Community discussions

Search found 1620 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 33
by macgaiver
Thu Feb 08, 2018 12:50 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: "restrict upgrade from RouterOS older than v5.16" ?
Replies: 8
Views: 221

Re: "restrict upgrade from RouterOS older than v5.16" ?

When version gap is so large, you are better out with full Netinstall and configuration from 0 anyway.
by macgaiver
Tue Jan 23, 2018 6:03 pm
Forum: General
Topic: Help with No track Raw rule
Replies: 1
Views: 83

Re: Help with No track Raw rule

I usually do this
1) action=accept all traffic that needs NAT ( usually it is only traffic from local private subnets) in RAW table (it will send traffic to connection tracking - even if it is disabled)
2) disable connection tracking
3) build stateless firewall
by macgaiver
Tue Jan 23, 2018 2:54 pm
Forum: General
Topic: selective accept before fasttrack does not disable fasttrack, what am I doing wrong? [SOLVED]
Replies: 3
Views: 143

Re: selective accept before fasttrack does not disable fasttrack, what am I doing wrong? [SOLVED]

Are you talking about dynamic one? or static one? Dynamic is not actually a rule it is just a placeholder to indicate that some of the packets doesn't get to your firewall at all as they are fasttracked. you need to find action=fasttrack-connection rule and place your rules before it. then you need ...
by macgaiver
Wed Jan 10, 2018 2:05 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 36706

Re: v6.41 [current]

Just want to say good job on the HW offload functions. I managed to get this onto my "old" RB750 which sits on my desk at work and the offload makes a huge difference from 1 interface to another so hopefully this amazing performance increase scales up to far larger switches. CPU usage was also down...
by macgaiver
Mon Dec 18, 2017 10:41 am
Forum: Wireless Networking
Topic: Can't change country
Replies: 9
Views: 362

Re: Can't change country

Just a hint :) - Netinstall, have a nice feature to un-check "keep old configuration " and "Apply default config" option ;)
by macgaiver
Thu Dec 14, 2017 4:52 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service
Replies: 16
Views: 1476

Re: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service

I'm sorry, for jumping in, but there are few points i would like to contribute. 1) There are 2 kinds of routers out there - a) hardware accelerated - limited number of features, but @ wire speed b) regular processing - many features, limited CPU and RAM processing resoursces Fasttrack is software fe...
by macgaiver
Wed Dec 13, 2017 12:49 pm
Forum: General
Topic: TCP Port NAT log
Replies: 1
Views: 84

Re: TCP Port NAT log

UDP/443 is Google QUIC protocol
https://en.wikipedia.org/wiki/QUIC
by macgaiver
Fri Dec 08, 2017 8:08 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Interface packet Drops on an octacore xeon with intel nics
Replies: 31
Views: 12960

Re: Interface packet Drops on an octacore xeon with intel ni

What about Tx Drops ? OMG that was 5 years old post :) TX drop is much more rare, imagine you have 1Gbps and 100Mbps interfaces on your router and you are trying to receive 200Mbps on Gbps interface and send it out on 100Mbps interface, 1Gpbs will have no problem receiving 200Mbps, and at that poin...
by macgaiver
Wed Dec 06, 2017 7:13 am
Forum: General
Topic: Fasttrack & queue tree non-global queues
Replies: 3
Views: 362

Re: Fasttrack & queue tree non-global queues

AS manual stated - firewall rules (including your packet marks) are skipped, only mark you can use is default "no-mark"
by macgaiver
Mon Nov 27, 2017 7:58 am
Forum: General
Topic: Simple queue drop question
Replies: 18
Views: 576

Re: Simple queue drop question

p2p option was capturing lots of false positives, so it was removed, i suggest to get rid of any configuration that uses those options.
by macgaiver
Tue Oct 17, 2017 1:20 pm
Forum: General
Topic: Did Fasttrack break with recent updates?
Replies: 6
Views: 572

Re: Did Fasttrack break with recent updates?

Routing mark doesn't work on fasttracked traffic, it need to be excluded from the fasttrack-connection rule.
by macgaiver
Tue Oct 17, 2017 12:23 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 83324

Re: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities

802.11/nstreme client (all station modes)
So all client that use nstreme in station-bridge mode need to be upgraded too??
Thanks
Sorry, but "all station modes" mean "all station modes" :)
by macgaiver
Tue Oct 03, 2017 5:58 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: CCR 100% on all cores, Queue tree -PCQ
Replies: 5
Views: 1903

Re: CCR 100% on all cores, Queue tree -PCQ

Separate your local network in separate smaller subnets, and have queue for each subnet.
by macgaiver
Thu Sep 14, 2017 5:20 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 108
Views: 21451

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

I would really prefer if you did not announce the prices ... Local distributors here are selling Mikrotik gear way times more expensive, for example RB1100AHX4 is currently 570$ or 475$ before taxes, so it is pretty announcing to find out that we are being robbed like that, it is better just not to...
by macgaiver
Thu Sep 14, 2017 4:28 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 108
Views: 21451

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

Wow some awesome new products :) The S+RJ10 SFP module is pretty interesting for the price.I remember buying a ProLabs one , for about 10 times the price last year. Indeed!!! Just to be sure - MT didn't you forget to add one digit ("1", "2" or even "3") in front of S+RJ10 "$65" price??? I got pair ...
by macgaiver
Tue Sep 05, 2017 2:56 pm
Forum: RouterBOARD hardware
Topic: 10G switch with RJ45?
Replies: 13
Views: 1328

Re: 10G switch with RJ45?

I think only thing that is missing is (100M/1G/2.5G/5G/10GBASE-T) RJ45 SFP+ module, then we can use any SFP+ only device.
by macgaiver
Tue Aug 29, 2017 3:30 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 91719

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc20 (2017-Aug-29 06:41):
uuuu, winbox support for new bridge implementation....
by macgaiver
Tue Aug 22, 2017 8:22 am
Forum: General
Topic: EoIP tunnel not getting 1500 MTU [SOLVED]
Replies: 13
Views: 1319

Re: EoIP tunnel not getting 1500 MTU [SOLVED]

Set MTU on your EOIP tunnels interfaces to 1500.
by macgaiver
Wed Aug 16, 2017 12:16 pm
Forum: General
Topic: RB1200 NAT performance (throughput)
Replies: 10
Views: 880

Re: RB1200 NAT performance (throughput)

Hello guys! I manage a RB1200 router, and since it has all GigE ports I assumed it has enough routing capacity for them. But once we upgraded our WAN link to 500 Mbps, RB1200 started hitting the CPU peak (100%) at approximately 200 Mbps. I tested the same link with Apple AirPort (a home router!) - ...
by macgaiver
Tue Aug 15, 2017 1:22 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 236
Views: 111284

Re: FastTrack - New feature in 6.29

New ISSUE: Fasttrack causes errors with IPTV HLS. If is used Fasttrack , IPTV does not Work.... in all versions.of RoS vhere is it What do you mean by "IPTV HLS"? can you be more precise? i have no issues with my IPTV and Fastpath? If you use Fasttrack then this traffic is NATed?? There are not eno...
by macgaiver
Thu Aug 03, 2017 3:55 pm
Forum: Announcements
Topic: Wireless link calculator updated
Replies: 66
Views: 15469

Re: Wireless link calculator updated

1) Manual height override for both points (or mast height)

2) on the sea don't allow to go into negative height :)

3) allow to place link on left-mouse click, so you don't have to search where did you left your link previously :)
by macgaiver
Mon Jul 31, 2017 9:13 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 vs CCR series for core/distribution?
Replies: 10
Views: 1341

Re: RB1100AHx4 vs CCR series for core/distribution?

Ok, let's start again. Blank standard RB1100AHx4 routers. Router1 - port 6 (IP address: 10.0.0.1/30) connected to Router 2 - port 6 (IP address: 10.0.0.2/30), Cat6 patch. Nothing else configured. Router 1 -> Tools -> BTest Server -> Enabled Router 2 -> Tools -> Bandwidth Test -> Test to: 10.0.0.1 (...
by macgaiver
Mon Jul 31, 2017 6:49 am
Forum: General
Topic: CCR1036-8G-2s+ RAW firewall area not appearing
Replies: 2
Views: 214

Re: CCR1036-8G-2s+ RAW firewall area not appearing

Old RouterOS version???
by macgaiver
Thu Jul 13, 2017 7:12 am
Forum: Announcements
Topic: v6.40rc [release candidate] is released! (New bridge implementation delayed till 6.41rc)
Replies: 207
Views: 24220

Re: v6.40rc [release candidate] is released! (New bridge implementation)

*) mmips - added support for NVME disks; what possible current mmips based router has slot/interface to get an nvme ssd attached to it? afaik nvme is pcie, and the hexR3 (the sole mmips based mikrotik device) doesn’t have anything similar... Maybe M33 ?? https://mum.mikrotik.com/presentations/EU17/...
by macgaiver
Wed Jul 12, 2017 4:19 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released! (New bridge implementation delayed till 6.41rc)
Replies: 207
Views: 24220

Re: v6.40rc [release candidate] is released! (New bridge implementation)

It doesn't work on RB850Gx2.
RB850Gx2 Ethernets doesn't have fastpath support, MT doesn't have their own driver there, they use ones provided by CPU manufactures so that IPsec hardware acceleration works. I asked about this at the MUM.
by macgaiver
Fri Jul 07, 2017 3:31 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released! (New bridge implementation delayed till 6.41rc)
Replies: 207
Views: 24220

Re: v6.40rc [release candidate] is released! (New bridge implementation)

... looks like my weekend just become much more interesting!
by macgaiver
Thu Jul 06, 2017 8:16 am
Forum: General
Topic: If FastTrack is useful for VPN?
Replies: 6
Views: 463

Re: If FastTrack is useful for VPN?

Fastpath/Fasttrack can't and never will be used for input "traffic". Fastpath/Fasttrack allow to skip packet processing when it is not necessary, it uses routing cache ( in case of fastpath) and conntrack (in case of fasttrack) to determine what out-interface packet should end up to. and sends that ...
by macgaiver
Thu Jun 29, 2017 1:45 pm
Forum: Beginner Basics
Topic: Fasttrack on input chain?
Replies: 4
Views: 292

Re: Fasttrack on input chain?

Running SSTP it seems like a lot of packets are going through fasttrak on the input chain once I enabled it, and the connection quality improved. packets that is going through the router from SSTP to other interface are going via forward, that is why you see increase, only SSTP managment packets go...
by macgaiver
Thu Jun 29, 2017 7:11 am
Forum: Beginner Basics
Topic: Fasttrack on input chain?
Replies: 4
Views: 292

Re: Fasttrack on input chain?

it only work for forward, all input/output traffic needs to be in slowpath as it always requires some kind of processing.
by macgaiver
Wed Jun 28, 2017 10:09 am
Forum: General
Topic: Discussion about bugfix, current and rc versions
Replies: 29
Views: 1701

Re: v6.38.7 [bugfix] is released!

Actually major does need to correspond to kernel and minor and subminor do not need to correspond to feature set or patch too. Just see the release notes and you will find that subminor is adding new features too while minor is patching old problems also... feature set - all features old and new th...
by macgaiver
Wed Jun 28, 2017 7:18 am
Forum: General
Topic: Discussion about bugfix, current and rc versions
Replies: 29
Views: 1701

Re: v6.38.7 [bugfix] is released!

Why are you always confusing download channels and versions?? Current/bugfix/RC in download page is download channel, is whatever version MikroTik choose to position there, v6.39.2 can be placed in bugfix also, if MikroTik sees it fit. So these channels is nothing more as MikroTik's suggestions for ...
by macgaiver
Fri Jun 16, 2017 1:54 pm
Forum: General
Topic: (EMERGENCY) ECMP LOAD BALANCE
Replies: 10
Views: 549

Re: (EMERGENCY) ECMP LOAD BALANCE

Please anybody I need help
You need to move away from 5,5year old version, then you can use examples from the manual.
by macgaiver
Wed Jun 14, 2017 4:00 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released!
Replies: 231
Views: 34642

Re: v6.40rc [release candidate] is released!

Version 6.40rc21 has been released. !) wireless - added Nv2 AP synchronization feature (for experimental use)(CLI only); Visit this link in order to find out more about new wireless feature: https://wiki.mikrotik.com/wiki/Manual:Nv2#Nv2_AP_Synchronization And that is one unexpected development.... ...
by macgaiver
Tue Jun 13, 2017 7:49 am
Forum: Announcements
Topic: Newsletter 76
Replies: 50
Views: 11376

Re: Newsletter 76

ARM v7 Dual-Core @ 800 MHz
As far as i know it is single core, at least routerboard.com backs me up on that.
by macgaiver
Mon Jun 12, 2017 10:48 am
Forum: General
Topic: Testing 10g equipment?
Replies: 3
Views: 334

Re: Testing 10g equipment?

Traffic generator offer you additional statistics if traffic returns to the same device it is created, like latency and jitter and packet loss.
by macgaiver
Fri Jun 09, 2017 10:56 am
Forum: General
Topic: Testing 10g equipment?
Replies: 3
Views: 334

Re: Testing 10g equipment?

Take X86/x64 hardware with at least 2x 10G interfaces,
install free 24h demo RouterOS license,
connect all 10G ports to device, use this setup:
https://wiki.mikrotik.com/wiki/Manual:P ... _Generator
by macgaiver
Thu Jun 08, 2017 5:28 pm
Forum: General
Topic: CRS326-24G-2S+RM speed test?
Replies: 4
Views: 790

Re: CRS326-24G-2S+RM speed test?

CPUs on CRS series are there to run RouterOS and use some ROuterOS features not to generate 10G of traffic :)
For 10G traffic generation you need full out CCR device and use Traffic Generator.
by macgaiver
Thu Jun 08, 2017 4:55 pm
Forum: General
Topic: CRS326-24G-2S+RM speed test?
Replies: 4
Views: 790

Re: CRS326-24G-2S+RM speed test?

Really, are you running Btest from the switch??

You need to run it from 1 x86 to other x86 through the switch.
by macgaiver
Thu Jun 08, 2017 9:08 am
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 4028

Re: RE: Re: The deal with change mss

Could you see, please, if all PPPoE interfaces has same MTU? I want to test it when MTU is not the same for all interfaces, just to see if will work in that case, or if is considering the minimal mtu to run this "new" algorithm. Thank you for your time It looks like packet get adjustment MSS when i...
by macgaiver
Wed Jun 07, 2017 2:56 pm
Forum: General
Topic: Mikrotik vs FortiGate
Replies: 3
Views: 1293

Re: Mikrotik vs FortiGate

IF they promise same performance with any size of the packets, i can tell you for sure it is hardware abased solution, so your biggest problem will be feature set, usually hardware based solutions have limited feature set. Those performance numbers are worst case scenario numbers, when software need...
by macgaiver
Wed Jun 07, 2017 2:51 pm
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 4028

Re: The deal with change mss

Just updated whole my pppoe site to 6.39.2, you can forget about change-mss rules, it all is now nicely build-in into ppp interfaces, even with MRU now it works fine.
by macgaiver
Tue Jun 06, 2017 3:57 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 23024

Re: v6.39.2 [current]

Neither of those things happened on my 1000AHx2 - PPPoE client and IPv6 are still there and enabled.
same here - so far so good.
by macgaiver
Thu Jun 01, 2017 8:08 am
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 4028

Re: The deal with change mss

no connection tracking, fastpath possible - everything much better.
For us this is irrelevant, since we need to do some NATing for some customers... which breaks fastpath.[/quote]

well fasttrack enables you to use fastpath with NAT.
by macgaiver
Wed May 31, 2017 12:06 pm
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 4028

Re: The deal with change mss

Before this change there was dynamic mange change-mss rules created, this enables connection tracking, disables fastpath making everything slow. Now this functionality is build-in into ppp interfaces themselves, this way no mangle rules are necessary, no connection tracking, fastpath possible - ever...
by macgaiver
Tue May 30, 2017 8:54 am
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 4028

Re: The deal with change mss

v6.40rc13 have this line in changelog:
*) ppp - fixed "change-mss" functionality (introduced in 6.39);

so i assume when it is confirmed to test your issue it will be included in v6.39.2
by macgaiver
Tue May 02, 2017 11:54 am
Forum: RouterOS v6 RC and v7 BETA
Topic: MSS Clamping 6.39
Replies: 9
Views: 1771

Re: MSS Clamping 6.39

Just write to support@mikrotik.com
by macgaiver
Tue Apr 25, 2017 2:24 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: v6.39rc80 [release candidate] is released!
Replies: 63
Views: 7541

Re: v6.39rc79 [release candidate] is released!

!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour; (v6.40 will have another separate VLAN-aware bridge implementation);
Very nice to see that you actually listen to us :)
by macgaiver
Fri Apr 21, 2017 2:57 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: v6.39rc80 [release candidate] is released!
Replies: 63
Views: 7541

Re: v6.39rc76 [release candidate] is released!

Unable to open any HTTPS site, unless the fasttrack rule is disabled.
meanwhile, HTTP site is not affected, even if the fasttrack rule is enabled.
No problems here. usually problems like this are with policy routing, but policy roluting and fasttrack is mutually exclusive....
  • 1
  • 2
  • 3
  • 4
  • 5
  • 33