so far. In our case memory consumption e...
by schadom
Fri Oct 19, 2018 2:27 am
Forum: Beginner Basics
Topic: 6in4 endpoint
Replies: 4
Views: 2197

Re: 6in4 endpoint

Yes, you can. maybe anyone has an example? I know that ROS has /interface 6to4 but since 6in4 (STI) and 6to4 (STF) are NOT the same, the wiki article is misleading: https://wiki.mikrotik.com/wiki/Manual:IPv6_Overview#6to4_.286in4.29_tunnels https://en.wikipedia.org/wiki/6to4 https://en.wikipedia.or...
by schadom
Fri Oct 19, 2018 12:45 am
Forum: Beginner Basics
Topic: 6in4 endpoint
Replies: 4
Views: 2197

6in4 endpoint

hi, is it possible to configure a 6in4 (SIT) tunnel server / endpoint in ROS? not as client for a tunnelbroker like HE, but rather to act as a tunnelbroker itself. with iproute2 on linux this works with something like ip tunnel add tun-6in4 mode sit remote <client ipv4 addr> local <local ipv4> ip li...
by schadom
Mon Oct 15, 2018 2:38 pm
Forum: Virtualization
Topic: CHR license on router with no internet
Replies: 12
Views: 13149

Re: CHR license on router with no internet

Yes, it will keep working with full functionality, but will not allow upgrades. At least for now. Further restrictions could be added in time. @normis: Just as an idea wouldn't it be possible to integrate some kind of license generation tool over at mikrotik.com based on some sort of HW identifier ...
by schadom
Sun Oct 14, 2018 12:52 am
Forum: General
Topic: Jailbreak for RouterOS 6.43.2 released [SOLVED]
Replies: 17
Views: 9207

Re: Jailbreak for RouterOS 6.43.2 released [SOLVED]

making RouterOS great again.
RouterOS first! :lol:
by schadom
Sat Oct 13, 2018 5:09 pm
Forum: Announcements
Topic: URGENT security reminder
Replies: 83
Views: 67334

Re: URGENT security reminder

I don't agree with "automatic update" we already have too many problems with windows 10 (like the last update that erased a lot of data?) we don't want that with mikrotik, i need to trust my rigs, I know I trust mikrotik as it is now. We should have automatic security updates. Security up...
by schadom
Sat Oct 13, 2018 6:01 am
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 23475

Re: RB4011 vs. CCR1009 BGP

BlueField goes up to 16 A72 cores. It has PCIe 4.0 and 100GbE/IB.

http://www.mellanox.com/related-docs/np ... ld_SoC.pdf

That SoC indeed looks really nice.
by schadom
Fri Oct 12, 2018 9:45 pm
Forum: Announcements
Topic: URGENT security reminder
Replies: 83
Views: 67334

Re: URGENT security reminder

Top story at HN at the moment: Some Russian guy claims he secured 100k MT devices which were vulnerable and openly accessible via the internet. He added some firewall rules and left an informational message for the device owners, some of which recently reported here in the forums that their router a...
by schadom
Fri Oct 12, 2018 12:22 pm
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 23475

Re: RB4011 vs. CCR1009 BGP

Yes, we are aware of this peculiarity and we are working also on new routers that have higher power per core, not just many cores.
Awesome! Please consider a new CCR with ARM, 12G-4S+ and redudant PSUs.
Would be ideal for smaller environments where you have fiber uplinks and access with copper.
by schadom
Thu Oct 11, 2018 11:36 pm
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 23475

Re: RB4011 vs. CCR1009 BGP

Ok then what about a new CCR series with beefy x86 quad/hexa/octa/deca-cores ;-)
by schadom
Thu Oct 11, 2018 10:23 pm
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 23475

Re: RB4011 vs. CCR1009 BGP

Newer hardware is still needed because Mikrotik does not fit well all basic needs.
Of course it is, but throwing new hardware on the market still won't fix any of the existing software-related issues and limitations.
by schadom
Thu Oct 11, 2018 10:09 pm
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 23475

Re: RB4011 vs. CCR1009 BGP

Things improve over time. Improvement needs time, I agree, but many of the issues related to the routing-engine are known since at least 2012, the year in which the CCR-series and 6.x were released. Since then we've been told multiple times to just be patient and wait for ROSv7. Now it's 2018 and s...
by schadom
Thu Oct 11, 2018 8:25 pm
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 23475

Re: RB4011 vs. CCR1009 BGP

Thank you for the benchmark. The outcome of this must literally feel like a punch in the face for those business customers who bought the fairly expensive CCR1036 or CCR1072 models in the past. The new RB4011 seems to outperform the CCR-series in BGP convergence time - and that for just 200 bucks! @...
by schadom
Thu Oct 11, 2018 7:45 pm
Forum: General
Topic: RPKI
Replies: 49
Views: 19873

Re: RPKI

+1

We have plans for RPKI in RouteroS v7
MT might consider backporting RPKI from ROSv7 to 6.x :-)
by schadom
Thu Oct 11, 2018 5:03 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 85152

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

We encountered an issue with the /routing bgp advertisements print detail where ... command which seems to crash/reboot our CCR1009-7G-1C-1S+s running on 6.43.1. We have two BGP full feeds with each approx. 720k IPv4 and 58k IPv6 routes, Cymru feed with 105k bogon prefixes and we redistribute a full...
by schadom
Thu Oct 11, 2018 3:31 am
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 249
Views: 139046

Re: Feature Request: OpenVPN [ovpn] udp tunnels

from here :
https://www.reddit.com/r/Windscribe/com ... ard_setup/

how about SHA512 auth,
I can not use my windscribe account

+1 for sha256/sha512 in openvpn
seems it got implemented for ipsec recently
by schadom
Thu Oct 11, 2018 3:21 am
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631770

Re: Feature requests

MT please consider doing some BGP and routing-related fixes for christmas.
Would make A LOT of MT users very, very happy! Just to give some examples:
- multi-threading
- BGP4 SNMP MIBs
- better BGP convergence time
- faster route table searches
- fix ipv6 route reflection
- add RPKI support

:-)
by schadom
Sun Oct 07, 2018 9:36 pm
Forum: General
Topic: Mikrotik's long-term orientation/strategy
Replies: 1
Views: 1223

Mikrotik's long-term orientation/strategy

I'm wondering about Mikrotik's long-term orientation and strategy (if there is any)? As far as I'm aware of, besides the pretty active MT community and userbase, the fact that MT makes use of standard hardware components, your internally developed ROS-software seems to be among your biggest assets s...
by schadom
Sun Oct 07, 2018 7:18 pm
Forum: General
Topic: Is mikrotik a good choice?
Replies: 56
Views: 10256

Re: Is mikrotik a good choice?

Yeah, why not? For home-use, private projects and WISPs - Mikrotik is a great choice.
For serious businesses and enterprise MT currently is awful and a waste of money in my opinion.
by schadom
Sun Oct 07, 2018 6:54 pm
Forum: Forwarding Protocols
Topic: BGP IPv6 route reflection
Replies: 27
Views: 10955

Re: BGP IPv6 route reflection

It is indeed a slippery slope. What if MikroTik took us to the test and started some outside funding project on kickstarter (or whatever crowdfinance portal) in order to get major development done? This way we could (hopfeully) keep our beloved MikroTik HW+SW, but we could help advance their effort...
by schadom
Sat Sep 29, 2018 3:07 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 86
Views: 79762

Re: Point-to-point (/31) addresses

Is there any fundamental reason why mikrotik does not support RFC 3021, so it is compatible with other vendors (cisco) without problems?
Same as with many other things here...
Hundreds of requests by many customers over years and they simple ignore it :-(
by schadom
Tue Sep 18, 2018 11:34 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169156

Re: v6.44beta [testing] is released!

Remember that in MikroTik RouterOS, backup file is for restoring past configuration on the same device, not a safeguard against a lost or damaged device, for restoring on other devices, you should be using "export" config files. Why can't device-specific stuff like MAC-addresses simply be...
by schadom
Mon Sep 17, 2018 1:55 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 64
Views: 38020

Re: MIkrotik BGP Monitoring

Thread created at Wed May 22, 2013 7:14 am
bump
by schadom
Sun Sep 16, 2018 1:10 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169156

Re: v6.44beta [testing] is released!

Please consider some BGP fixes and improvements for 6.44: - make route matching via /ip route print where=.. with BGP full feeds faster - do not reset/re-establish a BGP session when it's comment is changed - improve overall BGP convergence time on CCR/tile + introduce BGP4 SNMP MIBs + introduce pri...
by schadom
Fri Sep 14, 2018 2:30 am
Forum: General
Topic: Strange password behavior, username or password invalid
Replies: 1
Views: 1581

Re: Strange password behavior, username or password invalid

Make sure you are using the latest Winbox release (v3.17) then it should work:
https://download.mikrotik.com/routeros/ ... winbox.exe

There had been some changes within the authentication process.
by schadom
Fri Sep 14, 2018 1:52 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70814

Re: v6.43 [current] is released!

Upgraded two CCRs to 6.43 and no issues (including the described ones above) so far. Only thing we noticed that the OpenVPN bridge was disabled after upgrading and we had to re-enable it manually. *) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet"; S...
by schadom
Wed Sep 12, 2018 3:12 pm
Forum: General
Topic: Feature Request: BGP4 SNMP MIBs
Replies: 1
Views: 1213

Feature Request: BGP4 SNMP MIBs

Hello,
please consider implementing BGP4 SNMP MIBs in a future ROS release.
This feature is long-awaited and was requested already years ago.

https://tools.ietf.org/html/rfc4273
http://www.oidview.com/mibs/0/BGP4-MIB.html

Thanks
by schadom
Tue Sep 11, 2018 5:40 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169156

Re: v6.44beta [testing] is released!

Would be very nice to see some routing (especially BGP, BGP4 SNMP MIBs, etc.) improvements for 6.44!
Also currently peering session re-connects when it's comment is changed in Winbox. This is annoying and could be changed.
by schadom
Fri Sep 07, 2018 1:40 am
Forum: Forwarding Protocols
Topic: BGP Peering Advice
Replies: 6
Views: 2295

Re: BGP Peering Advice

Hello.. I have a similar question and a problem I am facing for a while and have not received a proper solution. We have 2 bgp peers. Problem faced: No pages load all of a sudden no pages load. If we shutdown one peer everything works great. The only solutions is to restart the router. What it look...
by schadom
Fri Sep 07, 2018 1:37 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176608

Re: Winbox vulnerability: please upgrade

Actually old firewall protected router just fine. Users ef-ed up configuration and did not adjust firewall accordingly. Of course we will think about improvements, but there will always be the case when somebody change something and complain that router is not secure. Thanks mrz for all your effort...
by schadom
Thu Sep 06, 2018 3:41 am
Forum: RouterBOARD hardware
Topic: Linux and FRRouting on the CCR-series platform
Replies: 0
Views: 1187

Linux and FRRouting on the CCR-series platform

Has anyone ever managed to get a custom kernel running stable on the CCR-series (tilegx) hardware? I'm aware of some initiatives by the openwrt community but it seems it got silent around it a few months ago... https://forum.archive.openwrt.org/viewtopic.php?id=50897 Although there will be no offici...
by schadom
Thu Sep 06, 2018 3:15 am
Forum: Forwarding Protocols
Topic: BGP ECMP (multipathing)
Replies: 58
Views: 40122

Re: BGP ECMP (multipathing)

More than four (4) years since my initial post, and still there is no proper ECMP support ... Welcome to Mikrotik... I guess they should remove the "Router" from "RouterOS", as it seems there had been no progress on the routing engine for years now. Instead hundreds of fixes for...
by schadom
Thu Sep 06, 2018 2:22 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176608

Re: Winbox vulnerability: please upgrade

I deeply disappointed by Heise to not investigated further for them selves and inquire with Mikrotik. I had high regarded for Heise as a reliable and trustworthy news source. That they neglected the bugfix version and declared any version below 6.42.x as unsafe. That Heise made this blunder is shoc...
by schadom
Sat Aug 25, 2018 8:43 pm
Forum: General
Topic: Suggestion for improved ROS update/upgrade process
Replies: 4
Views: 2062

Re: Suggestion for improved ROS update/upgrade process

Before we did not all times had to update the firmware. If Mikrotikvonly increase the firmware version number if there has been a change to it in real you could spare yourself a load of second reboots. Or they combine package update and ROS firmware upgrade into a single process, which would be the...
by schadom
Sat Aug 25, 2018 3:42 pm
Forum: General
Topic: Suggestion for improved ROS update/upgrade process
Replies: 4
Views: 2062

Re: Suggestion for improved ROS update/upgrade process

This has been asked many times since the new routerboot firmware versioning but it has been ignored.
Hopefully they will fix it somewhen :-)
by schadom
Fri Aug 24, 2018 7:30 pm
Forum: General
Topic: Suggestion for improved ROS update/upgrade process
Replies: 4
Views: 2062

Suggestion for improved ROS update/upgrade process

The current ROS software update and firmware upgrade process is way too slow and time-consuming. While two reboots might be no problem for a home router or AP, in fact it is a HUGE PROBLEM for core routers having lots BGP sessions. In combination with the still very poor BGP convergence time on all ...
by schadom
Thu Aug 23, 2018 10:48 pm
Forum: Wireless Networking
Topic: aid for reboot for firmware and version upgrade
Replies: 5
Views: 1844

Re: aid for reboot for firmware and version upgrade

While two reboots might be no problem for a home router or AP, in fact it is a HUGE PROBLEM for core routers having lots BGP sessions. In combination with the still very poor BGP convergence time on all the CCR models, the current situation is very unsatisfactory. Mikrotik please finally fix the upd...
by schadom
Sun Aug 05, 2018 4:44 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 222311

Re: v6.43rc [release candidate] is released!

*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
"sfp-connector-type" is still falsely displayed as "LC" for S-RJ01 modules in Winbox and CLI
by schadom
Thu Aug 02, 2018 2:36 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

The main problem with Mikrotik/RouterOS in my opinion is the default "accept any", whereas it should be "reject any except..." instead. Mikrotik might consider shipping future ROS devices with a stronger default firewall ruleset which locks down all services except Winbox/SSH fro...
by schadom
Thu Aug 02, 2018 2:28 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]
Replies: 13
Views: 7833

Re: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]

I think the router cpu’s temperature not high.

Can't confirm that issue. Just checked some of our CCR1009's and their CPUs
are operating at around 50-58°C which is absolutely normal for TILE-Gx9 processors.
by schadom
Thu Aug 02, 2018 2:23 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 117
Views: 73534

Re: Security announcement blog

RSS is good, but will be nice to have some mailing list for security announcement and firmware update
+1 for security announcement mailinglist
by schadom
Thu Aug 02, 2018 2:20 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

Mikrotik did a good job in timely fixing and communicating the security issue with their customers. It's not their fault but many admins and device owners are just lazy or do not check the news. @MT: Maybe a security announcement mailinglist like other vendors offer them could be beneficial for the ...
by schadom
Tue Jul 31, 2018 4:30 am
Forum: General
Topic: [Request] RouterOS development/feature roadmap
Replies: 4
Views: 2816

Re: [Request] RouterOS development/feature roadmap

Yes sure, but how useful is a roadmap when it is not followed anyway? The actual route being taken depends much more on the ideas of the day than on a long term planning. It isn't even clear what market is being focused on. There used to be a direction towards businesses, with larger and more power...
by schadom
Sun Jul 29, 2018 3:31 am
Forum: General
Topic: [Request] RouterOS development/feature roadmap
Replies: 4
Views: 2816

Re: [Request] RouterOS development/feature roadmap

I'm not sure. In the past there have been lots of promises w.r.t. development and that has mostly lead to disappointment. But now, sometimes nice features suddenly appear in the RC version. While this might be true, for many business and enterprise cusomers the current situation of constantly hopin...
by schadom
Sat Jul 28, 2018 11:17 pm
Forum: General
Topic: [Request] RouterOS development/feature roadmap
Replies: 4
Views: 2816

[Request] RouterOS development/feature roadmap

Good evening,

I'm wondering why Mikrotik never considered publishing a development/feature roadmap for ROS?

I think this would be quite nice.

Thanks
by schadom
Sat Jul 28, 2018 5:12 am
Forum: General
Topic: BGP multithreaded
Replies: 18
Views: 10412

Re: BGP multithreaded

We currently have a CCR1072 with 2 full peers, 100 BGPv4 sessions and 120 routing filters. 0 firewall rules It works? Well, it's routing about 8gbps at peak hours. Maximum CPU usage is 10% (one core ALWAYS at 100%). Similar scenario here, although within a much smaller environment: * CCR1009-7G-1C-...
by schadom
Wed Jul 25, 2018 12:32 am
Forum: Announcements
Topic: v6.42.6 [current]
Replies: 102
Views: 63927

Re: v6.42.6 [current]

It's rather a design glitch than a bug but we noticed that the S-RJ01 modules in v6.42.6 are displayed with sfp-connector-type: LC instead of RJ45 in both Winbox and CLI:
winbox.png

Thanks
by schadom
Tue Jul 24, 2018 9:56 pm
Forum: General
Topic: ROS 7 Beta
Replies: 42
Views: 22140

Re: ROS 7 Beta

i will invite u to drink it with me :-) i can't believe for what i need 36 cores on tile .... Concerning the CCR/CRS'es, while being very ambitious at the beginning, to me it seems Mikrotik has lost it's interest in getting into the core-routing and -switching market. Maybe the competition among th...
by schadom
Sat Jul 14, 2018 12:45 am
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 64
Views: 38020

Re: MIkrotik BGP Monitoring

I hope that bgp monitoring with snmp will be implemented soon.
four years later and BGP4 MIBs are still missing in ROS :-(
by schadom
Mon Jul 09, 2018 9:03 pm
Forum: Forwarding Protocols
Topic: Matching routes for originating-AS is VERY slow
Replies: 4
Views: 2133

Re: Matching routes for originating-AS is VERY slow

Will we ever see some improvement here?
by schadom
Sun Jul 08, 2018 6:23 pm
Forum: Forwarding Protocols
Topic: Matching routes for originating-AS is VERY slow
Replies: 4
Views: 2133

Matching routes for originating-AS is VERY slow

Hi, we have a CCR1009 with a BGP full feed (~702.000 IPv4 and ~55.000 IPv6). Matching routes for a specific originating-AS eg. via ip route print detail where bgp-as-path~"15169\$" sometimes takes up to 5 minutes. The router is running on latest ROS 6.42.5 and CPU usage is at around 10% in...
by schadom
Sun Jul 08, 2018 2:05 am
Forum: General
Topic: Basic BGP improvements in ROS 6
Replies: 5
Views: 3068

Re: Basic BGP improvements in ROS 6

Can't we have some basic improvements to BGP in router OS 6, rather than waiting on the mythical v7?

- Commands like ip route print where... way too slow
- Multi-thread BGP
+111!!! and BGP4 SNMP MIBs
by schadom
Mon Jun 18, 2018 7:35 pm
Forum: General
Topic: New ROS OpenVPN bug or just noise?
Replies: 0
Views: 773

New ROS OpenVPN bug or just noise?

Hello, during the last 12-24h we noticed a lot of the following log entries below on our MT devices. The requests are mainly originating from China and Asia: 17:29:59 ovpn,info TCP connection established from x.x.x.x 17:29:59 ovpn,debug,error packet with wrong keyID 1, expected 0, dropping 17:29:59 ...
by schadom
Fri Jun 01, 2018 11:30 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 222311

Re: v6.43rc [release candidate] is released!

Will we ever see BGP4 SNMP MIBs on ROS? Please!
by schadom
Fri Jun 01, 2018 11:28 am
Forum: General
Topic: Kid Control Bug
Replies: 11
Views: 3603

Re: Kid Control Bug

bump
by schadom
Tue Apr 17, 2018 8:55 am
Forum: Forwarding Protocols
Topic: RFC7911
Replies: 2
Views: 1409

RFC7911

Short question; does ROS support RFC7911 - https://datatracker.ietf.org/doc/rfc7911/ ?

Thanks
by schadom
Mon Apr 16, 2018 2:52 am
Forum: General
Topic: Feature request: BGP4-MIB (RFC 4273)
Replies: 34
Views: 11623

Re: Feature request: BGP4-MIB (RFC 4273)

bump
by schadom
Mon Apr 16, 2018 1:36 am
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 67
Views: 48178

Re: OpenVPN SHA256 + UDP

bump
by schadom
Sat Apr 14, 2018 5:36 pm
Forum: Beginner Basics
Topic: How to clear log
Replies: 37
Views: 138965

Re: How to clear log

MTs argument is that such a feature would make it easier for an attacker to remove edvidence. I don't think so as there are also other ways around that (like the workaround with setting the lines to 1 and back) or just rebooting the device if logs are only kept in memory or simply wiping the logs on...
by schadom
Sat Apr 14, 2018 4:05 pm
Forum: Beginner Basics
Topic: CCR - Mikrotik Bridge usage with multiple Vlans
Replies: 6
Views: 2884

Re: Mikrotik Bridge usage with multiple Vlans

Unless you have a switch chip, its single bridge for all VLANs. Also, why are you explicitly disabling hardware offloading? You may also need to add the bridge name itself to the "tagged=" list for trunks to other devices. Thanks for the hint. The example given is from a CCR which does no...
by schadom
Sat Apr 14, 2018 3:45 pm
Forum: Beginner Basics
Topic: CCR - Mikrotik Bridge usage with multiple Vlans
Replies: 6
Views: 2884

Re: Mikrotik Bridge usage with multiple Vlans

Here is a presentation from the MUM in Berlin, explaining the new bridge implementation pretty well: https://www.youtube.com/watch?v=ZMMpza-O7_w&
Thanks!
by schadom
Thu Apr 12, 2018 12:47 am
Forum: Beginner Basics
Topic: CCR - Mikrotik Bridge usage with multiple Vlans
Replies: 6
Views: 2884

CCR - Mikrotik Bridge usage with multiple Vlans

Hi, I'm wondering about the new bridge implementation since 6.40.x. Is it recommended to have a single or multiple bridges when a bunch of tagged vlans should be bridged to different ether ports? For example, let's assume we have three physical ether ports (and no switch-chip) and three tagged vlans...
by schadom
Mon Apr 09, 2018 10:18 pm
Forum: General
Topic: New router OS
Replies: 49
Views: 57821

Re: New router OS

Steve is right. There is barely anything left in v7 that we haven't backported. Please enable openvpn udp support and also ability to manually enter ip for ovpn tunnel in pop profile that can be used for bgp next hop resolution.These two bugs are stopping me from using mikrotik for my DN42 network....
by schadom
Thu Apr 05, 2018 2:24 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 537
Views: 189406

Re: v6.42rc [release candidate] is released!

*) snmp - added w60g support;
BGP4 MIB (RFC 4273) next please :-)
by schadom
Sun Apr 01, 2018 5:28 pm
Forum: Forwarding Protocols
Topic: What Mikrotik product is the fastest for BGP with 10-gig load with 2 BGP feeds ?
Replies: 11
Views: 6086

Re: What Mikrotik product is the fastest for BGP with 10-gig load with 2 BGP feeds ?

Did not found how to pm here. Wonna honest answer? Go mx80 for your business. second that. if you could talk your upstreams into limiting your bgp-view (ie only local routes and no full feed) you might still have fun with CCRs. Would you mind elaborating a bit more in detail, why your suggestion to...
by schadom
Sat Mar 31, 2018 11:28 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 142381

Re: Urgent security advisory

We see a development (and others too) port scanning for winbox 8291 is dropping while port 2000 (bandwidth-test-service) is going strong. Also telnet ist still highly active with those hijacked mikrotiks. Can confirm this. Although no clue yet if port 2000 is used just for probing or if there is an...
by schadom
Sun Feb 04, 2018 11:11 pm
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 67
Views: 48178

Re: OpenVPN SHA256 + UDP

Would like to bump the feature request for SHA256 authentication. SHA1 is broken - https://shattered.io/
No need for other complicated features such as udp or lzo, as long as the current implementation is secure enough.

Thanks
by schadom
Sun Feb 04, 2018 9:37 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 104
Views: 32343

Re: v6.41.1 [current]

works good so far!
by schadom
Sat Sep 09, 2017 2:06 am
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 57579

Re: CHR suggestions for new functionality

Please check whether this OVA suits your needs and can be deployed on the ESXi without any additional steps: * It has SCSI drive * It has been exported from the ESXi https://www.mikrotik.com/download/share/RouterOS_CHR_SCSI.ova If this suits your needs we'll see how to automate the creation of such...
by schadom
Wed Sep 06, 2017 4:58 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 57579

Re: CHR suggestions for new functionality

In our build environment we use Qemu tools to convert images to various formats (qemu-img convert), including to VMDK. To convert a VMDK image created by Qemu to ESXi compatible format, VMWare tools (vmkfstools) are necessary. They are provided together with the ESXi server so you can do it on your...
by schadom
Mon Sep 04, 2017 10:38 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 57579

Re: CHR suggestions for new functionality

whenever that is.
haha :lol:
by schadom
Sun Sep 03, 2017 7:44 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 57579

Re: CHR suggestions for new functionality

My top three would be:

* open-vm-tools and xen-tools
* ova/ovf for ease-of-deployment
* BGP multicore support
by schadom
Wed Aug 16, 2017 1:32 am
Forum: Forwarding Protocols
Topic: Dual WAN routing policy + mangle rules [not working]
Replies: 10
Views: 37927

Re: Dual WAN routing policy + mangle rules [not working]

i have the same problem. any solution?
by schadom
Mon Aug 14, 2017 2:17 am
Forum: Forwarding Protocols
Topic: Use same gw/route for outbound traffic
Replies: 3
Views: 2079

Re: Use same gw/route for outbound traffic

Since you already do BGP just solve it with that. For ISP A, accept the same routes you prefer ISP B for but use AS path prepending and local preference to make them less preferred than the ISP B path. For ISP B, accept only the routes you want and prefer that link for those routes with normal BGP ...
by schadom
Wed Aug 09, 2017 3:49 am
Forum: Forwarding Protocols
Topic: Use same gw/route for outbound traffic
Replies: 3
Views: 2079

Use same gw/route for outbound traffic

Hello, I'm trying to implement some sort of policy routing by using connection- and routing marks in order to return incoming traffic on the same outbound path. Basically I'm having two upstreams ISP A and ISP B, which both send me a default-route via BGP. > ISP A is main-uplink (local-pref=200 and ...
by schadom
Wed Aug 02, 2017 3:47 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 81
Views: 36930

Re: CHR feature requests

Please add install iso file for CHR! It would massively easy up life for most of people(no need for separate guides and so on - just install from ISO like nearly any other system and it will work for cases like ProxMox where we don't have actual VM file but have compatible KVM ). +1 for ISO or OVF ...
by schadom
Mon Jul 31, 2017 2:57 am
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 359741

Re: Winbox 3.11 released!

Winbox 3.11 currently misses the "Dst. Address" filter attribute under IPv6 => Routes
Maybe this could be added in v3.12

Thanks
by schadom
Thu Jul 20, 2017 7:33 pm
Forum: General
Topic: [Feature Request] UPnP client for ROS
Replies: 15
Views: 5894

Re: [Feature Request] UPnP client for ROS

Short answer: no.
by schadom
Sun Jul 09, 2017 7:56 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631770

Re: Feature requests

Please add the 'Comments' column and the 'Add/Edit Comment Button' which is currently missing in WinBox 3.11 under Routing =>BGP => Networks Routing => BGP => Aggregates Interestingly it is available in Routing => OSPF => Networks, but missing in all of the other tabs While I personally prefer the C...
by schadom
Mon Jul 03, 2017 10:33 am
Forum: Virtualization
Topic: CHR - purchased license not applying on router
Replies: 12
Views: 5358

Re: CHR - purchased license not applying on router

Is the checkbox "Limited Upgrade" checked or not?
It's not checked.
by schadom
Fri Jun 30, 2017 9:30 am
Forum: Virtualization
Topic: CHR - purchased license not applying on router
Replies: 12
Views: 5358

Re: CHR - purchased license not applying on router

I think I (might) just have fixed this. What I did is I generated a new System ID on the CHR (Generate New ID), afterwards I logged into mikrotik.com and transfered the purchased license from the old System ID to the new one.

Edit: nope, still looks like a trial license
by schadom
Fri Jun 30, 2017 12:14 am
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 57624

Re: v6.39.2 [current]

Currently in 6.39.2 BGP sessions are reconnecting when adding/changing the comment of a session.
This makes no sense to me. Maybe this behaviour could be removed in an upcoming release?

Thanks
by schadom
Thu Jun 29, 2017 12:07 pm
Forum: Virtualization
Topic: CHR - purchased license not applying on router
Replies: 12
Views: 5358

Re: CHR - purchased license not applying on router

This kinda sucks. Any hints from MT staff/devs?

Thanks
by schadom
Thu Jun 29, 2017 12:05 pm
Forum: Forwarding Protocols
Topic: BGP session reconnects when adding/changing comments
Replies: 2
Views: 1016

BGP session reconnects when adding/changing comments

Hi,

currently in 6.39.2 BGP sessions are reconnecting when adding/changing the comment of a session.
This makes no sense to me. Maybe this behaviour could be removed in an upcoming release?

Thanks
Dominic
by schadom
Wed Jun 28, 2017 2:40 pm
Forum: Virtualization
Topic: CHR - purchased license not applying on router
Replies: 12
Views: 5358

Re: CHR - purchased license not applying on router

Any clues? Do I may just have to wait till 18.07. until the purchased license becomes active?
screenshot.png
by schadom
Wed Jun 28, 2017 2:36 pm
Forum: Virtualization
Topic: CHR Esxi increse disk size
Replies: 5
Views: 8971

Re: CHR Esxi increse disk size

Thanks for this vital information. I wish Mikrotik would create a separate manual for CHR installation in ESXi and include these vmkfstools instructions (they are REQUIRED!)
Or rely on industry standards such as OVF...
by schadom
Mon Jun 26, 2017 10:30 am
Forum: Virtualization
Topic: CHR - purchased license not applying on router
Replies: 12
Views: 5358

CHR - purchased license not applying on router

Hello, I've bought a P10-perpetual license for CHR. The license is visible and assigned to my CHR with the proper sytem-id xxxx within the license portal. It even updates the "Last Seen" value continuously, but the CHR still shows me the installed license as P1. I tried to perform a licens...
by schadom
Sun Jun 25, 2017 3:48 am
Forum: Forwarding Protocols
Topic: BGP Blackhole not working
Replies: 4
Views: 2567

BGP Blackhole not working

HI, i'm trying to blackhole a single IPv6 on my upstream (HE) via a filter rule attached to the BGP instance with out-filter . Unfortunately and no matter what I try, it seems I cant get this it to work. Maybe any hints? Attached my current config. Thanks in advance [rtradmin@core] /ipv6 address> pr...
by schadom
Sun Jun 25, 2017 3:03 am
Forum: General
Topic: IPv6 Ping does not work with domain names
Replies: 59
Views: 46712

Re: IPv6 Ping does not work with domain names

Still not really fixed in 6.39.2 ... [rtradmin@core] > /ping ipv6.google.com invalid value for argument address: invalid value of mac-address, mac address required invalid value for argument ipv6-address failure: dns name exists, but no appropriate record Although /ping [:resolve ipv6.google.com] wo...