Community discussions

MikroTik App

Search found 23 matches

by subway
Tue Sep 08, 2020 1:15 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 282
Views: 71335

Re: v7.1beta2 [development] is released!

You can write the interface name manually and it will work even if there's no list from which you could easily select it. Thanks! Is this just a bug in the beta that the drop down list is not visible? After the upgrade the routes that had interfaces as gateway were all in red, and the interfaces we...
by subway
Sun Sep 06, 2020 11:13 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 282
Views: 71335

Re: v7.1beta2 [development] is released!

Bug: 1. After the upgrade (from latest stable), the PPPoE server was completely gone, but just that: the Secrets, Profiles and the rest of the PPP interfaces stayed. 2. After (or since) the upgrade, it is not possible to configure an interface as gateway under IP --> Routes. The only possibility is ...
by subway
Thu Aug 27, 2020 6:26 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 282
Views: 71335

Re: v7.1beta2 [development] is released!

What I tried to find out if the ROS 7 betas can run on anything else than ARM based devices? For example can it work on the CCRs?

Maybe a bit of clarification on the supported hardware would be nice as I cant find anything about that except for a single entry by Normis from 2019 (only ARM for now).
by subway
Fri Dec 27, 2019 2:07 pm
Forum: General
Topic: Packet Sniffer stops after 45 minutes
Replies: 4
Views: 853

Re: Packet Sniffer stops after 45 minutes

What I did is something similar: just added a second preroute sniff rule for the other interface, so now both sides are captured: chain=prerouting action=sniff-tzsp sniff-target=192.168.1.100 sniff-target-port=37008 protocol=sctp in-interface=sfp-sfpplus5 log=no log-prefix="" chain=prerouting action...
by subway
Fri Dec 27, 2019 3:51 am
Forum: General
Topic: Packet Sniffer stops after 45 minutes
Replies: 4
Views: 853

Re: Packet Sniffer stops after 45 minutes

Thanks! I already set up the "sniff TZSP" mangle rule. My only problem is that the output is "half sided". It means I receive only one direction of the packets (the incoming direction). How can I set this up to get the full bidirectional traffic? The protocol is SCTP by the way.
by subway
Thu Dec 26, 2019 9:09 pm
Forum: General
Topic: Packet Sniffer stops after 45 minutes
Replies: 4
Views: 853

Packet Sniffer stops after 45 minutes

I am using a CCR1072 with ROS 6.45.7, and I noticed that after 45 minutes, Packet Sniffer stops streaming packets to the preset server, although in Winbox it still indicates that it is "running". The same happens if I select a file instead of streaming. Can someone tell me if this is the "expected" ...
by subway
Wed Nov 13, 2019 12:54 pm
Forum: Announcements
Topic: v6.45.7 [stable] is released!
Replies: 104
Views: 42546

Re: v6.45.7 [stable] is released!

Please spawn a dedicated topic and provide the complete IPsec configuration there (proposals, peer profiles, identities - everything may matter, just use hide-sensitive while exporting to keep your keys secret, and obfuscate the public IP addresses following the hint in my automatic signature below...
by subway
Wed Nov 13, 2019 12:13 am
Forum: Announcements
Topic: v6.45.7 [stable] is released!
Replies: 104
Views: 42546

Re: v6.45.7 [stable] is released!

When will be fixed that Ipsec tunnels hung up? It starts from 6.45.4 and continues. Helps only clear connection. Same thing here on CCR1072. Updated to 6.45.7 (both routerboard and ROS), and it happened after 20 hours. The IPsec tunnel was still up, but no traffic was passing. The solution was to h...
by subway
Wed Jul 24, 2019 4:42 pm
Forum: General
Topic: Bond: link loss is not detected by Mikrotik (LACP)
Replies: 5
Views: 798

Re: Bond: link loss is not detected by Mikrotik (LACP)

You mean that MII alone is not able to detect outage if only a single direction of a fiber link is affected? So if I would enable auto nego, then the ethernet port would be able to detect the loss of the RX side loss and get the port state to down? The LACP group consists of two 10gig fiber links, s...
by subway
Tue Jul 23, 2019 6:08 pm
Forum: General
Topic: Bond: link loss is not detected by Mikrotik (LACP)
Replies: 5
Views: 798

Re: Bond: link loss is not detected by Mikrotik (LACP)

Hi, The link monitoring attribute of the bond is MII, and that is the only choice for 802.3ad mode (LACP). To add to this: the failing interface on the Mikrotik end might be in an UP state because it receives data from the server side, only the Mikrotik --> Server direction is at fault, therefor the...
by subway
Mon Jul 22, 2019 2:39 pm
Forum: General
Topic: Bond: link loss is not detected by Mikrotik (LACP)
Replies: 5
Views: 798

Bond: link loss is not detected by Mikrotik (LACP)

I have a CCR1072 with two 10gig interafces bonded together (LACP, L2 only, mainly for failover). I noticed that on the server side, one of the interface is down (the RX sid eof the link is at loss), and the server side LACP process also indicates the failing interface. The interesting thing is, on t...
by subway
Sat Jan 13, 2018 1:00 pm
Forum: General
Topic: CCR 1072 IPsec speed issue [SOLVED] [SOLVED]
Replies: 7
Views: 2041

Re: CCR 1072 IPsec speed issue [SOLVED] [SOLVED]

I see overflow on other routers where not using the managment ports. My definition of "overlow packets" is when the router gets to much packets in it cant place into queues. This easily happens when the input interface is 1G and the output interface is 100M. Or if there is flow control and the targ...
by subway
Thu Jan 04, 2018 12:07 am
Forum: General
Topic: CCR 1072 IPsec speed issue [SOLVED] [SOLVED]
Replies: 7
Views: 2041

Re: CCR 1072 IPsec speed issue [SOLVED]

Sounds like fragmentation issue to me. Did you try to set change MSS rules for TCP traffic or send packets from iperf with lower MTU? I am not sure if this answer was for me, but I tried to add a Mangle rule to clamp mss. Barely any traffic is counted by the rule and I still have 100% single core u...
by subway
Wed Jan 03, 2018 1:10 pm
Forum: General
Topic: CCR 1072 IPsec speed issue [SOLVED] [SOLVED]
Replies: 7
Views: 2041

CCR 1072 IPsec speed issue [SOLVED] [SOLVED]

Hi, We are running a CCR1072 as our core router (v6.41), with 3 IPsec site-to-site connections (SHA1/AES-CBC-128, should be HW accelerated). On the remote end there are CCR1036 routers. What I noticed is with a very low average CPU utilization (1-2%), the IPsec tunnels are maxed out at around 200Mbi...
by subway
Mon Jan 01, 2018 8:13 pm
Forum: General
Topic: IPsec: no phase2 after a few hours [6.40.4]
Replies: 7
Views: 6756

Re: IPsec: no phase2 after a few hours [6.40.4]

Just to add to this topic: The no phase2 issue is related to a "special" Mikrotik behvior, when multiple subnets are policy routed for the same two endpoints, Mikrotik shares the SAs instead of using unique SAs for each policy. After a while some of the policies for the same endpoints can indicate "...
by subway
Tue Dec 26, 2017 6:58 pm
Forum: General
Topic: Site-to-Site VPN/Tunnel with higher than 1500 byte MTU
Replies: 0
Views: 357

Site-to-Site VPN/Tunnel with higher than 1500 byte MTU

Hi, We have a few site-to-site connection (currently IPsec ESP) and the actual internet connection's maximum MTU is 1500 bytes. Is there any VPN/Tunelling technique to transaprentyl transmit 1600 byte MTU packets between the sites? Would be lovely to have this via/on top of IPsec, but if that is not...
by subway
Sat Oct 28, 2017 10:38 pm
Forum: General
Topic: IPsec: no phase2 after a few hours [6.40.4]
Replies: 7
Views: 6756

Re: IPsec: no phase2 after a few hours [6.40.4]

Yes, but when you change the topology you won't have this problem anymore because you do not require those multiple policies per peer that are so tricky to get working correctly between different vendors. Your choice. The problem is it does not work correctly even if its the same vendor. In our cas...
by subway
Fri Oct 13, 2017 1:30 pm
Forum: General
Topic: IPsec: no phase2 after a few hours [6.40.4]
Replies: 7
Views: 6756

IPsec: no phase2 after a few hours [6.40.4]

Hi, After I upgraded our core router from 6.36.4 to 6.40.4, I experienced that after hours of correct operation (10-12 somtimes 14 hours), the core router signals "no phase" for some of the policies, and it stops forwarding traffic. The strange thing is, it is not happening with all the policies and...
by subway
Fri Oct 13, 2017 1:13 pm
Forum: General
Topic: Intel SFP+ support?
Replies: 14
Views: 4254

Re: Intel SFP+ support?

Thanks, we will implement it like that.
by subway
Tue Oct 10, 2017 8:50 pm
Forum: General
Topic: Intel SFP+ support?
Replies: 14
Views: 4254

Re: Intel SFP+ support?

No, you're misunderstanding things... On the CCR side, you will use Mikrotik's 10G SFP+. On the Server side, you will use Intel's SPF+ You are not *required* to use the same make / brand of SFP interfaces on the optic itself. Intel just states that their NETWORK CARD only works with their SFP+ modu...
by subway
Tue Oct 10, 2017 3:57 pm
Forum: General
Topic: Intel SFP+ support?
Replies: 14
Views: 4254

Intel SFP+ support?

Hi, We are using a CCR1072-1G-8S+ as our core router. In the near future we will attach two 10gig links to it with a dualport Intel x710 with sr optics: https://www.intel.com/content/www/us/en/ethernet-products/optics-cables/ethernet-sfp-optics-brief.html?wapkw=intel%20SFP%20%20optics As Intel state...
by subway
Sat Oct 07, 2017 8:14 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 31865

Re: v6.40.4 [current]

Send your support.rif and all informations (link to this post also) to support@mikrotik.com I did that already. I also set up NTP for precise timing (previously there was no NTP configured), but that did not helped either. The starnge thing is that it takes quite a few hours for this probem to pres...
by subway
Sat Oct 07, 2017 2:09 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 31865

Re: v6.40.4 [current]

After upgrading from a fairly old version (6.36.2) to 6.40.4, we are experiencing massive IPsec issues. After hours of error free operation, without any notice, some IPsec policies are suddenly not applied anymore. The interesting part is that the tunnels are up, and some policies are still working ...