Community discussions

Search found 9 matches

by candlerb
Fri Aug 30, 2019 1:47 pm
Forum: General
Topic: IPv6 Routing Mark in Firewall > Mangle Rules
Replies: 49
Views: 10751

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Having had IPv6 via a tunnel broker for a long time, I now have another ISP connection with native IPv6. It would be *sooooo* helpful if I could policy-route packets with the old IPv6 source range down the tunnel, and packets with the new source range down the native connection. It would allow me to...
by candlerb
Fri Aug 17, 2018 7:08 pm
Forum: General
Topic: Feature request: BGP4-MIB (RFC 4273)
Replies: 32
Views: 5588

Re: Feature request: BGP4-MIB (RFC 4273)

# snmpbulkwalk ix-rtr2 1.3.6.1.4.1.9.9.187.1.2.5 SNMPv2-SMI::enterprises.9.9.187.1.2.5 = No Such Object available on this agent at this OID Sad face. So we're still forced to use the API. I was able to get check_bgp_mikrotik.pl plus MikroTik.pm to work, although a small patch to the latter is needed.
by candlerb
Wed Jul 25, 2018 11:57 am
Forum: General
Topic: BGP multithreaded
Replies: 17
Views: 4855

Re: BGP multithreaded

Forwarding and routing is good and fast as long as you keep all traffic in fastpath. It is a router not a firewall. True, but it is still good practice to do anti-spoofing filtering on a border router I also feel happier blocking traffic to the control plane with filters on the 'input' chain - you ...
by candlerb
Mon Jul 16, 2018 7:54 pm
Forum: General
Topic: VRRP received packet with bad checksum
Replies: 3
Views: 2241

Re: VRRP received packet with bad checksum

Did you get a solution to this? I am seeing exactly the same problem, here on CCR1036 running RouterOS 6.40.8; the VRRP partner is a Cisco 2901 running IOS 15.5(3)M7. VRRP version 3 has been configured on both sides. Flags: X - disabled, I - invalid, R - running, M - master, B - backup # NAME INTERF...
by candlerb
Fri Jul 06, 2018 7:41 pm
Forum: General
Topic: DNSSEC
Replies: 33
Views: 10289

Re: DNSSEC

I believe I got bitten by this today. On Ubuntu 16.04, with lxd 3.0.1 installed from xenial-backports, the following command consistently failed: root@nuc1:~# lxc launch images:debian/jessie/amd64 snf-image-jessie Creating snf-image-jessie Error: Failed container creation: Get https://images.linuxco...
by candlerb
Sun Sep 10, 2017 9:08 pm
Forum: Scripting
Topic: /export without line wrap?
Replies: 11
Views: 4478

Re: /export without line wrap?

My apologies, I did not read "output to the file". I guess file wrapping is same as login with no pseudo-tty.
by candlerb
Sun Sep 10, 2017 9:05 pm
Forum: Scripting
Topic: /export without line wrap?
Replies: 11
Views: 4478

Re: /export without line wrap?

output to the file is set to one constant line length and cannot be changed. That's not the case: if you've connected from Linux over ssh, and you drag the window narrower or wider and re-run /export , the line breaks are in a different place to match the new width. The mechanism is described here:...
by candlerb
Fri Jun 30, 2017 11:23 pm
Forum: RouterBOARD hardware
Topic: [SOLVED] hEX PoE not working with Copper SFP
Replies: 3
Views: 995

Re: hEX PoE not working with Copper SFP

Try forcing them to 1000/Full. I've seen a lot of SFP interfaces causing issues with auto negotiation, and normally forcing them to 1000/full on both sides causes the links to come up.
That was it:
/interface ethernet set 5 auto-negotiation=no
and suddenly it came up. Thank you!

Cheers,

Brian.
by candlerb
Fri Jun 30, 2017 12:19 am
Forum: RouterBOARD hardware
Topic: [SOLVED] hEX PoE not working with Copper SFP
Replies: 3
Views: 995

[SOLVED] hEX PoE not working with Copper SFP

Hello, I can't get my brand new hEX PoE to work with an Approved Optics copper SFP. I get no link light, however "interface ethernet monitor sfp1" shows that the SFP is detected (see below). I've tried two different SFPs, two different cables, and connecting both to a gig port on another computer an...