Community discussions

MikroTik App

Search found 1110 matches

by DarkNate
Wed Mar 27, 2024 5:18 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92259

Re: v7.14.2 [stable] is released!

Your wish... Maximum link distance in kilometers, needs to be set for long-range outdoor links. The value should reflect the distance to the AP or station that is furthest from the device. Unconfigured value allows usage of 3KM links. https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-Configurati...
by DarkNate
Wed Mar 27, 2024 4:37 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92259

Re: v7.14.2 [stable] is released!

What's new in 7.14.2 (2024-Mar-27 09:48):

*) wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances (CLI only);
I can't seem to find this on the documentation. How does it work? How do we configure it? How are the values mapped or parsed internally?
by DarkNate
Tue Mar 19, 2024 11:54 am
Forum: RouterOS beta
Topic: BGP + ECMP
Replies: 16
Views: 9204

Re: BGP + ECMP

Will MikroTik support BGP multipath U CMP? I.e. to allow us to specify the bandwidth profile for each interface? And therefore perform load balancing across the interfaces either using: 1. Per packet (bad idea for stability/traceroutes etc) 2. Per flow (layer 2/3/4 hashing) https://vxplanet.com/2019...
by DarkNate
Tue Mar 19, 2024 11:37 am
Forum: General
Topic: WireGuard useful learning [Linux]
Replies: 8
Views: 878

Re: WireGuard useful learning [Linux]

I just explained with a famous example, OpenVPN ! OpenVPN is a server/client model. WireGuard is a peer to peer overlay network protocol. It's fully layer 3, peer to peer. By default every peer can talk to any other peer using unicast routing, there is no "server" and there is no "cli...
by DarkNate
Mon Mar 18, 2024 8:50 pm
Forum: General
Topic: WireGuard useful learning [Linux]
Replies: 8
Views: 878

Re: WireGuard useful learning [Linux]

including client/server
Nope. The protocol literally is peer to peer, it is not a server/client protocol like OpenVPN. This is about as stupid as saying OSPF has a sever and a client. People are really stuck up on NATted server/client model to the point they forgot what peer to peer really means.
by DarkNate
Thu Mar 14, 2024 12:35 am
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92259

Re: v7.14.1 [stable] is released!

Has the arm64 VPLS asymmetric bug, been fixed in 7.14.1? Can I now push at least 10Gbps VPLS using a CCR2004?
by DarkNate
Fri Mar 08, 2024 3:02 pm
Forum: General
Topic: IPv6 taking too long for SLAAC autoconfiguration
Replies: 16
Views: 1031

Re: IPv6 taking too long for SLAAC autoconfiguration

I will give it a try, thanks! However, what is the point of enabling PIM-SM if I then need to add a manual entry to MDB for not breaking SLAAC, which is exactly what is happening and what I'm trying to correct? Thanks! Yeah, remove the manual entry. I simply didn't update that post anymore. PIM-SM ...
by DarkNate
Fri Mar 08, 2024 10:54 am
Forum: General
Topic: IPv6 taking too long for SLAAC autoconfiguration
Replies: 16
Views: 1031

Re: IPv6 taking too long for SLAAC autoconfiguration

Run PIM-SM, problem solved. I run PIM-SM even for single-VLAN these days. PIM-SM allows you to intelligently populate the multicast routing table (mcast database on MikroTik bridge), you also end up resolving the issue with BUM traffic on the Ethernet spec. I posted PIM-SM config on this forum multi...
by DarkNate
Thu Mar 07, 2024 5:33 pm
Forum: General
Topic: IPv6 taking too long for SLAAC autoconfiguration
Replies: 16
Views: 1031

Re: IPv6 taking too long for SLAAC autoconfiguration

Why do people still mess up bridge config on MikroTik? Post after post, day after day for the last 10 years straight.

Read the official docs, only a single bridge should exist:
https://help.mikrotik.com/docs/display/ ... +switching

viewtopic.php?t=204440#p1058995
by DarkNate
Wed Mar 06, 2024 8:35 am
Forum: General
Topic: IPv6 taking too long for SLAAC autoconfiguration
Replies: 16
Views: 1031

Re: IPv6 taking too long for SLAAC autoconfiguration

IGMP Proxy upstream will be your router's loopback, downstream each layer 3 sub interface VLAN.
by DarkNate
Tue Mar 05, 2024 2:00 pm
Forum: Useful user articles
Topic: mDNS between VLANs with just bridge filters - Look Mum, no containers!
Replies: 19
Views: 3346

Re: mDNS between VLANs with just bridge filters - Look Mum, no containers!

I suspect any luck you have had with PIM-SM and mDNS is that you are routing IPv6 and ff02:fb is working for you and your devices that use IPv6 for mDNS. Yes, all my home networks/devices and production network are 100% IPv6-enabled/deployed/only/mostly. I stopped wasting my time on legacy IPv4 yea...
by DarkNate
Tue Mar 05, 2024 9:35 am
Forum: General
Topic: IPv6 taking too long for SLAAC autoconfiguration
Replies: 16
Views: 1031

Re: IPv6 taking too long for SLAAC autoconfiguration

You need IGMP Proxy or PIM-SM to run upstream to intelligently populate the multicast-routing table on the “switching” interfaces etc.

It's not just a MikroTik thing, but similarly, same behaviour on other vendors.
by DarkNate
Tue Mar 05, 2024 9:10 am
Forum: Useful user articles
Topic: mDNS between VLANs with just bridge filters - Look Mum, no containers!
Replies: 19
Views: 3346

Re: mDNS between VLANs with just bridge filters - Look Mum, no containers!

Haha, I'm not an expert, unlike other wannabe-experts in this forum or industry in general, I'm just a guy who loves to play with networks. I'm not sure why it works or doesn't work, yet, haven't had time to deep dive into multicast routing. But I do hope, someone with time can properly build a “cle...
by DarkNate
Sun Mar 03, 2024 6:02 pm
Forum: Beginner Basics
Topic: IPV6 with T-mobile USA home internet gateway and single /64 address no prefix how to
Replies: 17
Views: 1077

Re: IPV6 with T-mobile USA home internet gateway and single /64 address no prefix how to

The moment you are forced to use NAT66/NPTv6 etc, you are breaking IPv6 specs and going back to NATted IPv4 world.

I'd suggest raising hell and going public on their support on Twitter etc and ask them from a /56 PD as per BCOP-690.
by DarkNate
Sun Mar 03, 2024 6:00 pm
Forum: General
Topic: WireGuard useful learning [Linux]
Replies: 8
Views: 878

Re: WireGuard useful learning [Linux]

WireGuard is a peer-to-peer protocol, it doesn't support server/client functionality. Your blog should accurately explain this relationship of peer-to-peer from a network standpoint.

The Wikipedia article seems fairly clear to me:
https://en.wikipedia.org/wiki/WireGuard
by DarkNate
Sun Mar 03, 2024 5:58 pm
Forum: Useful user articles
Topic: mDNS between VLANs with just bridge filters - Look Mum, no containers!
Replies: 19
Views: 3346

Re: mDNS between VLANs with just bridge filters - Look Mum, no containers!

Hi DarkNate, I tested your suggestion about PIM-SM but was not working with printers, Chomecast, etc… Support said that we need multicast repeater (will paste their answer if needed). It should work for you? Share support's full reply. I don't know MikroTik multicast inter-VLAN routing is so messy.
by DarkNate
Sun Mar 03, 2024 5:55 pm
Forum: Beginner Basics
Topic: ipv6 ND /64 and PD /48 problems
Replies: 13
Views: 770

Re: ipv6 ND /64 and PD /48 problems

Cleaned config would look something like this: /ipv6 dhcp-client add add-default-route=yes interface=pppoe1 pool-name=ISP-PD-Pool pool-prefix-length=64 prefix-hint=::/48 request=prefix use-peer-dns=no /ipv6 nd set [ find default=yes ] disabled=yes add interface=ether2 /ipv6 address add address=::1 a...
by DarkNate
Sun Mar 03, 2024 2:40 pm
Forum: Useful user articles
Topic: mDNS between VLANs with just bridge filters - Look Mum, no containers!
Replies: 19
Views: 3346

Re: mDNS between VLANs with just bridge filters - Look Mum, no containers!

Looks hacky to me. Why not just use PIM-SM? I've shared PIM-SM config sample on this forum a few times, works on ROS v7 latest stable.
by DarkNate
Sat Mar 02, 2024 8:33 am
Forum: General
Topic: Block anydesk/teamviewer
Replies: 10
Views: 1005

Re: Block anydesk/teamviewer

What happens if the software uses port TCP:443 for the relaying of the connection?

Or use randomised DNS hostnames that flow over encrypted DoH of the client software itself?

You can't just “block” everything without some downsides.
by DarkNate
Sat Mar 02, 2024 8:29 am
Forum: Beginner Basics
Topic: ipv6 ND /64 and PD /48 problems
Replies: 13
Views: 770

Re: ipv6 ND /64 and PD /48 problems

This is a misconfiguration on your end. Run DHCPv6 client for the ia_pd /48 on top of the PPPoE client interface, from there it will get the /48 from upstream and inject it into the database of the IPv6>Pool. From there, now, you can just use it directly on each VLAN: VLAN1- ::1/64 VLAN2- ::1:1/64 E...
by DarkNate
Fri Mar 01, 2024 1:12 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92259

Re: v7.14 [stable] is released!

We can't "Add stuff", we can only "Make stuff"
Then make it, or simply allow official ONIE support on your hardware, we'll flash any OS of choice and get over RouterOS.
by DarkNate
Fri Mar 01, 2024 12:40 pm
Forum: Virtualization
Topic: CHR 7.14/7.15b4 can't find network interface in Vultr
Replies: 9
Views: 1396

Re: CHR 7.14RC3/RC4 can't find network interface in Vultr

I'd recommend just using Debian/Ubuntu + FRR or BIRD instead.
by DarkNate
Fri Mar 01, 2024 12:36 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92259

Re: v7.14 [stable] is released!

*) defconf - use "fq_codel" queue as default interface queue for wired ports on LTE devices;
Still not BQL for RouterOS? I still see poor bufferbloat/CPU usage issues under stress testing. Come on MikroTik, just add BQL support already.
by DarkNate
Tue Feb 27, 2024 6:22 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

It gets even worse and more confusing, see below: https://forum.mikrotik.com/viewtopic.php?t=204440#p1058995 This is exactly why MikroTik needs to overhaul the source code of RouterOS from scratch (perhaps time re-write in Rust?) and fix the configuration implementation logic from the hardware level...
by DarkNate
Mon Feb 26, 2024 5:33 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

I will be at IETF next month, will you ?

It would be good to meet up.
No, I live in economies that are far away from most IETF events. But have fun, and maybe try to get MikroTik employees to go there instead. They never participated in the IETF since 1997.
by DarkNate
Mon Feb 26, 2024 5:31 am
Forum: General
Topic: SQM - using FQ-CODEL in interface queues and fasttrack
Replies: 6
Views: 1347

Re: SQM - using FQ-CODEL in interface queues and fasttrack

Normis replied in one of the threads on this forum - He said "We'll look into it" or something to that effect.

NO, there's no BQL as of ROS 7.14rc.
by DarkNate
Sun Feb 25, 2024 3:11 pm
Forum: Forwarding Protocols
Topic: hardware offload of mpls, is it limited?
Replies: 5
Views: 554

Re: hardware offload of mpls, is it limited?

How long before we get MPLS/VPLS/EVPN hardware offloaded on CCR2k models and even the newer CRSes?
by DarkNate
Sun Feb 25, 2024 3:01 pm
Forum: General
Topic: SQM - using FQ-CODEL in interface queues and fasttrack
Replies: 6
Views: 1347

Re: SQM - using FQ-CODEL in interface queues and fasttrack

Yeah, you need BQL to work this out. Contact MikroTik support and ask them to enable it.
by DarkNate
Fri Feb 23, 2024 3:46 pm
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 47285

Re: v7.14rc [testing] is released!

This has been discussed ad nauseam. In all of the current documentation regarding bridges and switch chips for recent software versions, MikroTik emphasizes the requirement for a single bridge with all VLANs in it in order for any of the device's hardware offloading to work properly. Otherwise it's...
by DarkNate
Fri Feb 23, 2024 3:15 pm
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 47285

Re: v7.14rc [testing] is released!

I don't think this is 100% correct. WAN is a network just like any other, there isn't anything special about it except for understanding how NAT comes into play on either side of the imaginary boundary. When you look at it from an ipv6 perspective it becomes even clearer, there is no difference the...
by DarkNate
Fri Feb 23, 2024 9:42 am
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 47285

Re: v7.14rc [testing] is released!

Isn't it recommended by Mikrotik documentation in the L3HW docs and the basic VLAN docs to not place a VLAN directly on top of a physical interface? That the new/improved/recommended method is to always use the bridge? Obviously this is the only way to take advantage of L3HW inter-vlan routing and ...
by DarkNate
Tue Feb 20, 2024 4:50 am
Forum: General
Topic: IPv6 prioritization on WireGuard Peers with IP Cloud mixed A/AAAA DNS Records?
Replies: 2
Views: 369

Re: IPv6 prioritization on WireGuard Peers with IP Cloud mixed A/AAAA DNS Records?

This is a problem with the underlying source code of the WireGuard vanilla middleware client application software.

You need to request the devs of the vanilla client to fix this. IPv6 has never been preferred.
by DarkNate
Mon Feb 19, 2024 7:51 am
Forum: Scripting
Topic: Rest API Limitations (if any)
Replies: 3
Views: 674

Re: Rest API Limitations (if any)

For monitoring purposes, in general, for most things, use SNMP.

If there is something that's not covered by SNMP, then use the RESTful API.
by DarkNate
Mon Feb 19, 2024 7:43 am
Forum: General
Topic: Split IPv6 /56 obtained via the PPPoE
Replies: 11
Views: 823

Re: Split IPv6 /56 obtained via the PPPoE

Public IPv6 or IPv4 doesn't matter - People never heard of stateful firewall before, it seems.

@OP this may also interest you maybe:
viewtopic.php?t=176358#p1030682
by DarkNate
Mon Feb 19, 2024 7:36 am
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 47285

Re: v7.14rc [testing] is released!

Change log says:
*) defconf - use "fq_codel" queue as default interface queue for wired ports on LTE devices;
They failed to add BQL:
viewtopic.php?p=1046881&hilit=bql#p1046881
by DarkNate
Mon Feb 19, 2024 1:47 am
Forum: General
Topic: Split IPv6 /56 obtained via the PPPoE
Replies: 11
Views: 823

Re: Split IPv6 /56 obtained via the PPPoE

Assuming 2a00:1234:567:b01::/56 is your prefix from the ISP, that hopefully complies with BCOP-690. 2a00:1234:567:b01::1/64 will go to your "bridge" as is. Then simply create new pools whereby you have a /60 per pool like say pool1: 2a00:1234:567:b02::/60 etc Then run a DHCPv6 server for i...
by DarkNate
Sun Feb 18, 2024 11:07 am
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 47285

Re: v7.14rc [testing] is released!

CCR1009 LAB Testing v7.14rc A new log entry appears that I have never seen before: Download from api.ipify.org FINISHED Is this injected by MikroTik in THIS RC and for what reason ? api.ipify[.]org and similar domains have long been used by malware to look up an infected device’s public IP. In rese...
by DarkNate
Fri Feb 16, 2024 7:44 pm
Forum: RouterOS beta
Topic: FEATURE REQUEST: full cone NAT
Replies: 291
Views: 39837

Re: FEATURE REQUEST: full cone NAT

Which part of this is unclear? THERE’S NO FIREWALL! As for firewall, firewall is null in my testing and many others in this thread, so firewall is ruled out from day one. In addition, firewall on Windows laptop was also disabled. EIM-NAT (not full cone) is used in SP network CGNAT boxes, at least on...
by DarkNate
Fri Feb 16, 2024 6:17 pm
Forum: RouterOS beta
Topic: FEATURE REQUEST: full cone NAT
Replies: 291
Views: 39837

Re: FEATURE REQUEST: full cone NAT

Chances are high, your testing methodology may be flawed, I don't see network diagrams and full config. As for firewall, firewall is null in my testing and many others in this thread, so firewall is ruled out from day one. In addition, firewall on Windows laptop was also disabled. If you believe tha...
by DarkNate
Wed Feb 14, 2024 12:09 pm
Forum: RouterOS beta
Topic: FEATURE REQUEST: full cone NAT
Replies: 291
Views: 39837

Re: FEATURE REQUEST: full cone NAT

Darknate you have investigated this functionality for some time to great lengths and depths and its STUNning to me that MT doesnt pay more attention to your writing on this subject!! Its it just me or is they don't write full requirements for their software...... Mind you I dont know how you right ...
by DarkNate
Wed Feb 14, 2024 12:08 pm
Forum: RouterOS beta
Topic: FEATURE REQUEST: full cone NAT
Replies: 291
Views: 39837

Re: FEATURE REQUEST: full cone NAT

Did you test on the same external network with each setup ? there could be a different external filtering on the public IP addresses you did use that could explain those differences. Do you own those public IPs ? Regardless what i do i cannot get independant endpoint filtering. Even NAT 1:1 does no...
by DarkNate
Wed Feb 14, 2024 12:41 am
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 47285

Re: v7.14rc [testing] is released!

*) system - expose "lo" and "vrf" interfaces; Does this mean we can (or should?) delete our "loopback bridge" interfaces and use the native loopback interface of the Linux kernel? *) bgp - allow to leak routes between local VRFs; Do we have any configuration example/do...
by DarkNate
Wed Feb 14, 2024 12:37 am
Forum: RouterOS beta
Topic: FEATURE REQUEST: full cone NAT
Replies: 291
Views: 39837

Re: FEATURE REQUEST: full cone NAT

I tested using this: https://github.com/HMBSbige/NatTypeTester The software bugs have been fixed (I spoke to the developer of this software directly). MikroTik still fails the test. When I test on Juniper or Cisco, test passes just fine. I think MikroTik is failing to test this correctly. TCP/UDP BO...
by DarkNate
Sun Feb 11, 2024 11:01 pm
Forum: General
Topic: IPv6 DHCP Lease time = 24820d
Replies: 2
Views: 371

Re: IPv6 DHCP Lease time = 24820d

On the ISP side, we set ia_na and ia_pd lease time to infinity, so what you're seeing is normal. Read this on why/how/what/where:
viewtopic.php?t=176358#p1030682
by DarkNate
Wed Feb 07, 2024 6:47 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

What's strange about MikroTik as a network vendor is we don't see them in IETF meetings, we don't see them in NANOG, SANOG, UKNOG, NLNOG etc. Other vendors, small or big, attend these events, especially IETF, since all are interested to mingle, improve, and make business deals, but MikroTik employee...
by DarkNate
Wed Feb 07, 2024 6:25 am
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

Bottom-line, single bridge means packet is punted to CPU for inter-switch chip traffic… Don't know how I was wrong at all.
by DarkNate
Wed Feb 07, 2024 6:14 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

For the longest time I thought the same as you, but over time, it was clear that it was my lack of networking knowledge and Ros Principals that was keeping me from unlocking the flexibility. There are many ways to skin a cat [ as mkx & rextended would say ;-) ] with RoS, and that leads to many ...
by DarkNate
Wed Feb 07, 2024 6:04 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

@jaclaz 1. Nobody is asking for a Juniper MX2020 from MikroTik. 2. MikroTik HARDWARE isn't the problem. In last 10 years of MikroTik, 1/10 are hardware issues. 3. MikroTik SOFTWARE is the problem. In last 10 years of MikroTik, 10/10 are software issues. They can opt for fastest/cheapest solution i.e...
by DarkNate
Wed Feb 07, 2024 5:47 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

A very interesting thread, thank you. It is also clearly obvious how different people have different needs and different ideas about our products. We sure can't go in all directions this thread would want us to :) One direction is the easiest: Enable official ONIE support on MikroTik hardware, at l...
by DarkNate
Wed Feb 07, 2024 4:42 am
Forum: Forwarding Protocols
Topic: Can't seem to get 1:1 NAT working
Replies: 2
Views: 373

Re: Can't seem to get 1:1 NAT working

Use netmap for consistency all around, see the example here:
viewtopic.php?t=176358
by DarkNate
Tue Feb 06, 2024 10:20 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

You would lose your bet. I didn't say I continued exclusively in the Enterprise domain, did I? If you've had SP/DC experience with other vendors, and assuming you worked with software engineers for network programmability or automation, you'd know MikroTik RouterOS is poor software code, horrible A...
by DarkNate
Tue Feb 06, 2024 10:18 am
Forum: General
Topic: MPLS/VPLS decapsulation locked to single CPU core on ARM/ARM64 (CCR2004, CCR2116)
Replies: 12
Views: 1954

Re: MPLS/VPLS decapsulation locked to single CPU core on ARM/ARM64 (CCR2004, CCR2116)

FastPath isn't going to cut it in 2024.

They need to use DPDK/VPP for line-rate software dataplane. Maybe XDP for ingress filtering.
by DarkNate
Mon Feb 05, 2024 5:50 pm
Forum: Forwarding Protocols
Topic: ERROR: RECV RouteRefresh with invalid subtype: 0
Replies: 19
Views: 4983

Re: ERROR: RECV RouteRefresh with invalid subtype: 0

It's not just BIRD, I've seen this with remote peer being Cisco, Huawei as well.
by DarkNate
Mon Feb 05, 2024 4:50 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Thee is anyway a post on the forum about a possible way to workaround the issue until fixed in a next release ( a ticket was opened three years ago and Mikrotik's response was that they will fix it, but unfortunately no ETA). Yeah, doesn't take three years to fix serious issues with JTAC… Just sayi...
by DarkNate
Mon Feb 05, 2024 4:48 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

I would quite like Mikrotik to stick with its current direction. In my opinion, the reality is that these are not suitable devices for people who don't have a good practical grasp of IP, Ethernet, routing, bridging, VLAN and WiFi fundamentals. Having done enterprise networking since the days when v...
by DarkNate
Mon Feb 05, 2024 4:45 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

I am glad that I haven't seen anyone with the title "product manager" in their videos yet. You often come across such "product managers" in videos from companies like Cambium, Grandstream, and others. In reality, they are pure salespeople and not actual company-internal "pr...
by DarkNate
Mon Feb 05, 2024 10:05 am
Forum: Forwarding Protocols
Topic: Multicast over OSPF/MPLS
Replies: 4
Views: 482

Re: Multicast over OSPF/MPLS

This network is fairly big and needs proper consultation work. MPLS/VPLS should be used for inter-site transport, from access ports of each PE router to wherever you want to terminate the VPLS endpoint. VPLS is member of bridge, bridge contains all access ports + VPLS, VPLS is tagged Ethernet. Uplin...
by DarkNate
Mon Feb 05, 2024 9:55 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Personal note: consider following an MBA. See if there are universities/schools near you where you can follow it, if possible evening/weekend classes. Don't go for online course where you basically buy the degree, you will not learn anything from it. My personal view. I'm fortunately in a position ...
by DarkNate
Mon Feb 05, 2024 2:39 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Or, at least START by having some method to allow the V7 RouterBOOT to install (or at least boot) an alternative Linux disto. But I don't think the NIH mentality is going away.
Forget RouterBOOT, they can save up money/R&D efforts and just use ONIE, which is a bootloader.
by DarkNate
Mon Feb 05, 2024 2:38 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

There is a reason there are different engineering disciplines. Engineering Management or Industrial engineering is more geared towards project management, covering forecasting, budgeting, scheduling and statistics, and knowing enough about a wide scope of engineering disciplines to be able to under...
by DarkNate
Mon Feb 05, 2024 1:24 am
Forum: Forwarding Protocols
Topic: Multicast over OSPF/MPLS
Replies: 4
Views: 482

Re: Multicast over OSPF/MPLS

PIM-SM is fairly stable on RouterOS v7 latest versions.

It's likely a design/config issue on your end. Use VPLS to transport the layer 2, run PIM-SM on top of the tagged VLANs which rides on top of the VPLS.
by DarkNate
Mon Feb 05, 2024 1:19 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

I take a different view: Mikrotik is what happens when you let engineers run a company. The results are predictable. They just keep adding features that are mostly done & move onto new shine things before the last thing was actually done. This lack of focus on quality/completeness shows in rece...
by DarkNate
Mon Feb 05, 2024 1:17 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Probably if RouterOS had been open source, ForumOS64 would now exist with everything it needed... Even the useless Dark-Mode... If Nokia, a REAL CARRIER-CLASS network vendor, can benefit from open source, so can MikroTik: https://github.com/nokia?q=srlinux&type=all&language=&sort=name
by DarkNate
Sat Feb 03, 2024 7:41 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

We all are peasants when comparing with for eg. @DarkNate. For someone who isn't into networking Mikrotik was my first real touch with networks and i got used to it so i don't really know how other vendors have GUI sorted. (Juniper, Nokia, Cisco) But one feature that i would really love to see is P...
by DarkNate
Sat Feb 03, 2024 6:35 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Well, for eg. configuring VLANs. I think that regular users would be much more happier if they had some kind of wizard or something to do that. Take a look at ubiquiti and how they have that solved. I mean you can't satisfy all users but if Mikrotik is doing a push towards regular home users then I...
by DarkNate
Sat Feb 03, 2024 6:32 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Because MT obviously lacks a few developers to do something from start to end and not stop half way. They started great by hiding switch peculiarities behind L2 HW offloaded bridge. They are sticking to it for new products, but not all of them received offload (yet). But: they did not come around t...
by DarkNate
Sat Feb 03, 2024 6:29 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

One was so rich it sold out to HPE (who will ruin it). The other probably makes decent money for the founder/owner and staff.
Doesn't take away the fact that Juniper hardware + software are carrier-class in the industry, even better than Cisco. Can you call CCR2216 as carrier-class?
by DarkNate
Sat Feb 03, 2024 6:26 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Where are the examples of the ROS complexity? I looked at the VyOS docs. Their config management is very interesting in terms of features like versioning. But VyOS seems to be a full blown Linux OS. Why do we compare with embedded device OS like ROS? A fair comparison would be OpenWrt. But their CL...
by DarkNate
Sat Feb 03, 2024 9:26 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

MikroTik lacks software engineering expertise, it's clear as day based on the facts we all know and the bugs and the lack of features (MPLS on hardware etc). Why they never scaled up and take VC money like Juniper is beyond me. Look up founded date/year of Juniper and MikroTik, both started in the s...
by DarkNate
Sat Feb 03, 2024 7:43 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Yeah, but it looks like nobody cares. They must love the abstraction complexity of tech-debt ridden RouterOS.

Heck, can't even get MPLS/VPLS to work on the ASICs on CCR2k models, it's still CPU-only in 2024.
by DarkNate
Thu Feb 01, 2024 9:55 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

Re: [Discussion] MikroTik configuration abstraction complexity

Some latest examples of the issue with abstraction complexity: https://forum.mikrotik.com/viewtopic.php?t=203326 https://forum.mikrotik.com/viewtopic.php?t=204009 https://forum.mikrotik.com/viewtopic.php?t=203981 https://forum.mikrotik.com/viewtopic.php?t=143510 https://forum.mikrotik.com/viewtopic....
by DarkNate
Thu Feb 01, 2024 9:28 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4897

[Discussion] MikroTik configuration abstraction complexity

This is my first forum post, that I am making in genuinely trying to get MikroTik to see pain points of most MikroTik users, especially SOHO/Home users and even professional network engineers too. Every vendor in the network world has their own flavours and implementation for configuration abstracti...
by DarkNate
Thu Feb 01, 2024 9:01 pm
Forum: General
Topic: DHCPv6 and Handing Out Prefixes [SOLVED]
Replies: 1
Views: 341

Re: DHCPv6 and Handing Out Prefixes [SOLVED]

RouterOS v7 as of now the latest whatever beta, only supports ia_pd, not ia_na, so answer is no. You should contact MikroTik official support and ask them to implement this instead as base for DHCPv4/v6:
https://www.isc.org/kea/

It even supports DHCPv6 HA:
https://kb.isc.org/docs/aa-01617
by DarkNate
Sun Jan 28, 2024 8:39 pm
Forum: Wireless Networking
Topic: Persistent Wi-Fi Disconnection Issues with Mikrotik ax2
Replies: 62
Views: 13146

Re: Persistent Wi-Fi Disconnection Issues with Mikrotik ax2

I'm using hAP ax2 for 1 year+ now, currently running 7.13.3 ROS and routerboard firmware. 800Mbps upload/download for single client benchmarking. Works fine with multiple clients. I'm using FQ_Codel for interface queues to control bufferbloat. Chances you have some improper bridge/vlan config (as mu...
by DarkNate
Sun Jan 28, 2024 8:36 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

with BGP-VPLS can you stop dynamic names on that?
See here, dynamic name isn't only issue:
viewtopic.php?t=201638#p1052392
by DarkNate
Sun Jan 28, 2024 7:24 pm
Forum: General
Topic: migration from RB2011UiAS-2HnD to L009UiGS-2HaxD-IN
Replies: 7
Views: 1201

Re: migration from RB2011UiAS-2HnD to L009UiGS-2HaxD-IN

1:1? No. You should first start by checking the block diagram of the new hardware and make sure your bridge/VLAN config is done correctly for the hardware model. https://i.mt.lv/cdn/product_files/L009UiGS-2HaxD-IN_230524.png I don't know your existing network setup, but I would recommend making eth1...
by DarkNate
Sun Jan 28, 2024 7:17 pm
Forum: RouterBOARD hardware
Topic: L009 and ZeroTier
Replies: 20
Views: 1949

Re: L009 and ZeroTier

As far as encryption/ciphers goes including ZeroTier and many others, please correct me if I'm wrong, but isn't 64-Bit CPU/Kernel/Host OS the De facto industry standard across the board?
by DarkNate
Sun Jan 28, 2024 7:14 pm
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

I hope they allow proper PVID/VLAN config for BGP signalled VPLS.

I have not yet adopted BGP signalled VPLS on MikroTik because of this PVID/VLAN problem, even though the BGP signalling itself works solid.
by DarkNate
Sun Jan 28, 2024 6:50 pm
Forum: RouterBOARD hardware
Topic: L009 and ZeroTier
Replies: 20
Views: 1949

Re: L009 and ZeroTier

That's a question unanswered from the very first time this device was releases. EDIT: or was it ? https://forum.mikrotik.com/viewtopic.php?p=1026097#p1026097 But given that reply, why 64 bit on RB5009, AX2, AX3, ... ? They don't have 2Gb RAM. That reply from Normis is confusing, we regularly use 64...
by DarkNate
Sun Jan 28, 2024 6:39 pm
Forum: RouterBOARD hardware
Topic: L009 and ZeroTier
Replies: 20
Views: 1949

Re: L009 and ZeroTier

Since the L009 has an arm64 CPU, why would they not be using 64-Bit RouterOS on it to begin with?
by DarkNate
Sun Jan 28, 2024 6:28 pm
Forum: General
Topic: NAT action SAME behaves just like NETMAP?
Replies: 8
Views: 3264

Re: NAT action SAME behaves just like NETMAP?

You are correct, that it behaves identical to netmap, netmap originally was 1:1, but some point in the Linux Kernel chanelogs (I do not know the version number), netmap supported 1:Many. Netmap/Same simply ensures the same ExternalIP:Port mapping when possible for the same clientIP:Port combination....
by DarkNate
Sun Jan 28, 2024 1:17 pm
Forum: General
Topic: IPv6 DHCP Server and /128 addressing
Replies: 5
Views: 482

Re: IPv6 DHCP Server and /128 addressing

each customer facing router and hand out a /56 prefix to each customer from a /48 pool on each router. This is off-topic, but I would advise to not use such a small /48 per BNG, use bigger pool. Recommend you check this IPv6 operational BCP once: https://forum.mikrotik.com/viewtopic.php?t=176358#p1...
by DarkNate
Sun Jan 28, 2024 1:15 pm
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

At the end of the day, the story I've seen time and time again on this forum is that people buy things without researching the block diagram and understanding how the device was meant to be used versus how they want to use it or what their network needs are. I agree on this. Everyone's a network en...
by DarkNate
Sun Jan 28, 2024 1:13 pm
Forum: General
Topic: IPv6 DHCP Server and /128 addressing
Replies: 5
Views: 482

Re: IPv6 DHCP Server and /128 addressing

What you want to do fully is: /56 ia_pd per customer, static (because BCOP-690 and SLAAC breaks with dynamic PD) /128 ia_na per customer. MikroTik DHCPv6 server doesn't support ia_na, it only supports ia_pd. You could use a /64 per VLAN with IPv6 RA, but this doesn't support RADIUS/AAA. Each custome...
by DarkNate
Sat Jan 27, 2024 1:41 am
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

I think this is what we've all been talking about but in different aspects, some of focused more on best practices versus if something can be done. I never meant to infer that you absolutely cannot use the router in different ways. It's like people who use CRS switches for routers in their home. Ye...
by DarkNate
Fri Jan 26, 2024 6:30 pm
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

For someone with a CCR2004-16G-2S+ and a single bridge between both switch chips and one of the SFP+ ports, the hardware offloading does work as long as the same vlan to vlan traffic is on the same switch chip. So the winner is mkx! :D inter-asic traffic is punted via CPU, stop purporting fake info...
by DarkNate
Fri Jan 26, 2024 4:17 am
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

Yes sir. DarkNate, I trust you more than me :) This is an RB4011, currently I can't show you that ports were hardware offloaded due to testing dhcp/igmp snooping enabled; /interface bridge add dhcp-snooping=yes frame-types=admit-only-vlan-tagged igmp-snooping=yes igmp-version=3 mld-version=2 name=B...
by DarkNate
Fri Jan 26, 2024 4:15 am
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

mkx - believe you are wrong this time around. Every one of the devices cited in that section has 1 switch chip only. So, when there is 1 switch chip only, a 88E5191X would be configured accordingly. The disclaimer further down is specifically about devices with two switch chips. Therefore, one woul...
by DarkNate
Wed Jan 24, 2024 8:34 pm
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

@DarkNate, I could have misread and I don't even have 0,1% of your knowledge, the note you posted seems to be for "Other devices with a built-in switch chip" (VLANs configured on the switch). I was one that reported bug on the RB4011 in v7.8 for devices with 2 switches and hardware offloa...
by DarkNate
Wed Jan 24, 2024 3:31 pm
Forum: RouterBOARD hardware
Topic: FCS error on link radio
Replies: 3
Views: 652

Re: FCS error on link radio

We had some Ubiquiti wireless equipment that threw the same FCS error, we upgraded/downgraded firmware on the Ubiquiti side to fix it.

I suggest you do the same, reflash latest official firmware on the cambium or downgrade.
by DarkNate
Tue Jan 23, 2024 11:33 pm
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

Hi DarkNate, So if I want a single bridge I need to connect two ports (one of each switch chip) and probably configure them as trunk for all VLANs. Is that correct? If so, that would be a lot of unneccesary traffic going over that connection, is that what you mean by "bandwidth poor approach&q...
by DarkNate
Tue Jan 23, 2024 11:28 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Agree, there must remain a possibility to change these values administratively. Changelog quality is piss-poor.
+10000
by DarkNate
Tue Jan 23, 2024 5:48 pm
Forum: General
Topic: Wrong country when selecting Time Zone Autodetect
Replies: 16
Views: 1320

Re: Wrong country when selecting Time Zone Autodetect

Autodetect TZ is a reasonable default... but setting it a TZ is a better idea. Mainly because the logs only record the clock time, not UTC. And dealing with TZ and logging is hard enough, so the last things you'd want is the vagaries of autodetect TZ. If someone uses any logging system, it's likely...
by DarkNate
Tue Jan 23, 2024 5:44 pm
Forum: General
Topic: Large MDU Routing
Replies: 2
Views: 438

Re: Large MDU Routing

I would strongly suggest hiring someone.. +1 I don't know why a lot of business owners want to cheap out on hiring a high quality network engineer in-house instead of playing engineer themselves. 5 years later, they need to pay tens of thousands of dollars to an external consultant to fix their poo...
by DarkNate
Tue Jan 23, 2024 5:43 pm
Forum: RouterBOARD hardware
Topic: FCS error on link radio
Replies: 3
Views: 652

Re: FCS error on link radio

Is there any "LACP" config on the MikroTik side? Use this parameter, if there is:
viewtopic.php?p=1047773#p1047773
by DarkNate
Tue Jan 23, 2024 5:39 pm
Forum: General
Topic: Wrong country when selecting Time Zone Autodetect
Replies: 16
Views: 1320

Re: Wrong country when selecting Time Zone Autodetect

GeoIP is pseudo-science, just guessing.. CGNAT ISPs also makes the guessing hard.. I suggest just setting the timezone. Not really, modern carriers and ISPs are rolling out RFC8805, which gives you accurate info upto the zip/pin code, even for individual /32 v4 or /128 IPv6 if you want it to. In Mi...
by DarkNate
Tue Jan 23, 2024 5:36 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

*) ipv6 - made "valid" and "lifetime" parameters dynamic for SLAAC IPv6 addresses;

What does this actually mean?
by DarkNate
Mon Jan 22, 2024 10:41 pm
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

But it doesn't have to be two bridges, one bridge spanning all ether ports will do just fine.
You could do that, by running a cable from ether8 to ether9, but why? This is a bandwidth poor approach.
by DarkNate
Mon Jan 22, 2024 7:52 pm
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2886

Re: CCR2004-16G-2S multiple bridges or not?

Two ASICs, means two bridges. bridge1 for ports ether1-8, bridge2 for ether 9-16, this ensures both port groups are fully hardware offloaded to the correct ASIC. For SFP1 and SFP2, both being independent paths towards the CPU, you could put them in bride3, but I wouldn't advise this, as you will lik...
by DarkNate
Mon Jan 22, 2024 4:27 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Less significant, means it doesnt fit into the business planning ( aka profit models and future product planning ). Any change requires resources and those are tightly controlled. @normis I agree with Pe1chl, 7.12.2? whatever was the last one, may be an excellent candidate for long term stable. 7.1...
by DarkNate
Mon Jan 22, 2024 4:03 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

And also helps potential attackers to scan IPv6 address space much more effectively. I don't know if potentual benefits actually outweigh drawbacks. And why do you consider SOHO differently than DCs and other corporate installations? Obscurity is not security. I don't care if they can ping my hosts...
by DarkNate
Sat Jan 20, 2024 7:50 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Ah I see, the changelog could have worded it better. Hopefully it's configurable, to allow proper ICMP errors via firewall. Why waste efforts/CPU cycles on ICMPv4/v6 replies for non-existent pathways? I know there's an RFC for ICMPv4/v6 replies on the LAN, but that was written 20 years ago. I've de...
by DarkNate
Sat Jan 20, 2024 12:38 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Apologies, but I'm not following. What routes will be automatically added as blackholes to the routing table by DHCPv6 client?
The delegated prefix. Client receives /56 PD from upstream, /56 aggregate is blackholed.
by DarkNate
Fri Jan 19, 2024 2:23 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

I've built ISP networks, I've built DC networks and I run MPLS in my home lab with all the fancy eBGP driven architecture and OSPF underlay.

Never used USB, camera, speaker, GPS or touchscreen on network devices before.

+1 to rextended and MikroTik staff on this topic.
by DarkNate
Fri Jan 19, 2024 12:55 pm
Forum: General
Topic: MPLS/VPLS decapsulation locked to single CPU core on ARM/ARM64 (CCR2004, CCR2116)
Replies: 12
Views: 1954

Re: MPLS/VPLS decapsulation locked to single CPU core on ARM/ARM64 (CCR2004, CCR2116)

Very strange issue. I have a CCR2004 in production running VPLS as a PE router, and I'm unable to see single CPU core choking, CPU cores all are engaged pretty much evenly. Maybe it's config related? ROS version 7.12.1, firmware version 7.12.1 as well (if I use 7.13.x, it reboots every 15 minutes), ...
by DarkNate
Fri Jan 19, 2024 12:30 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

OpenWrt doesn't sell routers.
You can install BIRD / FRR on OpenWrt.
Obviously they don't dude. It was a joke. My point stands, want Linux vanilla networking? Go for Debian or OpenWRT.

MikroTik is a vendor, and they will do what ALL vendors in the market do, i.e. integrated routing stack.
by DarkNate
Fri Jan 19, 2024 12:13 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

What RFC / part of RFC is being implemented here?
I don't think there is an RFC that states this, but it's always good practice to blackhole aggregates to prevent layer 3 loops. Most end-users won't know how to do this, so this auto-feature, will take care of that.
by DarkNate
Fri Jan 19, 2024 12:11 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Then change that back! In v6 and in general Linux there certainly was and IS a layer that does the routing itself and a separate process or processes that manages the auto-routing like BGP. At the moment you are in the situation that the bad decision to use 16MB (or less) flash memory causes proble...
by DarkNate
Fri Jan 19, 2024 12:09 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

routing is essential to install even connected and static routes for router to be able to forward anything at all. it does not makes sense to run router without a "routing package", which will render router useless. Lol, for the first time, I agree with MikroTik staff's opinion. This is h...
by DarkNate
Sun Jan 14, 2024 10:18 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Not only for difference between versions, also in other areas the documentation is sometimes extremely lacking. See for example "/queue simple". There is no documentation AT ALL, its manual section has only an example that uses only 1/5 of the available parameters. What the other paramete...
by DarkNate
Sun Jan 14, 2024 10:04 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

I strongly disagree on this as MikroTik simply does not have the required engineering resources to make the necessary validation every six month. One can come to this conclusion just by considering the followings: Test results were not updated using v7 not even for products that were originally shi...
by DarkNate
Sat Jan 13, 2024 6:20 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

You are 100% correct. But unfortunately many people [including so called gurus] on this forum refuse to accept that important FACT because they are mired in the client/server model ... I've seen the same stupidity on Cisco and Juniper community forums as well, so definitely not MikroTik community-s...
by DarkNate
Sat Jan 13, 2024 6:18 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

I think "home users" are best served with automatic upgrades and configuration updates. Many home routers will be running with default config and have changed only things like admin password, wifi ssid+password, and internet connection parameters (like PPPoE client). When not any other ch...
by DarkNate
Sat Jan 13, 2024 11:22 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Linux LTS kernels have quite a short lifespan, the risk averse way is using the SLTS kernels maintained as part of the Civil Infrastructure Platform (CIP) , of which the latest is the v6.1(-rt) series. Just to put the length of support in perspective: the oldest kernel series maintained as part of ...
by DarkNate
Sat Jan 13, 2024 11:18 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Wireguard configuration should add an "Client MTU" parameter. WireGuard is a Peer-to-Peer protocol with built-in 4in6/6in4 mechanisms for easy encapsulation. There's no such thing as “server” or “client” in WireGuard protocol. There are only peers. Set MTU to 1420 on all peers and problem...
by DarkNate
Fri Jan 12, 2024 2:38 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

Please note that I, personally, do not argue against the need to upgrade to the later/latest kernel, nor do I argue in favor of. You posted a link presumably describing some changes in a specific kernel version that should have explain why Mikrotik should upgrade their kernels to at least 6.8. I wa...
by DarkNate
Fri Jan 12, 2024 9:51 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

I specifically quoted the part that is unclear. You posted a link to an articles that talks specifically about a TCP end-point optimization to prove your point that the kernel on routers absolutely must be upgraded. How does one relate to the other? Someone else already explained here: https://foru...
by DarkNate
Thu Jan 11, 2024 4:24 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

I fail to see how that may be relevant for a router. Which part of Not all features/data plane functionality is 100% L3HW. This is MikroTik, not Juniper MX/PTX. is unclear? CCR1k models, older RBs, or even CCR2k and newer CRSes have data plane features/config scenarios/situations where packets/Ethe...
by DarkNate
Thu Jan 11, 2024 11:48 am
Forum: SwOS
Topic: IEEE 802.3ad (LACP) transmit-hash-policy on SwOs
Replies: 4
Views: 5750

Re: IEEE 802.3ad (LACP) transmit-hash-policy on SwOs

I had problem with SwOS, LACP hashing/load balancing. We kept seeing TCP Retransmissions/Out of order (leading to DUP ACK), etc, and customers complaining about bufferbloat/latency. I switched over everything to RouterOS v7 (latest stable) with fresh netinstall. We are using this config everywhere (...
by DarkNate
Thu Jan 11, 2024 11:42 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

I don't completely agree. Mikrotik linux kernel is a control plane if you use L3HW.... regards Not all features/data plane functionality is 100% L3HW. This is MikroTik, not Juniper MX/PTX. Take Wi-Fi/Wireless for instance, that's all Linux data plane. They should upgrade to Linux Kernel 6.8, read t...
by DarkNate
Wed Jan 10, 2024 1:04 pm
Forum: Forwarding Protocols
Topic: How to Forward OLT from Mikrotik
Replies: 2
Views: 1756

Re: How to Forward OLT from Mikrotik

Use IPv6 and move on with your day.
by DarkNate
Wed Jan 10, 2024 12:59 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

dtaht, thank you very much for your offer and continuous support on this forum. we will see what we can do and will let you know if we have any questions I hope we see step 1: BQL support RouterOS -wide, MikroTik hardware-wide sooner than later. The Wi-Fi related patches, IMO — You're better off op...
by DarkNate
Wed Jan 10, 2024 12:58 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

In my world, linux kernel version 5.7 is totally obsolete and i am hoping most of all that they start a version 8 running linux 6.1 or later. Particularly our mt76 and mt79 drivers evolved a lot since even 6.1! MikroTik is probably the only network vendor on the planet that commercially uses the Li...
by DarkNate
Mon Jan 08, 2024 7:38 am
Forum: General
Topic: Support RFC3021 /31 Point to Point on any ROS version ?
Replies: 10
Views: 3822

Re: Support RFC3021 /31 Point to Point on any ROS version ?

Why on Earth, would you need to use /32 on local and /31 on remote? This is a very poor implementation of RFC3021, if you could even call it an attempt.
RFC3021 is simply not supported on MikroTik platform, I can't imagine what's taking them so long to support this.
by DarkNate
Mon Jan 08, 2024 7:16 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149906

Re: v7.14beta [testing] is released!

The fq_codel type is set for wired (Ethernet, SFP) interfaces in order to reduce bufferbloat. No interface queue for LTE interface itself. @MikroTik staff. Yes, this is good news, this is a massive step forward in the industry (Yes, I am serious). But there's a problem. MikroTik RouterOS Linux queu...
by DarkNate
Thu Jan 04, 2024 11:18 am
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

Can Tilera CCRs distribute L3VPN traffic between multiple cores? I have found it impossible to achieve on ARM and ARM64 devices. Probably not. In 2024, you're better off with hardware that has ASICs. CPU can't do much unless there's XDP for ingress and DPDK for egress, both are non-existent on Mikr...
by DarkNate
Wed Jan 03, 2024 12:35 pm
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

How you got it ? I cannot pass 1gb/s . Can you please share your conf and traffic profile(avg size of packets )? Follow the MTU section from the Edge/BNG guide. I use jumbo frames network-wide: 9k L3 MTU, maxed L2 MTU on physical ports/interfaces. VPLS L2 MTU capped to 9100. Single bridge config as...
by DarkNate
Tue Dec 26, 2023 1:40 am
Forum: Forwarding Protocols
Topic: Does MTU on LOOPBACK matter?
Replies: 6
Views: 1965

Re: Does MTU on LOOPBACK matter?

MTU is a complex topic, that unfortunately is spread among many books and documentations. The simplified version of it is: Larger MTU = larger frames = larger IP datagram = larger pay load = fewer frames/packets required to complete the payload from start to end = less PPS required to transfer data ...
by DarkNate
Tue Dec 26, 2023 1:37 am
Forum: Forwarding Protocols
Topic: BGP Established Issue in between MikroTik and Juniper . Error: Unsupported capability received, code: 128
Replies: 6
Views: 1067

Re: BGP Established Issue in between MikroTik and Juniper . Error: Unsupported capability received, code: 128

BGP Capability Code 128 is deprecated . Read this: https://www.rfc-editor.org/rfc/rfc8810.html Ask Juniper TAC to read it too. Juniper is at fault here, they should remove code 128 features fully. Juniper has bad history with BGP safety measures: https://blog.benjojo.co.uk/post/bgp-path-attributes-g...
by DarkNate
Fri Dec 22, 2023 12:19 pm
Forum: General
Topic: NAT64 and DNS64
Replies: 101
Views: 48818

Re: NAT64 and DNS64

Can anyone explain the current possibilities for NAT64 in Mikrotik? I see there's parameter in IPv6 ND, but no clues anywhere else or example on how to use this: pref64-prefixes (unspecified | ipv6 prefixes; Default: unspecified) Specify IPv6 prefix or list of prefixes within /32, /40. /48, /56, /6...
by DarkNate
Fri Dec 22, 2023 12:08 pm
Forum: General
Topic: CGN NAT ( NAT444 ) help
Replies: 39
Views: 6099

Re: CGN NAT ( NAT444 ) help

Thank you for sharing, I am starting to do the same process, only by using netmap instead of src-nat, I aim to reduce the number of rules.
Don't forget to read this:
viewtopic.php?t=176358
by DarkNate
Fri Dec 22, 2023 12:07 pm
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

I upgraded my RB951G-2HnD to 7.14 beta and gave a try to VPLS again. Now It is little better, the router is stable for hours with VPLS, but still have kernel faults and reboots. Do a fresh netinstall of 7.13, with no-default-config, ensure RouterBOARD firmware is also on 7.13. This will resolve you...
by DarkNate
Thu Dec 21, 2023 10:42 am
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

@Darknate I can feel you and I can clearly see your point and that was really obvious, but I don't need reasons to ditch MT because the company I work for already accept that fact that MT as a company is not perfect, my personal only sour grape with them is they don't layout their roadmap on what t...
by DarkNate
Thu Dec 21, 2023 2:37 am
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

@DarkNate As a band aid solution whilst we are still waiting for proper EVPN/VXLAN to come in Mikrotik, our tech stack revolves around mikrotik for 3 years now lots of investment already from hardware to people training and we don't want to go back to pure Juniper shop if we can fight for it for co...
by DarkNate
Tue Dec 19, 2023 11:10 pm
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

...or inter-VRF route leaking via RD with import/export on ROSv7 like it was useable in v6 or since xx-years on cisco ios (yeah that one, which also powered 2800 and 1800 routers...) I don't just understand why ROSv7 is lacking a lot of the generic features dating back to the early 2000s that we ca...
by DarkNate
Tue Dec 19, 2023 11:09 pm
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

Yeah, Q3 next year if MT can't still produce a decent implementation for all of this critical technologies in ISP space we are going to re-think our strategies, If only LAC mode not just LNS is readily available today we can duct tape our network and still can still wait for another 3 years more, e...
by DarkNate
Tue Dec 19, 2023 8:45 am
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

Don`t use MPLS VPN4 ROS 7 because you CPE will be completely open for remote side of tunnel. Firewall fail to detect inbound interface and mark it as unknown and if you filter something using : add action=drop chain=input in-interface=<mpls interface> traffic will reach you CPE without any limitati...
by DarkNate
Fri Dec 15, 2023 3:27 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257397

Re: v7.13 [stable] is released!

It's not useless, it can be used as Capsman to manage devices using new wifi driver. It's confusing, if device A doesn't have wireless chip/features, then "Capsman" should be seperate menu altogether, not "wifi" or "wireless" or "wifiwave2", capsman is just a...
by DarkNate
Wed Dec 13, 2023 7:37 am
Forum: RouterOS beta
Topic: L4S support in routerOS7
Replies: 8
Views: 4388

Re: L4S support in routerOS7

A modified use of ECN supports congestion control algorithms that avoid queuing delays at the sender, thus eliminating the sawtooth variation in launching packets that you're likely familiar with. But it is a new architecture with the associated issues for its adoption. RFC 9330 is quite readable: ...
by DarkNate
Tue Dec 12, 2023 5:42 pm
Forum: Beginner Basics
Topic: IPv6 RAs on interface with disabled address
Replies: 6
Views: 1498

Re: IPv6 RAs on interface with disabled address

Yeah, "disable all", enable selectively on what you need, example your VLAN17 or whatever it is. I do the same thing at home, this ensures there's no room for some random BUM traffic issue in the network. Same thing on your MikroTik APs or switches etc, if they are running RouterOS, ipv6 r...
by DarkNate
Tue Dec 12, 2023 5:03 pm
Forum: RouterOS beta
Topic: L4S support in routerOS7
Replies: 8
Views: 4388

Re: L4S support in routerOS7

What makes L4S superior to fq_codel and/or CAKE?
by DarkNate
Tue Dec 12, 2023 5:02 pm
Forum: Beginner Basics
Topic: IPv6 RAs on interface with disabled address
Replies: 6
Views: 1498

Re: IPv6 RAs on interface with disabled address

Yeah, it's enabled by default all right. I'd suggest reading the Edge/BNG guide, they have a small section on the IPv6 RA thing and the other IPv6 RA post. https://forum.mikrotik.com/viewtopic.php?t=176358#p864371 https://blog.apnic.net/2023/11/30/why-is-ipv6-router-advertisement-default-enabled-by-...
by DarkNate
Wed Dec 06, 2023 7:59 pm
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

I am pretty sure it's just a case of "Good things take time" rather than any decision not to support them. Explain to me, how Cumulus, SONiC, OcNOS supports hardware offloading for most of this stuff in 2023 and MikroTik (a company that started in 1996), doesn't? Heck MikroTik's own (pote...
by DarkNate
Wed Dec 06, 2023 7:56 pm
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

Hate to tell you, but your "inside source" is not trustworthy. Ha, what inside source? The last company, I'd want an “inside source” from is MikroTik. I was poking sarcasm at the obvious fact that MikroTik ROSv7 has been a mess, and you're all very slow in bringing the hardware offloading...
by DarkNate
Wed Dec 06, 2023 8:27 am
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11737

Re: Status of ROS V7 for BGP, MPLS, VPLS

There is no hardware MPLS support in RouterOS v7 at this point.
It's strange, isn't it? The Marvell ASICs that MikroTik uses supports MPLS/VXLAN/EVPN in hardware, but MikroTik decided it was a terrible idea to support these three on the ASICs.
by DarkNate
Mon Nov 20, 2023 2:53 pm
Forum: General
Topic: Vlan/MPLS/VPLS issue V7 ?
Replies: 4
Views: 1259

Re: Vlan/MPLS/VPLS issue V7 ?

Right... I have it working in test environment... but there's something (netonix, ubnt, xyz, ...) that's killing the MTU :D I'll have to dig :? P.S. I hope my MTU values are not wrong (1530 for MPLS, 1508 VPLS and I think it's 1600 for the ethernet ... I left VLAN at 1500?) Refer to this: https://f...
by DarkNate
Mon Nov 20, 2023 2:51 pm
Forum: General
Topic: Anyone use LibreNMS?
Replies: 6
Views: 2458

Re: Anyone use LibreNMS?

Hi Nate! What would proper CI/CD look like for a small-ish network, 50-200 devices? The reason I ask is I've struggled with using Ansible—since the extent of ansible "support" is a single CLI wrapper command and you're basically just doing ROS scripting—and like you mention Oxidized seems...
by DarkNate
Fri Nov 17, 2023 9:30 am
Forum: General
Topic: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?
Replies: 31
Views: 3622

Re: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?

This is because in the case of TILE CPU, a lot of operations are done differently. When some tasks have to be divided to many CPU cores, packet loss and out of order packets can occur. The ARM CPU is smarter in this regard, there is a lot more processing done, so that this does not happen. I think ...
by DarkNate
Fri Nov 17, 2023 9:28 am
Forum: General
Topic: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?
Replies: 31
Views: 3622

Re: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?

We are not saying that there is nothing to improve. Software can always be improved. That is a never-ending story for any software, not just RouterOS. But comparing different architectures and drivers simply is not fair. They each have their pros and cons. Normis, I have one question. Why not just ...
by DarkNate
Fri Nov 17, 2023 8:34 am
Forum: General
Topic: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?
Replies: 31
Views: 3622

Re: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?

DarkNate, what's the point of your answer? 1)So if you need or want to use MPLS you have to buy Juniper? And why not Cisco or Huawei or other brands? This is a fanboy position... 2)Is this the game of who's got the longest? 3)Another time you propose a software as solution to all problems... 4)I ca...
by DarkNate
Fri Nov 17, 2023 8:26 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88708

Re: v7.13beta [testing] is released!

WinBox in RouterOS is not just the winbox.exe. WinBox is a protocol that you use to transport RouterOS data from router to application, which includes winbox.exe, mobile applications and tne Dude. WinBox GUI should also match CLI 1:1. Example, why is “Services” (for API, SSH, SNMP etc) inside IPv4 ...
by DarkNate
Fri Nov 17, 2023 8:22 am
Forum: Forwarding Protocols
Topic: Does MTU on LOOPBACK matter?
Replies: 6
Views: 1965

Re: Does MTU on LOOPBACK matter?

Yes, it matters. I mean, wireless paths, technically, can do 9k MTU for layer 2 if the vendor supports, like some units from Ubiquiti. But the point is, layer 2 MTU should always be MAXED out on ALL Devices, even if it's different between them. Layer 3 MTU needs to be designed in a way that it ensur...
by DarkNate
Wed Nov 15, 2023 5:45 pm
Forum: General
Topic: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?
Replies: 31
Views: 3622

Re: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?

The problem is NOT the single bridge, we know it. The problem is that Mikrotik has not yet implemented handling of MPLS in HW. We are not talking of "user" router. As we said, there can be many problems: we have more than 500.000 connection, much more than can be handled in HW. Some kind ...
by DarkNate
Wed Nov 15, 2023 10:54 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88708

Re: v7.13beta [testing] is released!

Why is that? I'm running carrier grade NAT on some 2216's for customers and was looking into either the nat-ein or nat-pmp to try to get customers gaming setups happy with NAT types. Just trying to find a way to not get a double NAT for gaming consoles without having to give every customer a public...
by DarkNate
Wed Nov 15, 2023 10:42 am
Forum: General
Topic: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?
Replies: 31
Views: 3622

Re: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?

I don't get the fascination of having two or three beefy routers do everything for the whole network. To me that's a really bad single point of failure. Use each type of router for the things it does best, or design the network around the limitations of each. OP, clearly never read this: https://st...
by DarkNate
Wed Nov 15, 2023 10:41 am
Forum: General
Topic: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?
Replies: 31
Views: 3622

Re: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?

As we already said, we CANNOT use L3HW here: it uses MPLS/VPLS! And there are other cases where L3HW cannot be used: queues, complicate filtering and NAT, etc... Single bridge for MPLS/VPLS with VLAN filtering and segregation using PVID. Read the link I shared and then read MikroTik official docs. ...
by DarkNate
Tue Nov 14, 2023 3:34 pm
Forum: General
Topic: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?
Replies: 31
Views: 3622

Re: CCR2216 have terrible IO performances, very much worst than CCR10xx! Maybe they have no DMA?

100% sure this user failed to properly configure L3 offloading, single bridge config approach with VLAN segregation. So traffic is going via control plane instead of the data plane (ASIC). https://forum.mikrotik.com/viewtopic.php?p=1031313#p1031313 @normis if you read this, I think it's high-time Mi...
by DarkNate
Tue Nov 14, 2023 3:31 pm
Forum: General
Topic: Vlan/MPLS/VPLS issue V7 ?
Replies: 4
Views: 1259

Re: Vlan/MPLS/VPLS issue V7 ?

I deploy jumbo frames even on wireless equipment. As long as L2 MTU and L3 is configured correctly across the various paths in the network, there's no issue.

Different wireless equipment have different MTU support, check with the vendor.
by DarkNate
Tue Nov 14, 2023 3:24 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 92064

Re: v7.12 [stable] is released!

MikroTik's software quality is a very bad joke. Guys should go back to the first chapters of any good book on software engineering. It looks like in the past their software was written by the old timers and then the "young, dynamic, from big cities, who think they know better" came on boa...
by DarkNate
Mon Nov 13, 2023 7:09 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88708

Re: v7.13beta [testing] is released!

*) firewall - added "nat-pmp" support;
Why? NAT-PMP was already obsoleted by RFC6887. It would've made more sense to implement PCP, which is also usable in 464xlat, NAT64 and MAP-T.
by DarkNate
Mon Nov 13, 2023 7:05 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 92064

Re: v7.12 [stable] is released!

Of course he did not read what I wrote. I wrote "It is best to update the firmware once after purchase of the device" so you won't have ancient firmware. Bullshit. Buy a device today, netinstall with latest ROS and firmware. Now one year later, ROS version has changed 15 generations and f...
by DarkNate
Mon Nov 13, 2023 4:11 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 92064

Re: v7.12 [stable] is released!

It really isn't a good idea (anymore) to set automatic firmware upgrade. The reason is that the firmware version now changes every time, it is the same as the RouterOS version. But usually there is no update at all in the firmware. Update just does nothing, but it incurs a small risk of rendering t...
by DarkNate
Sat Nov 11, 2023 8:28 am
Forum: Beginner Basics
Topic: IPv6 Configuration under Router OS 7
Replies: 39
Views: 3444

Re: IPv6 Configuration under Router OS 7

I think it is a mistake to apply techniques developed for business-on-budget applications to prosumer cases which my firewall is for.
Disagree. We route to blackhole even on expensive high-end Juniper MXes and PTXes.
by DarkNate
Fri Nov 10, 2023 9:46 am
Forum: Beginner Basics
Topic: IPv6 Configuration under Router OS 7
Replies: 39
Views: 3444

Re: IPv6 Configuration under Router OS 7

But if I were to nitpick I would criticize blanket drop and blackhole rules: local hosts deserve rejection with appropriate ICMP errors. Note that linked RFCs advocate similarly. That it’s not trivial to configure RouterOS like this is whole other matter. This opens a door for DDoS/DoS of the contr...
by DarkNate
Fri Nov 10, 2023 4:38 am
Forum: Beginner Basics
Topic: IPv6 Configuration under Router OS 7
Replies: 39
Views: 3444

Re: IPv6 Configuration under Router OS 7

@Kentzo your approach has duplicity and redundant config, for example with your “trap”. Why would you increase computation costs? Use Route-To-Blackhole directly. In addition, the content in the article is backed by various RFCs and BCPs and BCOPs, all hyperlinked widely across the article if you bo...
by DarkNate
Thu Nov 09, 2023 6:35 am
Forum: Beginner Basics
Topic: IPv6 Configuration under Router OS 7
Replies: 39
Views: 3444

Re: IPv6 Configuration under Router OS 7

I actually disabled all the other rules as well. Is there a base ruleset I should be using? The implicit drop at the bottom is disabled as well.
viewtopic.php?t=176358#p864371
by DarkNate
Tue Nov 07, 2023 2:25 pm
Forum: Scripting
Topic: Auto Fail over BGP Peers and ports
Replies: 6
Views: 1578

Re: Auto Fail over BGP Peers and ports

Or even better, BFD. It was made for this purpose.
When is really ready and works...
Works fine on v7.11.2. No problems here for months/weeks now. Even cross-vendor.
by DarkNate
Tue Nov 07, 2023 12:51 pm
Forum: Scripting
Topic: Auto Fail over BGP Peers and ports
Replies: 6
Views: 1578

Re: Auto Fail over BGP Peers and ports

Very few people are really qualified to work with dynamic routing protocols. Maybe MikroTik should make more in-depth content on these.
by DarkNate
Mon Nov 06, 2023 4:58 am
Forum: General
Topic: loud balance 3 starlink
Replies: 19
Views: 2517

Re: loud balance 3 starlink

I thought he's talking about cooling system load distribution or something with “loud balance”… Fans are loud for sure.
by DarkNate
Sun Nov 05, 2023 10:10 am
Forum: Forwarding Protocols
Topic: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?
Replies: 4
Views: 1417

Re: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Yes, it's obviously computationally expensive. Who the hell else even does this?
by DarkNate
Sat Nov 04, 2023 5:10 pm
Forum: Beginner Basics
Topic: NAT Typ D - Nintendo Switch
Replies: 11
Views: 1933

Re: NAT Typ D - Nintendo Switch

The chances of school or college “network engineers” deploying proper CGNAT with netmap/EIM-NAT is not slim, it is null/non-existent. I've been through college too, and our PhD certified “engineers” ran like 7 layers of NAT before it reached the Dormitory. Best you can do is Cloudflare WARP free pla...
by DarkNate
Sat Nov 04, 2023 5:08 pm
Forum: Forwarding Protocols
Topic: MPLS-TP
Replies: 11
Views: 3695

Re: MPLS-TP

I don't work for a Tier 1 Carrier so I don't know. Yes, Ciena seems to offer it as a high-SLA metro-service concept I guess MPLS-TP makes sense for transport gear. Not networking gear. As it's 100% transport related tech and less of networking/packet switching. MikroTik doesn't sell transport gear,...
by DarkNate
Sat Nov 04, 2023 7:57 am
Forum: General
Topic: Anyone use LibreNMS?
Replies: 6
Views: 2458

Re: Anyone use LibreNMS?

I've used LibreNMS in a large network. No problems with Cisco, Juniper, Arista, MikroTik.

For proper automation, you'd likely need a proper CI/CD pipeline for network-wide and infra-wide automation. Oxidised is there, but it isn't exactly a CI/CD pipeline company-wide.
by DarkNate
Sat Nov 04, 2023 7:55 am
Forum: Beginner Basics
Topic: NAT Typ D - Nintendo Switch
Replies: 11
Views: 1933

Re: NAT Typ D - Nintendo Switch

Use netmap + EIM-NAT on your home MikroTik router and make sure you APs etc are in bridge mode to avoid double/triple NAT.
by DarkNate
Sat Nov 04, 2023 7:51 am
Forum: Forwarding Protocols
Topic: MPLS-TP
Replies: 11
Views: 3695

Re: MPLS-TP

No, it's mainly used for specialized industries like utilities, industrial, military and so on. When were are often talking Megabits but needs to be very reliable and ultra-fast recovery scenarios. But It could be used as a transport for legacy services on a bigger carrier operator. EVPN and MPLS-T...
by DarkNate
Fri Nov 03, 2023 5:38 pm
Forum: Forwarding Protocols
Topic: MPLS-TP
Replies: 11
Views: 3695

Re: MPLS-TP

MPLS-TP is not legacy, but its a niche market.
How small is the market for this? What are some modern-day use-cases for it in carrier networks? I just can't think of any because of EVPN.
by DarkNate
Thu Nov 02, 2023 7:12 pm
Forum: Forwarding Protocols
Topic: MPLS/TE CSPF 7.12rc4
Replies: 1
Views: 1210

Re: MPLS/TE CSPF 7.12rc4

Share config example on both sides.
by DarkNate
Thu Nov 02, 2023 7:09 pm
Forum: Forwarding Protocols
Topic: MPLS-TP
Replies: 11
Views: 3695

Re: MPLS-TP

Well, It's often used as a replacement for legacy TDM-like tech, transporting synchronous and latency sensitive applications. Then safe to say MPLS-TP is also legacy. A lot of carriers have removed TDM/SDH/SONET type equipment and replaced with modern-day OTN. Even LTE/5G doesn't use TDM. There's n...
by DarkNate
Tue Oct 31, 2023 10:23 pm
Forum: Forwarding Protocols
Topic: MPLS-TP
Replies: 11
Views: 3695

Re: MPLS-TP

MPLS-TP is a very different concept. It often requires and specialized hardware and provisioning concepts to make any sense of it.
What's the market share of MPLS-TP anyway? I have not seen it in production.
by DarkNate
Tue Oct 31, 2023 10:22 pm
Forum: Forwarding Protocols
Topic: Is it possible to filter specific routes by using NSSA or Stub areas? [SOLVED]
Replies: 11
Views: 3105

Re: Is it possible to filter specific routes by using NSSA or Stub areas? [SOLVED]

I think I might have gotten confused during your follow-up explanation. You mentioned that there are already ISP uplinks at the OFCINA router which are using BGP. Where is the part in which you are moving from static routing to OSPF? Do you have an ISP providing transport for the internal connectio...
by DarkNate
Tue Oct 31, 2023 12:50 pm
Forum: Forwarding Protocols
Topic: BGP between ver 7 and 6
Replies: 4
Views: 1752

Re: BGP between ver 7 and 6

Upgrade to ROS v7.11.2 on all devices and move on with your life.
by DarkNate
Tue Oct 31, 2023 11:48 am
Forum: Forwarding Protocols
Topic: Is it possible to filter specific routes by using NSSA or Stub areas? [SOLVED]
Replies: 11
Views: 3105

Re: Is it possible to filter specific routes by using NSSA or Stub areas? [SOLVED]

One more thing do you think is it actually worth implement OSPF in the network with that quantity of routers even if every router knows about each other and does not filter routes like the want it? I've designed a lot of ISP networks using eBGP/iBGP in conjunction with OSPF/is-is. This is what I do...
by DarkNate
Mon Oct 30, 2023 10:21 am
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 134
Views: 52489

Re: IS-IS

If I have to wait to 7.14, 7.16 for a IPv4 is-is implementation.
is-is is not TCP/IP, it's CLNP. Why would it require IPv4 or IPv6 addressing to function?
by DarkNate
Mon Oct 30, 2023 9:14 am
Forum: Forwarding Protocols
Topic: Is it possible to filter specific routes by using NSSA or Stub areas? [SOLVED]
Replies: 11
Views: 3105

Re: Is it possible to filter specific routes by using NSSA or Stub areas? [SOLVED]

OSPF doesn't scale. Because OSPF is designed to be a fast convergence, link-state protocol. It's not designed to be a policy shaping routing protocol like BGP. There are a few guys out there in the market who builds ISP networks using a combination of eBGP and iBGP inspired by this: https://www.rfc-...
by DarkNate
Mon Oct 30, 2023 7:30 am
Forum: General
Topic: ROUTEROS 7 BGP network announcement issue
Replies: 22
Views: 5893

Re: ROUTEROS 7 BGP network announcement issue

Thanks for your answer. Of course, if I restart the router without even doing what you say, I'll also solve my problem (before the routing table fills up, it will already have sent the default route to clients). But the challenge was not to restart the router(in production) because if next time I h...
by DarkNate
Mon Oct 30, 2023 1:09 am
Forum: General
Topic: ROUTEROS 7 BGP network announcement issue
Replies: 22
Views: 5893

Re: ROUTEROS 7 BGP network announcement issue

DarkNate, In the config you had the Hardware model "CCR1072". I had already watched the video but the person in question only has a few prefixes, above I had said that it worked when there were a few prefixes but I have several million prefixes in production and the behavior is random and...
by DarkNate
Mon Oct 30, 2023 12:33 am
Forum: General
Topic: ROUTEROS 7 BGP network announcement issue
Replies: 22
Views: 5893

Re: ROUTEROS 7 BGP network announcement issue

Hi DarkNate, So what do I actually have to do? The reason I sent in the configuration is so that someone can help me, not reproach me. Tell me exactly what I need to configure. Regards. Share your hardware model number. BGP affinity config is dependent on hardware model. https://www.youtube.com/wat...
by DarkNate
Sun Oct 29, 2023 9:35 pm
Forum: General
Topic: ROUTEROS 7 BGP network announcement issue
Replies: 22
Views: 5893

Re: ROUTEROS 7 BGP network announcement issue

Hi Darknet, Enclosed you'll find a small part of the configuration I consider relevant to your analysis. Client sessions with the "eBGP-INA" template caused me a lot of trouble to announce the default route (random behavior). Where is consistent BGP affinity config on ALL peers? Of course...
by DarkNate
Sun Oct 29, 2023 5:34 am
Forum: General
Topic: ROUTEROS 7 BGP network announcement issue
Replies: 22
Views: 5893

Re: ROUTEROS 7 BGP network announcement issue

If you could give me a BGP session configuration that would 100% announce the default route correctly in a routing table already filled with several million routes, I'd love it.
What you should be doing is exporting your /routing config and post it here for people to review.
by DarkNate
Sat Oct 28, 2023 9:21 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 176
Views: 51501

Re: Feature Request : IPv6 Fasttrack

I did not say, that OSPF is in any way better than ISIS. It is still a fact, that in enterprise networks OSPF is still in use and scaling got much less an issue with as much resources we have today in any router. So probably current support for routing protocols is no reason for MT to get used more...
by DarkNate
Sat Oct 28, 2023 6:49 pm
Forum: General
Topic: ROUTEROS 7 BGP network announcement issue
Replies: 22
Views: 5893

Re: ROUTEROS 7 BGP network announcement issue

Hi all, I have a version of ROS 7.11.2 and I have huge difficulties to send the default-originate to the client routers. Sometimes it works and sometimes it doesn't (most of the time). I've also noticed that when I have almost nothing as a prefix in my routing table, the default route is sent immed...
by DarkNate
Sat Oct 28, 2023 6:46 pm
Forum: General
Topic: Case Study: Disabling NAT and Firewall on LAN Routers
Replies: 11
Views: 1283

Re: Case Study: Disabling NAT and Firewall on LAN Routers

It will work, but it's a dumb design. Can I design something better? Of course, but nobody would design for free on a forum. I suggest you reach out to any certified MikroTik consultant for a proper design. If you want to self-learn, then a good starting point here: https://study-ccna.com/collapsed-...
by DarkNate
Sat Oct 28, 2023 6:45 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 176
Views: 51501

Re: Feature Request : IPv6 Fasttrack

OSPF is a PITA. is-is isn't. OSPF requires operational and configuration overhead when you have 1000 layer 3 devices in a network, to maintain the configuration automation template etc, across IPv4 and IPv6. Whereas with is-is, since it's CLNP, I don't need IP addressing whatsoever for underlay netw...
by DarkNate
Sat Oct 28, 2023 1:09 pm
Forum: Forwarding Protocols
Topic: VPLS fragment reassembly bug only on TILE-arch
Replies: 9
Views: 4813

Re: VPLS fragment reassembly bug only on TILE-arch

I lost any hopes that MPLS related bugs in ROS 7 will be fixed. Started to look for another router brand without success for now. Just use baby jumbo-frames at the least 1600 L2 MTU, 15xx whatever L3 MTU and no fragmentation occurs. But personally, I ensure 9k MTU on L3 and 9216 or more on L2 netwo...
by DarkNate
Sat Oct 28, 2023 11:32 am
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 176
Views: 51501

Re: Feature Request : IPv6 Fasttrack

If XDP/DPDK is used then x86 is the best choice. XDP does not depend on any special HW: https://www.iovisor.org/technology/xdp All new routerboards have ARM. (OK, there is maybe something I miss, but most of them have ARM.) DPDK: Designed to run on Arm, PowerPC and x86 processors, DPDK runs mostly ...
by DarkNate
Sat Oct 28, 2023 11:30 am
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 176
Views: 51501

Re: Feature Request : IPv6 Fasttrack

If XDP/DPDK is used then x86 is the best choice. Clearly, you have never spoken with Linux kernel programmers and system programmers to even understand what is XDP or DPDK, and how it is being deployed in the Telecom and data centre industry on all kinds of hardware architectures, ranging from x64 ...
by DarkNate
Sun Oct 22, 2023 2:06 am
Forum: RouterOS beta
Topic: mDNS repeater feature
Replies: 330
Views: 99482

Re: mDNS repeater feature

I contacted support about this issue and they responded that they will consider improving the behavior for VPLS when they are added to the bridge and VLANs are used. I would like to remove VPLS permanently and replace it with EVPN and make use of Ethernet Segment Identifiers, but alas, MikroTik sup...
by DarkNate
Fri Oct 20, 2023 5:33 pm
Forum: RouterOS beta
Topic: mDNS repeater feature
Replies: 330
Views: 99482

Re: mDNS repeater feature

Indeed, the single-bridge design cannot be used in conjunction with BGP VPLS ( https://forum.mikrotik.com/viewtopic.php?p=925249#p925249 ). MikroTik needs to give proper solution for this. Maybe contact support? What about option two here: https://forum.mikrotik.com/viewtopic.php?p=925249#p845362
by DarkNate
Fri Oct 20, 2023 4:24 pm
Forum: General
Topic: CCR2116 disappointing can't do >2gbps PPPOE, single CPU >95%
Replies: 5
Views: 2020

Re: CCR2116 disappointing can't do >2gbps PPPOE, single CPU >95%

Misconfiguration of bridge/VLAN/L3 offloading is the likely cause, too many Linux DSA expert users in this forum: https://forum.mikrotik.com/viewtopic.php?p=1025418#p1026101 Some common examples: https://help.mikrotik.com/docs/display/ROS/Layer2+misconfiguration If the above don't apply to you, then...
by DarkNate
Thu Oct 19, 2023 5:48 pm
Forum: Forwarding Protocols
Topic: PIM in OS7
Replies: 2
Views: 2996

Re: PIM in OS7

Your configuration is likely the problem.

See here, PIM works okay for me, inter-VLAN.

viewtopic.php?p=1029268#p1022915
by DarkNate
Thu Oct 19, 2023 5:45 pm
Forum: General
Topic: RFC 9234 implementation status: Roles, but no OTC!?
Replies: 2
Views: 740

Re: RFC 9234 implementation status: Roles, but no OTC!?

MikroTik RFC9234 is only partial implementation, not full implementation. Check with support.

Meanwhile, Cisco and Juniper don't support it anywhere.
by DarkNate
Wed Oct 18, 2023 8:08 pm
Forum: Scripting
Topic: For ISP: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 21
Views: 70318

Re: For ISP: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

Yes, but is clearly indicated: Warning: this two rules can break the Path MTU Discovery (PMTUD), use only if your device are sensible to "Large ICMP" or "Ping of Death" attack. On doubt, do not use at all!!! 3) Thanks, added on future update. ICMP Completely removed, to avoid pr...
by DarkNate
Wed Oct 18, 2023 7:32 pm
Forum: General
Topic: CPU Issue when enabling RPKI
Replies: 8
Views: 2413

Re: CPU Issue when enabling RPKI

Thanks for your reply. Unfortunately, the technical article refers to VLANs or ports in bridge mode. On my MikroTik RBs, there are no VLANs or bridges. There are only two network interfaces: one connected to the IXP switch and the other to the our switch, in access mode and not VLAN, connected to o...
by DarkNate
Wed Oct 18, 2023 7:28 pm
Forum: Scripting
Topic: For ISP: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 21
Views: 70318

Re: For ISP: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

I was hoping rextended removed the ICMP stuff, which is a bad idea to deploy in prod or even for home users. 1. ICMP is rate limited in RouterOS by default, and same on all network vendor OSes, same on Linux vanilla kernel as well 2. Breaks PMTUD and is just stupid, I've seen large-scale networks do...
by DarkNate
Wed Oct 18, 2023 1:19 pm
Forum: General
Topic: "ipv6 address from-pool" lost after reboot
Replies: 9
Views: 1133

Re: "ipv6 address from-pool" lost after reboot

Mobile carriers limiting us to ::/64 per SIM card is only one example. So I'd like to stop this discussion here and come back to the question I asked. That's not the problem at all. The issue here is, you aren't aggregating your ULA into a single pool. The mobile carrier's /64, you can just use NAT...
by DarkNate
Wed Oct 18, 2023 12:34 pm
Forum: General
Topic: "ipv6 address from-pool" lost after reboot
Replies: 9
Views: 1133

Re: "ipv6 address from-pool" lost after reboot

Using a single pool is not an option here. We have a few thousand devices and each has it's own fd10:x:y:z::/64 prefix. In certain environments, we need an additional network that we can advertise to hosts, and this can't be in the fd10::/16 range. This sounds like a problematic approach, IMO. I'd ...
by DarkNate
Wed Oct 18, 2023 12:21 pm
Forum: General
Topic: "ipv6 address from-pool" lost after reboot
Replies: 9
Views: 1133

Re: "ipv6 address from-pool" lost after reboot

Have a single aggregated pool of the entire /56 or whatever, then use the ::1, ::2... On each different VLAN/Interface, that should work fine.
by DarkNate
Wed Oct 18, 2023 1:22 am
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 176
Views: 51501

Re: Feature Request : IPv6 Fasttrack

@DarkNate: Replace XDP by VPP and keep DPDK, please! Or use all of them! :)) VyOs just transitioned from XDP to VPP and many other projects use it, to support >10G speeds. https://wiki.fd.io/view/VPP/What_is_VPP%3F Still, something should have already be done by MT about IPv6 performance! DPDK/VPP ...
by DarkNate
Tue Oct 17, 2023 8:26 pm
Forum: Forwarding Protocols
Topic: ROS 7.11 OSPF PTP Unnumbered
Replies: 3
Views: 2672

Re: ROS 7.11 OSPF PTP Unnumbered

Unnumbered OSPF or BGP for that matter, does not work on RouterOS, not even on 7.11.2
by DarkNate
Tue Oct 17, 2023 5:58 pm
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 54
Views: 88602

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

Speaking of IPv6, it seems the author published one article on it. Definitely not MikroTik specific, so might make more sense to just comment it here instead:
https://www.daryllswer.com/ipv6-archite ... operators/
by DarkNate
Tue Oct 17, 2023 5:56 pm
Forum: Beginner Basics
Topic: L3 Hardware offloading in Mikrotik
Replies: 2
Views: 1199

Re: L3 Hardware offloading in Mikrotik

Configure as per your hardware model:
https://help.mikrotik.com/docs/display/ ... +switching
by DarkNate
Tue Oct 17, 2023 5:55 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 176
Views: 51501

Re: Feature Request : IPv6 Fasttrack

MikroTik should just adopt XDP with hardware offloading to the NIC for packet filtering. To Adopt DPDK (or its derivatives) for packet forwarding, a lot of MikroTik boxes would be able to forward 100Gbps at near line-rate using CPU alone with XDP + DPDK.
by DarkNate
Tue Oct 17, 2023 5:53 pm
Forum: General
Topic: CPU Issue when enabling RPKI
Replies: 8
Views: 2413

Re: CPU Issue when enabling RPKI

Fix your BGP affinity as step 1.

Then make sure your L3 offloading, bridge/VLAN configuration is matching this:
https://help.mikrotik.com/docs/display/ ... +switching
by DarkNate
Tue Oct 17, 2023 5:52 pm
Forum: RouterOS beta
Topic: Feature Request - NAT64/DNS64 CGN
Replies: 27
Views: 21797

Re: Feature Request - NAT64/DNS64 CGN

The problem with this is, it does not scale, not usable for production pumping 100Gbps traffic per nanosecond. MikroTik needs to add proper CLAT, proper 464xlat and NAT64.
by DarkNate
Mon Oct 16, 2023 8:27 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

there is journey remaining towards full ROA compliance
Don't confuse ROA data and ROV data. Even if ROA data is 100% compliance, it is useless if there's no ROV implementation.
by DarkNate
Mon Oct 16, 2023 8:13 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

@DarkNate As far as I know at least in our region (Asia), ROA record is a _must_ now a days if you are advertising your prefix to upstream that's why pe1chl is suggesting that let the upstream handle this RPKI validation, I personally has this mentality too are we really out of touch on reality? Al...
by DarkNate
Mon Oct 16, 2023 6:09 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

I have a few questions regarding the ESXi host and the CHR VM: What CPU is used? Intel Xeon E5-2620? Intel Xeon Gold 5415+? AMD EPYC 7302? Are the vCPU on the same Socket? (think NUMA and accessing RAM from different CPU socket) What setting are you using for the CPU/MMU virtualization? Which physi...
by DarkNate
Mon Oct 16, 2023 6:07 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

i am pretty sure there is a way to give the technical message without going into personal affairs
Nothing personal, at all, from my POV. Strictly business here. And as far as “technical message”, that's what MANRS is for.
by DarkNate
Mon Oct 16, 2023 4:52 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

I don't think you can/should do RPKI validation on a single-peer endpoint. Leave that to your upstream ISP. They can do all the route selection for you and send you only a default route. Are you new to network operations and NOG forums? Do you even know what MANRS is? Very few Tier 1s, Tier 2s and ...
by DarkNate
Sun Oct 15, 2023 1:22 am
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

I don't see how any of that would be an advantage when having only one peer. It's abundantly clear you don't understand how RPKI validation/filtering works and why we should all implemented it. You are under the impression that you need to be multi-homed for RPKI validation to work. Start here: htt...
by DarkNate
Sat Oct 14, 2023 8:05 pm
Forum: General
Topic: Mikrotik SUCKS
Replies: 82
Views: 12279

Re: Mikrotik SUCKS

For example - The VLAN concept used by Cisco is something everyone understands and is widley copied everywhere, and its the same on all devices regardless of underlaying chipsets. However in Mikrotik, it's both very chipset dependent, and you can do wrong in multiple ways both in hardware bridge an...
by DarkNate
Sat Oct 14, 2023 4:02 pm
Forum: General
Topic: Mikrotik SUCKS
Replies: 82
Views: 12279

Re: Mikrotik SUCKS

RouterOS can be, very confusing if you are very in to like Cisco/Juniper for since many years. It also can be very confusning if you are a DIY Linux/OpenWRT person and are looking for files to edit. One "drawback" is that you can accomplish things in different ways, with pros and cons. Th...
by DarkNate
Sat Oct 14, 2023 3:54 pm
Forum: Scripting
Topic: Script to update RouterOS after X days of release
Replies: 51
Views: 8440

Re: Script to update RouterOS after X days of release

Rather than some "script" based in RouterOS itself, something like this calls for real network automation. Use Ansible or something similar, or custom python code that runs on a seperate box.
by DarkNate
Sat Oct 14, 2023 3:49 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

BGP can run multithreaded (see posting above), but when you have only 1 peer there is nothing to gain that way. Is this only a test? Or else, why would you run full-table BGP with only 1 peer? Ask the ISP to send you only a default route... Full table with one peer (or more) ensures this network ca...
by DarkNate
Tue Oct 10, 2023 4:56 pm
Forum: Wireless Networking
Topic: Mikrotik hAP AX3 very bad Wi-Fi performance and coverage
Replies: 33
Views: 9076

Re: Mikrotik hAP AX3 very bad Wi-Fi performance and coverage

And for hAP ax³, why would sticks rotate around second axis, if it's doughnut shape?
Exactly. I don't know how to properly align the antennas on hAP ax3, MikroTik made sure to keep this a secret for reasons I cannot understand.
by DarkNate
Mon Oct 09, 2023 10:06 pm
Forum: Wireless Networking
Topic: Mikrotik hAP AX3 very bad Wi-Fi performance and coverage
Replies: 33
Views: 9076

Re: Mikrotik hAP AX3 very bad Wi-Fi performance and coverage

Not really my expertise but one can assume those antennas on AX3 provide a doughnut shaped radiation pattern perpendicular to the axis of the antenna. For AX2 I think it will be more spherical. Measurement data (from certification ??) might be helpful indeed. I don't know, but a crystal clear docum...
by DarkNate
Mon Oct 09, 2023 10:01 pm
Forum: Wireless Networking
Topic: Mikrotik hAP AX3 very bad Wi-Fi performance and coverage
Replies: 33
Views: 9076

Re: Mikrotik hAP AX3 very bad Wi-Fi performance and coverage

I didn't check the configuration details of OP. But I have a hAP ax2 and hAP ax3, identical config, but ax3 has wireless coverage and performance issues. Maybe it's the way I aligned the antennas or what? Possibly MikroTik can share antenna guide for this model, the blueprints of how the rotational ...
by DarkNate
Mon Oct 09, 2023 9:57 pm
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4398

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

Translation = F*** I'm Good, Just Ask Me !
Translation = I don't need praise from people in this forum. Money doesn't reach my bank account from here. Some people have appreciated my comments in this forum, some have not, doesn't matter to me either way.
by DarkNate
Sun Oct 08, 2023 2:08 pm
Forum: Beginner Basics
Topic: Cross VLAN Multicast / PIM Config
Replies: 30
Views: 7361

Re: Cross VLAN Multicast / PIM Config

I have a CCR<>ax2 setup, where ax2 is a layer 2 devices only. I never actually see PIM packets on my Wi-Fi clients for some reason, it seems wifiwave2 blocks PIM packets? I am not sure, but the MDB table is properly populated so not sure what's going on. I check with WireShark on client side. I see ...
by DarkNate
Thu Oct 05, 2023 9:08 pm
Forum: Beginner Basics
Topic: Cross VLAN Multicast / PIM Config
Replies: 30
Views: 7361

Re: Cross VLAN Multicast / PIM Config

It is a temporary setup. I'll will set VLANs on the same bridge when I buy another VLAN-capable device to plug to ether 3 (GUEST now) which is going to be set as a trunk port so that I can have multiple VLANs on the new device. You only need to configure access port based VLAN for your current setu...
by DarkNate
Thu Oct 05, 2023 3:55 pm
Forum: Beginner Basics
Topic: Cross VLAN Multicast / PIM Config
Replies: 30
Views: 7361

Re: Cross VLAN Multicast / PIM Config

The IGMP/MLD snooping can be set only for ports on the same bridge, which it doesn't seem to be my case.
You are not supposed to be using multiple bridges, read this:
viewtopic.php?p=1026098#p1026101
by DarkNate
Thu Oct 05, 2023 1:48 pm
Forum: Beginner Basics
Topic: Cross VLAN Multicast / PIM Config
Replies: 30
Views: 7361

Re: Cross VLAN Multicast / PIM Config

I set 3 interfaces in bridge (my main LAN), set also services on it. On another interface I set a different subnet for GUEST. Would your setup work for DLNA discovery too? A device on the GUEST subnet needs to contact a service running on the LAN side. Unfortunately I can't set up VLANs at the mome...
by DarkNate
Mon Oct 02, 2023 9:03 pm
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4398

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

<rant> Dude, these ad hominem attacks have got to stop . They add absolutely zero value to the conversation, and every disparaging remark you make completely erases any clout or respect you might have earned when sharing your expertise or opinion. I came to this thread expecting to see what users h...
by DarkNate
Mon Oct 02, 2023 11:18 am
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4398

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

was not sarcasm maybe sometimes the rude tone i perceive on your words is only the result of the translation. but i found your position not very thoughtful neither constructive Yeah, like I care about what some random dude on the internet thinks about it. You can think what you want, we're never cr...
by DarkNate
Sat Sep 30, 2023 12:35 pm
Forum: Forwarding Protocols
Topic: radvd invalid mtu log spam
Replies: 4
Views: 1856

Re: radvd invalid mtu log spam

Example from hAP ax3 core router deployment: /ipv6 firewall raw add action=drop chain=prerouting icmp-options=134:0-255 in-interface=vlanIX protocol=icmpv6 Neighbor Discovery packets received from upstream router are dropped. This doesn't solve the issue at scale, the RAs still flood the wire, stil...
by DarkNate
Fri Sep 29, 2023 1:18 pm
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4398

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

On the other hand - you really can't buy a Nexus or QFX without a pricey support agreement (except for second hand)
Fair argument. MikroTik can sell reasonably priced support agreement. 1/2 the price of Cisco or Juniper.
by DarkNate
Fri Sep 29, 2023 12:19 pm
Forum: Beginner Basics
Topic: Is client isolation worth it? How much does it increase security?
Replies: 3
Views: 1048

Re: Is client isolation worth it? How much does it increase security?

For SOHO/Home? I think having VLAN Segregation is sufficient, because each VLAN will have a unique IPv4 and IPv6 subnet, which helps with firewall ACLs, custom policy routing, NAT logging etc. I don't do anything special personally for SOHO/Home, plain VLANs and segregated IPv4/IPv6 subnets and I'm ...
by DarkNate
Fri Sep 29, 2023 12:11 pm
Forum: Forwarding Protocols
Topic: radvd invalid mtu log spam
Replies: 4
Views: 1856

Re: radvd invalid mtu log spam

You should contact IXP support and register a ticket. It's against IXP rules to flood RAs. Someone recently posted about it here.
by DarkNate
Fri Sep 29, 2023 12:10 pm
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4398

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

Even if they made the hardware, the lack of paid software support would limit the market for MikroTik. No serious operator is going to run hardware with no realistic prospect of a fix in a timely manner. I think this is the real issue. Even if MikroTik made a REAL L3 switching box, say a box costs ...
by DarkNate
Thu Sep 28, 2023 11:36 am
Forum: General
Topic: [Question] Does Mikrotik support DOH over IPv6?
Replies: 2
Views: 1251

Re: [Question] Does Mikrotik support DOH over IPv6?

IPv6-only DNS on MikroTik has never worked correctly for me.
by DarkNate
Thu Sep 28, 2023 11:32 am
Forum: General
Topic: Mikrotik SUCKS
Replies: 82
Views: 12279

Re: Mikrotik SUCKS

I had no problem setting up my first Mikrotik in 2016 when they barely had any youtube tutorials and I was only taught basic networking for one semester. Every time I see IT """engineer""" I remember that old error "We seem to have encountered some issue but our t...
by DarkNate
Thu Sep 28, 2023 11:26 am
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4398

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

Some of these would come for free as they can be done in software on the existing hardware, but others such as a larger TCAM come at a cost.
Many people are willing to pay that cost, though, is the point. A MikroTik box won't cost me $400k.
by DarkNate
Thu Sep 28, 2023 11:25 am
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4398

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

if you see that as an easy task then you are missing a good opportunity, raise some capital and startup your idea i will be expecting that equipment built by your startup to revolutionize the market You have the knowledge and the opportunity so go for it Clearly this is sarcasm, not sure who's fall...