Community discussions

Search found 29 matches

by christopherh
Sat Mar 30, 2019 9:10 am
Forum: General
Topic: Issues with Firewall Filter statistics on CHR
Replies: 0
Views: 182

Issues with Firewall Filter statistics on CHR

Hi All, On the router, I am seeing the bytes statistic for rules blowing out to 10 Exabytes being processed by the rule (yes that is 10,985,223,496GB, 10 BILLION GIGABYTES!). The packets processed are negative 16-digits long. https://i.imgur.com/wQJ9EzF.png Why would the router be doing this? The on...
by christopherh
Sat Mar 30, 2019 9:03 am
Forum: General
Topic: First time setting up IPv6
Replies: 7
Views: 577

Re: First time setting up IPv6

Hi there, Given the current problems with IPv6 on Mikrotik, I would strongly suggest waiting before you deploy it. Want to know why? Read these links... https://forum.mikrotik.com/viewtopic.php?t=147076 https://forum.mikrotik.com/viewtopic.php?t=147048 https://indico.uknof.org.uk/event/46/contributi...
by christopherh
Mon Mar 18, 2019 10:10 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 79
Views: 11930

Re: Suggestion: Completely virtual router based on two physical routers

Hello All, I've followed the instructions from 1 to 8 on the GitHub page, however before $HAInstall gives me the info to bootstrap the second router, it reboots and kicks me out. How do I bootstrap the second router? Thanks, Christopher H. **EDIT: I worked it out - had to re-run the $HAInstall comma...
by christopherh
Sat Mar 16, 2019 2:55 am
Forum: Forwarding Protocols
Topic: bgp routing best practice for outbound?
Replies: 3
Views: 465

Re: bgp routing best practice for outbound?

Hello, I would configure AS Path prepending (using the set-bgp-prepend directive) on the filters, instead of using weights. You want to set the prepend on the backup sessions, however this would require you to have multiple chains for your primary and secondary sessions (although I would suggest hav...
by christopherh
Thu Mar 14, 2019 11:05 am
Forum: Virtualization
Topic: What machine for 40Gbps Edge Router?
Replies: 21
Views: 3575

Re: What machine for 40Gbps Edge Router?

The best Mikrotik device i would recommend for your needs its called "Juniper MX104"
How is a "Juniper MX104" a Mikrotik router?
by christopherh
Tue Mar 12, 2019 12:39 pm
Forum: Forwarding Protocols
Topic: BGP AS Path Prepending
Replies: 1
Views: 271

BGP AS Path Prepending

Hello All, I know the answer to this question (and I am sorry for asking), however another MT user does not believe me and I need to prove a point. Here is the example: I have two carriers, ISP 1 and ISP 2 to which I am announcing the same prefix, 192.0.2.0/24. I want to preference ISP 1, so that an...
by christopherh
Tue Mar 12, 2019 12:26 pm
Forum: Forwarding Protocols
Topic: VRRP IPv6 VIP not pingable
Replies: 5
Views: 358

Re: VRRP IPv6 VIP not pingable

Hi Glen,

Sorry, this forum doesn't have Private Messaging enabled. You can contact me via Skype instead, my Skype name is "christopher.hawker" (without quotes). More than happy to check over your configs.

Thanks,
Christopher H.
by christopherh
Tue Mar 12, 2019 12:21 pm
Forum: Forwarding Protocols
Topic: joining two locations [SOLVED]
Replies: 4
Views: 381

Re: joining two locations [SOLVED]

Hi there,

It is quite simple to achieve this - all you need to do is create an EoIP tunnel between the two routers, and place the interfaces on each side into a bridge. Ensure that you don't have DHCP enabled on both sides (only set it on one side) and you're done!

Thanks,
Christopher H.
by christopherh
Mon Mar 11, 2019 3:03 pm
Forum: Forwarding Protocols
Topic: VRRP IPv6 VIP not pingable
Replies: 5
Views: 358

Re: VRRP IPv6 VIP not pingable

Hello godzone, To begin with, I would test basic connectivity before I even thought about neighbor solicitation as the issue. Make sure both routers have the VRRP interface configured on the same network. Check that the VIP is configured on the VRRP interface. Configure an IP address that is in the ...
by christopherh
Thu Mar 07, 2019 5:06 pm
Forum: Forwarding Protocols
Topic: BUG - 4-byte ASN and BGP Communities on Route Filters
Replies: 3
Views: 329

Re: BUG - 4-byte ASN and BGP Communities on Route Filters

When you say that "BGP community attribute is limited to 4bytes in total by the standard", which standard are you referring to? Mikrotik's standard? IANA's standard? It is quite unclear. Support for 4-byte AS numbers should be considered a priority, as there are a fair few carriers, transit provider...
by christopherh
Thu Mar 07, 2019 4:19 pm
Forum: Forwarding Protocols
Topic: BUG - 4-byte ASN and BGP Communities on Route Filters
Replies: 3
Views: 329

BUG - 4-byte ASN and BGP Communities on Route Filters

Hello All, With setting and configuring BGP Communities, the "bgp-communities", "set-bgp-community", and "append-bgp-communities" properties for Route Filters do not support 4-byte AS numbers (or any AS number over 65535, for that matter). As far as I can tell, this is not limited to a specific mode...
by christopherh
Thu Mar 07, 2019 8:57 am
Forum: Forwarding Protocols
Topic: OSPF Causes IPIP Tunnel Flapping? [SOLVED]
Replies: 3
Views: 326

Re: OSPF Causes IPIP Tunnel Flapping?

The manual isn't clear on why this would break in my situation. Can you explain why it caused the ipip tunnel to flap? I imagine it would be something similar to this. I had a similar issue with BGP over an EoIPv6 tunnel. You are establishing BGP over the tunnel, BGP installs routes and tries to ro...
by christopherh
Wed Mar 06, 2019 12:53 am
Forum: Forwarding Protocols
Topic: EoIPv6 Tunnel flapping when used to route full BGP feed
Replies: 4
Views: 303

Re: EoIPv6 Tunnel flapping when used to route full BGP feed

And if the carrier is using ND for gateway assignment, I'd simply select the interface in place of adding the gateway? The tunnel still flaps, about once every 5 to 10 mins, not ping-pong like before. Any further ideas?
by christopherh
Tue Mar 05, 2019 1:56 pm
Forum: Forwarding Protocols
Topic: EoIPv6 Tunnel flapping when used to route full BGP feed
Replies: 4
Views: 303

Re: EoIPv6 Tunnel flapping when used to route full BGP feed

When you say "Add static route to tunnel remote end", (using Router 1 as the example,) what prefix am I creating the route for, and what would the gateway address be?
by christopherh
Tue Mar 05, 2019 6:40 am
Forum: Beginner Basics
Topic: Control kids iPad usage time
Replies: 9
Views: 881

Re: Control kids iPad usage time

As a parent of a 2, 3, 5 and 8 year old speaking. Have you considered saying "No"? No scripting needed. The only "script" you'd possibly need is a CD set to loop saying no :lol: In any case, use ScreenTime. If they know the password, change it. Simple and no need to be jerking around with Kid Contr...
by christopherh
Tue Mar 05, 2019 6:35 am
Forum: Beginner Basics
Topic: direct traffic from one subnet to html page
Replies: 3
Views: 266

Re: direct traffic from one subnet to html page

Hello,

You could use something like this:
/ip firewall nat
add chain=dstnat src-address=<IP-PREFIX> protocol=tcp action=dst-nat to-addresses=webserver_ip to-ports=80
Regards,
Christopher H.
by christopherh
Tue Mar 05, 2019 6:29 am
Forum: Forwarding Protocols
Topic: EoIPv6 Tunnel flapping when used to route full BGP feed
Replies: 4
Views: 303

EoIPv6 Tunnel flapping when used to route full BGP feed

Hello All, I have 2 CHRs in different locations, with an EoIPv6 tunnel between them. Each router in each location has it's own upstream peer (different ASNs), and when I try to establish a BGP session between the two CHRs, the tunnel starts flapping like a fish out of water. I've tried filtering out...
by christopherh
Tue Mar 05, 2019 6:11 am
Forum: Forwarding Protocols
Topic: Valid router to use in a peering point
Replies: 6
Views: 537

Re: Valid router to use in a peering point

Can You tell me some stats about this router? Like the memory usage and process load? Are You using filters on the full route ? Hi there, The CCR1009-7G-1C-1S+ has the below specs and features: 1 x 10G SFP+ cage 1 x 1G Combo SFP cage / Ethernet Port (caveat is that you can only use either the SFP o...
by christopherh
Sun Mar 03, 2019 1:43 pm
Forum: Forwarding Protocols
Topic: Valid router to use in a peering point
Replies: 6
Views: 537

Re: Valid router to use in a peering point

Hi there, The CCR1009-7G-1C-1S+ is (in my opinion) an excellent router to use for BGP. I have one in a Sydney AU datacentre and it loads a full BGP feed (about ~750,000 routes) in less than 2 minutes. They are quite flexible, however the only downside is the fact that it's only got 1 x 10Gb port (I'...
by christopherh
Sun Mar 03, 2019 1:36 pm
Forum: Forwarding Protocols
Topic: Transit and IX problem
Replies: 5
Views: 511

Re: Transit and IX problem

Another suggestion is to advertise smaller prefixes to the IX (so if you had a /22, advertise /22 to cogent but 2x /23's to IX) to ensure those listening on the IX prefer your IX routes more. This would have to be one of the worst ways to "force" carriers to prefer a certain route. There are other ...
by christopherh
Thu Feb 28, 2019 4:40 pm
Forum: Forwarding Protocols
Topic: Vlans + VRRP + Multiple Public IP addresses
Replies: 9
Views: 756

Re: Vlans + VRRP + Multiple Public IP addresses

you will loose only 2 IPs on a subnet that is running VRRP on IPv4.
How is it possible that I have it working with only using the one IP address? I have .254 configured on both routers as the IP on the VRRP interface, and the physical interface has no IPs configured.
by christopherh
Wed Feb 27, 2019 2:25 pm
Forum: Forwarding Protocols
Topic: Vlans + VRRP + Multiple Public IP addresses
Replies: 9
Views: 756

Re: Vlans + VRRP + Multiple Public IP addresses

For what it's worth, I'm not sure about this statement:
lose 3 IPs per subnet due to VRRP
I have the one floating IP running on a VRRP config between two CHRs and it works flawlessly for me.
by christopherh
Wed Feb 27, 2019 2:11 pm
Forum: Forwarding Protocols
Topic: Acceptable ip's between different network
Replies: 1
Views: 434

Re: Acceptable ip's between different network

I'm sorry, but the description of your problem and the network diagram doesn't makes sense. Correct me if I am wrong, this is how I deciphered it: The Problem The network 10.9.8.0/24 currently has content filtering in place, preventing access to YouTube. Network 10.9.7.0/24 does not have any content...
by christopherh
Wed Feb 27, 2019 1:55 pm
Forum: Beginner Basics
Topic: Need help opening ports for Torrents on RB2011iLS-IN
Replies: 10
Views: 612

Re: Need help opening ports for Torrents on RB2011iLS-IN

Hi Dave, I certainly hope you are intending to use the bittorrent protocol for seeding Linux ISOs, or other content which is permitted to be torrented and not any copyrighted material. A Google search for the phrase "configure port forward mikrotik" yielded this as the second result: http://wiki.mik...
by christopherh
Wed Feb 27, 2019 1:52 pm
Forum: Forwarding Protocols
Topic: Access specific public website from intranet network
Replies: 1
Views: 165

Re: Access specific public website from intranet network

Hi sentu,

How is the external internet connectivity routed? Is it via the local gateway at each site, or is all internet traffic routed back to the head office?

Regards,
Christopher H.
by christopherh
Sun Feb 24, 2019 9:28 am
Forum: Forwarding Protocols
Topic: Problem while using VRRP between routers with BGP
Replies: 7
Views: 657

Re: Problem while using VRRP between routers with BGP

what size is the range you are advertising to your provider? if for example it's a /23 advertise the two /24's on R1 and advertise the /23 on router 2, this will force traffic coming in on router 1. This is not a good way of doing it as things have the potential to get messy, real quick. I've just ...
by christopherh
Sun Feb 24, 2019 9:25 am
Forum: Forwarding Protocols
Topic: Transit and IX problem
Replies: 5
Views: 511

Re: Transit and IX problem

Hello BGDS, If I understand your question correctly, your router is routing all your traffic out via Cogent and not using the NetIX connection? Based on the Hurricane Electric BGP Lookup (https://bgp.he.net/AS209702), you currently have a BGP peering session with both NetIX and Cogent. There are a f...
by christopherh
Sun Feb 24, 2019 9:13 am
Forum: Forwarding Protocols
Topic: OSPF Redistribute Problem
Replies: 18
Views: 1345

Re: OSPF Redistribute Problem

Is there any particular requirement to use OSPF, instead of BGP? I find BGP is easier to configure, and the route filters work without troubles.
by christopherh
Sun Feb 24, 2019 9:09 am
Forum: Forwarding Protocols
Topic: Monitoring of BGP session and VRRP Failover
Replies: 0
Views: 221

Monitoring of BGP session and VRRP Failover

Hi All, Just looking for some input/feedback into a BGP and VRRP setup I have with my upstream provider. Let me explain: The Setup Two VMs are configured as BGP routers. Both have BGP sessions configured to the carrier's router using IP address 203.0.113.22 (via multihop) to the same carrier and ann...