MikroTik

HzMeister

Where is CAKE?!?!?!?

Literally everyone expects it, yet there's nothing about it from mikrotik..

Kind of pathetic on their part tbh.

HzMeister

Why not go with the rb750gr3? It has nearly the same wired performance, rock solid stability, is cheaper, and runs at near ambient temperature.

HzMeister

Still have the problem with lines getting cut off in terminal when scrolling.

HzMeister

I've been testing an openwrt router for the last few weeks to see how cake sqm performs compared to routeros - and it's pretty awesome, so I've decided to stick with it for longer. A major downside to openwrt(aside from not having winbox) is that it doesn't have a good vpn server implementation. Aft...

HzMeister

Cake would be awesome in v7. I just did some testing with openwrt and it performed surprisingly well.

I can't imagine why they wouldn't include it in v7 since most of the hard work is already done and openly available...

HzMeister

Hi! Thanks! That seems to do some packet dropping and at least total bandwidth does not go over the max limit :) A bit hard to tell if it really splits bandwidth equal between the child queues... One thing I can't really understand, shouldn't the parent queue also be sfq, same as the child queues? ...

HzMeister

Yeah it's pretty easy to do. Mark each subnet (with separate packet marks for upload and download) in mangle. You could mark connections before packet marking like a lot of guides recommend, but I don't since I've found it unnecessary and if you're not maxing out the cpu. Ex: /ip firewall mangle add...

HzMeister

Upgraded from 6.44.3 on rb750gr3 without issue. Everything works great.

HzMeister

The easiest would be to use pcq.
Make one queue that encompases all of the hosts and set the pcq-rate to 10M.
There is no queue limit in mikrotik - you can have thousands of queues(both simple and in queue tree).

HzMeister

Passthrough only matters if a packet matches a rule. It basically asks the question: "If a packet matches this rule, should I continue scanning?" So, if a packet matches a rule and passthrough=no then it stops at that rule and uses that packet mark. If it matches a rule and passthrough=yes...

HzMeister

No. You come here with a configuration that does not work, I give you a configuration of which I am sure it works, but I don't have experience with configs that leave lots of fields blank. Maybe they should work, apparently they don't. My queue tree and mangle configuration is 100% on point. If it ...

HzMeister

Additionally, setting a limit-at for the heavy-upload child queue would only be useful if I wanted to guarantee 900k to it, essentially cutting the available bandwidth for other queues in half - I want queues with a higher priority to get 100% of the available bandwidth of the parent max-limit if n...

HzMeister

You should put the limits on the child queues, that is where they are evaluated. In this case I would put a limit-at of 900k at the heavy-up queue and set max-limit to like 2 M everywhere. Don't child queues borrow tokens from their parent queue? If so, that would mean that the child max-limit cann...

HzMeister

This morning I thought my isp was having problems because none of my client devices had connectivity even though all of my network devices reported no issues. It turns out that an iOS device was running a backup, saturating the upload and taking everything down. When I went to check why the queue tr...

HzMeister

You've got to setup hairpin nat for the pihole. Change 192.168.1.2 to your pihole ip. /ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.1.2 protocol=udp src-address=!192.168.1.2 dst-address=!192.168.1.2 dst-port=53 in-interface=!ether1 add chain=dstnat action=dst-nat to-addresses...

HzMeister

The tplink router might be the second nat. If they didn't configure the rb750gr3 in a way that would prevent it, you could just use that as your router and use the tplink as a switch+ap. Unplug the wire going into the WAN port of the tplink and plug into into any LAN port.Then you must be sure that ...

HzMeister

Delete your simple queue rules and copy/paste this into terminal: /queue simple add max-limit=2M/20M name=parent target=192.168.1.0/24 add name=doorbell parent=parent priority=1/1 queue=default/default target=192.168.1.251/32 add name=iptv parent=parent priority=2/2 queue=default/default target=192....

HzMeister

I just spent this past weekend comparing fq_codel(smart queue) on a ubiquiti edgerouter with sfq on mikrotik. With all this talk of how great codel is I expected the performance difference to be huge. After doing extensive testing with various configs in different scenarios, I didn't find one system...

HzMeister

If you search the forum you will find these can't be set and have been requested for a long time... yet Mikrotik doesn't seems to be listening or there is some hidden reason why these can't be changed (their own wireless drivers?). Especially beacon interval would be handy to modify, but NOPE.... n...

HzMeister

I'm looking for the dtim and beacon interval settings, and can't find them anywhere. Anyone know how to modify them? Is it only in cli or something? Thanks.

HzMeister

Wireless clients are getting disconnected after this update.
6.44 was fine, so downgraded back to it.

HzMeister

is there even any AC pci cards we could test on a routerboard? There is hardware: https://wikidevi.com/wiki/List_of_802.11ax_Hardware But you need to convince MT to build a driver. Nobody builds their own drivers. The majority of the driver and software stack for the chipset is from qualcomm and ev...

HzMeister

I just add the mikrotik ddns to "dns records" in dynu. No scripting necessary.

HzMeister

QUIC appears to look like udp in winbox, but doesn't have the same behavior. I found this out the hard way after realizing that it doesn't work with rules like connection-rate when marking traffic. There was a bug with connection-rate in the past, are you still having issues? At the moment, I mark ...

HzMeister

Quic is coming!! Really? Can someone share how much of their current traffic is QUIC, please? I have the impression, that QUIC was feeler by google and will soon be repaced by BBR with TCP-TLS. Quic is more than just a feeler. Youtube uses quic when possible and there are plenty of other services a...

HzMeister

I setup an l2tp vpn server to gain remote access to my network and set an input firewall rule to accept tcp port 8291(winbox) from LAN. If you don't want to setup a vpn for whatever reason, and you have a strong enough password, you can just make an input firewall rule to accept all connections. The...

HzMeister

One thing I like about routerboards is the fast boot-up - my rb750gr3 takes exactly 30 seconds to log into winbox from power up.
I was thinking about picking up a hap ac2 and this is obviously not a deal breaker, but It would be nice if someone from mikrotik could chime in as to why this is the case?

HzMeister

I'm trying to mangle dns traffic in order to give it priority in the queue tree. However, clients occasionally connect to their vpn using udp port 53 which is getting marked too. Aside from using the protocol, port, and packet size what are some other ways that dns traffic can be isolated from other...

HzMeister

Today I wanted to upgrade some production routers to 6.43.4 after having tested it at some less critical sites and found that the stable version has just been updated to 6.43.7 Normally I do not want to upgrade production routers to a version released an hour ago. I know it is possible to upload an...

HzMeister

Wouldn't it be fairly obvious without it?
If one side is mounted to a building and the other to a 20ft pole, which side do you think is most likely the problem?
And if both sides are equally janky, I don't think you need something to tell you that...

HzMeister

Here's what I use to route a set of ips through a vpn. You just need to change the login and network details to yours. Btw, I wouldn't route ALL your traffic through a vpn as a lot of sites don't work well with them and it adds some latency.. /interface pptp-client add allow=mschap2 connect-to=vpn.c...

HzMeister

A weak magnetic field won't have any tangible effect on the operation of the router.
But don't many Ethernet interfaces have transformer isolation that can be disrupted by magnetic fields?
I personally wouldn't mount it with magnets if at all possible..

HzMeister

Mikrotik isn't a startup...

HzMeister

I'm leaving some reserved bandwidth for dns and some other small packets, and also downloads get grouped under another parent which has limit a bit below my total download speed, this way it doesn't saturate download and gives time for queues to drop packets so everything works smooth. If u like i ...

HzMeister

add action=mark-connection chain=postrouting comment=DOWNLOADS_5+MB connection-bytes=\ 5000000-0 new-connection-mark=HTTP_DOWNLOADS_5+_2 passthrough=yes port=80,443,8080 protocol=\ tcp add action=mark-packet chain=postrouting connection-mark=DOWNLOADS_5+_2 new-packet-mark=\ HTTP_DOWNLOADS_5+ passth...

HzMeister

You using that download manager of theirs? I downloaded alot from mega thru browser directly this days and goes properly thru my queue for large downloads, simple mangle of ports 443,80,8080 and bytes set to 5+mb. No, it's through the browser only. Occasionally through the chrome plugin. Sometimes ...

HzMeister

1. Don't know mega downloads: is it using tcp? udp can't be controlled as its connectionless 2. Is mega downloading in chunks? what granuarity is pcq setup with? /ip or also /port. => with multiple chunks with different connections from different ports and /port balancing for pcq a single user can ...

HzMeister

Do you have FastTrack enabled? It bypasses simple queues... Fasttrack is disabled. I know it looks like user error, but it's not. Try downloading a file from megaupload to see for yourself. Any file will work, but if you can't find one, google "bmw tools download" or "megalinks"...

HzMeister

without your config no

It doesn't seem to work regardless of the config - once someone starts downloading from megaupload they take up all the bandwidth. I've tried numerous variations of every parameter in both simple queues and the queue tree without success.

HzMeister

Whenever clients on the network are downloading from hosting sites (particularly megaupload) qos completely stops functioning but otherwise works perfectly for normal downloads. Not sure what's going on. For example, the basic config below works perfectly to distribute bandwidth equally among client...

HzMeister

This method routes ALL of the traffic via the VPN? What is you only want to route traffic destine JUST for that remote subnet? What do you mean? This is NOT how to connect to an outside vpn(ie your workplace or a commercial vpn like nordvpn). This is how remote users can vpn INTO your network. All ...

HzMeister

Yeah it's definitely possible. I access my home network via vpn all the time. There's a lot of different tutorials and conflicting info out there, but for a basic vpn config, the wiki is best: https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#Basic_L2TP.2FIpSec_setup Here's a run down with a few ...

HzMeister

It was already explained above. Please read entire topic.

Where is it "explained" exactly??

HzMeister

I upgraded to 6.42.5 on my rb750gr3 without any apparent problems.

Does this affect all devices or is it limited to specific ones?

HzMeister

I honestly wouldn't change a thing. The great thing about the 750gr3 is the price... op: adding more ports will increase the price adding poe will increase heat/lower reliability and cost more metal casing would be nice, but not necessary - and making it also act as a heatsink requires tight toleran...

HzMeister

Add this rule for each ip you want to block:

/ip firewall filter add chain=input src-address=[ip-address] action=drop

Be sure to put it above all other rules that would accept it otherwise.

HzMeister

You can't change it.
However, what I do is add it to the dns records of my dns manager, effectively having the ip update automatically while using the domain of my choosing.

HzMeister

In my humble opinion i‘d expect a company the size of Mikrotik to deploy their management tools x-plattform. There are way smaller companies that don‘t forget about their apple and linux community. As administrators we are on call 24/7 and on the road most of the time. There should clearly be offic...

HzMeister

what linux distro are you running?

HzMeister

There doesn't have to be 2 separate apps, Mikrotik can abandon WinBox, it's UI looks a little archaic anyway and release a cross-platform Qt app :) Having only a console/terminal interface is less convenient for many people, same as having only GUI app. If it was OpenWrt, I'd go with SSH but Router...

HzMeister

You're trying to do qos on download, right? If so, Set passthrough=yes on the connection marks. Set chain=prerouting on all mangle rules. Set parent=LAN in the queue tree. Keep everything else the same. btw, your limit settings aren't setup correctly - I'd remove everything but the max limit on the ...

HzMeister

I'd much rather have one really good windows app than have the winbox team spread out across multiple platforms. Besides, there's not a single scenario where you'd absolutely need to have winbox on another platform anyway. If wine doesn't work for whatever reason, there's dual booting, VMs, or even...

HzMeister

I'd much rather have one really good windows app than have the winbox team spread out across multiple platforms. Besides, there's not a single scenario where you'd absolutely need to have winbox on another platform anyway. If wine doesn't work for whatever reason, there's dual booting, VMs, or even...

HzMeister

in /ip dns servers, press the ^ arrow where you have 192.168.0.1 to remove it and add the dns servers you want.

HzMeister

I'd much rather have one really good windows app than have the winbox team spread out across multiple platforms. Besides, there's not a single scenario where you'd absolutely need to have winbox on another platform anyway. If wine doesn't work for whatever reason, there's dual booting, VMs, or even ...

HzMeister

I literally just setup an l2tp vpn server today. There's a lot of different tutorials and conflicting info out there, but for the simplest config, the wiki is best: https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#Basic_L2TP.2FIpSec_setup This worked for me: [add ip pool for vpn clients] /ip poo...

HzMeister

If you can hear it, it's in a relatively low frequency as far as electronics go, and probably coming from the dc/dc circuitry. Put your ear next to all the electronics you have(and/or their power supplies) and you will most likely hear something in all of them. It doesn't make a difference in perfor...

HzMeister

That's a relatively simple setup that an rb750gr3 could handle, so a hap ac2 will be more than enough. Since mikrotik makes really powerful hardware, it's easy to think that anything on the lower end won't be good enough. The high end gear is meant for a lot of clients and/or complex setups that uti...

HzMeister

How much bandwidth are you going to be pushing? the ccr1009 is a lot more powerful than the rb1100ahx4. even though the rb1100 will most likely be enough for your needs, might as well get the fastest one within your budget. also, since this in a home environment I'd suggest you get the CCR1009-7G-1C...

HzMeister

Why don't set a static ip for your iptvs and mark those packets in mangle. Then you can use the queue tree to set priorities for them.

HzMeister

It doesn't work like that. None of the internal network info is exposed through the router using the default config.

Besides, what kind of info do you think is being exposed? and what kind of "monkey business" do you think companies can do with it?

HzMeister

So you have an all fiber network? And it looks like your trying to connect the router > server > switch. If so, you need to connect the router > switch > server to get it to work out of the box. There's a good chance it may be setup as dumb switch with the default config. go to /system reset-configu...

HzMeister

What are you having trouble configuring? There's no "best way" to configure the switch nor do you need to plug it into a specific port to get it work. You configure each port individually based on your needs. Here are a few pointers though: The sfp+ port on the r9000 is there so you can se...

HzMeister

lol why would you get a second isp for only online games?

HzMeister

The cloud ddns service sends encrypted info directly to mikrotik servers so it looks like there is no way to use the functionality with 3rd party services. However, there are scripts you can use that update it: For dyn: https://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_dynDNS_behind_NAT I...

HzMeister

Since the new HAP AC2 just came out, is there any compelling reason to get the rb750gr3 over it?

HzMeister

These are the mangle rules that I ended up with for qos and vpn: add action=mark-routing chain=prerouting comment=vpn-rt new-routing-mark=vpn-rt passthrough=no src-address=192.168.2.0/24 add action=mark-connection chain=prerouting comment=vpn-con-dwn connection-mark=no-mark in-interface=vpn new-conn...

HzMeister

Thanks for your suggestions. I didn't realize the packet marks were dropped when they went through the vpn. Here are all the mangle rules for the vpn: add action=mark-routing chain=prerouting comment=vpn new-routing-mark=vpn-rt passthrough=no src-address=192.168.2.0/24 add action=mark-packet chain=p...

HzMeister

There are no vlans. If I set a connection mark before the routing mark, the vpn doesn't work. If I set the packet mark to postrouting with respect to the routing mark as shown: add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=yes src-address=192.168.2.0/24 add action=mark-pa...

HzMeister

yes all upload goes through ether1
(download through bridge on ether2)

HzMeister

Thanks for the replies so far. I've disabled all other mangle rules and have distilled it down to two rules which I thought should logically work. add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=yes src-address=192.168.2.0/24 add action=mark-packet chain=prerouting new-pack...

HzMeister

I'm trying to get all 192.168.2.0/24 traffic to go through the vpn and the queue tree. If you mangle the routing marks before the packet marks, the packet marks aren't utilized in the queue tree. If the routing marks are after the packet marks, the vpn doesn't work. Here is the relevant part of my c...

HzMeister

I have 192.168.2.0/24 set up to go through a vpn(pptp client) and would like for it to go through the queue tree.

Does anyone have any ideas on how to mangle the packet marks for qos?

Search found 73 matches