Community discussions

MikroTik App

Search found 15 matches

by godzillante
Tue May 07, 2019 10:21 am
Forum: General
Topic: TLS problems with inbound routing via GRE
Replies: 3
Views: 586

Re: TLS problems with inbound routing via GRE

Hi,

I solved with the following mangle rule:
/ip firewall mangle
add action=change-mss chain=forward log-prefix="" new-mss=1436 passthrough=yes protocol=tcp src-address=xxx.yyy.www.zzz/24 tcp-flags=syn tcp-mss=1437-65535
where xxx.yyy.www.zzz is one of my own prefixes
by godzillante
Tue May 07, 2019 9:43 am
Forum: General
Topic: TLS problems with inbound routing via GRE
Replies: 3
Views: 586

Re: TLS problems with inbound routing via GRE

I'm 100% sure the problem is the GRE.
I just made a simple test by forcing a prefix to enter via a fiber provider and exit via another, reproducing thus the asymmetric routing: the problem doesn't happen.
by godzillante
Tue May 07, 2019 2:57 am
Forum: General
Topic: TLS problems with inbound routing via GRE
Replies: 3
Views: 586

TLS problems with inbound routing via GRE

Hi everyone, I'm running a multi-homed provider and recently subscribed an anti-ddos solution which allows me to announce my /24 prefixes through their network via GRE tunnel so they can scrub the traffic. Basically, the traffic enters my network through the GRE tunnel and exits through my fiber pro...
by godzillante
Fri May 03, 2019 10:54 am
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 123
Views: 46559

Re: v6.44.3 [stable] is released!

Also, your inlet air temperature seems to be 62C, maybe something else has failed?
Hi,

are you 100% sure that it refers to 'inlet' air temp and not some different sensors on the routerboard? Because the room can't be at 62°C (144°F)... unless their office is located in hell :mrgreen:
by godzillante
Thu Sep 27, 2018 6:44 pm
Forum: General
Topic: Using BGP - Can't ping with public IP
Replies: 2
Views: 968

Using BGP - Can't ping with public IP

Hi, I have a CCR1036 running v6.42.4 and configured with BGP routing. It works perfectly, except I can't reach the outside directly. For example, I can't simply ping 8.8.8.8 : [admin@router] > ping 8.8.8.8 SEQ HOST SIZE TTL TIME STATUS 0 no route to host 1 no route to host sent=2 received=0 packet-l...
by godzillante
Thu Jul 26, 2018 9:35 am
Forum: General
Topic: CRS1025 sudden locks down
Replies: 2
Views: 575

Re: CRS1025 sudden locks down

Hello,

after 6.41 I had to configure it as a router, there's no way to configure it as a switch (with master ports etc.)

Also, I need the firewall for my purposes
by godzillante
Wed Jul 25, 2018 7:43 pm
Forum: General
Topic: CRS1025 sudden locks down
Replies: 2
Views: 575

CRS1025 sudden locks down

Hi, I'm running a series of CSR2015 with very similar configuration. One of them suddenly locked down, with nothing but incoming traffic on the display (which looked like it was running anyway). I had to hard reboot it and it worked again without further problems. Can someone help me understand if t...
by godzillante
Fri May 18, 2018 4:06 pm
Forum: General
Topic: IPv6 BGP unreachable nexthop through loopback
Replies: 8
Views: 2289

Re: IPv6 BGP unreachable nexthop through loopback

The solution offered by MikroTik: If you are lucky, it will be solved with RouterOS v7!
viewtopic.php?f=14&t=42268#p425845

I was aware of that thread :lol: just hoping there might be some alternative solution... or even an hack :(
by godzillante
Fri May 18, 2018 12:17 pm
Forum: General
Topic: IPv6 BGP unreachable nexthop through loopback
Replies: 8
Views: 2289

Re: IPv6 BGP unreachable nexthop through loopback

Currently recursive routing will not work if gateway is link local address.
thank you mrz. so what's a possible solution?
I have other peers which allow BGP through a /126 or /127 ptp, but this one provider is not going to allow me.
by godzillante
Fri May 18, 2018 11:55 am
Forum: General
Topic: IPv6 BGP unreachable nexthop through loopback
Replies: 8
Views: 2289

IPv6 BGP unreachable nexthop through loopback

Hi, I'm running v6.38.1 on a CCR1036 and have the following scenario (real addresses and AS obscured for privacy): - loopback address set on a bridge /ipv6 address add address=aaaa:bbbb:ffff::1/128 advertise=no interface=bridge_myprovider_ipv6 - static route to provider's loopback: /ipv6 route add !...
by godzillante
Sat Mar 31, 2018 5:08 pm
Forum: Forwarding Protocols
Topic: Simulating blackhole in lab enviroment
Replies: 2
Views: 880

Re: Simulating blackhole in lab enviroment

Thank you very much! I'll give it a try as soon as I can
by godzillante
Thu Mar 29, 2018 6:38 pm
Forum: Forwarding Protocols
Topic: Simulating blackhole in lab enviroment
Replies: 2
Views: 880

Simulating blackhole in lab enviroment

Hi, I've built a lab setup with four routers, each of them running the latest ROS release (6.41.3). This is the scenario: R2 / \ C1 -- R1 R4 -- C2 \ / R3 I've configured BGP so that R1 and R4 are my endpoint routers (i.e. R1 is default gateway for C1 and R4 is default gateway for C2), and R2+R3 are ...
by godzillante
Mon Oct 16, 2017 5:16 pm
Forum: Forwarding Protocols
Topic: IPv6 PtP gateway unreachable [SOLVED]
Replies: 2
Views: 1137

Re: IPv6 PtP gateway unreachable [SOLVED]

I think I nailed it.

The provider handled me a /127 PtP address. I found on another topic that this prefix isn't supported on Mikrotik as default gateway. I changed the address with a /64 and it worked perfectly.
by godzillante
Mon Oct 16, 2017 12:42 pm
Forum: Forwarding Protocols
Topic: IPv6 PtP gateway unreachable [SOLVED]
Replies: 2
Views: 1137

IPv6 PtP gateway unreachable [SOLVED]

Hello, I'm doing BGP IPv6 peering with my fibre provider. I can reach their Ipv6 PtP address, but their router (an Alcatel Lucent) is announcing the PtP address as default gateway. This is marked as unreachable from my side. Another peer, from the same provider but using a Juniper router, is announc...
by godzillante
Tue Jul 25, 2017 1:17 pm
Forum: General
Topic: MAC<->IP association
Replies: 1
Views: 469

MAC<->IP association

Hello, I used to set some ACLs on CRS226 cloud switches, which allowed me to restrict access so that only a given IP and a given MAC could make traffic on a given switch port. It worked perfectly and was very easy to setup (https://wiki.mikrotik.com/wiki/Manual:CRS_features#ACL) Unfortunately the CR...