Community discussions

Search found 120 matches

by lavv17
Mon Dec 25, 2017 2:59 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

I'd like to have a setting to change ppp aaa order: radius first, then local. The default is now local first.
by lavv17
Wed Nov 22, 2017 3:13 pm
Forum: General
Topic: CCR health monitoring
Replies: 1
Views: 362

CCR health monitoring

Hello! I'm setting up check_mk monitoring for CCR health parameters (voltage, current, temperature, etc). But I'm not sure which warning/critical thresholds should I use. Can you help me?

And BTW, several CCRs of mine have had problems with PSU (bad capacitors).
by lavv17
Mon Nov 20, 2017 12:04 pm
Forum: Announcements
Topic: MikroTik used by Amazon in their cloud datacenters
Replies: 34
Views: 18053

Re: MikroTik used by Amazon in their cloud datacenters

Cool. I've also seen a pair of MikroTik's in a https://en.wikipedia.org/wiki/Magnit grocery store today. They were labeled "master" and "backup" :)
by lavv17
Tue Oct 31, 2017 8:18 am
Forum: General
Topic: selective connection tracking
Replies: 5
Views: 829

Re: selective connection tracking

connection tracking is needed for NAT and connection-state checking in the firewall. If you don't need these features, it should be safe to disable connection tracking. But it will only help if CPU is already quite loaded.
by lavv17
Wed Oct 11, 2017 12:16 pm
Forum: General
Topic: selective connection tracking
Replies: 5
Views: 829

Re: selective connection tracking

It works very well! Thanks, MikroTik!
by lavv17
Wed Sep 13, 2017 5:20 pm
Forum: General
Topic: CCR1036-8G-2S+EM taken down by 200kpps DDoS
Replies: 9
Views: 2410

Re: CCR1036-8G-2S+EM taken down by 200kpps DDoS

Any news on the issue? I've problems with 300kpps flood with connection tracking disabled.
by lavv17
Tue Apr 04, 2017 12:34 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

It would be nice if routing updates were more atomic. Currently converging BGP full view can lead to temporary routing loops. They last for a minute or two. My setup consists of 3 CCR1036 routers facing different providers; iBGP between each pair of them. When a router boots up, a temporary loop can...
by lavv17
Wed Mar 29, 2017 3:41 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Hello!

RouterOS "ip route print where dst-address in x.x.x.x/z" is fast. But for a reason the same for ipv6 is slow (when the number of routes is large).

Please, make ipv6 route lookups fast as well.
by lavv17
Fri Feb 10, 2017 3:00 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

There is the option:
src-address-type (unicast | local | broadcast | multicast; Default: )
local - if address is assigned to one of router's interfaces
Cool, thanks! I'll use this feature.
by lavv17
Thu Feb 09, 2017 2:50 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Filtering packets in chain=input can affect srcnat. So it would be nice to limit filtering to local routers's IP addresses. But it would be hard to maintain such a list of addresses, if the router's configuration is changed from time to time. So here goes a feature request: an automatic address-list...
by lavv17
Mon Dec 12, 2016 4:59 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Yet another feature request:

add netwatch options to send TCP port probes (e.g. check if port 80 is open on a server for load balancing)
by lavv17
Tue Nov 29, 2016 9:46 am
Forum: General
Topic: ip proxy performance
Replies: 0
Views: 499

ip proxy performance

Sometimes www proxy in routeros shows very low performance: low throughput, high delay before accepting new connections. The total number of active connection (as shown by "ip proxy monitor") is below 150, traffic to clients is about 1Mbit/s Are there any hints for proxy performance optimization and...
by lavv17
Thu Oct 06, 2016 11:56 am
Forum: Scripting
Topic: ppp on-up/on-down variables
Replies: 5
Views: 5495

Re: ppp on-up/on-down variables

Thanks, it helped me too.

It can be made shorter by combining declaration and assignment like this:
:local remoteAddr $"remote-address"
by lavv17
Wed Sep 21, 2016 12:17 pm
Forum: General
Topic: ping RTT on a CCR1036 in BRAS mode (PPPoE server)
Replies: 4
Views: 695

Re: ping RTT on a CCR1036 in BRAS mode (PPPoE server)

Here are corresponding memory usage graphs. Old routeros versions have had a memory leak, but newer ones are not so clear. http://lav.yar.ru/ccr0-mem-yearly.gif http://lav.yar.ru/ccr1-mem-yearly.gif http://lav.yar.ru/ccr2-mem-yearly.gif http://lav.yar.ru/ccr3-mem-yearly.gif http://lav.yar.ru/ccr4-me...
by lavv17
Tue Sep 20, 2016 10:45 am
Forum: General
Topic: ping RTT on a CCR1036 in BRAS mode (PPPoE server)
Replies: 4
Views: 695

Re: ping RTT on a CCR1036 in BRAS mode (PPPoE server)

Two other CCR1036 show similar pictures: http://lav.yar.ru/ccr1-ping.png http://lav.yar.ru/ccr2-ping.png But two another don't: http://lav.yar.ru/ccr3-ping.png http://lav.yar.ru/ccr4-ping.png The only difference I see now is that ccr0, ccr1 and ccr2 have a DHCP server enabled and ccr3-4 don't. So pr...
by lavv17
Tue Sep 20, 2016 10:31 am
Forum: General
Topic: ping RTT on a CCR1036 in BRAS mode (PPPoE server)
Replies: 4
Views: 695

Re: ping RTT on a CCR1036 in BRAS mode (PPPoE server)

Is this the ping time between the monitoring system and the bras?
Yes, exactly.
by lavv17
Mon Sep 19, 2016 4:00 pm
Forum: General
Topic: ping RTT on a CCR1036 in BRAS mode (PPPoE server)
Replies: 4
Views: 695

ping RTT on a CCR1036 in BRAS mode (PPPoE server)

Hello!

Here is an interesting statistics on a CCR1036 working as a BRAS (PPPoE server). See the picture:
Image

As you see, ping RTT grows over time and resets on reboot. It may be some kind of a resource leak.
by lavv17
Mon Sep 19, 2016 3:08 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Hello!

Nice features to have:
1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
2. NAT parameter to-addresses could refer to an IP pool.
by lavv17
Mon Sep 12, 2016 4:12 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

I'd like to have a new feature: "graceful reboot". Things to do before actual reboot: 1. disconnect ppp users (while not accepting new ones) 2. transition vrrp to backup state 3. disable external bgp peers 4. wait for routing convergence Without these, there is a time frame when traffic loops and/or...
by lavv17
Tue Sep 06, 2016 12:28 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Fasttracking that traffic you want to be excluded from queues is much more efficient.
But keep the exclusion queue for the cases when some connections couldn't be fasttracked.
I have turned off connection tracking for most connections (using raw table), so it won't be efficient in my case.
by lavv17
Mon Sep 05, 2016 11:26 am
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

create a queue for local traffic and put it on the top. it will catch all local traffic, and all the rest will be caught by 'personal' queues p.s. if you won't set any limits on that queue, don't forget to change at least something (like queue type) for this queue to actually work Cool! It seems to...
by lavv17
Tue Aug 30, 2016 12:03 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-parks" parameter stopped working. what do you use them for? I want to exclude some traffic from the rate limitation (so called local traffic). I used to mark non-local traffic and add the pack...
by lavv17
Fri Aug 26, 2016 1:07 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-marks" parameter stopped working. Is it possible to create a template for the dynamic simple queues which are created for PPPoE users, so that I can specify some parameters like "packet-marks" ...
by lavv17
Thu Jun 16, 2016 9:59 am
Forum: General
Topic: selective connection tracking
Replies: 5
Views: 829

Re: selective connection tracking

Thanks! I'll try it when it will be released.
by lavv17
Fri Jun 10, 2016 4:05 pm
Forum: General
Topic: raw table, NOTRACK, SYN flood
Replies: 9
Views: 7060

Re: raw table, NOTRACK, SYN flood

+1
This addition could save some resources on the routers.
by lavv17
Fri Jun 10, 2016 4:02 pm
Forum: General
Topic: selective connection tracking
Replies: 5
Views: 829

selective connection tracking

Hello!

Is it possible to do selective connection tracking? In my setup the routers forward lots of traffic, but connection tracking is only required for input/output chains, not forward. Is it possible to implement to save resources?
by lavv17
Wed Jun 08, 2016 12:46 pm
Forum: Beginner Basics
Topic: Can't get IP V6 address with PPPoE ISP
Replies: 7
Views: 902

Re: Can't get IP V6 address with PPPoE ISP

BTW, is DHCPv6 server implemented in RouterOS so that such kind of PPPoE connection could be implemented on the server side by MikroTik?
by lavv17
Thu Feb 25, 2016 1:09 pm
Forum: Announcements
Topic: v6.34.2 [current] is released!
Replies: 60
Views: 22814

Re: v6.34.2 [current] is released!

It would be fine even if you distribute ZIP via plain http. Torrent was useful to me just because it allowed to download all the files at once.
by lavv17
Wed Feb 24, 2016 10:37 am
Forum: Announcements
Topic: v6.34.2 [current] is released!
Replies: 60
Views: 22814

Re:

Isn't easier to download it from official website than asking here for it? I would prefer mikrotik could do it, if anyone has to seed... MikroTik releases RouterOS also as a torrent (for all routerboard architectures). But for this release there were no seeders for some reason. I like the torrent r...
by lavv17
Sat Feb 20, 2016 2:57 pm
Forum: Announcements
Topic: v6.34.2 [current] is released!
Replies: 60
Views: 22814

Re: v6.34.2 [current] is released!

Please, anybody, seed the torrent for v6.34.2.
by lavv17
Fri Jan 29, 2016 2:54 pm
Forum: Scripting
Topic: Object-Oriented Perl API at CPAN
Replies: 17
Views: 2457

Re: Object-Oriented Perl API

marting
Please consider applying the patch from my bug report:
https://rt.cpan.org/Public/Bug/Display.html?id=111476
by lavv17
Mon Dec 28, 2015 2:28 pm
Forum: SwOS
Topic: SwOs API?
Replies: 1
Views: 1842

SwOs API?

Hello! Is there anything like API for manipulating SwOs configuration? I've looked at the protocol, it seems quite easy to use (e.g. POST /links.b with some json data can tune ports). But before going to reverse engineer and implement those POSTs I'd like to check if there is any existing framework ...
by lavv17
Thu Aug 13, 2015 4:40 pm
Forum: General
Topic: Default route unavailable on a /31 network
Replies: 2
Views: 1007

Re: Default route unavailable on a /31 network

I had the same problem. Mikrotik support replied /31 networks are not supported. I made a workaround: I assigned overlapping /29 network and created a pair of static routes for the parts not belonging to the actual /31 network. E.g. if you have x.x.x.41/31 and x.x.x.40 as the gateway, then you can a...
by lavv17
Mon Jun 16, 2014 1:35 pm
Forum: Forwarding Protocols
Topic: BGP no-export attribute
Replies: 8
Views: 2609

Re: BGP no-export attribute

I encountered the problem when migrating from cisco to mikrotik. I had a route-map which set no-export community (outbound). When I directly translated the route-map to "ip routing filter" outbound chain, the routes disappeared. I think the no-export community should be used for route filtering befo...
by lavv17
Tue Jun 10, 2014 2:51 pm
Forum: General
Topic: OPENSSL 5 june bugs
Replies: 11
Views: 2646

Re: OPENSSL 5 june bugs

I think it's only https (www-ssl) which is affected. But I don't know for sure. Use good firewall settings and you would be fine.
by lavv17
Tue Jun 10, 2014 1:35 pm
Forum: Forwarding Protocols
Topic: BGP no-export attribute
Replies: 8
Views: 2609

BGP no-export attribute

Hello!

Is it possible to advertise routes to another AS tagged with no-export community?

It seems that append-bgp-communities=no-export in output routing filter prevents the route from being advertised, nevertheless is is listed in "routing bgp advertisements".
by lavv17
Tue Feb 11, 2014 4:25 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

MT please please. We need more queue options in PPP profile. For example we need different values in max-limit and limit-at. When using Radius for AAA, now dynamic simple queues create with same value at limit-at. It restricts us to do some QoS and it fights off RouterOS`s powerful, intelligent que...
by lavv17
Fri Feb 07, 2014 6:29 pm
Forum: General
Topic: 6.9 released!
Replies: 223
Views: 79585

Re: 6.9 released!

For some reason after upgrade from 6.7 to 6.9 bonding stopped working, interfaces don't join together. Flags: X - disabled, R - running 0 R name="bonding1" mtu=1500 mac-address=D4:CA:6D:77:6D:34 arp=enabled slaves=ether1,ether2 mode=802.3ad primary=none link-monitoring=mii arp-interval=100ms arp-ip-...
by lavv17
Mon Nov 11, 2013 12:07 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015399

Re: CLOUD CORE ROUTER

Upgrade 6.5 to 6.6 on a CCR leaves bonding interface with MAC address 00:00:00:00:00:00. Fixed by interface recreation.
by lavv17
Thu Sep 26, 2013 1:18 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015399

Re: CLOUD CORE ROUTER

CCRs work here flawlessly for weeks serving around 900 pppoe users each. Surely there are problems with the software, but they are not global and happen only in certain configurations (e.g. I discovered a problem with PCQ and had to use dynamic simple queues).
by lavv17
Tue Sep 24, 2013 9:53 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015399

Re: CLOUD CORE ROUTER

Lol. You didn't see any real operator class router if you are willing to name this board like that.
"real operator class router" costs 10-20 times more. For me, CCR delivers good enough performance. Especially considering it's cost.
by lavv17
Fri Sep 13, 2013 8:13 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015399

Re: CLOUD CORE ROUTER

pcq on ccr seems to work incorrectly for large number (>500) of concurrent clients. Are there any internal limitations?
by lavv17
Thu Jul 11, 2013 12:27 pm
Forum: General
Topic: a wish: PPPoE server delay setting
Replies: 8
Views: 4661

Re: a wish: PPPoE server delay setting

Yes, I have 3 CCRs with 6.0 and 6.1 now. They run quite well, but there is latency jitter issue under load, although CPU utilization is under 25%.
by lavv17
Thu Jul 11, 2013 11:57 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015399

Re: CLOUD CORE ROUTER

CCR1036 is stable here, with 700 PPPoE users and 1 BGP session. My only concern is about latency jitter. I think there is a mutex in the kernel which is held for too much time.
by lavv17
Tue Apr 23, 2013 12:53 pm
Forum: General
Topic: a wish: PPPoE server delay setting
Replies: 8
Views: 4661

Re: a wish: PPPoE server delay setting

rc14 pre-release seems to fix the performance problem :)
by lavv17
Fri Apr 12, 2013 7:57 am
Forum: General
Topic: a wish: PPPoE server delay setting
Replies: 8
Views: 4661

Re: a wish: PPPoE server delay setting

omega-00 Cool! Thank you! BTW, it looks like CCR-1036 cannot properly handle more than 300 pppoe users and 300 Mb/s of traffic in my configuration. I use pcq for user rate limit. Here are ether1 and cpu graphs from the last day, people complained about too low speed. http://lav.yar.ru/tmp/ether1-da...
by lavv17
Wed Apr 10, 2013 11:00 am
Forum: General
Topic: a wish: PPPoE server delay setting
Replies: 8
Views: 4661

Re: a wish: PPPoE server delay setting

max-sessions setting does not allow sterling fallback, e.g. if CCR hangs.
by lavv17
Mon Apr 08, 2013 3:00 pm
Forum: General
Topic: a wish: PPPoE server delay setting
Replies: 8
Views: 4661

a wish: PPPoE server delay setting

Hi! For load balancing it would be nice to have a "delay" parameter in settings of PPPoE servers. It would delay PADO packet for specified number of milliseconds or microseconds. In fact, without this setting I cannot really test CCR in PPPoE BRAS configuration, because it cannot compete with i5 PC ...
by lavv17
Mon Nov 26, 2012 12:49 pm
Forum: General
Topic: uTP protocol matching
Replies: 1
Views: 795

uTP protocol matching

Hello!

RouterOS has p2p matching capability. Does it match uTP protocol too? (it's udp based peer protocol)
by lavv17
Wed Oct 31, 2012 11:56 am
Forum: General
Topic: v6 RC2 released
Replies: 98
Views: 30418

Re: v6 RC2 released

I am satisfied with the 32 bit version. Why would you need a different one ? Thanks.
I've heard that x86_64 code is a bit faster. More processor registers are available, for example.
by lavv17
Wed Oct 31, 2012 11:53 am
Forum: General
Topic: v6 RC2 released
Replies: 98
Views: 30418

Re: v6 RC2 released

reason is amount of work and amount of testing, driver related work who knows what else that goes on underneath there Probably most of work and testing would be related to 32->64 migration of routeros kernel modules, and it would be done anyway for CCR. Linux drivers have already been tested in 64 ...
by lavv17
Tue Oct 30, 2012 2:39 pm
Forum: General
Topic: v6 RC2 released
Replies: 98
Views: 30418

Re: v6 RC2 released

CCR will - it's 64bit :)
Great :) Will there be an x86_64 version?
by lavv17
Fri May 25, 2012 6:17 pm
Forum: Wireless Networking
Topic: multicast when AP is in bridge mode
Replies: 4
Views: 1876

Re: multicast when AP is in bridge mode

Thanks for multicast-helper setting!
by lavv17
Fri May 18, 2012 7:56 am
Forum: General
Topic: Multicast helper
Replies: 3
Views: 3507

Re: Multicast helper

I think it is the same as before. I get a more stable result with OSPF if I set DR on AP and disable BDR at all. NBMA is even more stable, but does not work correctly on versions before 5.x
by lavv17
Sat May 12, 2012 10:13 am
Forum: General
Topic: Multicast helper
Replies: 3
Views: 3507

Re: Multicast helper

Yes, on point-to-point links.
by lavv17
Fri May 11, 2012 11:48 am
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

well, now (v6, AFAIR) ROS can send mutlicast paskets as unicast frames, so udpxy is not actual just for wifi
If I understand correctly, multicast-helper works only for point-to-point radio links. Udpxy can help if there is a standard home WiFi network with multiple client devices.
by lavv17
Wed Apr 18, 2012 4:49 pm
Forum: General
Topic: v6.0beta1 released!
Replies: 35
Views: 13740

Re: v6.0beta1 released!

will there be a x86_64 version? Probably it would provide a better performance.
by lavv17
Wed Apr 04, 2012 9:29 am
Forum: General
Topic: x86 hangs with RTL8111/8168B rev 06
Replies: 0
Views: 577

x86 hangs with RTL8111/8168B rev 06

I have a server with routeros 5.11 (same with 5.14), which eventually locks up hard if built-in ethernnet is used. 0 device="04:00.0" name="RTL8111/8168B PCI Express Gigabit Ethernet controller (rev: 6)" vendor="Realtek Semiconductor Co., Ltd." category="Ethernet controller" vendor-id="0x10ec" devic...
by lavv17
Thu Mar 15, 2012 1:22 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

integrate udpxy. Very useful for IPTV over WiFi for home users.
by lavv17
Thu Nov 17, 2011 12:49 pm
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10110

Re: IPv6 TODO

I need dynamic "ipv6 firewall address-list", currently it's only static.
Also ospf-v3 is not quite stable, there are stuck redistributed routes.
by lavv17
Thu Oct 27, 2011 1:26 pm
Forum: Forwarding Protocols
Topic: Database description packet has different master status flag
Replies: 65
Views: 34671

Re: Database description packet has different master status

usually default mode works well, unless the radio link is not reliable.
by lavv17
Mon Oct 24, 2011 10:00 am
Forum: Forwarding Protocols
Topic: Database description packet has different master status flag
Replies: 65
Views: 34671

Re: Database description packet has different master status

It can be a problem with multicast. I had a similar problem with unreliable radio link and also with a switch with incorrectly set multicast traffic control.
by lavv17
Mon Aug 01, 2011 10:02 am
Forum: General
Topic: Forum availability via IPv6
Replies: 30
Views: 4693

Re: Forum availability via IPv6

 3  2001:5a0:2800::e (2001:5a0:2800::e)  77.652 ms  77.582 ms  77.526 ms
 4  ffm-b10-link.telia.net (2001:2000:3080:30c::1)  79.093 ms  79.060 ms  77.255 ms
 5  s-b3-v6.telia.net (2001:2000:3018:9::1)  100.877 ms  99.454 ms  106.812 ms
 6  * * *
 7  * * *
It does not work here too.
by lavv17
Thu Jul 28, 2011 10:57 am
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10110

Re: IPv6 TODO

Can you pass IPv6 network routes to attached PPPoE clients assigned through Radius?
Yes, with Framed-IPv6-Prefix. They stuck in ospf, though, Ticket#2011051866000501.
by lavv17
Tue Jun 28, 2011 11:20 am
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10110

Re: IPv6 TODO

I am impatient to see full IPv6 PPPoE-server support in ROS. I would allow me to throw away several ciscos.
It works here (ROS 5.4). I just miss dynamic ipv6 address-lists.
by lavv17
Mon May 16, 2011 10:06 am
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10110

Re: IPv6 TODO

dynamic ipv6 address lists are really needed to implement rate limitation with pcq.
by lavv17
Mon Apr 25, 2011 9:44 am
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Currently ROS sets irq smp_affinity to a single core, thus the interrupts of a single ethernet card with one irq do not get distributed over the cores. It would be nice if the command "system resource irq set ... cpu=0,1,2,3" worked and set the affinity mask to multiple cores. It is reported that wi...
by lavv17
Thu Apr 21, 2011 2:38 pm
Forum: General
Topic: ROS 5.1 questions (IPv6, CPU load)
Replies: 11
Views: 1454

Re: ROS 5.1 questions (IPv6, CPU load)

For ppp interfaces in ppp profile set use-ipv6=no
I'd like to do just the reverse :) Leave it on for ppp and disable it on a VLAN.
by lavv17
Thu Apr 21, 2011 2:34 pm
Forum: General
Topic: ROS 5.1 questions (IPv6, CPU load)
Replies: 11
Views: 1454

Re: ROS 5.1 questions (IPv6, CPU load)

Correct. So how do I disable it for selected interfaces? Either: a) change that to specify the interface you want it on for (add more for more interfaces) b) disable it. c) remove it. Yeah. Turn it on separately for each of that zillion of dynamic pppoe connections. I just want to disable IPv6 or a...
by lavv17
Thu Apr 21, 2011 1:53 pm
Forum: General
Topic: ROS 5.1 questions (IPv6, CPU load)
Replies: 11
Views: 1454

Re: ROS 5.1 questions (IPv6, CPU load)

It is enabled by default when the IPv6 package is turned on.
You'll see an entry in there for "interface=all".
Correct. So how do I disable it for selected interfaces?
What do you mean by RPS?
Receive Packet Steering (system resource irq rps)
Is it really enabled in the kernel of ROS 5.1?
by lavv17
Thu Apr 21, 2011 1:31 pm
Forum: General
Topic: ROS 5.1 questions (IPv6, CPU load)
Replies: 11
Views: 1454

Re: ROS 5.1 questions (IPv6, CPU load)

Can I disable IPv6 ND on selected interfaces and enable it by default?
by lavv17
Thu Apr 21, 2011 9:02 am
Forum: General
Topic: ROS 5.1 questions (IPv6, CPU load)
Replies: 11
Views: 1454

Re: ROS 5.1 questions (IPv6, CPU load)

It seems that RPS does not work until one core load = 100%. Am I right?

BTW, 5.1 looks very good :) compared to 3.17 it is 1.5 times faster, subjectively.
by lavv17
Mon Apr 18, 2011 11:41 am
Forum: General
Topic: ROS 5.1 questions (IPv6, CPU load)
Replies: 11
Views: 1454

ROS 5.1 questions (IPv6, CPU load)

How can I disable IPv6 on selected interfaces? How can I view IPv6 status on incoming ppp connections? Is this CPU load normal? Shouldn't the kernel distribute interrupts over the cores? CPU LOAD IRQ DISK 0 14% 13% 0% 1 0% 0% 0%
by lavv17
Mon Mar 28, 2011 1:45 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207349

Re: Feature requests

Please add timeout info to output of
ip firewall address-list print detail
for dynamic entries.
by lavv17
Tue Mar 15, 2011 1:34 pm
Forum: General
Topic: ip firewall feature request
Replies: 7
Views: 1318

Re: ip firewall feature request

Thank you! It will be possible to limit PPS, scans, spam, DDoS, etc on per-user basis.
by lavv17
Wed Mar 09, 2011 10:24 am
Forum: General
Topic: ip firewall feature request
Replies: 7
Views: 1318

Re: ip firewall feature request

dst-limit is nice, but I need to limit by src-address.
by lavv17
Thu Mar 03, 2011 2:31 pm
Forum: General
Topic: ip firewall feature request
Replies: 7
Views: 1318

ip firewall feature request

please make possibility to use hashlimit in ip firewall.
by lavv17
Thu Jun 10, 2010 3:04 pm
Forum: General
Topic: ethernet reset on some RB with ROS 3.30
Replies: 6
Views: 2398

Re: ethernet reset on some RB with ROS 3.30

It would be great to get more detailed information, so we can test the same configuration on our lab. 1) What is the configuration of RouterBOARD 600? 2) How it is connected to the another device? 3) Is there any on the middle device between the router and the another device? 4) What kind of the de...
by lavv17
Mon Jun 07, 2010 12:13 pm
Forum: General
Topic: ethernet reset on some RB with ROS 3.30
Replies: 6
Views: 2398

Re: ethernet reset on some RB with ROS 3.30

5.0beta2 also has this problem. The last version without the problem is 3.28.

Currently I workaround this problem by creating a bridge with a single port. The bridge does not reset when its port goes down-up.
by lavv17
Fri May 28, 2010 5:21 pm
Forum: RouterBOARD hardware
Topic: RB1000 CPU problem
Replies: 9
Views: 1602

Re: RB1000 CPU problem

RB1000 can pass through 3.2Gbps I guess it is with a single ip route without connection tracking. Here, with connection tracking, ip traffic-flow, 100 routes, bgp, ospf, no queues, single firewall line in input chain - it can barely cope with 60kpps and 300Mbps (in+out). After that cpu usage=100% a...
by lavv17
Thu Mar 25, 2010 7:20 pm
Forum: General
Topic: pppoe low performance
Replies: 14
Views: 2120

Re: pppoe low performance

I can explain the significant raise of cpu usage when I added a new chain and a jump only by linear search in mangle/forward table.
Anyway change-tcp-mss=no now, pcq queues are in place, and cpu usage is below 50% :D
(200 pppoe users, 120 Mbit/s on RB1000)
by lavv17
Thu Mar 25, 2010 8:38 am
Forum: General
Topic: pppoe low performance
Replies: 14
Views: 2120

Re: pppoe low performance

Let me answer myself. It appears the cause for slowness of "jump" was change-tcp-mss=yes in ppp profile.
It creates many hidden entries in firewall mangle table and jump apparently uses linear search to find the named chain.
by lavv17
Mon Mar 22, 2010 3:59 pm
Forum: General
Topic: pppoe low performance
Replies: 14
Views: 2120

Re: pppoe low performance

eliminating of "action=jump" in "ip firewall mangle" reduced cpu load even more. I wonder why "action=jump" is so slow. http://lav.yar.ru/rb1000-daily.gif At 11:45 I have "optimized" mangle table with a jump to avoid duplicate checking an address list in 16 rules. At 17:00 I have restored previous v...
by lavv17
Mon Mar 22, 2010 11:59 am
Forum: General
Topic: pppoe low performance
Replies: 14
Views: 2120

Re: pppoe low performance

Ok, thank you for pcq! I have implemented it and cpu load dropped somewhat (by 10-20%).

Has anybody profiled where the cpu is mostly spent?
by lavv17
Fri Mar 19, 2010 3:42 pm
Forum: General
Topic: ospf glitch
Replies: 5
Views: 646

Re: ospf glitch

I use plain "routing ospf interface print without-paging" and it produces infinite output.
by lavv17
Thu Mar 18, 2010 3:59 pm
Forum: General
Topic: pppoe low performance
Replies: 14
Views: 2120

Re: pppoe low performance

Unfortunately, I also use Framed-Route attribute to create a dynamic static routes for some clients. That way PCQ will not work, as it is per-IP address limitation, not per-interface which I need.
by lavv17
Thu Mar 18, 2010 9:19 am
Forum: General
Topic: ospf glitch
Replies: 5
Views: 646

Re: ospf glitch

there are appox 300 pppoe interfaces. They are passive (in ospf sense). I cannot announce an aggregate route because there are several pppoe servers in the cluster. I don't use redistribute-connected because I want to filter the routes between areas. 1 P interface=all cost=10 priority=1 authenticati...
by lavv17
Thu Mar 18, 2010 9:10 am
Forum: General
Topic: pppoe low performance
Replies: 14
Views: 2120

Re: pppoe low performance

Is there any alternative for rate limitation with radius?
by lavv17
Tue Mar 16, 2010 10:20 am
Forum: General
Topic: pppoe low performance
Replies: 14
Views: 2120

Re: pppoe low performance

no encryption, no compression.
Interesting that cpu load with pppoe significantly depends on the number of pppoe clients, more than on the traffic.
by lavv17
Mon Mar 15, 2010 6:55 pm
Forum: General
Topic: pppoe low performance
Replies: 14
Views: 2120

pppoe low performance

I'd like to ask why pppoe in routeros has such a low performance. EoIP is several times faster (approx 5x in my setup based on cpu load and used bandwidth). I use dynamic simple queues if that matters.
by lavv17
Fri Mar 12, 2010 9:16 am
Forum: General
Topic: ethernet reset on some RB with ROS 3.30
Replies: 6
Views: 2398

ethernet reset on some RB with ROS 3.30

I've noticed that some RB (e.g. RB1000, 600A) with RouterOS 3.30 reset ethernet from time to time. It shows as dropping all pppoe sessions and ospf neighbours.

The problem is fixed by installing ROS 3.28 (not tried 3.29).
by lavv17
Fri Mar 12, 2010 9:07 am
Forum: General
Topic: feature request: more detailed info
Replies: 3
Views: 911

Re: feature request: more detailed info

Wow! I've just found the command to discover underlying interface:
interface pppoe-server monitor ...
by lavv17
Wed Dec 16, 2009 10:08 am
Forum: General
Topic: ospf glitch
Replies: 5
Views: 646

ospf glitch

routing ospf interface print ... 223012 DP <pppoe-eia> 10 1 broadcast none 223013 DP <pppoe-avv> 10 1 broadcast none 223014 DP <pppoe-shadrich> 10 1 broadcast none 223015 DP <pppoe-agamov> 10 1 broadcast none 223016 DP <pppoe-i1279> 10 1 broadcast none 223017 DP <pppoe-i1662> 10 1 broadcast none ......
by lavv17
Mon Oct 26, 2009 1:47 pm
Forum: General
Topic: ppp active print hangs (3.20-30 and 4.1 too)
Replies: 2
Views: 550

Re: ppp active print hangs (3.20)

The same problem happens with 4.1, once a day average (400 pppoe users)

It only happens with multi-cpu=yes, so I have to run it with multi-cpu=no.
by lavv17
Fri Oct 02, 2009 10:26 am
Forum: General
Topic: feature request: a larger maximum for radius timeout
Replies: 3
Views: 873

Re: feature request: a larger maximum for radius timeout

typical user is only willing to wait 'several seconds'
30 seconds would be fine for me. This timeout is only needed for peak loads when 1000 users reconnect simultaneously after router reboot.
by lavv17
Tue Sep 29, 2009 8:19 am
Forum: General
Topic: feature request: a larger maximum for radius timeout
Replies: 3
Views: 873

feature request: a larger maximum for radius timeout

Now radius timeout has a limit of 10s maximum, and it's 3s by default. Please increase this upper limit, and possibly the default, as 3s is not enough IMO.
by lavv17
Wed Jun 17, 2009 10:20 am
Forum: General
Topic: export hangs
Replies: 3
Views: 645

Re: export hangs

"/system script job remove" did the trick! Thank you!
BTW, is it possible to output a detailed info of which command is being executed in the job?
by lavv17
Wed Jun 17, 2009 9:20 am
Forum: General
Topic: export hangs
Replies: 3
Views: 645

export hangs

"export file=123" hangs after /routing ospf interface (all interfeces are output). ^C does not work. Closing telnet connection does not stop export too. Is there a way to kill an active user? Like "user active remove"? CPU usage is 100% because of that export and I'd like not reboot the mikrotik. Ro...
by lavv17
Thu May 07, 2009 3:56 pm
Forum: General
Topic: rtl8168
Replies: 9
Views: 2305

Re: rtl8168

funny thing, after _several_ reboots it has found it. But now there are two ether1 interfaces. Fortunately I can rename one. 0 R ether1 1500 00:17:9A:38:0B:21 enabled 1 R ether1 1500 00:1D:7D:9F:5D:9A enabled
by lavv17
Thu Apr 23, 2009 9:56 am
Forum: General
Topic: rtl8168
Replies: 9
Views: 2305

Re: rtl8168

3.23 version does not detect this adapter, while 3.22 does. :(
by lavv17
Mon Mar 02, 2009 11:26 am
Forum: General
Topic: ppp active print hangs (3.20-30 and 4.1 too)
Replies: 2
Views: 550

Re: ppp active print hangs (3.20)

The problem happens once in a week, sometimes more often.
by lavv17
Tue Feb 24, 2009 8:03 am
Forum: General
Topic: ppp active print hangs (3.20-30 and 4.1 too)
Replies: 2
Views: 550

ppp active print hangs (3.20-30 and 4.1 too)

On a pc running RouterOS 3.20 (and 3.19 too), acting as pppoe server for ~150 users sometimes the command 'ppp active print' stops working. It just hangs until ^C, then prints the header and that's all. The command 'interface pppoe-server print' works as expected. New users cannot connect. Please he...
by lavv17
Wed Feb 18, 2009 12:33 pm
Forum: General
Topic: feature request: more detailed info
Replies: 3
Views: 911

Re: feature request: more detailed info

I mean the interface which is used for pppoe protocol, the ethernet interface.

The problem is that on the mikrotik there is several pppoe servers with the same service name but on different ethernet interfaces. And I'd like to know which ethernet interface pppoe sessions belong to.
by lavv17
Wed Feb 18, 2009 12:19 pm
Forum: Scripting
Topic: feature request: a new scheduler attribute
Replies: 2
Views: 511

Re: feature request: a new scheduler attribute

Thank you!
I used the second approach.

Another question: is it possible to run a script once a new pppoe user connects? Preferrably with an argument of interface name.
by lavv17
Wed Feb 18, 2009 11:32 am
Forum: General
Topic: feature request: more detailed info
Replies: 3
Views: 911

feature request: more detailed info

Hello!

Is it possible to add interface name to output of:
interface pppoe-server print detail
by lavv17
Wed Feb 18, 2009 10:39 am
Forum: Scripting
Topic: feature request: a new scheduler attribute
Replies: 2
Views: 511

feature request: a new scheduler attribute

Hello! I had a problem with a script that is run by scheduler each minute. The script sometimes cannot finish its work in that minute because of high cpu load and thus the scheduler runs the script again in parallel, the load increases even more and the script again cannot finish in a minute, the lo...
by lavv17
Mon Dec 29, 2008 8:38 am
Forum: Wireless Networking
Topic: multicast when AP is in bridge mode
Replies: 4
Views: 1876

multicast when AP is in bridge mode

Hi! I have a problem with OSPF on point-to-point wireless links. I have determined that the reason is losing multicast packets when they are sent from AP to the client. The AP is in bridge mode (single client). So the question is: is it possible to change multicast sending mode when AP is a bridge, ...
by lavv17
Thu Dec 18, 2008 11:38 am
Forum: General
Topic: stuck route in OSPF
Replies: 1
Views: 553

stuck route in OSPF

What's new in 3.8: *) fixed removing external routes from OSPF; It seems the problem is still there in 3.14: "routing ospf route print" shows: 227 x.x.x.x/32 imported 20 0.0.0.0 BUT ip route print where dst-address=x.x.x.x/32 shows nothing. Traffic loops. The user is not connected (it used to be co...
by lavv17
Wed Jul 09, 2008 5:21 pm
Forum: General
Topic: ip verify reverse-path
Replies: 2
Views: 1605

Re: ip verify reverse-path

are there any alternatives?

I cannot use static firewall rules, because users connect with pppoe authenticated by radius, and besides some of them get a dynamic route by Framed-Route radius attribute.
by lavv17
Mon May 26, 2008 7:04 pm
Forum: General
Topic: ip verify reverse-path
Replies: 2
Views: 1605

ip verify reverse-path

Has the feature been implemented?
http://forum.mikrotik.com/viewtopic.php?f=4&t=64
by lavv17
Thu Mar 20, 2008 9:13 am
Forum: General
Topic: Failed 3.4 to 3.5 upgrade x86
Replies: 20
Views: 3483

Re: Failed 3.4 to 3.5 upgrade

Same here. The PC has Core2Duo CPU and a SATA disk.
by lavv17
Sat Mar 08, 2008 10:03 am
Forum: General
Topic: rtl8168
Replies: 9
Views: 2305

Re: rtl8168

Oops. It seems I was mistaken about 3.4 version. The built in PCI-Express ethernet only works when I insert another PCI ethernet card. When it is the only ethernet it still does not work. But the good news is that new linux kernel from fedora updates (2.6.24.3) does work with the builtin ethernet ju...
by lavv17
Wed Mar 05, 2008 10:17 am
Forum: General
Topic: rtl8168
Replies: 9
Views: 2305

Re: rtl8168

3.4 version works fine! Thank you! :D
by lavv17
Fri Feb 29, 2008 5:45 pm
Forum: General
Topic: rtl8168
Replies: 9
Views: 2305

Re: rtl8168

The ethernet adapter is a builtin PCI Express Gigabit one. I have tried to install fedora linux 8 on the computer and had the same ethernet problem, which could only be solved by installing r8168 driver from realtek web site.

Is there a way to use the driver with mikrotik routeros?
by lavv17
Thu Feb 28, 2008 2:32 pm
Forum: General
Topic: rtl8168
Replies: 9
Views: 2305

rtl8168

Hello! Does Mikrotik support Realtek 8168 gigabit ethernet chipset? I have tried 3.3 version - it discovers an ethernet interface, but it does not seem to work. For example it always shows link-ok, even when the cable is not plugged in. The older version 2.9.50 does not see the ethernet controller a...
by lavv17
Tue Feb 19, 2008 9:26 am
Forum: General
Topic: pppoe shaping + excluded IP networks
Replies: 4
Views: 721

Re: pppoe shaping + excluded IP networks

I have found a solution. These commands will do the trick:

system script add name=set_queues source={/queue simple set [find dynamic yes] packet-marks=...}
system scheduler add name=set_queues on-event=set_queues interval=60s
by lavv17
Fri Feb 15, 2008 9:46 am
Forum: General
Topic: pppoe shaping + excluded IP networks
Replies: 4
Views: 721

Re: pppoe shaping + excluded IP networks

Is it possible to set a default packet-marks on dynamic simple queues?
by lavv17
Thu Feb 14, 2008 10:38 am
Forum: General
Topic: pppoe shaping + excluded IP networks
Replies: 4
Views: 721

Re: pppoe shaping + excluded IP networks

An additional info: users have various rate limitations, so I cannot just set a static queueing.
by lavv17
Wed Feb 13, 2008 4:18 pm
Forum: General
Topic: pppoe shaping + excluded IP networks
Replies: 4
Views: 721

pppoe shaping + excluded IP networks

Hello! I have pppoe users with traffic shaping which gets set up with the radius Ascend-Data-Rate attribute. Everything works fine, except that I want to have an IP network from/to which the traffic rate would not be limited or limited with a different rate. Is it possible to do? The network is stat...