Community discussions

MikroTik App

Search found 83 matches

by netravnen
Fri Aug 16, 2024 9:08 pm
Forum: Forwarding Protocols
Topic: IS-IS docomentation
Replies: 2
Views: 485

Re: IS-IS docomentation

Nowhere. The Confluence space is the official DOCs. There are YouTube videos out from 3rd parties about how to set it up. Personally. I am still not fully satisfied with the stability of the IS-IS Daemon. Last I tried on 7.14. I had multiple devices where the IS-IS Daemon crashed after a few days. (...
by netravnen
Fri Aug 16, 2024 9:01 pm
Forum: SwOS
Topic: CRS310-8G+2S+IN Swos SFP+ Issue
Replies: 10
Views: 3927

Re: CRS310-8G+2S+IN Swos SFP+ Issue

I am all ROS. Due to using the device as a L3 HW-offloaded Switch.
by netravnen
Thu Aug 08, 2024 5:37 pm
Forum: Beginner Basics
Topic: Help Needed: MikroTik RB5009UG+S+IN Configuration for YouSee (VLAN 101 & DHCP)
Replies: 3
Views: 589

Re: Help Needed: MikroTik RB5009UG+S+IN Configuration for YouSee (VLAN 101 & DHCP)

Layer2 misconfiguration First Time Configuration Securing your router I recommend using Interface lists for matching incoming (and sometimes outgoing) interfaces in Firewall rules. Using interface lists your can implement a concept similar to security zones, if you wish to do so. Using interface li...
by netravnen
Thu Aug 08, 2024 5:35 pm
Forum: Beginner Basics
Topic: Help Needed: MikroTik RB5009UG+S+IN Configuration for YouSee (VLAN 101 & DHCP)
Replies: 3
Views: 589

Re: Help Needed: MikroTik RB5009UG+S+IN Configuration for YouSee (VLAN 101 & DHCP)

Could someone provide a detailed and complete configuration script that includes: The default configuration RouterOS ships with (minus the VLAN 101 tagged on WAN) will get you a good stride to the end goal. if you are looking for the bare minimal configuration to get started using your own Tik rout...
by netravnen
Tue Jul 30, 2024 9:41 pm
Forum: Forwarding Protocols
Topic: OSPF not working V7.15.1
Replies: 3
Views: 1398

Re: OSPF not working V7.15.1

Example /route/filter/rule chains add chain=v6private comment="IPv6 Private" disabled=no rule="if (dst in fc00::/7) {accept}" add chain=v6private comment="supernet" disabled=no rule="if (dst in 2001:db8:beef::/48 && dst-len in 60-64) {accept}" add chai...
by netravnen
Tue Jul 30, 2024 9:32 pm
Forum: Forwarding Protocols
Topic: I have a question about setting the VXLAN srcport on MikroTik.
Replies: 1
Views: 838

Re: I have a question about setting the VXLAN srcport on MikroTik.

From RFC7348 - Source Port: It is recommended that the UDP source port number be calculated using a hash of fields from the inner packet -- one example being a hash of the inner Ethernet frame's headers. This is to enable a level of entropy for the ECMP/load- balancing of the VM-to-VM traffic across...
by netravnen
Tue Jul 30, 2024 9:27 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 167
Views: 61543

Re: IS-IS

For me (RB1100AHx2, CRS309-8S+1G, both running 7.15.2 but confirmed on the RB1100AHx2 running 7.15.3) when IS-IS is configured on a VLAN interface that is a slave of a bridge, it kills fast path and fasttrack. I don't know if this is expected behaviour, but took me a couple of hours of digging toda...
by netravnen
Thu Jul 11, 2024 9:15 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 167
Views: 61543

Re: IS-IS

Hi all. If i specify isis level l2 only. [admin@RouterOS] /routing/isis/interface-template> print 0 instance=isis-instance-1 interfaces=eth1 levels=l2 ptp Mikrotik generate lsp with mistake isis.lsp.is_type field (wireshark notation) in binary 10. Juniper at other side print errors in logs "ba...
by netravnen
Thu Jul 11, 2024 7:14 pm
Forum: RouterBOARD hardware
Topic: CRS320-8P-8B-4S+RM LLDP
Replies: 1
Views: 679

Re: CRS320-8P-8B-4S+RM LLDP

Is there any chance this device to work with cisco AP or does it have LLDP LEAR 2? "LEAR 2"...? There have been several LLDP additions in the 7.15 - 7.16 branches. Including "LLDP MED Power TLV". https://help.mikrotik.com/docs/display/ROS/Neighbor+discovery#Neighbordiscovery-LLD...
by netravnen
Tue Jun 25, 2024 7:06 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 118709

Re: v7.16beta [testing] is released!

Please add a "Client MTU" option to wireguard peer configuration page, in order to set the MTU value in some occasion。 The interface MTU is device local. "Client MTU" must be set on the client side. For it to be part of the "Client Config" (that can be copy-paste) prov...
by netravnen
Fri Jun 21, 2024 12:11 am
Forum: Forwarding Protocols
Topic: Any movement for hardware offload of VXLAN?
Replies: 8
Views: 2635

Re: Any movement for hardware offload of VXLAN?

But yes, EVPN and VXLAN in hardware would be a killer.
MVP static VXLAN HW-offload support would be a killer, IMO.

Even if MT charged an extra (non-exorbitant(!), preferably non-recurring) license fee for it. That made the cost less than competing (more expensive) competitor product offerings.
by netravnen
Fri Jun 21, 2024 12:06 am
Forum: Virtualization
Topic: Increase CHR Free license limit to 10 Mbit/s
Replies: 33
Views: 3393

Re: Increase CHR Free license limit to 10 Mbit/s

With CHR you do not pay for a device and rather for a license, but it probably adds some overhead for Mikrotik, at least to handle these licences and ROS support. I don't think it's about overhead. It's about the fact that you are getting a lifetime license. You are basically funding all future upd...
by netravnen
Wed Jun 19, 2024 7:01 pm
Forum: Forwarding Protocols
Topic: OSPF not working V7.15.1
Replies: 3
Views: 1398

Re: OSPF not working V7.15.1

To confirm, You have read https://help.mikrotik.com/docs/display/ROS/OSPF... ? Example config I use (values randomised) on 7.14.3/7.15.1/7.16beta2. /routing ospf instance add in-filter-chain=ospf2-in name=ospf2-main originate-default=if-installed out-filter-chain=ospf2-out redistribute=connected,sta...
by netravnen
Wed Jun 19, 2024 6:47 pm
Forum: Forwarding Protocols
Topic: IEEE1588 PTPv2 support for CRS317
Replies: 29
Views: 98543

Re: IEEE1588 PTPv2 support for CRS317

RouterOS version 7.16 onward adds protocol support for:

CCR2116-12G-4S+
CCR2216-1G-12XS-2XQ
CRS518-16XS-2XQ
CRS504-4XQ
CRS510-8XS-2XQ
Looks promising with the expanded PTP support on newer devices in 7.16.
by netravnen
Sun Jun 16, 2024 5:22 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 118709

Re: v7.16beta [testing] is released!

RouterOS version 7.16beta has been released on the "v7 testing" channel! https://mikrotik.com/product/product_generated_in_2024_04_03_16_41_07 After upgrading to 7.16beta[1-2] I have two LTE interfaces instead of a single LTE interface on RBLHGGR...? This behaviour is only visibile after ...
by netravnen
Thu May 30, 2024 7:19 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 655
Views: 257018

Re: v7.15 [stable] is released!

*) ptp - added PTP support for CCR2116 device; :) [admin@ccr2116] > /system/ptp bad command name ptp (line 1 column 9) :-( The PTP functionality seems to not be accessible in neither Winbox, nor the CLI... [admin@ccr2116] > /system/routerboard/print routerboard: yes model: CCR2116-12G-4S+ serial-nu...
by netravnen
Tue Jan 02, 2024 2:19 pm
Forum: General
Topic: advice/pitfalls of switch rule set vlan from mac
Replies: 2
Views: 733

Re: advice/pitfalls of switch rule set vlan from mac

The example from the docs is: Add VLANs in the Bridge VLAN table and specify ports: /interface bridge vlan add bridge=bridge1 tagged=ether2 untagged=ether7 vlan-ids=200,300,400 Add Switch rules which assign VLAN id based on MAC address: /interface ethernet switch rule add switch=switch1 ports=ether7...
by netravnen
Thu Dec 28, 2023 3:42 pm
Forum: General
Topic: VxLAN duplicate MACs in FDB
Replies: 2
Views: 1023

Re: VxLAN duplicate MACs in FDB

/interface bridge vlan add bridge=bridge tagged=bridge,sfp1,vxlan1,ether2 vlan-ids=1401 add bridge=bridge tagged=bridge,sfp1,vxlan1,ether2 vlan-ids=1404 add bridge=bridge tagged=bridge,sfp1,vxlan1,ether2 vlan-ids=1500 Skip tagging the bridge interface unless you need an IP address added to the VLAN...
by netravnen
Mon Dec 25, 2023 11:57 pm
Forum: Forwarding Protocols
Topic: BGP Established Issue in between MikroTik and Juniper . Error: Unsupported capability received, code: 128
Replies: 6
Views: 1975

Re: BGP Established Issue in between MikroTik and Juniper . Error: Unsupported capability received, code: 128

what does mean "Unsupported capability received, code: 128 "?
Exactly what the capability codes is.

MikroTik ROS does not (yet) support capability code 128 (Prestandard Route Refresh (deprecated)).

Try disabling the capability on the remote peer.
by netravnen
Tue Dec 19, 2023 10:20 pm
Forum: Forwarding Protocols
Topic: BGP v7.13 iBGP gateways
Replies: 2
Views: 1333

Re: BGP v7.13 iBGP gateways

Thoughts. comments. This normal? Because those gateways are not reachable to router1. When I changed the gw in the filters that breaks it as well.. :(
Could you post an expect for the relevant /routing/filter/* part?
by netravnen
Tue Dec 19, 2023 10:10 pm
Forum: Virtualization
Topic: Containers on CHR (x86_64) - device-mode does not apply
Replies: 7
Views: 3258

Re: Containers on CHR (x86_64) - device-mode does not apply

CHR is x86_64 though. From a license perspective. The x86_64 is a license tightly knitted to the disk-id. With CHR being "cloud license" that can be moved from one CHR to another without "much hassle". Which is how I am used to perceive it. CHR != x86_64 (from a license perspect...
by netravnen
Tue Dec 19, 2023 7:49 pm
Forum: Virtualization
Topic: Containers on CHR (x86_64) - device-mode does not apply
Replies: 7
Views: 3258

Re: Containers on CHR (x86_64) - device-mode does not apply

I see what you mean. From the package page is can I added be seen that container is support on both x86_64 VM platform and CHR platform. https://help.mikrotik.com/docs/display/ROS/Packages > *) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created bef...
by netravnen
Tue Dec 19, 2023 8:11 am
Forum: Virtualization
Topic: Containers on CHR (x86_64) - device-mode does not apply
Replies: 7
Views: 3258

Re: Containers on CHR (x86_64) - device-mode does not apply

https://help.mikrotik.com/docs/display/ ... chitecture

According to the table, the container feature is not available on CHR.

The first video in the Container Series on the MikroTik YouTube channel lists the same information. Containers, part 1, 1m5s mark Playlist
by netravnen
Thu Dec 07, 2023 7:17 pm
Forum: Scripting
Topic: [PHP] Realtime Traffic Graph on interfaces
Replies: 1
Views: 2773

Re: [PHP] Realtime Traffic Graph on interfaces

Depends on what you what to archive. How small you want your/accept your intervals to be. You could look into using MQTT for this (push model). Run a script on the MT device every <interval> which published the current up/down values to MQTT topic(s). Then have your service subscribe to the topics o...
by netravnen
Wed Dec 06, 2023 8:37 pm
Forum: Beginner Basics
Topic: IPv6 issues: v6 only for a few address blocks, v4 otherwise [SOLVED]
Replies: 8
Views: 4207

Re: IPv6 issues: v6 only for a few address blocks, v4 otherwise [SOLVED]

Looking into it a layer deeper. The on-link flag /ipv6 nd prefix does make sense in your scenario UNLESS all subnets are located on the same broadcast domain (which I assume is not the case). DHCPv4 support defining classless routes as a DHCP option. The draft for DHCPv6 seems to have not made it pa...
by netravnen
Wed Dec 06, 2023 8:28 am
Forum: Beginner Basics
Topic: IPv6 issues: v6 only for a few address blocks, v4 otherwise [SOLVED]
Replies: 8
Views: 4207

Re: IPv6 issues: Want to advertise three v6 pfx w/ SLAAC [SOLVED]

I am still not sure how to convince the routing tables on laptops etc. to only route to those three ipv6 address blocks and perfer-v4 otherwise. Perhaps I need to just live with the default route and use firewall to achieve what I want? Maybe I send back an ICMP unreachable for all but the blocks I...
by netravnen
Tue Dec 05, 2023 6:13 pm
Forum: Beginner Basics
Topic: IPv6 issues: v6 only for a few address blocks, v4 otherwise [SOLVED]
Replies: 8
Views: 4207

Re: IPv6 issues: Want to advertise three v6 pfx w/ SLAAC [SOLVED]

For tunnelbroker, there is an example available on the old mikrotik wiki. I recommend using this as a starting reference point for your configuration.
by netravnen
Sat Nov 25, 2023 11:39 pm
Forum: Beginner Basics
Topic: Setup a secure VPN
Replies: 3
Views: 1785

Re: Setup a secure VPN

See the documentation for getting started with a VPN solution on MT: https://help.mikrotik.com/docs/display/ROS/Virtual+Private+Networks Wireguard is the simplest to get going with. In terms of configuration required. ZeroTier will require at minimum a free account with ZeroTier.com. & connectin...
by netravnen
Sat Nov 25, 2023 11:29 pm
Forum: Beginner Basics
Topic: Setup a secure VPN
Replies: 3
Views: 1785

Re: Setup a secure VPN

Hello, I have CRS326-24G-2S+RM router at my office and RB760iGS at home, and i would like to setup a secure VPN. I am a newbie to this, can i get some help please? Thank you. The CRS326 is what I would call a great L3 switch with HW-offloading functionality if used within it's documented capabiliti...
by netravnen
Mon Nov 20, 2023 3:10 pm
Forum: General
Topic: RouterOS v7 - NetFlow v9 - SrcAS (Source Autonomous System) is missing
Replies: 2
Views: 927

Re: RouterOS v7 - NetFlow v9 - SrcAS (Source Autonomous System) is missing

https://help.mikrotik.com/docs/display/ROS/Traffic+Flow

Why not setup a Mikrotik CHR (KVM) in a lab to validate your design requirements?
by netravnen
Tue Nov 14, 2023 7:57 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 167
Views: 61543

Re: IS-IS

Looking way back at the comparison table, Virtual Links Supported ( ospf yes / is-is NO ). Isnt that a plus for OSPF? depends. and 'virtual links' is a big ambiguous. IS-IS requires an ethernet-like layer2 interface, it wont run over IPIP or Wireguard for example, but it will certainly work over an...
by netravnen
Mon Nov 13, 2023 5:27 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 167
Views: 61543

Re: IS-IS

Nice. Just noticed the inclusion of IS-IS in the 7.13beta1. Time for testing it out. :D
by netravnen
Mon Nov 13, 2023 10:10 am
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 105178

Re: v7.12 [stable] is released!

Yes I know about this option, but I guess to simplify my configuration file I prefer MD5, which I also use in OSPFv2. OSPFv2 can only do MD5 - https://docs.frrouting.org/en/stable-9.0/ospfd.html @vecino From the GitHub Issue tracker ( frrouting/frr#14398 ) It would seem HMAC SHA support in OSPFv2 i...
by netravnen
Sat Nov 11, 2023 2:00 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 105178

Re: v7.12 [stable] is released!

MD5 encryption still doesn't work with OSPFv3 - testing between FRRouting 9.0.1 and 7.12. FRRouting vs FRRouting works fine. config: /routing ospf interface-template set *9 area=backbone-v3 auth=md5 auth-id=1 auth-key=************** ... log: default-v3 { version: 3 router-id: 10.***.***.1 } backbon...
by netravnen
Sat Nov 11, 2023 1:35 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 167
Views: 61543

Re: IS-IS

is-is is not TCP/IP, it's CLNP.
I know. 🤠
Why would it require IPv4 or IPv6 addressing to function?
feeling confused 😕 Unable to comprehend how to respond
by netravnen
Tue Nov 07, 2023 5:06 pm
Forum: RouterBOARD hardware
Topic: QSFP to SFP28 adapter
Replies: 2
Views: 2466

Re: QSFP to SFP28 adapter

I use QSFP to SFP28 adapter in CRS326. Auto negotiation is not working, link ok if only forcing 1G or 10G, but i need 25G. Just to be sure I got you right. Are you trying to run the ports at 25 Gbps speed in the CRS326-24S+2Q+RM that only supports 24x 1/10 Gbps, 2x 40 Gbps ports? From the brochure ...
by netravnen
Tue Oct 31, 2023 11:10 am
Forum: Beginner Basics
Topic: MPLS / VPLS over the internet [SOLVED]
Replies: 2
Views: 2436

Re: MPLS / VPLS over the internet [SOLVED]

Yes. It is possible to run MPLS over Layer 2 tunnels over the internet. Think GRE, openvpn, L2TP, openvpn, VXLAN, and Zerotier tunnels as examples. Apart from which layer 2 tunnel type you use. Keep in mind the encryption overhead if going with GRE or L2TP or VXLAN. (usually openvpn, wireguard, or i...
by netravnen
Thu Oct 19, 2023 7:42 pm
Forum: RouterBOARD hardware
Topic: CCR2004-1G-2XS-PCIe possible drivers Linux6.5.7 issue; PCI finds, but no eth interfaces [SOLVED]
Replies: 3
Views: 5444

Re: CCR2004-1G-2XS-PCIe possible drivers Linux6.5.7 issue; PCI finds, but no eth interfaces [SOLVED]

You will lose this device under windows. No driver support. Running stock kernel from upstream Debian or Ubuntu? (Can't see which linux based distribution you use.) Have the card myself running under proxmox with latest upstream 6.4.x kernel from proxmox no-subscription repository. To configure the ...
by netravnen
Thu Oct 19, 2023 1:05 pm
Forum: Announcements
Topic: NEWSLETTER 105
Replies: 56
Views: 47584

Re: NEWSLETTER 105

Nothing confusing here
🆗
by netravnen
Wed Oct 18, 2023 5:30 pm
Forum: Announcements
Topic: NEWSLETTER 105
Replies: 56
Views: 47584

Re: NEWSLETTER 105

Warning: mild rant about a confusing product name NEWSLETTER APRIL 2022 (#105) Read our latest newsletter and learn more about: * LHG LTE18 kit Argh. This is confusing. That both "LHG LTE18" and "LHGG LTE18" are used for this model. The product naming without double-G is IMO inc...
by netravnen
Thu Oct 12, 2023 6:34 pm
Forum: Announcements
Topic: v6.49.10 [long-term] is released!
Replies: 33
Views: 90138

Re: v6.49.10 [long-term] is released!

Point 7. is what you are looking for. Before contacting us: If you have purchased your device from a distributor, please contact them first. Check documentation and configuration examples. Maybe answer is already there. Make sure that your issue is present with the latest version of MikroTik RouterO...
by netravnen
Wed Oct 11, 2023 6:58 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 167
Views: 61543

Re: IS-IS

Code bits has arrived. /routing/stats/process/print where tasks=isis # TASKS PRIVATE-MEM-BLOCKS SHARED-MEM-BLOCKS PSS RSS VMS ID PID RPID PROCESS-TIME KERNEL-TIME MAX-BUSY MAX-CALC 11 isis 0 0 0 0 0 12 402 1 2s870ms 3s340ms 10ms 10ms /ip/route/print where is-is /routing/route/print where is-is Havin...
by netravnen
Fri Oct 06, 2023 3:34 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 167
Views: 61543

Re: IS-IS

Hmm. Looking at the 7.12beta and 7.12rc changelog and no mention of IS-IS... Might be punted to after 7.12... 🕵️ ⏳
by netravnen
Tue Oct 03, 2023 9:15 am
Forum: General
Topic: High CPU utilization on CRS354
Replies: 15
Views: 1941

Re: High CPU utilization on CRS354

This looks weird (sfp-sfpplus3). I know the one bond is disabled. But still..
/interface bonding add disabled=yes mode=802.3ad name=Link_to_IT-lite slaves=sfp-sfpplus2,sfp-sfpplus3
/interface bonding add mode=802.3ad name=to_ccr slaves=sfp-sfpplus3,sfp-sfpplus4
by netravnen
Tue Oct 03, 2023 9:10 am
Forum: General
Topic: High CPU utilization on CRS354
Replies: 15
Views: 1941

Re: High CPU utilization on CRS354

All the IP addresses are not assigned to an interface defined under /interface/vlan ? Assigning IP addresses directly to interfaces in a bridge or a VLAN interface defined under /interface/bridge/vlan is afaik the incorrect way of doing it with CRS3xx series switches. If HW-offleading is to be archi...
by netravnen
Wed Sep 20, 2023 10:21 am
Forum: General
Topic: BGP major bug found in 7.10.1
Replies: 5
Views: 1046

Re: BGP major bug found in 7.10.1

All of a sudden BGP stopped working, no Connection, no Templates, nothing configured.
Any indicators of the "error" you gathered afterwards? Any log entries indicating what could have had happened?
by netravnen
Fri Sep 15, 2023 4:38 pm
Forum: General
Topic: Mikrotik S+RJ10 in CRS310-8G+2S+IN setting other data rate
Replies: 19
Views: 3529

Re: Mikrotik S+RJ10 in CRS310-8G+2S+IN setting other data rate

From another forum post about the same topic, I have the CSS610-8G-2S+ switch. Using the Mikrotik S+RJ10, the SwOS lite gives you the option to set manually only 1G, 100M & 10M speeds. On auto speed mode (and only on auto) you can get 10G, 5G & 2.5G speeds. The other side is connected to my ...
by netravnen
Fri Sep 15, 2023 4:27 pm
Forum: General
Topic: Mikrotik S+RJ10 in CRS310-8G+2S+IN setting other data rate
Replies: 19
Views: 3529

Re: Mikrotik S+RJ10 in CRS310-8G+2S+IN setting other data rate

What if you set autonegotation off on both sides and set speed on 5G ? Or 2.5G ? This might be what you are missing. 1. Force the same speed on both ends of the link, and 2. disable auto-negotiation completely on both ends of the link. /interface/ethernet/set <INTERFACE> speed=5G-baseT auto-negotia...
by netravnen
Sat Aug 19, 2023 11:54 am
Forum: Beginner Basics
Topic: MLAG Support On CHR?
Replies: 5
Views: 2119

Re: MLAG Support On CHR?

Hello, first time poster. I'm redoing my old homelab and have purchased two CRS328-24G-2S+RM switches and a hEX S for firewall. I've been trying to MLAG the hEX S across both switched and am missing something so I decided to create a virtual environment in VMWare workstation to play and debug what ...
by netravnen
Fri Aug 04, 2023 7:53 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 167
Views: 61543

Re: IS-IS

https://help.mikrotik.com/docs/display/ ... l+Overview

According to the wiki. It is on the way with snippets initial code arriving in 7.12
by netravnen
Fri Aug 04, 2023 7:51 pm
Forum: RouterOS beta
Topic: Feature Request: IS-IS
Replies: 10
Views: 7195

Re: Feature Request: IS-IS

https://help.mikrotik.com/docs/display/ ... l+Overview

Initial support is listed for 7.12. So I assume more features to arrive IS-IS related in the future.
by netravnen
Fri Aug 04, 2023 1:11 am
Forum: Announcements
Topic: Newsletter #113 | May 2023
Replies: 103
Views: 45293

Re: Newsletter #113 | May 2023

> CCR2004/CSS326-powered gaming festival

viewtopic.php?p=1016956#p1016956
by netravnen
Fri Aug 04, 2023 12:57 am
Forum: General
Topic: LTX2023 used CCR2216 at the WhaleLAN
Replies: 1
Views: 897

LTX2023 used CCR2216 at the WhaleLAN

Noticed on the Youtube stream of CrossTalk solutions a CCR2216-1G-12XS-2XQ being used at the LTX 2023 WhaleLAN event. ⟶ https://youtu.be/A-6vv_FG2B4?t=2218
by netravnen
Thu Aug 03, 2023 11:30 pm
Forum: General
Topic: Multiple bridge with only one bridge hardware offloaded possible?
Replies: 3
Views: 1898

Multiple bridge with only one bridge hardware offloaded possible?

According to this page ⟶ https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading#L3HardwareOffloading-L3HWMACAddressRangeLimitation(DX2000/DX3000seriesonly) Creating multiple bridges The devices support only one hardware bridge. If there are multiple bridges created, only one gets hardware...
by netravnen
Sat Jul 29, 2023 12:24 am
Forum: RouterOS beta
Topic: IPv6 Prefix ID per IPv6 enabled interface
Replies: 31
Views: 6843

Re: IPv6 Prefix ID per IPv6 enabled interface

Hi, My main issue/trouble with how the Prefix ID assignment is done. Is that I reboot the router (software upgrade). I cannot count on the Prefix (i.e. the /64 sub-delegated [by the ROS router] out of SP delegated /48) being stable. Meaning I experience a changing /64 Prefix. Which is quite annying....
by netravnen
Wed Jul 26, 2023 11:53 pm
Forum: RouterOS beta
Topic: IPv6 Prefix ID per IPv6 enabled interface
Replies: 31
Views: 6843

IPv6 Prefix ID per IPv6 enabled interface

@MikroTik, Does RouterOS v7 support specifying a static "IPv6 Prefix ID" on per-interface basis? Just rebooting my MikroTik router is a frustration. Due to every IPv6 enabled Local Area Network Interface changing the assigned /64 Subnet. To clarify, my provider assigns a reasonbly static /...
by netravnen
Mon May 01, 2023 2:42 pm
Forum: Forwarding Protocols
Topic: Mikrotik v7 BGP l2vpn-evpn
Replies: 14
Views: 9376

Re: Mikrotik v7 BGP l2vpn-evpn

+1

1. EVPN
by netravnen
Sun Oct 24, 2021 2:17 pm
Forum: RouterOS beta
Topic: BGP Filter bgp-as-path reject
Replies: 7
Views: 5980

Re: BGP Filter bgp-as-path reject

if (bgp-as-path 11111|22222) {reject} else {set bgp-local-pref 120; accept;} From https://help.mikrotik.com/docs/pages/viewpage.action?pageId=74678285 bgp-as-path {regexp} If the regexp follows normal syntax should the path not be written as "^(11111|22222) .*"? if (bgp-as-path "^(11...
by netravnen
Thu Oct 14, 2021 5:10 pm
Forum: RouterOS beta
Topic: Cant assign multiple /64 from /48 pool
Replies: 3
Views: 1915

Re: Cant assign multiple /64 from /48 pool

Running RouterOS 7.1rc4 on a CCR1009-8G-1S-1S+. I set up a DHCP Client to request a /48 Pool from my Provider. Now I want to provide a /64 from this Pool to two VLAN's. But the system tells me that the Pool is exhausted after the first /64 assignement. Did I do something wrong? https://help.mikroti...
by netravnen
Wed Sep 15, 2021 2:57 pm
Forum: RouterOS beta
Topic: Wireguard routing through Endpoint
Replies: 2
Views: 1656

Re: Wireguard routing through Endpoint

Is the set-up like this? LAN --> MT router --> WG tunnel --> VPS --> Internet, where the MT router is doing the PAT towards the Internet? Or LAN --> MT router --> WG tunnel --> VPS --> Internet, where the *VPS* is doing the PAT towards the Internet? (PAT: Port address translation, aka. Firewall mang...
by netravnen
Sun Jul 04, 2021 4:21 pm
Forum: RouterOS beta
Topic: [Feature Request] Limit the possibility of upgrading a device with the image for the wrong architecture
Replies: 3
Views: 1496

[Feature Request] Limit the possibility of upgrading a device with the image for the wrong architecture

_As a MikroTik user and product consumer I want better reliability in performing manual upgrades So that the possibility for ending up with a broken install is limited_ ## Description Recently I performed a manual re-install of a CRS326 with ROS 7.1b6. By mistake, I downloaded the wrong image from t...
by netravnen
Mon Jun 07, 2021 5:49 pm
Forum: RouterOS beta
Topic: Feature request: Wildcard DNS on Address Lists
Replies: 14
Views: 6690

Re: Feature request: Wildcard DNS on Address Lists

you think really routeros go test from If done on a reactive basis with the dns server on the network being the routeros gateway. And done before the connection + dns reply is delivered to the client on the inside of the gateway router. It should (in theory!) be very feasible to implement. Entries ...
by netravnen
Mon Jun 07, 2021 3:21 pm
Forum: RouterOS beta
Topic: Feature request: Wildcard DNS on Address Lists
Replies: 14
Views: 6690

Re: Feature request: Wildcard DNS on Address Lists

use these lists for traffic forwarding, not blocking
What about a solution using an external server to expand e.g. the Google as-set (using e.g. bgpq3) into an ip-prefix lis. That could then be imported (push from server, or pull from RouterOS) as an address list into the firewall config context?
by netravnen
Mon Jun 07, 2021 3:11 pm
Forum: RouterOS beta
Topic: Feature request: Wildcard DNS on Address Lists
Replies: 14
Views: 6690

Re: Feature request: Wildcard DNS on Address Lists

Use an external DNS server as a work-around (i.e. dns blackhole, instead of blocking the traffic on IP level.)
# The wildcard domain (*.google.com) and all subdomains will be resolved as 127.0.0.1 - dnsmasq.conf
address=/.google.com/127.0.0.1
by netravnen
Mon Jun 07, 2021 12:26 am
Forum: RouterOS beta
Topic: RouterOSv7 first look – MLAG on CRS 3xx switches
Replies: 11
Views: 10450

Re: RouterOSv7 first look – MLAG on CRS 3xx switches

Did some testing with the new MLAG feature and wrote a blog post on it. Have you considered e.g. using a GRE tunnel interface as the peer-port to be able to ensure IP multi-path redundancy in your test topology? Thereby avoiding relying on the physical peer interface not being interrupted during no...
by netravnen
Tue Feb 09, 2021 7:14 pm
Forum: RouterOS beta
Topic: rpki verify in new routing firewall rule
Replies: 4
Views: 1867

Re: rpki verify in new routing firewall rule

https://help.mikrotik.com/docs/display/ROS/ROSv7+Basic+Routing+Examples
/routing/bgp/rpki
add group=myRpkiGroup address=192.168.1.1 port=8282 refresh-interval=20

/routing/filter/rule
add chain=bgp_in rpki-verify=myRpkiGroup
add chain=bgp_in match-rpki=invalid action=reject
add action=accept
?
by netravnen
Wed Nov 25, 2020 3:34 am
Forum: RouterOS beta
Topic: Feature Request: IS-IS
Replies: 10
Views: 7195

Re: Feature Request: IS-IS

https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status Seeing as the focus is on OSPF as the IGP of choice. Unless the routing daemon powering RouterOS is "best of breed" open source(ish) choice... IS-IS in RouterOS I can only see in a far far far away future. As it's the ch...
by netravnen
Mon Jul 20, 2020 2:14 pm
Forum: RouterOS beta
Topic: CRS317 routing speed with pppoe and L3 offloading
Replies: 6
Views: 3006

Re: CRS317 routing speed with pppoe and L3 offloading

It's insane with ISPs that use PPPoE in such speeds. Customers will spend most of their CPU resources to encap/decap packets. It's just sad. Can you say AS3320 Deutsche Telekom ... :( Had to ditch my trusty 2011, since routing with pppoe (WAN), NAT, and a few dusin FW rules, anything (DL) much more...
by netravnen
Tue Jul 14, 2020 6:58 pm
Forum: SwOS
Topic: Support IPv6 for management
Replies: 6
Views: 6431

Re: Support IPv6 for management

Does MikroTik have any plans to support IPv6 for the management of devices running SwOS?
I wish they have the feature in the pipeline. It's similar to waiting for ROSv7. You know the feature is coming some day. Just not what the expected timeline for its release is.
by netravnen
Wed Apr 08, 2020 3:07 am
Forum: RouterOS beta
Topic: Mysterious 564/tcp open port 7.0beta5
Replies: 38
Views: 11831

Re: Mysterious 564/tcp open port 7.0beta5

If you execute a packet capture for 564/tcp on either the router, client or middle device in the path. Does the contents for the packets reveal anything?
by netravnen
Sat Dec 21, 2019 12:25 pm
Forum: General
Topic: RPKI
Replies: 49
Views: 20535

Re: RPKI

Hi! Still need an RPKI implementation. Here in Brazil, our RIR start to permit the use of RPKI. And here in Latin America a great number of ISP running they ASes on Mikrotik boxes. A major PRO PLUS for implementing RPKI support directly into ROS! The business case becomes stronger and stronger for ...
by netravnen
Sat Jun 29, 2019 5:58 pm
Forum: General
Topic: RPKI
Replies: 49
Views: 20535

Re: RPKI

Yes, SwissIX for example. YYCIX in Calgary AB, Canada is starting to implement as well. https://yycix.ca/communities.html I'm sure it's just a matter of time before we cannot even peer in the in exchange without it. Validity state Standard Extended Large Prefix is included in client's AS-SET None N...
by netravnen
Sat Jun 29, 2019 5:48 pm
Forum: General
Topic: RPKI
Replies: 49
Views: 20535

Re: RPKI

Thank you very much for this information. Any idea when ROS 7 will be available for testing? I'm willing to test RPKI for you (IPv6 and IPv4 routes) if you send me the code as soon as it's available ;) I agree with J.Z. here. If you are willing to accept select community members into an Alpha stage...
by netravnen
Mon Dec 17, 2018 11:54 pm
Forum: General
Topic: RPKI
Replies: 49
Views: 20535

Re: RPKI

We have plans for RPKI in RouteroS v7 Any chance one can be a test pilot along-side Jan Z. on this one? Alpha testing ROS 7? 2014 was around first time RPKI was asked about. Not we hit 2018.... Still ways to go for ROS 7 being available with RPKI and Large BGP Communities support (I assume?).
by netravnen
Mon Sep 10, 2018 10:31 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 32815

Re: Newsletter #84

Have MikroTik ever had a discussion about the format of rackmounts. So to be able to mount TWO instead of only ONE RBx00x device in 1 rack-unit ? Would love to have the option of mounting 2 RBx00x devices in 1U instead of having to use 2U. See this example from Juniper SRX100: https://rickmur.com/wp...
by netravnen
Tue Mar 06, 2018 2:39 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 263068

Re: RouterOS v7.0 beta1 - when?

Didn't you hear? Almost all v7 features have been backported to v6! No. I have not (before now) stumbled across that information. At least we now have kids control and detect internet! Super essential features for routers running BGP in the public internet :lol: :lol: So looking forward to when Rou...
by netravnen
Tue Mar 06, 2018 2:09 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 263068

Re: RouterOS v7.0 beta1 - when?

Looking away from RouterOS v6.x running IPv6 BGP [tables]? Not being able to verify IPv6 routing table (when not main table!) is really a big deal. (But seeing the routes exists by the number the route counter shows. :sigh:) And doing policy routing rules for anything else than main table in IPv6. I...
by netravnen
Wed Feb 14, 2018 12:24 am
Forum: General
Topic: Where is VRF, Route Rules, and Routing table selector for IPv6
Replies: 1
Views: 1584

Where is VRF, Route Rules, and Routing table selector for IPv6

Dear MikroTik, The following 3 feature are partly a major showstopper for me when trying to deploy IPv6 here in 2018. 6 years since 2012 and 20 years since the RFC was published in 1998. 1. No way to view IPv6 not in main routing table. (Imported via BGP peering sessions from eBGP speakers over IPv6...
by netravnen
Sun Dec 31, 2017 3:10 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 82761

Re: Feature request - DNSCrypt support...

+1

dnscrypt-proxy added as a separate npk package ?

So initially not a full-blown server. Just a forwarder.