MikroTik

sirbryan

Yes, it would be nice to see MikroTik come out with something like the Ubiquiti Unifi Cloud Gateway Max (5x2.5G ports) or Cloud Gateway Fiber (3x10G, 4x2.5G). The AX3 with a CRS310-8G+ as a router-on-a-stick, or the RB5009 with a CRS310 would both be good combinations as alternatives. (I really want...

sirbryan

You can do either one: export individual disks to the hypervisors, either via nvme or iscsi. Or you could create RAID arrays and export those. Unless you want to run ZFS on the hypervisor, I would think exporting a RAID array would be safer and use less network resources, especially during recovery....

sirbryan

I am working on a similar Hardware: Supermicro ARS-210M-NR with Altra Max-Prozessor M128 and Connectx-6-DX dual 100G I still get only 64 cores on 7.19rc2. Is there some early access to 7.20ab to check if they fixed the core recognition >64? None of the builds that they sent me have >64-core support...

sirbryan

Weirdly enough I do not seem to have this issue. I have an RB4011 with an LHG60 and NB19 link to the same tower, each with their own BGP session (but same local/remote ASN) and prefix counts are identical for both sessions. https://iili.io/3ehedNV.md.png Both BGP sessions terminate on the same loca...

sirbryan

Use the MLAG example in the docs as a starting point. I have multiple MLAG stacks working just fine with 7.15.3 and LACP between them and client devices.

sirbryan

I tested about five different boxes at the time, and so I can't honestly remember which ports worked and which didn't, but suffice it to say, all six did not show up on that box Wait...ALL six did not show up? Perhaps I worded that poorly. Some of them showed up, but not all six of them. Likely the...

sirbryan

Have you seen that problem where in the session the number of prefixes remains at 0 even though the number of received messages increases as normal? Here that only happens after some uptime (and restart of a session), not immediately after boot. I had not noticed that before, but I pulled up one of...

sirbryan

8086:125c Both awesome as well as interesting; thanks much. The only thread I had been able to unearth so far with anybody at all talking about i226-V compatibility with ROS is this one from late 2023, which seems to imply that the interfaces do actually show up for them. In light of your testimony...

sirbryan

(I have a box very similar to the one he's looking at buying, and IIRC only the SFP+ worked on ROS7; the 2.5's did not.) Do you happen to know what ethernet chip was being used for the 2.5s (PCI vendor and device IDs would be even cooler)? And curious when was the last time you tried it (what ROS v...

sirbryan

I have read somewhere that Proxmox can not migrate a VM that is using PCI-Passthrough. If this is correct , how do you migrate a ROS ( x86 and/or CHR ) using PCI-Passthrough to another Proxmox ? Is it possible to migrate if the Proxmox servers are identical ? OP was asking about whether ROS support...

sirbryan

I had not noticed that before, but I pulled up one of my borders and found this interesting. For all of my peers with redundant connections, the secondary router (that has most recently reconnected) shows a dissimilar number of prefixes received, despite being configured identically. Yes, that is w...

sirbryan

Have you seen that problem where in the session the number of prefixes remains at 0 even though the number of received messages increases as normal? Here that only happens after some uptime (and restart of a session), not immediately after boot. I had not noticed that before, but I pulled up one of...

sirbryan

Unless you're going with known-working physical interfaces, as others have already suggested, the only way to know for sure if a particular box would do the job is to buy it and put a hypervisor on it and test with CHR (or x86 ISO as a VM) and PCI passthrough. If all ports are passed through and sho...

sirbryan

What is completely broken in BGP? Its stability. I cannot run anything higher than 7.15.x on my border and aggregation routers with more than two peers and thousands of routes, or else routes get "stuck". Traffic goes out the wrong interface despite the FIB showing routes going to the des...

sirbryan

What devices are connected to the router? It could be a grounding issue, or failed cabling to one of the cameras/radios/whatever else you have plugged into it. Or it could be related to a switching loop. Does any of the attached equipment show anything in its logs (besides ports dropping)? Is it bei...

sirbryan

I upgraded my RDS2216 to 7.19rc1 for some disk testing. Built-in SMB is still bad for some reason. It works fine on 7.17, but throughput on 7.18-7.19 are horrifically slow. M1 Mac Studio, Sonoma, 25Gbps card -> RDS2216 (2x M.2 SATA drives in MDRAID1 configuration, ext4 format). Built-in SMB, 8-20MB/...

sirbryan

As per normis they are working hard on ROSE features/stability on 7.19 and 7.20 so I guess no progress on routing,switching and hwoffload features I hope I'm mistaken This is a silly comment. It's not like they only have five guys that work on all of RouterOS. Some developers work on ROSE and conta...

sirbryan

I also had trouble using NFS to be honest, thought from what I can see its implemented more for mikrotik-to-mikrotik use To get NFS to work on macOS took some command-line tweaking; it's possible some of those same arguments (or variations) would be needed on some Linux distributions. I haven't tri...

sirbryan

I occasionally see that as well, but closer to 400-600kbps to all clients. It seems to me like it's some kind of broadcast or ARP traffic, but I can't see anything in other systems indicating that it's a problem.

sirbryan

Thanks for your message! Do you have any idea how to make two or three RDS's as a Cluster, if one device fails or install firmware, the storage is still up? https://forum.mikrotik.com/viewtopic.php?t=215917 At this stage, that is up to the capabilities of your hosts. Since what he's talking about i...

sirbryan

What's wrong with testing on NFS, at least unless/until ROSE properly exports iSCSI IQNs? You could surely spin up one or two Promox hosts for testing (which is what I'm doing).

(I'll take it if you don't want it.)

sirbryan

Unless you're using BTRFS, ROSE RAID is based on Linux mdraid, so keep that in mind as you experiment with what little documentation and CLI commands are available..

sirbryan

This issue is likely unrelated to the IQN naming convention. According to my online research, ESXi NVMe over TCP requires the target must support NVMe fused command , Maybe the RouterOS TCP NVMe Target module (nvmet-tcp) does not support NVMe fused command ? The following article mentions a similar...

sirbryan

One thing to note: you've set the MTU (i.e. Layer 3 MTU) on all the ports to maximum. There is no benefit to doing that since they are not routing. Max L2MTU for the switch ports is sufficient. I'd put everything back to 1500 to keep the config as clean and as close to MT's examples as possible. I'...

sirbryan

Anyone had any luck with getting VMWare to successfully connect to an ISCSI partition on an RDS2216? - it seems as if the LUN being offered is not suitable to complete the connection and the ISX host fails to complete the connection. Any help here would be greatly appreciated MikroTik isn't using t...

sirbryan

You'd be better off running ceph on a separate Linux box and using iscsi or nvme-over-tcp to export the individual drives to your ceph host(s). MikroTik's container implementation doesn't give the user raw access to drives. But then you'd stand little to gain if the RDS2216 went away (crashes, reboo...

sirbryan

Nothing that would break it (that I know of) stands out to me. But I use RSTP, not MSTP, so I've no idea if there's anything going on there. I set both switches to the same RSTP priority, same costs on the ports, etc. on mine and they all work. One thing to note: you've set the MTU (i.e. Layer 3 MTU...

sirbryan

Yes, do one switch, then the other. That's how I did my data center stack a couple months ago. If all you need is MLAG out of these switches (no SFP+ firmware or other updates that might have come in recent releases), I wouldn't upgrade past 7.15.3. In other words, if they're working for you now and...

sirbryan

OK, I did some more testing. Having more than two links per host works fine with 7.15.3 on the MLAG stack. And recovery is pretty good when you reboot a switch: one or two pings lost when the switch goes away, 4-10 pings lost when it comes back and MLAG is converging. Something broke in MLAG when yo...

sirbryan

My experience has been that, at least for now, MLAG only works reliably with a maximum of two ports per "client" server/router, one in each switch. I've tried with four from a CCR2116, as well as four from an RDS 2216, both into a pair of CRS326-24S+'s. While it seems to work for a few min...

sirbryan

If Mikrotik saw value in this it would have already done something in that direction, so I don't think you could count on their support for this effort. That's not always how things work. Companies that have been doing things a certain way for a long time often get stuck in a "this is how we d...

sirbryan

If you're doing NAT, you need to disable the Internet-facing port. Presumably you've done that already for other versions. Do you mean disable the HW offload on the internet facing port on the switch ? The way it's supposed to work for NAT (according to the documentation) is to enable L3HW on the s...

sirbryan

I can confirm the Noctua's don't respond to speed control. They stay at 5K RPM and CPU rapidly approaches 60+C. [Edit] Looks like they do respond to fan control, but since the machine was so hot they were running full bore the whole time. I'm testing a half-and-half setup with five Noctuas on the po...

sirbryan

When I was handling T1's and DS3's, we had a few Ethernet-over-switched-circuit devices that we sometimes used, allowing us to plug whatever routers (or switches) on each end into the Ethernet ports, and the device would mux the traffic across a number of T1's (1-4 usually) or a DS3. I actually have...

sirbryan

Unfortunately the RDS wont downgrade below 7.18 for me. Try 7.19b if you can live with a beta for a little while. Also a note on SMB performance in container, copy to RDS goes at about 6gbps, copy from is 1gbps, which is faster than built in smb service, but still rather slow which seems to be a re...

sirbryan

I'm posting this here because, while the Zyxel looks nice, I don't know that it will fit well into an ISP's network, and I know a lot of ISP's looking for a switch that meets your topic and OP. I have a couple of the Hyconext switches. While they have fans, they're pretty quiet unless you're putting...

sirbryan

There's a fix in 7.19b for SMB shares having issues when backed by BTRFS (to macOS?). I had poor SMB results on 7.18, but downgrading to 7.17.x proved to work just fine. (I had the issues on an ARM CHR VM on 7.18.x as well, so it wasn't specific to the RDS.)

sirbryan

Your bond trunk is only allowing untagged frames. You need to "admit all" frames for the VLAN-tagged traffic to traverse the bond.

sirbryan

If you're doing NAT, you need to disable the Internet-facing port. Presumably you've done that already for other versions.

sirbryan

OK, for some reason when I tried this before on my RDS2216, it only offloaded some of them on 7.18.2. I downgraded to 7.17.2 to fix some Samba stuff I was seeing, and after reading this went ahead and spooled up the BGP session to an upstream aggregation router. And now it's behaving just as explain...

sirbryan

Are you trying to restore backup from another CHR? Are you trying to license a CHR that was used for free longer than 60 days? For me I had built the CHR in Proxmox using the raw image converted to qcow (as per MikroTik's documentation). I had it check out a license (which was free, because it was ...

sirbryan

I started seeing this a number of weeks ago too. I'd like to be able to build a CHR on one host, get it working, then convert it to a template for deployment across multiple identical hosts. I tried cloning one that was working and, even after changing its system ID, I couldn't register it with a ne...

sirbryan

TrueNAS doesn't have an ARM64 variant. Openmediavault might be an option, but at the moment, you can't pass the raw disks through, so at best you'd be giving a container an already assembled array, which defeats the purpose of using one of those solutions as it is. The door is open, however, for som...

sirbryan

Can you instead test NFS performance over SMB. At times, Windows SMB has its own performance limitations.

I tested it earlier and I believe I posted some results. It works similarly (i.e. works fine), depending on which machine I'm connected to and which set of drives I'm testing.

sirbryan

Can a few people test built-in SMB performance? On two of my devices, SMB to macOS is really bad (11-20MB/s), but on 7.16.2 and 7.17.2 it's fine (200-900MB/s).

sirbryan

You can add Samsung PM963 to that list. I've also got some Micron 7300's coming in for testing.

sirbryan

If I leave all ports in the bridge, the only configuration that works is if i disable L3HW on both sfp28-1 (BGP WAN) and sfp28-8 (LAN port that needs firewalling), but then I don't have l3hw on the basic routing between other ports and WAN port, because I have some public subnets i want to attach t...

sirbryan

make sure your macOS computer has correct MTU for the adapter you are using, I know macOS has a bug where you can't set MTU above 8000 and if your adapter says it needs 9000, it will glitch in various ways. I have a Sonnettech Twin25 and have set MTU to 8000 MTU is 1500. But that doesn't appear to ...

sirbryan

edit: not sure why are you getting such good results on ampere, but test seems to be running correctly, is it same 960GB disk? larger ones usually have much better performance. 1.92TB disk usually has double performance than 960GB counterpart. I bought 8 960's. Two are in the Ampere and six in the ...

sirbryan

OK, I've been doing some math. If these PM963 drives are capable of up to 1800-2000MB/s (14-16Gbps) with 4 PCIe lanes, that means that I should see roughly 7-8Gbps in straight reads from one drive with 2 lanes on the RDS2216. The disk test to a single drive on Ampere (4xPCIe): [admin@rocket80-ros] /...

sirbryan

I ran a disk test from the Ampere ROS 7 to the RDS2216, with two disks exported. The results are exactly half of what I get when running it locally. [admin@rocket80-ros] /disk> test block-size=4K direction=read thread-count=2 type=device tcp-raid-1 Flags: R - RUNNING Columns: SEQ, RATE, IOPS, BYTES,...

sirbryan

disk test provides similar functionality as dd utility in linux. when testing locally CPU may be a bit capped due to generation of data (random or zeroes) with 6 nvme disks (entry level U.2/U.3 drives Micron_7400 - 960GB): ..... speeds should be around 55Gbps or higher in shorter bursts That's fine...

sirbryan

Thank you for the effort, but about the SMB, something is wrong in your setup. Show me your config and I'll show you mine. /ip smb users add name=bscott /ip smb set enabled=yes /ip smb shares add directory=nvme-raid name=Shared valid-users=bscott /disk set nvme5 raid-master=nvme-raid raid-role=0 se...

sirbryan

Looking through those FIO results can be really daunting, but I figured I'd leave those posts there for the few individuals who like to scour data. There are four Samsung drives in the RDS2216 and two in the Ampere box, and six Micron drives in the Ampere box on an LSI card. All are used enterprise ...

sirbryan

FIO tests on Ampere ARM64 ROS 7.18.2 native, same Samsung drives as in RDS2216 in BTRFS RAID 1. Random writes = 425MB/s, or 3.4Gbps on network: /Shared/fiotests # fio --name=fiotest --ioengine=sync --rw=randwrite --bs=4k --numjobs=1 --size=5G --runtime=1m --time_based fiotest: (g=0): rw=randwrite, b...

sirbryan

Same tests as previous post, but with a twist. Container is running on Ampere machine running ROS7, talking to two NVMe drives that the 2216 has exported via NVMe over TCP. The Ampere box then puts them in a BTRFS RAID1 configuration and mounts the drives. Random writes = 348MB/s, or 2.784Gbps on th...

sirbryan

Maybe the ccr2216 ASIC has something extra not mentioned in the docs, or I'm doing something wrong? :lol: We just deployed them, and didn't give it much thought, I thought this was normal behaviour... This edge is running 7.17.2 which doesn't seem to offer that extra info about the LPM, [@fn.edgemk...

sirbryan

FIO tests run in container, with two of the Samsung NVMe drives as BTRFS RAID1 mounted in the container: Random writes = 179MB/s, or 1.432Gbps on the network: /Shared/tests # fio --name=fiotest --ioengine=sync --rw=randwrite --bs=4k --numjobs=1 --size=5G --runtime=1m --time_based fiotest: (g=0): rw=...

sirbryan

I sent a BGP feed to my RDS2216 and this is how it's HW offloading is working. Note it has only one BGP peer, and only one way out and still it won't load everything. ipv4-routes-total: 751768 ipv4-routes-hw: 118103 ipv4-routes-cpu: 633664 ipv4-shortest-hw-prefix: 24 ipv4-hosts: 79 route-queue-size:...

sirbryan

Here's from one of my 2116's (for comparison). It looks like that chipset has a smaller lpm-cap. ipv4-routes-total: 751578 ipv4-routes-hw: 23930 ipv4-routes-cpu: 727649 ipv4-shortest-hw-prefix: 24 ipv4-hosts: 20 route-queue-size: 0 route-queue-rate: 291691 route-process-rate: 291691 fasttrack-ipv4-c...

sirbryan

Some more quick tests with Blackmagic Design Disk Speed Test over the network. Ampere ARM64 server booted into RouterOS 7.18.2 bare metal (64 out of 80 x 3GHz cores, 128GB RAM): 2x Samsung MZQLW960HMJP-00003 enterprise NVMe drives via SlimSAS connections, in a BTRFS RAID1 configuration - Samba Conta...

sirbryan

Some thoughts after playing with the RDS2216 this weekend. Wow. Ugh. Oof. WIP. Fingers crossed. (My background: 25 years of working in the WISP & telco/ISP industry in general, with lots of time spent managing small data centers and networks, as well as writing mostly web-based applications runn...

sirbryan

No, it's a 2116. I loaded 7.18.2 on one of my backup routers that participates in ingesting the tables. 24K looks like the middle of 16K and 34K. ipv4-routes-total: 740007 ipv4-routes-hw: 24301 ipv4-routes-cpu: 715706 ipv4-shortest-hw-prefix: 24 ipv4-hosts: 102 route-queue-size: 0 nexthop-cap: 8192 ...

sirbryan

Fascinating, since the docs state 16-36K for 2116/98DX3255 and 60K-120K for 2216/98DX8525. I'm running 7.15.3 on my BGP borders/aggs (7.16 locked up routes and required a reboot after a few days; I haven't tried 7.17 or 7.18 yet). My busiest border: ipv4-routes-total: 740438 ipv4-routes-hw: 24405 ip...

sirbryan

I have a dozen 2116's in production. Three as border routers (two pulling in full tables), two as BGP aggregation, two more for CGNAT, and a handful more as provider edge to downstream BGP customers. While we have a combined 50Gbps available to us (10Gbps to 5 providers), we only use about 5Gbps at ...

sirbryan

Think low-cost HCI (hyper-converged infrastructure). Most hardware sits there spinning its wheels (figuratively), so why not give it other tasks to do? For smaller routers, it doesn't make much sense, but if you have a USB3 port on the router, you can share an external hard drive with all the comput...

sirbryan

I got my RDS2216 in today! rose-1.jpg The disk trays are as flimsy as something that came off a 3D printer, so you're not going to be frequently hot-swapping with these. rose-2.jpg rose-3.jpg There's an issue with this side, however. The screws wouldn't go in straight. We loosened a few of them and ...

sirbryan

Some of the setup is a little fragile, but I'd have to see how you're doing it. Ideally you would turn down or disconnect all ports you're going to be working on, make the changes, then enable them. The bridge does have to figure out loops/STP and MTU settings etc. when you add and remove member por...

sirbryan

So if I had to set mlag-id on router on bond that is connected to both switches... then I should do same on client/server? This is a bit strange because documentation is saying that bond should be a simple LACP and client is unaware of mlag setup. You set the MLAG-ID on each switch port that is a p...

sirbryan

Edited:
If I do set mlag-id on bond to switches (ether1,2) it looks like the loop is fixed

Yes, this is required to match bond members to each other.

sirbryan

Your config shows ether1 as being the slave to both bonds. Is that a typo or accident? It should be ether1 to the router and ether2 to the server (or however you configured those).

sirbryan

Yes all VLANs have to be tagged on the peer port on both switches, and then tagged or untagged on the bonds, depending on your choices for each bond.

For example 401 and 905 should be tagged on the router's bond on the switches and on their MLAG peer port.

sirbryan

I just built an Ampere 80-core 3GHz machine and, now that I came across this thread, I'll be testing 40Gbps NICs, and eventually 100Gbps (if I can justify the expense; have zero need for it yet). You don’t need an 80-core 3GHz CPU to handle 100Gbps! Less than 16 cores are enough with proper NIC acc...

sirbryan

Yes, MLAG is specified on bridge on each switch, with mlag-id being same. It is added with PVID=99, I tried adding vlan tagged as that link. I can try switch to STP, as MSTP (that are on all 3 devices) was just because it was recommended in my setup. There is no MLAG-ID on the bridge's configuratio...

sirbryan

I have tried using version 7.15 but there is no “extra-nics.npk” during the installation process. in the x86 extra package there is also no “extra-nics.npk”. ok then that .npk might only be available vor AMPERE platform. The explanation I got from MikroTik is that, in contrast to x86, some ARM64 sy...

sirbryan

Has anyone had the opportunity to test RouterOS directly on high-capacity ARM64 servers with 2X100Gbps NICs or something similar? Surprised haven't seen anyone try and run ROS on a HoneyComb on here. I did try on the LX2. It doesn't recognize the onboard NICs. I just built an Ampere 80-core 3GHz ma...

sirbryan

Yes, the 2116 should be sufficient. You could also split tasks between the server you have and the router, particularly with regards to rules and shaping queues. You could do it in such a way that you slowly migrate some of those functions off the server to the router and watch the load/performance....

sirbryan

I tried adding qsfpplus1-1 to all vlans as tagged, not difference. It's been few days now. And I'm stuck here trying to deploy redundancy. Both switches pass vlans without issue the way it was intended, LACP also works without issue with same server connected just to one switch. The peer link betwe...

sirbryan

sadly CHR is missing MLAG support, which cut out many complex setups

I believe that's because MLAG is done in the hardware on CRS300/500 switches and 2x16 routers.

sirbryan

How much bandwidth? I moved to 2116's from 1036's last year and haven't had any issues. Only pushing about 5Gbps at peak, but the 2116's are handling it fine. HW offload for NAT kind of works. The few times I've tried enabling it, I get complaints from customers. I'm also syncing to a second NAT rou...

sirbryan

Nice work Amm0. I opened the URL on my Mac Studio and it came right up. I'm able to browse into and it works well. Just need to license it for more bandwidth.

Also testing CHR on an Ampere box (Q80-30) and loving all this ARM64 stuff.

sirbryan

If someone could hear us out... We are in deep trouble with Mikrotik. We bought 12 CCR2216's to replace our aging 1072 fleet (we are a mid sized FTTH/Wireless ISP). This warrants its own ticket to support and/or its own thread. There's too much to unpack here to address it in the 7.18.1 release thr...

sirbryan

*) rose-storage - show btrfs balance and scrub errors if any; Well, in the 7.18 topic we discussed a little about whether they would use the "btrfs balance" or the "block-level mdraid" function for the RAID setups, and now we know: it is "balance". You can do either on...

sirbryan

*) chr/x86 - Realtek r8169 updated driver;

Does this include the Realtek 8126 updates to the 8169 driver, from kernel 6.12? I've got a couple of Realtek 5G M.2 NICs that show up in the PCI list, but the driver doesn't load for them.

sirbryan

I'm testing a number of small router options, including Intel N100 and N150 boxes, as well as Raspberry Pi CM5, with 2.5G and 5G interfaces. I have some Realtek 2.5G USB dongles that are recognized and usable from x86 on the N150, but I can't seem to get them to load with USB passthrough on the CHR ...

sirbryan

@pe1chl, I have an idea. How many peers do your routers have? Observations starting from 7.16 but still occurring in 7.18: - the backup paths, that have a route filter that sets local preference 90, are often not stored in the route table at all. This is the other thing that stands out to me. Some ...

sirbryan

I will say this: I have hundreds of Ubiquiti Wave units deployed. Where possible, I'm replacing my 5GHz UI gear (LTU & AirMax) with Wave. I had quite a bit of MikroTik 60GHz also deployed, but I'm overbuilding and replacing it all (slowly) with Tachyon 30X radios. They use the same Peraso chips ...

sirbryan

I have all kinds of BGP issues that were introduced with 7.16, reported, but not yet fixed. In version 7.15.x it worked much better. But I cannot downgrade because I require other fixes. @pe1chl, I have an idea. How many peers do your routers have? I think some of the BGP bugs in 7.15.x and 7.16.x ...

sirbryan

You have to make sure you're comparing pears to pears (not going to mention apples ;-) ). ROS in principle does firewalling as well and connection tracking machinery (identifying connections to which each packet belongs) is pretty costly operation. OTOH linux kernel might not be doing it. IIRC conn...

sirbryan

FWIW I'm testing CHR on smaller hardware, such as Intel N100 and N150 4-core machines, as well as a Raspberry Pi CM5. 7.18rc1 performs much better than 7.17 did on both systems. Both devices are able to push 2.5Gbps UDP in both directions, and up to 5Gbps when using a 10G AQC107 NIC. However, the na...

sirbryan

So if i read it correctly it is CCR2216 basically - cheaper, green, different port set and with drivebays, but still CCR2216, right? Yes, Rose Data Server (RDS2216). I built something similar using a CCR2116. Screenshot 2025-02-20 at 9.32.34 AM.png Here's how it looked racked up as part of the home...

sirbryan

And honestly, why would I buy this if I can simply buy a supermicro server with 9005 epyc, 20+ nvme gen 5 bays, full PCIe bandwidth on all drives, and I can run ROS in a vm? Not to mention I have a full upgrade path with a dedicated mainstream server that can accept any kind of future implementatio...

sirbryan

For all you storage haters:

https://youtu.be/g1wpIIfYpZA?feature=shared

sirbryan

Reading the tea leaves, it seems as though there are other products that have been in the pipeline for a while that are going to leverage these features in ways that our existing RB- and CCR-whatevers may not. And likely in different directions/verticals than most forum posters are used to. That sai...

sirbryan

MikroTik's implementation of things isn't always a straight copy from Linux. They're working with legacy code of their own, older, customized kernels, and a wide variety of hardware platforms. One limitation, for example, was that you couldn't nest Cake queues. Not sure if that's been resolved or no...

sirbryan

I, for one, welcome our Storage overlords. Those who are poo-pooing things haven't been paying close attention to the hyper-convergence of functions the last decade or two. Cisco built a virtual router for VMware 15 years ago, and VMware created vSAN shortly thereafter. Now you have Proxmox VE + Cep...

sirbryan

but do you think that the VXLAN tunnel, closed over a VLAN, in the tunnel just normal traffic without vlan, would work? The only thing you can do is lab it up and give it a try. EdPa put an example of something that works on the 7.18b2 thread. I tried it on a pair of 309's and it works as described...

sirbryan

The HW-offload VXLAN support is very basic right now. I couldn't get it to pass tagged traffic coming into the same VLAN from other switches, only untagged traffic (from another port) tagged into the VLAN that the VXLAN is assigned to. So there's still some work to be done. Having it ride over anoth...

sirbryan

In my 25 years in the industry, and 20 years of knowing of CALEA's existence, and being the guy in charge of the back end for most of that time, I can say, at least in the areas I've worked, I've had exactly 0 CALEA requests. Another ISP shared that he got a contact info update request from the FBI ...

sirbryan

They run Version 6.49.17, which seems to be the latest on stable channel. They got license level 3. There are some incremental fixes in various versions of 7, including more in 7.18b2. I wouldn't necessarily recommend 7.18b2 yet, but up to 7.12.1 should work. They are using the lowest channel and d...

sirbryan

Not generally, no. I run all my sites at or above 48V and all the MikroTik gear seems to be just fine.

sirbryan

>all of these are for untagged VLANs, but can tagged VLANs be bridged to vxlans? Yes, VLAN can be tagged on the Ethernet side (in the example sfp-sfpplus3 or sfp-sfpplus4). But VXLAN cannot encapsulate VLANs, so it must be configured only for a one untagged VLAN. Ed, the following isn't working. Is...

sirbryan

A configuration example (using static routing, but could be done through ospf,bgp): sfp-sfpplus1 - upstream (underlay) interface sfp-sfpplus3 - bridged port for untagged VLAN 10 sfp-sfpplus4 - bridged port for untagged VLAN 20 vxlan-1010 - overlay port for untagged VLAN 10 vxlan-1020 - overlay port...

sirbryan

Meanwhile UI Wave released another firmware update supporting up to 31 clients per AP, and nice long range on 69120. But these radios are very damn expensive (only the short-range Wave Pico has reasonable price comparable to MT Cube), it's yet another vendor lock-in (they only talk to their own rad...

sirbryan

Most users like myself can't afford to duplicate their network. IMO MikroTik is making two (2) mistakes, (A) sub-standard software testing (too many regressions) compared to competition, and (B) releasing new features before fixing old bugs. This release is the worst possible combination, releasing...

sirbryan

It sounds like they are working as intended. You could try putting some traffic shaping queues, like fq-codel or cake, on the interfaces, limiting the bandwidth to ~900Mbps (or just a bit less) to keep it from saturating the 60GHz interface. It is WiFi-based, after all. Radio-to-radio TCP tests are ...

sirbryan

I don't really expect to get this functioning without MikroTik's involvement, I'm just hoping that more discussion about the platform will see official arm64 images for the cloud providers, as it's getting more popular. I'd like to run it on smaller but beefy ARM64 gear, like the Honeycomb LX2 boar...

sirbryan

I bought a pair of nRAYG60ad dishes and installed them in 20 meters distance That could be contributing to the problem, but I doubt it. The Qualcomm radios (in my experience) seem to adjust power automatically towards the -60's (you can't control that at all). What's the signal level? Closer to the...

sirbryan

But I would like it when it gets released and the 7.18beta versions start appearing with again hope for BGP fixes. This night our internet connection failed but the backup via LTE (auto switched using BGP), which worked perfectly at least until 7.12 or 7.15, don't remember exactly, again failed to ...

sirbryan

For the bulk of my fiber cores I will be using EDFAs at 10 points along my 250 kilomiter path, but i will be taking 1 pair of fiber for local distribution along that path. I am planning to use a CRS309 at each relay point with Chinese 10G 80 Kilomiter SFP Transducers. What do you think about the CR...

sirbryan

I was wondering if the routing/forwarding tables are used for each packet to determine the next hop, even if the outcome is known in advance. I can't imagine having hundreds or thousands of routes being helpful. Sure, there are optimizations in the routing tree so that packets aren't compared again...

sirbryan

Hi @sirbryan, I was in such a hot mess yesterday, I didn't even properly read your message before just letting everyone know that it now works for me. I have three working MLAG stacks I wonder, which devices do you use and have you managed to get a fast LACP rate? I frankly haven't set the untagged...

sirbryan

Is L3HW offload enabled, or is everything hitting the CPU?

What kind of firewall rules do you have?

How many total external routes is it ingesting?

Are you graphing memory use and CPU load?

sirbryan

Just loaded the new beta and this is feeling more comfortable. The quick access buttons on the right instead of tabs for the grouped sections is a good compromise, and the table is much more legible. Are the table columns separators and group-quick-access-buttons-now-placed-above-action-buttons (for...

sirbryan

While it's "assumed," you should also specifically untag VLAN 1 to mlagbond1 and untag VLAN 97 to the peer. If nothing else, you know for sure you've configured the VLANs to be where you want them. /interface bridge vlan add bridge=bridge tagged=sfp28-4 untagged=mlagbond1 vlan-ids=1 add br...

sirbryan

That is not true and topic is incorrectly marked as solved If you request a trial of the P1, P10 or PU license, it works with all features for 60 days, but after 60 days, RouterOS upgrade gets disabled. Limits do not get applied, it continues to work with no speed limit. So, to clarify, once the tr...

sirbryan

The newer 16G-2S+ 2004's have USB3 ports. I happen to have two of them. That's what I would use for storage (that was actually the purpose for getting these two routers--testing containers on them), alongside ROSE options to connect to other machines (SMB, NFS, ISCSI, etc.).

sirbryan

Ubiquiti AF60LR will get you 2Gbps aggregate (1Gbps "full duplex"), and Wave LR will get you 1500Mbps aggregate (up to 1Gbps each way and 500 the other, or 700-800ish both ways simultaneously). Wave LR has a backup 5GHz radio in case of rain fade, although at that distance both radios shou...

sirbryan

If filters are configured, the default on ROS 7 is to reject, so the additional rejections are unnecessary.

What you could do is change your first rule to

if (dst in 2001:db8:abcd::/48 && dst-len in 32-48) { accept; }

sirbryan

Of course, you're right about the purpose of the BFD. BGP and OSPF timer tweak - its a bad practice in my opinion. But if BFD is enabled only on OSPF or only on BGP, everything works correctly (BFD session uptime up to 12h). If i enable BFD on both routing protocols, routing stops working suddenly(...

sirbryan

Tweak your BFD settings to be more forgiving of the packet loss or jitter detected on the wireguard tunnel, or don't use it at all. Just keep your BGP and OSPF timers down to their minimums, unless you have two or three such links. Why do you need BFD over the wireguard tunnel? It's designed to prov...

sirbryan

The CRS317 can route between VLANs and switch between 10G ports at wire speed. Use it for all your internal VLANs and L3HW offload will work fine. The limitation in your setup will be the 2004's processor. Every connection from the 2004 to the 317, be it Layer 2 or Layer 3, will be CPU-bound. The 20...

sirbryan

L3HW should work if you don't have any VLANs, and simply assign IP's to each port. It is "best practices" to put everything in the bridge, build VLANs on the bridge, tag those VLANs to the bridge ports, create VLAN interfaces on the bridge, and assign IP's to the bridge VLAN interfaces ins...

sirbryan

There was RouterOS version number on 6 in webfig on top of the page. Now I have to go system packages to know the version. What happened with the old design?

Yes, that is lame. More easy-to-see useful information gets removed the further we go into 7.

sirbryan

I'm more concerned about why there are M.2 SATA III slots on the flagship product, whereas the CCR2116 has a proper M.2 PCIex3 slot. The supply of M.2 SATA will eventually die off and now I'll have router with irreplaceable SATA disks.

Buy a few spares.... That should get you a good 10-20 years.

sirbryan

I have no bridge.

Should I create a bridge with all physical ports or bonds that I am using and set up properly in VLAN tab of the bridge?

Double yes.

sirbryan

Or you can use NLRI filtering on the MikroTik to only allow 0.0.0.0/0. There may come a time when you get a second provider and want to start using those BGP routes for egress decisions.

sirbryan

Any other sugestion? :?: Your question is missing important detail: How many upstream peers? How many downstream peers (if any)? Do you need full BGP tables? Are you using L3HW offload, and if so, is the router configured properly to support hardware offload? What does the profiler say is pegging y...

sirbryan

I bought this thing. It has 25G interfaces to be a typical bridge, but there is no way to transfer even 10G in bridge mode. Is this some kind of joke? You bought router which happens to have 2x 25Gbps ports (and some others). Official test results tell that thing can route at speeds between 5Gbps a...

sirbryan

No, I don't have a test lab to do that. I do. if you're interested in cloning a sanitized version of your configs, I have four RB5009's and two CCR2004's racked up, with two more 5009's on the shelf. Or we could spin up a bunch of CHR VM's, use GNS3, etc. I backed my 2116 off to 7.15.3 early this m...

sirbryan

More specifically: I am running L3HW offload on several CRS300's, using them as site or edge (customer-facing) routers. They work great, unless they have diverse routes with equal cost. In that case, they will eventually get confused and routes will get "stuck" going out the wrong port, de...

sirbryan

I have seen those issues in 7.16 as well: a single disconnected peer disconnects multiple or all peers at the same time, and routes via disconnected peers still appearing in the table. The first I was able to improve a bit by forcing all BGP handling into a single process (input.affinity=main outpu...

sirbryan

We enabled "full" L3HW. After ~24 hours, a dozen or so of these customers started calling and complaining they were not getting traffic. On inspection we were seeing something like in main table: DAoH 0.0.0.0 -> sfpA DAoH 10.0.0.0/24 -> sfpA DAoH 10.0.0.42/32 -> sfpB For all these custome...

sirbryan

Post your config (sanitized) and one of us can possibly point to what's happening.

sirbryan

Thanks for this topic. Last Friday I bought CRS304-4XG-IN under impression from reviews that it can dual boot RouterOS / SwOS. As I need maximalize switching throughtput and I don't need L3 functions for my use case, ... I'll make some switching throughput tests when the rest of 10 Gbps hardware ar...

sirbryan

Hello mkx, I tried activating the L3HW using the following commands: Switch Configuration /interface/ethernet/switch set 0 l3-hw-offloading=yes Switch Port Configuration /interface/ethernet/switch/port set sfp-sfpplus1 l3-hw-offloading=yes But it didn't have a positive impact on the cpu uitilizatio...

sirbryan

I'm considering the idea of moving all routing away from the WG endpoint, and instead having the work split across two (or more) devices: WG tunnel terminators at each end, and have them hand off EOIP/VXLAN/IPIP/whatever to the next router(s) up/down the line. This way the WG router doesn't get conf...

sirbryan

My target is like this, probably 10 to 20 house per community, then each house estimate average 5 users, then total probably will be 50 to 100 users, then my concern not for the device but the speed from ISP is it can cater this scope of my Mini WISP, based on all of your guys experience With just ...

sirbryan

The new webfig has a similar problem to winbox4 where that status/flags are very difficult to interpret. For example, LINK OK and NO LINK are radically different states - yet the only difference is the text inside. Being disabled/reversed is what old webfig did and it was far more readable. Or perh...

sirbryan

I think MT should speak to Cloudflare bizdev folks about some partnership... they'd might trade figuring out DoH for shipping a native Cloudflare package a la ZeroTier. Noting that despite a range of dozens potential solutions (AWS, Azure, Cisco, PaloAlto, etc etc etc) to the DoS problem... the com...

sirbryan

An outdoor version of this with POE (and maybe one SFP+ port), like the outdoor version of the CRS305, would be pretty sweet too.

sirbryan

I got it to work on my home/office 2116. Firefox is responsive enough, although throughput tests leaves a bit to be desired (1Gbps is all). The CPUs were pretty busy, as expected without a dedicated GPU handling things. The first immediately useful thing I can think of would be running The Dude clie...

sirbryan

Thank you for listening.

sirbryan

blingblouw2 you can just enable bandwidth test. ask the user to push the button to confirm. it's a one time operation, you don't have to do it every time. You act like it's no big deal, but I have hundreds MikroTik devices to which I run bandwidth tests as part of regular troubleshooting. These are...

sirbryan

I hope that MikroTik will also fix MLAG. In fact, all of us who have purchased the CRS520 and CRS518 are eagerly awaiting ROS 7.17 and stable MLAG. What about MLAG specifically doesn't work for you? I have it working with a 354 and 312 in "lab production" at my desk (runs my home and offi...

sirbryan

Check my link in my profile. There's a way to contact me...

sirbryan

Update. It's now peak hours and I checked in on one of my BGP core routers. It has no forward firewall rules, only input. It runs at about 10% CPU pushing 3.5-4Gbps, and 400K packets. All RX traffic is hitting FastPath. This is over a bonded pair of SFP+ interfaces. I also looked at the busiest bord...

sirbryan

Interesting!! Be cool for the sirbryan to conduct single router to single router tests of this tech, comparing zerotier to wireguard performance......... According to the various Reddit posts etc. that I came across when researching my original reply, Wireguard is faster than ZeroTier. And in my ow...

sirbryan

Apparently ZeroTier does Multipath. The question remains as to whether or not MikroTik's implementation supports it yet. But on Linux, you have a few options: Standard policies active-backup: Use only one primary link at a time and failover to another designated link. broadcast: Duplicate traffic ac...

sirbryan

What you're talking about is called packet duplication and is an SD-WAN vendor technique. Cisco, Fortinet, Velocloud, and so on all use it. From an article by Cisco (their product is Cisco Catalyst SD-WAN): https://learningnetwork.cisco.com/s/article/cisco-catalyst-sd-wan-optimizations-for-starlink ...

sirbryan

If you put a private IP, they shouldn't be reachable from the world. For that matter, you could use VLANs to encapsulate the traffic, and set up access rules that only allow access from a different VLAN or from a specific (internal) IP. With RouterOS, you could do a couple more fancy tricks with the...

sirbryan

I would love a dual band, 120 to 180 degree azimuth, 10-15dbi gain, dual RP-SMA antenna. That would be fun to play with. They exist, but I think there isn't enough demand for them to keep making them (people want more gain, not to be hampered by dual-band designs). This is one I found at one of my ...

sirbryan

I haven't noticed similar issues, but then I'm only pushing about 3Gbps of traffic, and at the moment (morning) we're only around 200Kpps. (I haven't looked at PPS during peak hours.) On all but one of my CCR2116's (three as border routers, two as BGP core and two as CGNAT), I created an fq-codel qu...

sirbryan

He probably bases it on the fact that the US isn't the world. In Europe, WISPs pretty much don't exist. Wireless PTP links are a niche. Depends on the country. There are several European WISPS on the Facebook WISP Talk group. Some European and Asian countries are so dense, running fiber is consider...

sirbryan

MikroTik 60Ghz is quite good. Much better than their current AX outdoor products. The 60Ghz and 80Ghz market is growing and I feel MikroTik 60Ghz is more stable and reliable than their AX products. I feel they would be better focused and produce better satisfactory response from customers. First wo...

sirbryan

It's bad to the extent that all that complaining about changes in device-mode made Mikrotik Guys go back to hiding progress, and stop releasing testing with every possible release. Every company on the planet that releases alphas and betas is doing so for user feedback. With MikroTik, unless you're...

sirbryan

My routers do not receive internet routing tables but only a couple of local networks (company networks routed over VPN), but the problem is the same. It for sure is not related to large routing tables. So did you change everything to input=main, output=input? After upgrading my borders and core (5...

sirbryan

Hello, my CCR2004-1G-12S+2XS is random rebooting aprox. once a day with error in log: Any suggestions to software fix this problem or should I reach my supplier with hardware change or fix? What version of RouterOS is it running? There were known problems with 2004's rebooting, particularly some of...

sirbryan

What's new in 7.17beta4 (2024-Oct-18 11:32): !) device-mode - after upgrade, mode "enterprise" is renamed to "advanced" and bandwidth-test, traffic-gen, partition (command "repartition"), bootloader and downgrade features will be disabled; Instead of listening to the c...

sirbryan

The problem with a jump version is it leaves the admin with a one time only choice, what options do I set? Now if you want to secure the device in case of possible future exploit you should choose the minimum options required. But what do you do if a year down the track you suddenly discover that a...

sirbryan

What is your proposal, to verify ownership of a device in a way, that a remote attacker can't do? Put a QR Code on the router which we can scan and save in our management software before deploying the routers. New deployments aren't as big of a problem as existing deployments, as I can readily enab...

sirbryan

above quoted line from the manual > "you can use the "save config" button to copy it over to other partitions."" this can be done without any device mode changes, limitation only is applied to manual re-booting to other partition, if main one is still working And this is th...

sirbryan

Let me remind you, that if your device has some need to be routinely switched between partitions all the time, send somebody to unplug it from power ONCE in it's lifetime, to enable device mode setting for this. Let me remind you that you guys are adding both fixes and features in RouterOS 7 at a f...

sirbryan

The documentation says: [D]evices running versions prior to RouterOS version 7.17, all devices use the advanced/enterprise mode and: (Disabled features in advanced mode) traffic-gen, container, partitions, bootloader and, as mentioned in another post: container, fetch, scheduler, traffic-gen, ipsec,...

sirbryan

I use and enable partitions remotely ***all the time*** (on anything with large enough flash, particularly RB4011/5009/CCR's). And sometimes I forget to set all the things while I have physical access to it (i.e. on the bench/in the lab) before I deploy the router in the field. Blocking the ability ...

sirbryan

Any reason we couldn't get this to work on a decent-sized CCR with containers? I'm thinking at minimum a CCR2004 4GB RAM and external storage or more likely a CCR2116/2216 with SSD's. Can you please provide more information? Installation method? any errors you face? and which part is not working? P...

sirbryan

As an internet Service Provider, that also is considering more of a Managed Service Provider role: For my own stuff, locally-hosted servers are a must, and containers (or an NPK on a CCR2xxx/CHR would be cool). I like how Ubiquiti keeps UniFi separate from UISP. I use UniFi to manage customer's inte...

sirbryan

Have those of you having issues tried older versions of RouterOS? I have been running the iOS 18 betas on my phone since WWDC. I have also installed dozens of hAP AX3's since then, which I test from my phone or M1 MacBook Pro (which has been running the Sequoia betas). I netinstall 7.14.x (2 or 3, f...

sirbryan

I am currently looking at the CCR2004-1G-12S-2XS myself, but leaning more towards the CCR2116-12G-4S+. I think it will be a better buy. Just a bit worried about the power consumption. The 2004 12S is probably best suited for someone who needs to have a lot of SFP+ ports connected but only with burs...

sirbryan

Any reason we couldn't get this to work on a decent-sized CCR with containers? I'm thinking at minimum a CCR2004 4GB RAM and external storage or more likely a CCR2116/2216 with SSD's.

sirbryan

ZeroTier is Wireguard wrapped up in a nice management package. How much processing power you need boils down to how many clients you plan to have connected to it, and how much traffic (packets per second more than bandwidth) you're going to push. If all you're connecting is a bunch of smart devices ...

sirbryan

After further inspection, CRS300's (CRS310, NetPower16/CRS318) that are participating in OSPF/BGP had really low RAM available numbers, related to the number of days of uptime (4 days = 64MB of RAM left, 8 days uptime = only 22MB of RAM left), whereas those acting as switches are fine (160-170MB of ...

sirbryan

I've submitted a ticket, but wanted to post here just in case someone else has seen a similar problem. I have five CCR2116's in a full iBGP mesh. Three are peers with other providers, two sit in our core. We take full routes, but filter out AS-PATH's longer than 2 ASN's. For a couple of years this h...

sirbryan

I feel like the combo box to select what used to be tabs is a regression. It takes up the same about of verticle space but now requires 2+ clicks. I preferred tabs in some of the windows like interface settings/status/traffic for example, now it's on a roll down within the main window. It's ok, may...

sirbryan

What does your "default" template look like? Does the Cisco VPLS NLRI need to be set (this isn't for VPLS, is it)?

sirbryan

Props to the developers. This work is not an easy feat to accomplish. Looking forward to the progress in coming releases. I don't want to sound so negatively but some really bad practices (in terms of UI) made it into this new Winbox. Are there any UI/UX designers working for/at Mikrotik? Welcome to...

sirbryan

It means that you've maxed out the L3 HW-offload memory, and any packets destined for routes that aren't in the ASIC will be routed by the CPU like any other CCR or RB device. The only way to "fix" this "problem" is to create filters reducing the amount of routes your router inge...

sirbryan

Unless (or until) it's been fixed, MPLS is limited to a single CPU core in one direction (encapsulation or decapsulation, I forget which) in RouterOS 7. There's a thread about it on the forums. (I tested it on a pair of 2004's and posted my results there.) Since the 2116 has more slower cores than 2...

sirbryan

FYI: MLAG issue: two CRS317 in MLAG, with ESX hosts dual connected to CRS317 (not LACP, but having ESX decide which switch to send traffic based on the port up status, and the MAC address of the VM). When switch 1 goes down for firmware upgrade, all is ok, ESX starts using switch 2 for all VMs. Whe...

sirbryan

Does /routing/bgp/advertisements/print on the ROS7 -> Cisco match what you see on ROS -> ROS?

sirbryan

Thank you, got your point. What I have done is that although I have enabled bridge vlan filtering but I have tagged all the vlans that would be used by CPE in that region and also few management vlans. What I have understood from your point is that I should create vlan 2003,2004 on bridge interface...

sirbryan

That's not how the standard works, which is years-old, by the way. (Google for Channel Switch Announcement, 802.11h.) Oh, did not know that there is a separate standard. Thanks for the information. Googled it, should be defined in IEEE 802.11-2012. But when it really is this, I would want Mikrotik ...

sirbryan

But it could also be that the AP just promotes the 2ghz BSSID when the 5ghz BSSID goes down for scanning (or vice versa)...

That's not how the standard works, which is years-old, by the way. (Google for Channel Switch Announcement, 802.11h.)

sirbryan

As for the ISP speed that was just what they called it, I would guess it really is 2.5Gb. I will look into the bonded pair, have looked at LACP but as I understand it that only gives 1Gb with redundancy. An ISP can sell whatever they want and call it whatever they want. Comcast/Xfinity out here has...

sirbryan

But with the change of 7.16 something changed and it may not noticable because anymore: *) wifi - send channel switch announcements to clients when switching channels at requested re-select intervals; But I don't know what it actually does. Mikrotik did not explain it thoroughly. The AP has the abi...

sirbryan

Two years later... still no TG, still max 8 stations per AP. Meanwhile the U competitor has increased the number from 15 to 24, and have GPS sync, and channel 6 too (much longer range). The max station per AP limit is a function of the chipset. Qualcomm's limit is at 8. Peraso (Ubiquiti and Tachyon...

sirbryan

Chateau is deployed for LTE or 5G areas. This is what these Chateaus makes expensive: their modems. You can expect which speeds on LTE/5G in real world? And with these tremendous speeds 5G/LTE offer it makes no sense to have an SFP port. It makes even no sense to have more than 2.5g ports. And agai...

sirbryan

And thats it? At first glance it might have worked.

Generally, yes. The low number (in your example, 1460) just needs to be below the threshold of whatever is blocking larger packets upstream.

sirbryan

Unless you want to keep specific VLANs from going through the link, don't mess with bridge VLAN filtering and don't add them to the bridge VLAN table. For just two radios in a PTP config, it's simply enough to create a VLAN interface (attached to the radio's bridge) with the VLAN tag (2003 or 2004) ...

sirbryan

This sounds like an MTU problem. Are you using a VPN?

There should be a mangle rule that clamps the TCP MSS to the MTU. Sometimes it's automatic if you have a PPP-based link.

sirbryan

If you set up a filter for OSPF out, it will, by default, reject everything and only allow what you want to go out. So, for example, if I want 10.0.0.0/24 to go out, my filter would be: if (dst==10.0.0.0/24) { accept; } In this case, I want to allow any subnets within the 10.0.0.0/8 range. Use "...

sirbryan

you must choose: 16mb or SFP+. Can't have both 😅 But joke aside: Chateau line is ISP equipment. Why would one need SFP+ on a consumer device. Because companies like Google are offering 2.5Gbps and 5Gbps service. Even if nobody needs it, an SFP+ port allows the customer (or ISP providing customer eq...

sirbryan

Why do you think badly? It wasn't to contradict you, but to confirm: I also modified my previous post...

OK, that makes more sense.

sirbryan

I own two of them and have run a series of throughput tests, both bridging across ports and routing across ports. They are lousy at routing much over 3Gbps unless you have zero filters/rules, at which point the CPU can push about 19Gbps in+out (at 99% utilization). By including the diagram, you're p...

sirbryan

The CCR2004-1G-12S+2XS does not have a switch chip. All ports are bridged to the CPU by way of the PIPE chip thing. The CCR2004-16G-2S+ (and Passively Cooled version) has two 8-port switches. (We're ignoring the PCIe version of the CCR2004.) The RB4011 has two 5-port switches. The SFP+ ports on the ...

sirbryan

The RB4011, RB5009, and CCR2004 all have relatively the same speed of quad-core processor, with 4011 being arm32 and 5009 and 2004 arm64. The 5009 has three ways to power it (triple redundancy), and has a POE-out option should you need/want it. Heck, you can get two or three RB5009's for $600. The C...

sirbryan

Why is it important? Maybe somebody else has another "very important" variable they need everywhere. We can't cram everything in one screen. Some of us manually manage hundreds to thousands of devices (radios, routers, switches), and being able to see at a glance (like we used to be able ...

sirbryan

Good to know, thanks, but in normal operation is 5 GHz completely disabled or - since it is a (useful BTW) sort of failover link - it is in a sort of standby mode (thus consuming anyway some power)? From experience with other devices in "normal operation" devices consume anyway much less ...

sirbryan

In the meantime, WISPs worldwide wait for a vendor to bump existing 48-57V passive POE switches from 1Gbps to 2.5Gbps ports (and more than four of them) to run their Wave and Tachyon gear, and with 40-90W, it would even support their Cambium and Siklu (and others?) PTP links. The RB5009Pr-outdoor wa...

sirbryan

I made a typo and put 192.168.0.x instead of 192.168.10.x (post edited), but my point still stands. Your vlan10-ether1 interface's IP address is 192.168.1.11x with a network of 192.168.10.0. Your vrrp1-ether2-vlan10 is 192.168.10.254 with a network of 192.168.10.254. The network should match that of...

Search found 682 matches