Community discussions

Search found 338 matches

  • 1
  • 2
by hedele
Mon Jun 03, 2019 12:57 pm
Forum: Virtualization
Topic: MikroTik CHR 6.44.3 high latency on ESXi, 6.5.0.20000 vs 6.0 [SOLVED]
Replies: 2
Views: 731

Re: MikroTik CHR 6.44.3 high latency on ESXi, 6.5.0.20000 vs 6.0 [SOLVED]

This may sound stupid but did you maybe forget to activate a license (trial or paid)? By default CHR has a hard-limit of 1 Mbps if no license is installed.
by hedele
Tue Apr 30, 2019 1:04 pm
Forum: Virtualization
Topic: Replaced 5yr old x86 with CHR (less than impressed)
Replies: 14
Views: 1445

Re: Replaced 5yr old x86 with CHR (less than impressed)

To be honest, I'm not that surprised by your results. First of all, VMware is less performant for CHR installations than Hyper-V, so this machine is not using the optimal hypervisor. Also the CPU in this new router is essentially the same as the one in your old router (Intel Core i7 with 4 physical ...
by hedele
Fri Mar 29, 2019 12:04 pm
Forum: Forwarding Protocols
Topic: Strange BGP Routing issue to mikrotik subnet
Replies: 2
Views: 417

Re: Strange BGP Routing issue to mikrotik subnet

Your problem is hopefully quite simple :) you reach the Mikrotik update servers through a VIX peering, so by default, your router will source all packets it sends towards that destination using the IP address it has assigned on the egress interface - which will be in the peering LAN range 193.203.0....
by hedele
Mon Nov 06, 2017 3:50 pm
Forum: General
Topic: Route Cache disabled with Fast Path
Replies: 6
Views: 2481

Re: Route Cache disabled with Fast Path

That is because as of ROS v6, Fastpath requires route-cache in order to work. If you disable route-cache, you disable fastpath (and by extension, fasttrack).
by hedele
Sat Nov 04, 2017 12:41 pm
Forum: Forwarding Protocols
Topic: Simple blocking an ASN with BGP? [not resolved]
Replies: 6
Views: 1382

Re: Simple blocking an ASN with BGP?

It should be possible to create a route filter that matches the BGP AS Path (regexp, in your case ".*45899$" should work), and then as action set-type=blackhole. That way all routes originating from that AS will be blackholed instantly. That said, it's a horrible idea to do this and you should rathe...
by hedele
Sat Apr 22, 2017 2:03 pm
Forum: General
Topic: v6.39rc80 [release candidate] is released!
Replies: 63
Views: 10823

Re: v6.39rc76 [release candidate] is released!

Please provide a method of restoring previous STP mode, whereby Router OS would exclusively transmit and process BPDUs on (R)STP bridge ports. I second this entire post - this change to how STP works is simply unacceptable as it breaks several different deployments we have in place where we NEED to...
by hedele
Wed Apr 05, 2017 1:52 pm
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12011

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

I think it's important to remember that a substantial amount of traffic is needed to have any sort of effect on your devices. You won't be able to bring down a CCR using a residential xDSL line that only has a couple Mbit/s upload speed, or have one of your WiFi customers kill your network because t...
by hedele
Tue Apr 04, 2017 3:12 pm
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12011

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

Hm... i just did some testing myself, and at 200000 packets per second a CCR1009 running 6.37.5 barely breaks a sweat (like 10% cpu load max). I'm not sure this is really a problem other than "if you throw lots of packets at something it will eventually die".
by hedele
Tue Apr 04, 2017 2:15 pm
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12011

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

So using the access-from lists mitigates the problem? That would be awesome because we're already using that in lieu of firewall rules to keep the devices in fastpath.
by hedele
Tue Apr 04, 2017 1:28 pm
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12011

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

The problem is that a firewall rule will knock our CCRs out of fastpath forwarding, thereby severely reducing throughput. Please fix this in software, and preferably offer an update for the current bugfix branch (6.37.x) as well.
by hedele
Tue Apr 04, 2017 12:15 pm
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12011

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

Is this 6.38.5 and above only? Or does this also work on 6.37.5?
by hedele
Mon Mar 20, 2017 4:36 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 54
Views: 9235

Re: CHR feature requests

Sooo what about Fastpath on CHR then? :D
by hedele
Fri Mar 17, 2017 8:06 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 54
Views: 9235

Re: CHR feature requests

Fastpath/Fasttrack for CHR is pretty much the only thing I'm missing, apart from a more convenient install method (.iso?) for ESXi.
by hedele
Fri Mar 17, 2017 7:48 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 61
Views: 10052

Re: CCR1036 Power Supply

Hey, I'd be grateful if you could name the shop you got a replacement power supply from as I need to replace two of them myself and my distributor knows of no such thing.
by hedele
Mon Mar 13, 2017 10:05 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 81669

Re: v6.39rc [release candidate] is released

I do not follow how this can be let to happen in a "current" version. My setup is fairly simple and I'm no veteran. I had always had the impression that Mikrotik devices are utilized in corporate environments, schools, banks, etc. and this issue caused major outages. Well here's the thing. I'm gues...
by hedele
Fri Sep 23, 2016 9:33 am
Forum: Forwarding Protocols
Topic: Mikrotik equivalent of the AS-SET command
Replies: 7
Views: 1963

Re: Mikrotik equivalent of the AS-SET command

Also, the 2nd option will contribute to blowing up the IPv4 global routing table size even more - so please, don't start randomly deaggregating your IP allocations just because it's funny. Try having your customer prepend first or at least split the /22 into two /23s and not four /24s.
by hedele
Mon Sep 12, 2016 5:55 pm
Forum: General
Topic: Huawei ME909s-120 not recognized
Replies: 27
Views: 7358

Re: Huawei ME909s-120 not recognized

Same. ME909s-120 on 11.617.01.00.00. Routerboard RB912UAG-2HPnD, ROS 6.32.3, Firmware 3.24
by hedele
Mon Sep 12, 2016 5:43 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 56749

Re: v6.37rc [release candidate] is released, only one wireless package!

Wow... greatly reduced CPU load over previous versions on devices with large routing tables! Also a CCR1016 does no longer produce packet loss in general packet forwarding when a single CPU core is stuck at 100%
by hedele
Mon Sep 12, 2016 1:59 pm
Forum: General
Topic: Huawei ME909s-120 not recognized
Replies: 27
Views: 7358

Re: Huawei ME909s-120 not recognized

I have a similar problem with the ME909s-120 on my RB912Gs - it hangs after a short period of high throughput. The lte1 interface stays up, but I don't get any more input packets. A usb power-reset fixes the problem. The issue is more pronounced when I'm using WLAN, leading me to believe that there'...
by hedele
Mon Sep 12, 2016 12:27 pm
Forum: Forwarding Protocols
Topic: RFC2544 Test fail on VPLS circuit
Replies: 11
Views: 1790

Re: RFC2544 Test fail on VPLS circuit

Check the CPU load of the device while testing - you'll probably see a single CPU core stuck at 100% load. If so, there's nothing you can do about this, any sort of tunneling just doesn't distribute across all CPUs... no idea if that will be addressed in RouterOS v7 (or if it's even possible/viable ...
by hedele
Fri Sep 09, 2016 3:11 pm
Forum: RouterBOARD hardware
Topic: ZTE ZM8620 or Sierra EM7455 Compatibility
Replies: 17
Views: 5670

Re: ZTE ZM8620 or Sierra EM7455 Compatibility

The MC7455 just isn't detected on the RB912s I have, even if i force the USB to mini-PCIe. It however works fine in a USB to mini-PCIe adapter that is plugged into the front USB port of the RB912.
by hedele
Wed Sep 07, 2016 4:25 pm
Forum: Forwarding Protocols
Topic: RFC2544 Test fail on VPLS circuit
Replies: 11
Views: 1790

Re: RFC2544 Test fail on VPLS circuit

IIRC, any sort of packet forwarding that requires some form of processing that cannot happen in fastpath (encapsulating, like EoIP, VPLS, GRE...) may not distribute load across all CPUs. Which is why on a CCR1036, an EoIP tunnel will only transport around 550 Mbps with 512-byte packets - only a sing...
by hedele
Tue May 24, 2016 11:52 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 64696

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) firewall - added pre-connection tracking filter - "raw" table, that allow to protect connection-tracking from unnecessary traffic;
So which is faster in terms of throughput - fasttrack or no tracking at all?
by hedele
Fri Apr 08, 2016 10:33 am
Forum: RouterBOARD hardware
Topic: Which 10G NIC will work with 6.34.4 Ver?
Replies: 1
Views: 589

Re: Which 10G NIC will work with 6.34.4 Ver?

Intel X520 cards will work just fine, but will not show or allow to set L2MTU.
by hedele
Tue Apr 05, 2016 12:02 pm
Forum: General
Topic: Best Interface Queue type for CCR routers?
Replies: 3
Views: 2179

Re: Best Interface Queue type for CCR routers?

I'd say generally you should be using only-hardware-queue on pretty much every Mikrotik device (excluding x86 and some special cases like CRS125 which seem to work better with other queues). Having -ANY- firewall rule configured will disable fastpath, so you will need to use fasttrack instead.
by hedele
Wed Mar 23, 2016 1:53 pm
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104869

Re: v6.35rc [release candidate] is released, new wireless package!

Version 6.35rc37 has been released.
*) lte - supported modems now use unsolicit events for network monitoring;
Unfortunately, this still breaks compatibility with Huawei ME909s (Ticket#2016032166000454)
by hedele
Mon Mar 21, 2016 11:00 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104869

Re: v6.35rc [release candidate] is released, new wireless package!

Version 6.35rc33 has been released. *) lte - changed AT parsing because supported Huawei modems use unsolicit events instead of polling I hoped that this might fix Ticket#2016031766000471 but unfortunately this just made it worse to the point that AT+CPIN? commands on the Huawei ME909s time out all...
by hedele
Thu Mar 17, 2016 2:36 am
Forum: Beginner Basics
Topic: L2TP IPSEC
Replies: 2
Views: 598

Re: L2TP IPSEC

If you assigned an IP address to the L2TP dialin that is within your LAN subnet, you will need to enable proxy-arp on your LAN interface.
by hedele
Wed Mar 16, 2016 6:32 pm
Forum: RouterBOARD hardware
Topic: CCR 1009 switch chip menu
Replies: 22
Views: 8571

Re: CCR 1009 switch chip menu

I used a CCR1016 running traffic generator (2 UDP streams) as source for my tests, the sink was also a CCR1016. So the test looks like this: CCR1016-1 (sfp1) ---> (eth5) CCR1009 (eth1/6) ---> (sfp1) CCR1016-2 All devices were running ROS 6.32.3 I used a packet size of 64 bytes, because once we know ...
by hedele
Wed Mar 16, 2016 5:00 pm
Forum: General
Topic: Backport working LTE devices from ROS7 to ROS6?
Replies: 5
Views: 1693

Re: Backport working LTE devices from ROS7 to ROS6?

From what I gather, those devices cannot be supported in ROS 6 due to missing kernel support (the kernel in ROS 6 is pretty old). Backporting modules to an operating system that essentially has an expiry date already printed on is not really a useful way for Mikrotik to spend their resources. Why do...
by hedele
Tue Mar 15, 2016 7:18 pm
Forum: RouterBOARD hardware
Topic: CCR 1009 switch chip menu
Replies: 22
Views: 8571

Re: CCR 1009 switch chip menu

I also received a CCR1009 in the lab today and can probably run some tests tomorrow. :) Will be interesting to compare results.

Edit: moved to separate post
by hedele
Tue Mar 15, 2016 3:00 am
Forum: Beginner Basics
Topic: [CCR1009] Can I add ports 5&6 to the switched ports 1-4 via bridge? Or in any other way?
Replies: 12
Views: 1899

Re: [CCR1009] Can I add ports 5&6 to the switched ports 1-4 via bridge? Or in any other way?

But on the other hand at least ports 1-4 should have worked fine together in this case, right? .
Well, actually no, because ether1 was enslaved to bridge1 (or whatever you called your bridge) and any configuration made on a slave port does not work in most cases.
by hedele
Mon Mar 14, 2016 11:05 pm
Forum: RouterBOARD hardware
Topic: CCR 1009 switch chip menu
Replies: 22
Views: 8571

Re: CCR 1009 switch chip menu

That was my main problem, because I read that switch port used more cpu than "cpu port".
I have read that a few times as well, but could never reliably reproduce it in lab tests on both RB1100AHx2 and CCR1009-PC. If there is a difference, it is so minor it barely makes an impact.
by hedele
Mon Mar 14, 2016 8:54 pm
Forum: RouterBOARD hardware
Topic: CCR 1009 switch chip menu
Replies: 22
Views: 8571

Re: CCR 1009 switch chip menu

You don't really need to be afraid of bandwidth issues on the switch-group. The only way you can oversaturate the 1gbps connection to the CPU is by downloading full speed to the switch-group from WAN, and also trying to download full speed to the switch-group from port 5 at the same time - which wil...
by hedele
Mon Mar 14, 2016 1:29 pm
Forum: RouterBOARD hardware
Topic: CCR1016-12S-1S+ but with 2 x SFP+?
Replies: 2
Views: 696

Re: CCR1016-12S-1S+ but with 2 x SFP+?

As far as I know, that is not possible, because Tile-GX 16 and 36 only have four XAUI interfaces available on their mPIPE engine, each of them can either be used for 1x 10G, or 4x 1G interfaces, so the most you can get out of those are 2x 10G and 8x1G if you want 10G uplink redundancy. Incidentally,...
by hedele
Mon Mar 14, 2016 12:18 pm
Forum: RouterBOARD hardware
Topic: CCR 1009 switch chip menu
Replies: 22
Views: 8571

Re: CCR 1009 switch chip menu

Well, just use port 1 as your LAN port, and set port 2-4 to have port 1 as master-port. Don't use port 5 if you don't need it :) If you do need Port 5, you will have to create a bridge, and add port 1 and port 5 as members of the bridge (port 2-4 are already slaves of port 1, adding them is both not...
by hedele
Fri Mar 11, 2016 4:32 pm
Forum: Beginner Basics
Topic: [CCR1009] Can I add ports 5&6 to the switched ports 1-4 via bridge? Or in any other way?
Replies: 12
Views: 1899

Re: [CCR1009] Can I add ports 5&6 to the switched ports 1-4 via bridge? Or in any other way?

I tried to put ports 1,5 and 6 into a bridge and configure ether1 as a master for 2,3 and 4 at the same time. That was just an idea that came to my mind but it didn't work. That is odd, because that is the correct way to do it. Maybe something else in your configuration was off? You might want to t...
by hedele
Thu Mar 10, 2016 2:27 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 108
Views: 23412

Re: IPv6 recursive nexthops via iBGP

v7 Teaser alert, recursive ipv6 works :D
[admin@tested] > /routing/route/print 
ooops.. looks like CLI will change a lot?
by hedele
Mon Mar 07, 2016 1:39 pm
Forum: General
Topic: Feature Request - LAC/LNS functionality
Replies: 128
Views: 36922

Re: Feature Request - LAC/LNS functionality

I have only given it brief testing as I lack the provisions to really get a CCR based system to break a sweat in terms of PPP, but judging from my experiences with plain Ethernet routing, Fastpath gives about a 2.5x speedup compared to non-fastpath. When replacing Cisco LNSes with Mikrotik, the devi...
by hedele
Tue Feb 23, 2016 4:06 pm
Forum: RouterBOARD hardware
Topic: Beast x86 hardware
Replies: 29
Views: 7206

Re: Beast x86 hardware

I already mentioned that idea, but it was suggested by Mikrotik staff that essential kernel modules/drivers that are required to successfully run CHR on physical hardware are disabled/removed in the x86_64 kernel so this can't happen. I did not bother to verify that yet.
by hedele
Mon Feb 22, 2016 4:29 pm
Forum: RouterBOARD hardware
Topic: Beast x86 hardware
Replies: 29
Views: 7206

Re: Beast x86 hardware

I don't hold high hopes that this is going to work without a hitch on ROS 6 with the normal x86 distribution :( Mikrotik seems hellbent on keeping the x86 distribution of ROS as barely usable as possible (no 64 bit support, missing support for lots of newer NICs) to push people towards using CHR, bu...
by hedele
Mon Feb 22, 2016 10:38 am
Forum: Announcements
Topic: v6.32.4 [bugfix] is released!
Replies: 24
Views: 12977

Re: v6.32.4 [bugfix] is released!

For some reason, sector writes don't show up on tile architecture boards, I checked an old CCR I have lying around running 6.18 and it doesn't show them either. Seems to be a design decision I guess?
by hedele
Fri Feb 19, 2016 11:16 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104869

Re: v6.35rc [release candidate] is released, new wireless package!

Is RAM upgrade maybe also coming to CCR devices? The reason I'm asking is that for some reason, RouterOS for tile is HUGE when installed (46 MiB used out of 128 MiB on a CCR1016-12S-1S+), which makes using partitions almost impossible now (barely enough space to perform upgrade when using 2 partitio...
by hedele
Fri Feb 19, 2016 8:35 am
Forum: RouterBOARD hardware
Topic: Three RB951Ui-2nD hAP dead in a week with LTE modem in USB
Replies: 9
Views: 3684

Re: Three RB951Ui-2nD hAP dead in a week with LTE modem in USB

This is a stab in the dark, but I guess the USB modem might be pulling too much power. Consider using a powered USB hub between your Routerboard and the USB modem.
by hedele
Tue Jan 12, 2016 5:17 pm
Forum: Forwarding Protocols
Topic: 3 Telco Links BGP in 1 core Router ?
Replies: 11
Views: 1862

Re: 3 Telco Links BGP in 1 core Router ?

As long as BGP table scans are still performed on only one CPU core (RouterOS 7 anyone?), I would advise against using more than one BGP full feed on any tilera-based piece of hardware. A CCR1016 barely finishes the BGP table scan of two BGP full feeds before having to start the next one, so persona...
by hedele
Thu Dec 10, 2015 8:32 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 186827

Re: Cloud Hosted Router

What does the "upload per interface" limit apply to? Ethernet interfaces or "all" interfaces?
by hedele
Fri Nov 20, 2015 12:11 am
Forum: General
Topic: Best Interface Queue type for CCR routers?
Replies: 3
Views: 2179

Re: Best Interface Queue type for CCR routers?

If you are intending to use fastpath forwarding on the CCRs, you are required to use only-hardware-queue, as any other kind of interface queue will disable fastpath. multi-queue-ethernet-default should be worth trying on x86 systems with compatible NICs (in system - resource - irq you see several in...
by hedele
Wed Nov 11, 2015 9:56 am
Forum: RouterBOARD hardware
Topic: RouterOS x_86 64Bit & better Hardware support
Replies: 6
Views: 2893

Re: RouterOS x_86 64Bit & better Hardware support

As far as I know, CHR (the "official" VM version of RouterOS) is already x86_64 enabled - but Mikrotik refuses to offer this kernel in the x86 distribution. Maybe somebody with a lot of skill can rip the kernel out of the CHR and inject it in the x86 version. So as it stands right now, you will need...
by hedele
Thu Oct 29, 2015 8:10 pm
Forum: General
Topic: Feature Request - LAC/LNS functionality
Replies: 128
Views: 36922

Re: Feature Request - LAC/LNS functionality

it's actually pretty easy to set up. In winbox, you now have a new tab in the PPP menu called "L2TP Secrets". In there, you create an entry for the LAC IP address and the L2TP tunnel authentication password. Incoming L2TP control connections from a LAC will now be authenticated properly :) Incoming ...
by hedele
Thu Oct 29, 2015 5:13 pm
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 203
Views: 36834

Re: v6.33rc release candidate (final testing)

I didn't get around to testing the LNS functionality yet, but according to a separate thread where this feature was requested, it seems to work perfectly.
by hedele
Fri Oct 16, 2015 5:40 pm
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 203
Views: 36834

Re: v6.33rc release candidate (final testing)

I see that there has been fastpath support added for eoip, ipip and gre tunnels, which I think is an amazing improvement! Are there any figures available as to how much this speeds up tunnel forwarding performance? Also, is there any hope of getting fastpath support for ppp-type interfaces (pptp, l2...
by hedele
Wed Jun 10, 2015 3:56 pm
Forum: Forwarding Protocols
Topic: What BGP setups need to be optimized
Replies: 58
Views: 20956

Re: What BGP setups need to be optimized

What you have seen is actually the BGP table scan hitting one of the CPUs for 100%. Unfortunately, once you get a full BGP table (550k routes) on a CCR, the single CPU core can barely finish one run of the table scan before the next one is due, which is the reason why one core stays more or less 100...
by hedele
Wed May 27, 2015 5:53 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139054

Re: FastTrack - New feature in 6.29

My guess is you still need it, because not all connections can be fast-tracked. So you probably have to put the fast-track rule first, and a "normal" established/related accept rule afterwards to catch non-fasttrackable connections (like gre, ipsec-esp, icmp, etc...)
by hedele
Fri Apr 03, 2015 3:24 pm
Forum: RouterBOARD hardware
Topic: Mikrotik 18POW - is this an 18 or 24 volt power supply?
Replies: 1
Views: 609

Re: Mikrotik 18POW - is this an 18 or 24 volt power supply?

This is a 24 volt supply that is supposed to deliver 18 watts of power (that's why it is named 18POW).
by hedele
Sat Mar 28, 2015 3:13 pm
Forum: Forwarding Protocols
Topic: GRE Tunnel on Dynamic IP address
Replies: 9
Views: 13219

Re: GRE Tunnel on Dynamic IP address

Cisco has GRE multipoint tunnels to handle that specific situation (static server, dynamic client IP), Mikrotik does not offer that possibility. You will have to use L2TP instead, and then either pull the GRE/EoIP tunnel over the L2TP session, or use L2TP without another tunnel on top.
by hedele
Wed Jan 21, 2015 11:49 am
Forum: General
Topic: [FEATURE REQUEST] Two Factor Authentication
Replies: 22
Views: 13750

Re: [FEATURE REQUEST] Two Factor Authentication

I can only see a slight problem with the Google Authenticator bit... since the one-time codes are derived from clock time, there's going to be trouble when your Routerboard reboots and fails to sync clock time with NTP afterwards as no RB has a battery-buffered RTC included, leading to you being una...
by hedele
Tue Nov 25, 2014 6:09 pm
Forum: Forwarding Protocols
Topic: Mikrotik to Cisco GRE Multipoint
Replies: 4
Views: 3996

Re: Mikrotik to Cisco GRE Multipoint

Hi, This will not work as Mikrotik does not implement NHRP protocol, as that is required for mGRE tunnels to work. You will have to use point-to-point GRE tunnels between Cisco and Mikrotik gear. Also, Mikrotik does not implement EIGRP protocol, so even if you would get mGRE running, you would still...
by hedele
Fri Nov 07, 2014 3:55 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 47275

Re: RB850Gx2 - Release date?

@jeroen If you're spinning it that way, you might as well consider TCP "overhead" and reduce the actual payload to 1460 Bytes. Or consider the overhead of any higher layer protocol and reduce the payload even further. That way of thinking is misleading when you're talking about throughput figures wh...
by hedele
Thu Nov 06, 2014 7:11 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 47275

Re: RB850Gx2 - Release date?

... ok, let's play Networking 101 ;) An ethernet frame is 1518 bytes in size, 1500 bytes payload, 14 bytes for the header, 4 bytes for FCS/CRC. L2MTU is NOT Ethernet frame size, but Ethernet PAYLOAD size. Thus, testing with L2MTU 1500 equals 1518 byte frame size - all tests that Mikrotik publishes r...
by hedele
Thu Oct 16, 2014 10:36 pm
Forum: RouterBOARD hardware
Topic: Compatibility Hardware to 2Gbps
Replies: 2
Views: 1637

Re: Compatibility Hardware to 2Gbps

As far as I know, both of them do not work due to missing drivers.
You really should have chosen their intel counterparts when configuring the server... the Intel 2-Port 10G cards (Intel X520 DP) that Dell offers work fine in ROS 6.18 and even offer 2 rx/tx queues.
by hedele
Wed Oct 15, 2014 1:11 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 vs layer 3 switch
Replies: 8
Views: 3250

Re: ccr 1036 vs layer 3 switch

That's the point: While there are a bunch of surprisingly fast and surprisingly cheap L3 switches available, they usually offer only a very limited amount of maximum route entries - most of them can only handle around 16-64k routes, which is not enough to use them in any true multihomed BGP scenario...
by hedele
Tue Oct 14, 2014 8:53 am
Forum: General
Topic: sstp vs pptp performance
Replies: 27
Views: 9598

Re: sstp vs pptp performance

As SSTP is a purely TCP based tunnel, it can suffer from TCP meltdown problem and may generally not deliver optimal performance on links that are not 100 percent clean and stable. You have the same issues when using OpenVPN TCP tunnels. PPTP is using GRE to transmit encapsulated data, and does there...
by hedele
Mon Oct 13, 2014 1:27 pm
Forum: General
Topic: processor 100% on ethernet
Replies: 8
Views: 1439

Re: processor 100% on ethernet

I don't see a problem with your device. The numbers match up. Don't just look at the Mbps, look at the packets per second also. You are getting in Excess of 170k packets per second in your first graphic. RB2011 is rated for 227k packets with fastpath routing (NO firewall/connection-tracking whatsove...
by hedele
Wed Oct 08, 2014 9:11 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 47275

Re: RB850Gx2 - Release date?

KVM is inherently an x86-only technology - so I'd say definitely no.
You can already use KVM on RouterOS x86.
by hedele
Wed Sep 17, 2014 12:57 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 93157

Re: v6.19 released

Well as you can read from some of the feedback in this thread, winbox 3 does not seem mature enough for production use yet.
Also, I don't think that there is any technical reason that winbox 3 is required for new rc builds, it's probably just politics to force people into beta-testing winbox 3.
by hedele
Wed Sep 17, 2014 12:31 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 93157

Re: v6.19 released

Winbox v3 is required for router’s configuration. Welp... no more rc testing (or upgrading, for that matter) for me then... I'll stay on 6.18 on all of my devices, since EoIP (which I use it a lot) is broken on 6.19. 6.18 was a great release (the first really stable and usable one with no major bug...
by hedele
Tue Sep 16, 2014 9:14 am
Forum: General
Topic: Dealing with 3 different DDOS attacks. Need suggestions
Replies: 6
Views: 1898

Re: Dealing with 3 different DDOS attacks. Need suggestions

That shouldn't be a big problem, not a lot of services use these ports server-side anyway, most of them multimedia- or gaming-related. If customers are complaining, you can justify this measure with an incoming ddos, they should understand that issue.
by hedele
Tue Sep 16, 2014 8:53 am
Forum: General
Topic: Dealing with 3 different DDOS attacks. Need suggestions
Replies: 6
Views: 1898

Re: Dealing with 3 different DDOS attacks. Need suggestions

How about accepting connections to the udp ports you know are being used for openvpn, accepting "established" packets, accepting connections to udp/1701 (l2tp) and dropping the rest of udp? there's not much you can do with icmp, except drop it or use a limiter in firewall so only a certain amount of...
by hedele
Mon Sep 15, 2014 10:34 am
Forum: General
Topic: hairpin
Replies: 4
Views: 1049

Re: hairpin

Well technically this will only hit traffic where the local devices are stupid enough to send their traffic towards the default gateway, even though the destination is within the same subnet - which should never happen if the device has a correctly working IP stack. So there's really no reason not t...
by hedele
Wed Sep 10, 2014 5:58 pm
Forum: Forwarding Protocols
Topic: Loss of BGP function after 3-4 weeks
Replies: 16
Views: 3087

Re: Loss of BGP function after 3-4 weeks

Can you make a supout.rif while you encounter the BGP problem?
It's a long shot, but if you succeed in getting a supout, maybe Mikrotik support can find something out.
by hedele
Fri Sep 05, 2014 9:37 am
Forum: Forwarding Protocols
Topic: policy routing support
Replies: 4
Views: 969

Re: policy routing support

You need to create more policy rules, which must be located at the beginning of your policy route ruleset. For each of your LAN subnets, you need to create a rule which says dst=$Lan_Subnet action=lookup table=main (do not enter anything in src) - otherwise the subnets won't be able to communicate w...
by hedele
Thu Sep 04, 2014 12:24 pm
Forum: Forwarding Protocols
Topic: VLAN over Cisco BGP VPLS (L2MTU Problem?)
Replies: 4
Views: 1617

Re: VLAN over Cisco BGP VPLS (L2MTU Problem?)

Interesting, which ROS version are you using? According to mrz, this shouldn't work:

http://forum.mikrotik.com/viewtopic.php ... 79#p432579
by hedele
Sat Aug 23, 2014 12:23 pm
Forum: General
Topic: Assign Public IP
Replies: 6
Views: 1164

Re: Assign Public IP

Well to put it plain - it simply cannot work this way. Subnetting doesn't work this way. The only possibility to do this is to bridge your WAN and LAN interfaces, which would put all your clients directly on your uplink. You can still do limited traffic flow manipulation and NAT with "Use IP firewal...
by hedele
Fri Aug 22, 2014 1:22 pm
Forum: General
Topic: v6.19rc for CCR tests needed!
Replies: 59
Views: 17554

Re: v6.19rc for CCR tests needed!

Linked ALMOST correctly :) it's actually 13.25.6 13.25.6 AutoIsolate A Boolean. Set by management if isolate (13.25.20) is to be set, causing a Designated Port to transition to Discarding if both AdminEdge (13.25.1) and AutoEdge (13.25.5) are FALSE and the other bridge presumed to be attached to the...
by hedele
Wed Aug 20, 2014 8:10 pm
Forum: General
Topic: VPLS performance is lower than EoIP
Replies: 10
Views: 3210

Re: VPLS performance is lower than EoIP

I'll try to give it a whirl tomorrow, i somehow can't believe that 100 mbit/s is all that it's gonna do.
by hedele
Tue Aug 19, 2014 2:26 pm
Forum: General
Topic: MLPPP of 2 connections showing many more?!
Replies: 2
Views: 936

Re: MLPPP of 2 connections showing many more?!

That is a very old problem that can be traced back until when MLPPP was first implemented (back in ROS 3.x). Curiously, I have no idea what causes it, and it never got fixed over time. The main problem with that is, that this causes very bad performance (I once had 27 parallel connections open on tw...
by hedele
Mon Aug 11, 2014 5:18 pm
Forum: General
Topic: VPLS performance is lower than EoIP
Replies: 10
Views: 3210

Re: VPLS performance is lower than EoIP

Yeah I'd suggest that, too. A RB1100AHx2 has 13 gigabit ports, but only 5 of them can be used without oversubscription. Also, routing traffic between those non-oversubscribed ports is faster than routing "on a stick" where source and destination are on the same port or switch-group. So you want to o...
by hedele
Mon Aug 04, 2014 10:22 pm
Forum: Forwarding Protocols
Topic: VLAN over Cisco BGP VPLS (L2MTU Problem?)
Replies: 4
Views: 1617

Re: VLAN over Cisco BGP VPLS (L2MTU Problem?)

Well, according to some other thread I recently read here, Mikrotik's official response is that you can't.
If you need this, you will have to open a ticket asking for this particular feature.
by hedele
Fri Aug 01, 2014 7:21 pm
Forum: General
Topic: EOIP when no Q n Q?
Replies: 4
Views: 525

Re: EOIP when no Q n Q?

It will work, but EoIP is terribly, terribly slow on CCRs, at least for me. I can't get more than 450 Mbit/s of traffic through any one EoIP tunnel. x86 rocks the world for that, you can push 3-4 Gigabit/s through a mid-range Xeon easily.
by hedele
Fri Aug 01, 2014 9:08 am
Forum: General
Topic: Feature Request - LAC/LNS functionality
Replies: 128
Views: 36922

Re: Feature Request - LAC/LNS functionality

Hi ganewbie, I think you misunderstood - there is a difference between authenticating users, and authenticating the l2tp tunnel itself. Authenticating users works fine, authenticating the l2tp control channel does not. Cisco enforces L2TP control channel authentication by default, which needs to be ...
by hedele
Thu Jul 31, 2014 7:40 pm
Forum: General
Topic: Feature Request - LAC/LNS functionality
Replies: 128
Views: 36922

Re: Feature Request - LAC/LNS functionality

Hi ganewbie, Yes LNS functionality works, with one caveat - L2TP tunnel authentication is not supported, so whoever is on the LAC side must NOT use a l2tp tunnel password or l2tp tunnel authentication. On a Cisco LAC, you will need to put "no l2tp tunnel authentication" in the corresponding VPDN gro...
by hedele
Wed Jul 30, 2014 6:19 pm
Forum: General
Topic: Feature Request - LAC/LNS functionality
Replies: 128
Views: 36922

Re: Feature Request - LAC/LNS functionality

It's easily possible to use Mikrotik as an LNS (even in 5.26, as the L2TP Keepalive function is already available there), but in terms of LAC you're really out of luck. Still, i resort to using Cisco gear for most LAC/LNS duties.
by hedele
Fri Jul 18, 2014 7:19 pm
Forum: General
Topic: ISP requires VLAN and pbit set
Replies: 8
Views: 4009

Re: ISP requires VLAN and pbit set

That's actually pretty simple once you know what to look for :) CoS bit/p-bit is called priority in RouterOS.
You need to create a Firewall Mangle rule, for out-interface=yourWANinterface with action=set-priority priority=2
and you should be ready to go.
by hedele
Fri Jul 18, 2014 12:33 pm
Forum: General
Topic: Routeros 6.15 and PPPoE dialer interface stops authenicating
Replies: 4
Views: 1148

Re: Routeros 6.15 and PPPoE dialer interface stops authenica

Can you try if deleting the interface in winbox, and then using the undo button (which will re-create the interface) fixes it?
by hedele
Tue Jul 08, 2014 6:17 pm
Forum: General
Topic: v6.15 released
Replies: 302
Views: 102987

Re: v6.15 released

Agreed regarding the VTI . I have some extremely reliable mtk boxes that I might possibly have to junk now as we've moved away from a nix based quagga server to a fortinet and I absolutely need VTI. How so? Fortinet VTIs interoperate perfectly with standard IPSec Site to Site implementations like M...
by hedele
Tue Jul 08, 2014 10:24 am
Forum: Forwarding Protocols
Topic: MPLS and RFC 2544
Replies: 7
Views: 1701

Re: MPLS and RFC 2544

The thing is - according to official performance figures, RB750 should be fast enough to handle 50 Mbit/s in 64 byte packets, as MPLS performance is supposed to be somewhere between bridging and routing, but I think Fastpath does not work with VPLS. The safest choice of Routerboard for this applicat...
by hedele
Mon Jul 07, 2014 10:28 pm
Forum: Forwarding Protocols
Topic: MPLS and RFC 2544
Replies: 7
Views: 1701

Re: MPLS and RFC 2544

As customer, if I specifically tested small packet sizes, I would not accept that performance, as I ordered 50 Megabit/s, and I should be able to reach that performance regardless which packet size my preferred application uses. That said, as ISP you could probably argue with IMIX (http://en.wikiped...
by hedele
Fri Jun 27, 2014 9:33 am
Forum: General
Topic: PPTP and L2TP WARCRAFT 3
Replies: 7
Views: 1845

Re: PPTP and L2TP WARCRAFT 3

No, only enable it on your LAN Port (Master-Port of switch-group, or on bridge, depending on what you use).
Still, I'd go for Hamachi in any case :)
by hedele
Thu Jun 26, 2014 2:47 pm
Forum: General
Topic: PPTP and L2TP WARCRAFT 3
Replies: 7
Views: 1845

Re: PPTP and L2TP WARCRAFT 3

This is kind of problematic with PPTP and L2TP, because game/hostdiscovery in warcraft 3 works by using broadcast packets, which usually does not work over any PPP based connection. You are better off using an alternative solution like Hamachi (which I can confirm as working) or Tunngle. Your best s...
by hedele
Sat Jun 21, 2014 1:22 pm
Forum: General
Topic: WNA1100(AR9271) doesn't work in ROS v6
Replies: 1
Views: 600

Re: WNA1100(AR9271) doesn't work in ROS v6

I can't remember the exact version, but support for this chipset was removed by Mikrotik because it caused too many issues.
You will have to stay at ROS v5 if you really want to use that device.
by hedele
Thu Jun 19, 2014 1:41 pm
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 21
Views: 9323

Re: WE NEED EIGRP

+1 for not implementing EIGRP. It simply does not scale too well compared to ISIS or OSPF, and becomes a resource hog in larger networks, while converging more slowly than OSPF. Also, I have yet to see a network that didn't work more reliably and converge faster when EIGRP was replaced by OSPF (and ...
by hedele
Wed Jun 18, 2014 6:40 pm
Forum: General
Topic: v6.15 released
Replies: 302
Views: 102987

Re: v6.15 released

I can confirm that issue - connecting to a Router with winbox through any kind of directly connected ppp interface (pppoe, pptp, l2tp) causes the winbox session to randomly disconnect. Tested on 6.13, 6.14 and 6.15. I'm not sure if using MPPE makes any difference, but I think not.
by hedele
Mon Jun 16, 2014 6:02 pm
Forum: RouterBOARD hardware
Topic: CRS125 ISOLATED VLANS and full switching manual
Replies: 40
Views: 13279

Re: CRS125 ISOLATED VLANS and full switching manual

Is there already any timeframe on implementing RSTP on CRS125 switch chip?
by hedele
Thu Mar 06, 2014 6:30 pm
Forum: RouterBOARD hardware
Topic: TP-Link MC110CS replace with S-31DLC20D
Replies: 1
Views: 742

Re: TP-Link MC110CS replace with S-31DLC20D

No, unfortunately not. The TP-Link converter is using a 100 Megabit connection (100Base-FX), and Mikrotik SFPs use a 1.25 gigabit connection (1000Base-LX). Unlike with Ethernet on copper, there is no such thing as auto speed negotiation, and the transmission standards in use are incompatible with ea...
by hedele
Thu Feb 20, 2014 9:38 am
Forum: RouterBOARD hardware
Topic: RB1100ahx2 redundant powering
Replies: 15
Views: 4541

Re: RB1100ahx2 redundant powering

We are using this productively on a number of 1100Hx2 and 1100AHx2 and had no problems so far.
24V power is fed through PoE, and 12V through the internal AC adapter - you can happily plug each one out or in without any service disruption :)
by hedele
Thu Feb 13, 2014 10:55 am
Forum: General
Topic: carrier grade NAT
Replies: 3
Views: 2500

Re: carrier grade NAT

I think he refers to this RFC where Carrier-Grade NAT using reserved IANA IPv4 space (100.64.0.0/10) is defined: http://tools.ietf.org/search/rfc6598 In this document, it is said that: ... Shared Address Space can be used as additional non-globally routable space on routing equipment that is able to...
by hedele
Wed Feb 12, 2014 1:10 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 113754

Re: RB751U-2HnD - poor wireless performance & problems

Well I found that for the wireless in 751U and 751G to work reliably, I have to disable RX/TX Chain 1, leaving only chain 0 active. While that limits me to 65 Mbps @ 20 MHz (Real-Life throughput of around 35-40 Mbps), at least the connection is stable. Enabling TX chain 1 is usually(!) not a problem...
by hedele
Sat Dec 14, 2013 5:01 pm
Forum: General
Topic: modem Huawei E3276 LTE
Replies: 7
Views: 5494

Re: modem Huawei E3276 LTE

Is there at least hope to finally get support for huawei cdc_ether?
There are lots of Huawei 3G/LTE Sticks around now, that cannot perform well because ROS only supports PPP mode instead of cdc_ether/NDIS mode.
by hedele
Wed Nov 13, 2013 12:24 pm
Forum: General
Topic: CRS default configuration
Replies: 4
Views: 1121

Re: CRS default configuration

Ah okay so that was probably just an oversight... yeah I agree that CRS should have white background, maybe you can sneak the configuration for that into one of the next releases.
by hedele
Tue Nov 12, 2013 11:56 am
Forum: General
Topic: CRS default configuration
Replies: 4
Views: 1121

Re: CRS default configuration

Same happens on my CRS test device... mildly irritating. Did not try ROS 6.6. yet though.
Also, the LCD screen is inverted, compared to the CCRs i have on my desk.
On the CCRs, background color is white, text color is black, while the CRS has black background and white text... wtf?
by hedele
Thu Sep 05, 2013 2:18 pm
Forum: General
Topic: interface list "disappear" in RB411
Replies: 7
Views: 1430

Re: interface list "disappear" in RB411

It's a little bit late for a reply, but I only just got that card and using the following as init-string in the ppp-client interface should solve the problem:

AT^CURC=0;AT^STSF=0,0

This will turn off all diagnostic and unsolicited output on the info-channel and stop the rb from fucking up :)
by hedele
Tue Sep 03, 2013 2:53 pm
Forum: Forwarding Protocols
Topic: PPPoE over Q-in-Q tunnel
Replies: 7
Views: 3247

Re: PPPoE over Q-in-Q tunnel

Well I might at least have an idea how you could terminate all customers on only one pppoe server... Create a bridge where your pppoe server will listen on, and add a bridge filter rule for that bridge, chain=forward, action=drop. Now add every customer vlan interface to this bridge. What this does,...
by hedele
Mon Jul 15, 2013 9:04 am
Forum: RouterBOARD hardware
Topic: MikroTik RB2011UAS-2HnD-IN replacement in future(2013-2014)?
Replies: 15
Views: 3964

Re: MikroTik RB2011UAS-2HnD-IN replacement in future(2013-20

Then why the heck has this Routerboard not been in stock anywhere in Western Europe since the end of May? What's wrong with your production planning? I mean, people already know that you did a new hardware revision for the 2011 series, why can't you just admit something went wrong with the time plan...
by hedele
Fri Jul 05, 2013 11:27 am
Forum: Forwarding Protocols
Topic: v6.1 Kernel Panic with VPLS
Replies: 4
Views: 1540

Re: v6.1 Kernel Panic with VPLS

From my experience, you should change the emulated NIC to e1000e in the corresponding .vmx files for your routers as soon as you are going beyond simple routing (even with VLANs i would strongly recommend switching to e1000e). This also has the bonus of being able to set L2MTU in RouterOS. VMware ES...
by hedele
Thu Jul 04, 2013 10:34 pm
Forum: Forwarding Protocols
Topic: v6.1 Kernel Panic with VPLS
Replies: 4
Views: 1540

Re: v6.1 Kernel Panic with VPLS

Which NIC are you emulating in vmware?
There are often strange issues when you try to use e1000 with MTU -> 1500 bytes, especially with mpls/vpls.
Did you try playing around with MPLS MTU? If not, try to set it to 1500 or 1522.
by hedele
Fri May 24, 2013 9:56 am
Forum: RouterBOARD hardware
Topic: support DL360
Replies: 5
Views: 1301

Re: support DL360

You need to set your onboard SATA controller mode to IDE/PATA/Compatibility Mode in BIOS and connect your hard disk to the onboard SATA controller.
RouterOS will not detect most AHCI-SATA controllers, if not all, and will definitely not detect any disks connected to a hardware RAID controller.
by hedele
Wed May 22, 2013 9:56 pm
Forum: General
Topic: v6.0 released
Replies: 321
Views: 67785

Re: v6.0 released

I think I may have found a bug on x86 version of 6.0. I believe that loopback interfaces (or in this case, a bridge without anything on it) might end up being broken when it comes to adding it within OSPFv3. On my MIPS-BE router (RB751) it works perfectly, but on my x86 router it shows as inactive ...
by hedele
Tue Apr 02, 2013 10:08 pm
Forum: General
Topic: RB1100AHX2 Problem
Replies: 2
Views: 989

Re: RB1100AHX2 Problem

Hi, This is very unfortunate :( I also had that problem with two of my RB1100AHx2. The problem seems to be related to the NAND driver. There are some very old threads about this in the forum. ROS 5.14 contains a fix: What's new in 5.14 (2012-Feb-22 12:04): *) fixed rare configuration retention probl...
by hedele
Fri Mar 29, 2013 11:35 am
Forum: RouterBOARD hardware
Topic: Mod rb44ge to fit in pci-express x1
Replies: 2
Views: 1568

Re: Mod rb44ge to fit in pci-express x1

I don't unterstand why more people don't just file away a little bit of the plastic PCIe socket on the mainboard, instead of irreparably damaging the card... If you mod the PCIe socket, the x4 card will fit (but work in x1 mode), but you can still re-use the x4 card somewhere else with full speed an...
by hedele
Thu Mar 28, 2013 10:03 pm
Forum: General
Topic: RouterOS v6rc12
Replies: 78
Views: 22790

Re: RouterOS v6rc12

Why all the panic? :) RC11 can still be downloaded: http://www.mikrotik.com/download/routeros-ALL-6.0rc11.torrent http://download2.mikrotik.com/routeros/6.0rc11/routeros-tile-6.0rc11.npk http://download2.mikrotik.com/routeros/6.0rc11/routeros-mipsbe-6.0rc11.npk http://download2.mikrotik.com/routeros...
by hedele
Wed Mar 27, 2013 10:49 pm
Forum: Wireless Networking
Topic: Wi-Fi on MikroTik RB2011UAS-2HnD-IN
Replies: 42
Views: 24311

Re: Wi-Fi on MikroTik RB2011UAS-2HnD-IN

I have a similar problem with a Macbook Pro (OSX 10.8.3) and RB 411U with R52 wireless card: 23:51:42 wireless,info 40:B3:95:F2:1C:47@wlan1: connected 23:51:43 wireless,info 40:B3:95:F2:1C:47@wlan1: reassociating 23:51:43 wireless,info 40:B3:95:F2:1C:47@wlan1: disconnected, ok 23:51:43 wireless,info...
by hedele
Wed Mar 27, 2013 1:31 pm
Forum: General
Topic: 5.24 released!
Replies: 161
Views: 44055

Re: 5.24 released!

There is a slight problem with RB1100Hx2 and 5.24 System - Routerboard - Settings shows the following error [admin@MikroTik] > sys rou set pri baud-rate: 115200 boot-delay: 2s enter-setup-on: any-key boot-device: nand-if-fail-then-ethernet cpu-frequency: 1066MHz memory-data-rate: (unknown) boot-prot...
by hedele
Thu Nov 29, 2012 7:57 pm
Forum: General
Topic: 6.0rc4 released!
Replies: 101
Views: 18237

Re: 6.0rc4 released!

Hi there,

just a short question to Mikrotik Staff (or anyone else?) - can you please confirm if this change from 5.22
is also included in 6.0 rc4?

*) l2tp server - added keepalive-timeout setting;

thanks!
by hedele
Fri Oct 12, 2012 9:03 pm
Forum: General
Topic: L2TP keep alive - where is it?
Replies: 20
Views: 8931

Re: L2TP keep alive - where is it?

Frankly, I don't have that problem. I also tried the LAC (Cisco) -> LNS (Mikrotik) variant of tunneling dsl connections, and if I pull the dsl cable from the modem, it only takes about 30 seconds for the l2tp server interface to disappear. So, I guess there's a 30 second hard-coded keepalive (at lea...
by hedele
Wed Oct 10, 2012 12:53 am
Forum: General
Topic: DHCP server taking 30+ sec to hand IP out on VLAN
Replies: 2
Views: 679

Re: DHCP server taking 30+ sec to hand IP out on VLAN

Did you consider spanning-tree delays on the switches? If spanning-tree is active (and, if using cisco switches, portfast is not set), the switch will have a 30 second delay (15 sec. listening, 15 sec learning) before letting traffic pass through the port, in order to avoid forwarding loops. Of cour...
by hedele
Tue Oct 09, 2012 11:11 pm
Forum: General
Topic: L2TP Tunnel Authentication (ADSL with Mikrotik LNS)
Replies: 5
Views: 4295

Re: L2TP Tunnel Authentication (ADSL with Mikrotik LNS)

Hi, I guess you maybe know that - Routerboards can accept L2TP tunneled DSL connections as LNS if no tunnel authentication is required. If the LAC is a Cisco router - you have to use "no lt2p tunnel authentication" in the vpdn group. Relayed ppp sessions will then show up as L2TP server interface on...
by hedele
Tue Oct 09, 2012 12:22 pm
Forum: Forwarding Protocols
Topic: BGP and routing filter improvement suggestions
Replies: 58
Views: 16756

Re: BGP and routing filter improvement suggestions

BGP Peer Groups would be good too. When you have say 10 peers with common settings, the only thing thats different is the peer IP and remote AS, have them belong to a parent group that defines all the other settings, then when you need to change a setting you only need to change it in one place ins...
by hedele
Thu Oct 04, 2012 2:48 pm
Forum: General
Topic: [Request] Ping via specific gateway in netwatch
Replies: 4
Views: 1509

Re: [Request] Ping via specific gateway in netwatch

I would just create a /32 route for the destination you intend to ping, pointing to your main gateway.
8.8.4.4 would be better for that, since a lot of people may actually use 8.8.8.8 as primary dns.
by hedele
Wed Jun 06, 2012 4:50 pm
Forum: General
Topic: PPPoE - Prevent Failed PPP Calls
Replies: 10
Views: 6318

Re: PPPoE - Prevent Failed PPP Calls

I don't understand what's so difficult in filtering somebody based on mac :)
Make your PPPoE server run on a bridge interface, and use bridge filters on input chain to temporarily block MAC adresses.
by hedele
Wed May 09, 2012 10:26 am
Forum: General
Topic: Bonding bad performance on TCP
Replies: 18
Views: 4751

Re: Bonding bad performance on TCP

You are probably using balance-rr as bonding mode - there is no packet reordering in router os, and therefore TCP will get frequent pipeline-stalls because of packets arriving out-of-order. Try a different bonding mode (balance-xor) - but that will require you to make more than one concurrent TCP co...
by hedele
Thu Mar 15, 2012 11:32 am
Forum: RouterBOARD hardware
Topic: NEW PRODUCT - Cloud Core Router
Replies: 104
Views: 33941

Re: NEW PRODUCT - Cloud Core Router

To be honest, this sounds like an early April Fools Joke :)
However, I would definitely like to see something like this!
by hedele
Sun Mar 04, 2012 11:53 pm
Forum: General
Topic: v5.14 released
Replies: 73
Views: 20560

Re: v5.14 released

This is the normal behaviour of netwatch since ... well, ever since I started using RouterOS (somewhere around 3.10). I would suggest that you use System -> Watchdog - you can set it to ping something (and reboot if it is unreachable), and also set a timeout after reboot, which will keep it from reb...
by hedele
Thu Feb 16, 2012 6:09 pm
Forum: General
Topic: v5.13 released
Replies: 64
Views: 8193

Re: v5.13 released

I found that this might be related to auto IRQ assignment on RB1100AHx2. Sometimes, when auto IRQ assignment changes CPU assignment for a switchgroup or eth port, the port flaps. This can also be forced by manually changing CPU assignment. However, it doesn't always happen, maybe 25% of the time. Of...
by hedele
Tue Feb 14, 2012 2:25 pm
Forum: General
Topic: RB1100AHx2 disk i/o error can't write / erase from disk
Replies: 10
Views: 3849

Re: RB1100AHx2 disk i/o error can't write / erase from disk

A netinstall will probably take around 45 minutes, which is what I had happen to me when I tried it. Afterwards though, the routerboard seemed to work normally. I never run into the issue, that flash cannot be written, but hat a different problem where the RB forgets about half of it's configuration...
by hedele
Thu Feb 09, 2012 5:19 pm
Forum: General
Topic: Multilink PPPoE, Excessive Rx Errors and Drops
Replies: 9
Views: 3046

Re: Multilink PPPoE, Excessive Rx Errors and Drops

Our RBs experience the same effect - a lot of RX errors on the pppoe-out interface (depending on load),
without any detectable impact on service quality (except maybe small latency jumps).
Therefore i tend to agree with your opinion, it's probably related to packet reordering.
by hedele
Thu Feb 09, 2012 12:02 pm
Forum: General
Topic: Multilink PPPoE, Excessive Rx Errors and Drops
Replies: 9
Views: 3046

Re: Multilink PPPoE, Excessive Rx Errors and Drops

It's a little late to reply to the OP, but the MTU is always 1524, as that value is forced upon the Routerboard from the LNS. I guess you are using Cisco equipment to terminate the MLPPP connection, as 1524 is the Cisco default value for MLPPP. You should be able to change it on your LNS; but not th...
by hedele
Mon Feb 06, 2012 1:39 am
Forum: General
Topic: RB1100x2/AH w/v5.12 Lossing Password
Replies: 9
Views: 2865

Re: RB1100x2/AH w/v5.12 Lossing Password

I had the same problem with two other RB1100AHx2. Sometimes, on boot the RB would "forget" parts of the configuration, such as passwords or IP Adresses. Config changes made during this problem are not committed to flash. A reboot results in a kernel panic related to the flash device, the bootloader ...
by hedele
Tue Jan 31, 2012 4:18 pm
Forum: RouterBOARD hardware
Topic: Incorrect handling of 3G modem failures
Replies: 5
Views: 4707

Re: Incorrect handling of 3G modem failures

Is your ppp-out client set to dial-on-demand=yes (which is default behavior)? If so, the ppp-out interface will always spoof "running" status.
Disable dial on demand, and it should show the correct interface status.
by hedele
Tue Jan 31, 2012 4:10 pm
Forum: General
Topic: Modem hunged up problem
Replies: 3
Views: 2324

Re: Modem hunged up problem

Usually this happens when the modem has some kind of hickup and needs a power-cycle (unplug/replug) to work normally again. Unfortunately, RB411U does not support USB power-reset. To test this, try opening a serial-terminal on the data channel (disable ppp-client first), and try ATDT*99***1# - you s...
by hedele
Tue Jan 31, 2012 9:37 am
Forum: General
Topic: EOIP performance on interface with MTU > 1500
Replies: 9
Views: 14624

Re: EOIP performance on interface with MTU > 1500

So it is a x86 machine? Which network card are you using?
by hedele
Mon Jan 30, 2012 2:00 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1331

Re: RB433 IRQ missing for ether2 & 3

I guess that's just some weird naming convention difference, you would have to ask mikrotik support why.
by hedele
Mon Jan 30, 2012 12:51 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1331

Re: RB433 IRQ missing for ether2 & 3

That is completely up to your personal preference, there is no performance difference.
by hedele
Mon Jan 30, 2012 12:16 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1331

Re: RB433 IRQ missing for ether2 & 3

Yes I am pretty sure that routing between ether1 and 2+3 is generally faster, as far as I know, that was also already stated by some mikrotik guys here in the forum. ... and to be honest, it's quite logical that routing is faster that way, if you take the IRQ and bandwidth sharing into accoung :) Al...
by hedele
Mon Jan 30, 2012 11:08 am
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1331

Re: RB433 IRQ missing for ether2 & 3

Guys, no need to panic :) ether2 and ether3 are both using the IRQ shown as "switch0" Even if you are not using switching function of ether2 and ether3, they are both connected to the CPU through the onboard switch chip IC-Plus-175D, as the Atheros CPU only has support for two ethernet ports (one is...
by hedele
Mon Jan 30, 2012 11:03 am
Forum: General
Topic: EOIP performance on interface with MTU > 1500
Replies: 9
Views: 14624

Re: EOIP performance on interface with MTU > 1500

You do not need to change L3 MTU in order to get Q-in-Q working - unless you are using a x86 machine. If so, use a Routerboard instead where you can set L2 MTU. Maybe someone else can propose a workaround (e.g. you may try having vlan interface on ether1 with mtu 1500, and use it as parent interface...
by hedele
Sun Jan 29, 2012 12:58 am
Forum: General
Topic: EOIP performance on interface with MTU > 1500
Replies: 9
Views: 14624

Re: EOIP performance on interface with MTU > 1500

I think you forget one very fundamental problem: Your EoIP packet is also just another IP packet for ether1, if EoIP packets are transmitted over ether1. The EoIP packet is up to 1542 byte in size (1500 bytes eoip MTU + 42 bytes EoIP header). If Layer 3 MTU on ether1 is 1500, then EoIP Packets will ...
by hedele
Fri Jan 13, 2012 4:10 pm
Forum: General
Topic: Upgrade RB600A to RB800 interface wierdness.
Replies: 1
Views: 426

Re: Upgrade RB600A to RB800 interface wierdness.

As far as I know (and experienced), .backup files (binary backups) are only 100% compatible if you use the exact same device (by that I mean restoring the backup to exactly the same router you took it from) and about 95% compatible within the same series of routers (using a backup from a RB750 on an...
by hedele
Fri Jan 13, 2012 11:57 am
Forum: General
Topic: Huawei E372 3g modem hangsup on 3 network
Replies: 18
Views: 4168

Re: Huawei E372 3g modem hangsup on 3 network

To be honest, I wouldn't ever use a RB where I have to buy a USB Power Injector. I've been using RB411U and RB433UAH for quite some time, and didn't experience any out of the world problems (other than Huawei Modems sometimes hang and need to be unplugged/replugged). In my experience, ZTE Modems wor...
by hedele
Fri Jan 13, 2012 9:47 am
Forum: General
Topic: Huawei E372 3g modem hangsup on 3 network
Replies: 18
Views: 4168

Re: Huawei E372 3g modem hangsup on 3 network

Very strange, all ATZ does is tell the modem to reset itself *g* I can remember reading somewhere, that you shouldn't normally use ATZ for some UMTS Modems, because it causes them to not work anymore until you unplug and replug it. Oh well, but if it works, why bother :) On a related note: The USB c...
by hedele
Thu Jan 12, 2012 1:52 pm
Forum: General
Topic: Huawei E372 3g modem hangsup on 3 network
Replies: 18
Views: 4168

Re: Huawei E372 3g modem hangsup on 3 network

I have received a RB751U-2HnD today and tested the e372 successfully with that device as well.
If the USB power injector does not work as well, you may have to try upgrading the firmware on the e372 I guess...
by hedele
Wed Jan 11, 2012 10:44 am
Forum: General
Topic: Huawei E372 3g modem hangsup on 3 network
Replies: 18
Views: 4168

Re: Huawei E372 3g modem hangsup on 3 network

a LCP ProtRej is not a big deal in this case, as it just tells you that the remote router does not support using IPv6CP/MPLSCP. In theory, yes, there could be something wrong with power supply, but from what I have experienced, that should lead to the modem resetting itself during the connection att...
by hedele
Wed Jan 11, 2012 12:58 am
Forum: General
Topic: Huawei E372 3g modem hangsup on 3 network
Replies: 18
Views: 4168

Re: Huawei E372 3g modem hangsup on 3 network

Very strange... but at least there is no LCP timeout anymore.
For some reason, your provider is not assigning you an IP address.
Possibly your SIM card is not active (or locked), or the APN is wrong.
Can you check that as well?
by hedele
Tue Jan 10, 2012 10:45 pm
Forum: General
Topic: Huawei E372 3g modem hangsup on 3 network
Replies: 18
Views: 4168

Re: Huawei E372 3g modem hangsup on 3 network

Hi,

give it another try, but disable chap! so that the ppp-client only says allow=pap
by hedele
Tue Jan 10, 2012 7:48 pm
Forum: General
Topic: Huawei E372 3g modem hangsup on 3 network
Replies: 18
Views: 4168

Re: Huawei E372 3g modem hangsup on 3 network

I am using the firmware from here (11.203.05.00.00):
http://www.dc-files.com/files/huawei/modems/E372/
however, give your router a try with the ppp client configuration I posted before flashing around on your stick.
by hedele
Tue Jan 10, 2012 6:03 pm
Forum: General
Topic: Huawei E372 3g modem hangsup on 3 network
Replies: 18
Views: 4168

Re: Huawei E372 3g modem hangsup on 3 network

Your ppp-client settings look way too complicated and confusing. Try it this way (works on my e372 with 3 Austria on ROS 5.11): /interface ppp-client add add-default-route=yes allow=pap,chap apn=bredband.tre.dk data-channel=0 dial-command=ATDT \ dial-on-demand=no disabled=yes info-channel=4 keepaliv...
by hedele
Thu Nov 03, 2011 12:50 pm
Forum: General
Topic: RouterOS v5.8 released
Replies: 182
Views: 86989

Re: RouterOS v5.8 released

Argh still no IPv6 routing marks :( Pleeeeease, add IPv6 routing marks in 5.9!
by hedele
Wed Nov 02, 2011 5:54 pm
Forum: RouterBOARD hardware
Topic: RB800 support for 3G modems
Replies: 7
Views: 1627

Re: RB800 support for 3G modems

But would 3G cards with onboard SIM connector (Like some Novatel cards have) work on a RB800,
or is there no USB functionality implemented on the miniPCI-e slot?
by hedele
Wed Nov 02, 2011 5:52 pm
Forum: General
Topic: RouterOS v5.8 released
Replies: 182
Views: 86989

Re: RouterOS v5.8 released

Maybe there is also a problem involving 3G Modems in ROS 5.8 - a line of ZTE 3G cards do not work anymore in 5.8 (they used to work in 5.6 and 5.7). So, if you're upgrading 3G-enabled units in the field, be careful - and please post your experiences here. I have already opened a Ticket (201111026600...
by hedele
Wed Nov 02, 2011 10:08 am
Forum: General
Topic: PPPoE Server performance
Replies: 2
Views: 1679

Re: PPPoE Server performance

For best performance, do not send rate limits per-user, as this will create a lot of simple queues on your RB, slowing it down significantly. Instead, create PCQ Queues on your RB matching your services (e.g. Queues for 1024/256 kbit service, another one for 2048/512 kbit service), and have them mat...
by hedele
Thu Oct 13, 2011 9:42 pm
Forum: RouterBOARD hardware
Topic: need a router with highrate cpu and at least one memory slot
Replies: 21
Views: 2080

Re: need a router with highrate cpu and at least one memory

Using /system routerboard settings menu. set the memory clock to 533 MHz, then set the cpu-clock to 1066 MHz. However, you should intensively test your RB 800 for stability after overclocking.
by hedele
Wed Oct 12, 2011 11:03 am
Forum: RouterBOARD hardware
Topic: A big gap from RB433AH to RB800
Replies: 5
Views: 949

Re: A big gap from RB433AH to RB800

How about the RB493G or RB435G? They don't have PPC processor, but at least they have gigabit ports.
Also, they are priced nicely between the 433AH and 800.
by hedele
Tue Oct 11, 2011 11:33 pm
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 80
Views: 24459

Re: Feature Request TR-069 CPE

I think it would be a wonderful addition to Scripting/Dude. Just imagine - shipping a stock RB750 to a customer without opening the box at all. Only note the MAC Address, and create a configuration file, while the RB is shipping. After the customer receives the RB, he can follow the on-box instructi...
by hedele
Tue Oct 11, 2011 11:21 pm
Forum: RouterBOARD hardware
Topic: need a router with highrate cpu and at least one memory slot
Replies: 21
Views: 2080

Re: need a router with highrate cpu and at least one memory

You can use RB800 and overclock it to 1066 MHz. It has a Compact Flash Slot onboard, and has 3 Gigabit interfaces as well as 4 Mini-PCI Slots. This is what we use right now when we need a higher performance Router, as the 1100/AH/x2 are pretty much NEVER EVER in stock, and the RB1200 is pretty unrel...
by hedele
Tue Oct 11, 2011 11:17 pm
Forum: General
Topic: Virtual Ethernet in RB1200
Replies: 1
Views: 448

Re: Virtual Ethernet in RB1200

The CPU in the RB1200 does not support Virtualization - therefore no Metarouter, and no Virtual Ethernet. However, you can probably do what you need with a simple Bridge interface. Create a new bridge, assign a admin-mac-address. Do not put any physical port on the bridge. This makes the bridge inte...
by hedele
Fri Oct 07, 2011 12:13 pm
Forum: Forwarding Protocols
Topic: l2tp-client to Linux openl2tpd based server
Replies: 6
Views: 2162

Re: l2tp-client to Linux openl2tpd based server

@Mikrotik Team - Can you please maybe evaluate using openl2tp server for RouterOS? LAC/LNS function would really be very appreciated.
by hedele
Sun Oct 02, 2011 8:29 am
Forum: General
Topic: Can't initiate 3G ppp session after upgrade to 5.7
Replies: 5
Views: 759

Re: Can't initiate 3G ppp session after upgrade to 5.7

Careful - if you only once get the wrong values for data channel, you will need to unpower and repower the routerboard,
in order to make the 3G Modem work again. That makes for some annoying testing, but it should work out...
However, is you found a new modem which just works, that is fine as well :)
by hedele
Thu Sep 29, 2011 10:55 am
Forum: General
Topic: RouterOS v5.7 released
Replies: 227
Views: 67009

Re: RouterOS v5.7 released

As a workaround, you might also consider using a scheduler to toggle the winbox service every hour or so.
by hedele
Sun Sep 25, 2011 4:18 am
Forum: General
Topic: Can't initiate 3G ppp session after upgrade to 5.7
Replies: 5
Views: 759

Re: Can't initiate 3G ppp session after upgrade to 5.7

Maybe you will have to play around with the data channel number.
For example, I noticed that ZTE 3G Modems used to spawn 3 channels in ROS 4.x (0,1,2),
but in ROS 5.x there are now 4 channels with those modems (0,1,2,3).
by hedele
Thu Sep 22, 2011 11:58 pm
Forum: General
Topic: Windows 2008 connection to MT L2TP or IPSEC
Replies: 1
Views: 834

Re: Windows 2008 connection to MT L2TP or IPSEC

You need ROS 5.7 for this to work, as only ROS 5.7 has the main-l2tp ipsec exchange mode which is needed for this.
Other than this different settin, you can roughly follow the corresponding Wiki article at http://wiki.mikrotik.com/wiki/MikroTik_ ... IPSec/L2TP
by hedele
Mon Sep 19, 2011 11:51 am
Forum: Forwarding Protocols
Topic: IPIP Fragmentation Help!
Replies: 4
Views: 4347

Re: IPIP Fragmentation Help!

You should try to reduce the MTU size in the IPIP Tunnels. MTU 1480 in the IPIP tunnel results in a 1500 Byte IP Packet (because of the duplicate IP Header). This probably works fine with your internet connection. However, if you consider IPSEC ESP Overhead, the resulting IP packet is larger than 15...
by hedele
Mon Sep 12, 2011 3:43 pm
Forum: General
Topic: L2TP and proxy-arp
Replies: 2
Views: 1974

Re: L2TP and proxy-arp

Well... it is a rather dirty fix, but you could add the 198.51.100.253 address to your LNS'es ether1, give your L2TP client a private (192...) address, and then NAT the whole official IP through using two netmap rules in /ip firewall nat I also noticed, that activating proxy-arp while an interface i...
by hedele
Thu Sep 01, 2011 2:51 pm
Forum: General
Topic: Forced routing issue
Replies: 25
Views: 1529

Re: Forced routing issue

Still, a /32 is more specific than e.g. a /29.
So a /32 route with metric 100 will always win against a /29 route with metric 0.
by hedele
Mon Aug 01, 2011 9:12 pm
Forum: General
Topic: Bonding of 2 ADSL lines, performance on http/ftp download
Replies: 15
Views: 9520

Re: Bonding of 2 ADSL lines, performance on http/ftp downloa

a bridge with 5 EoIPs on it will behave the same as a bridge with 5 ethernet links - you will get a loop. alternatively, if you are using STP, only one link will be active. So creating a PPPoE Client on one bridge interface will not help, you will need ML-PPPoE. However, ML-PPPoE can only multiply t...
by hedele
Mon Aug 01, 2011 2:33 pm
Forum: General
Topic: Bonding of 2 ADSL lines, performance on http/ftp download
Replies: 15
Views: 9520

Re: Bonding of 2 ADSL lines, performance on http/ftp downloa

I guess it's probably easier (and cheaper) to house a Cisco 18xx series Router and a Routerboard somewhere (if all lines are the same speed)... and it should only cost a fraction of that. The Routerboard terminates the EoIP necessary, and bridges them to the Cisco. The Cisco 1800 series can work as ...
by hedele
Tue Jul 26, 2011 6:09 pm
Forum: RouterBOARD hardware
Topic: RB1000 as bridge bandwidth manager
Replies: 6
Views: 875

Re: RB1000 as bridge bandwidth manager

I think you could just enable "Use IP Firewall for VLAN" in bridge options, that should work nicely...
by hedele
Fri Jul 22, 2011 12:25 am
Forum: General
Topic: IPSEC performance MD5 vs SHA
Replies: 6
Views: 5071

Re: IPSEC performance MD5 vs SHA

Hi, this is something that has been found several times before. But, as far as i know, nobody ever found a fitting conclusion why this is happening. I have three ideas... 1) mipsbe architecture is very bad at performing the mathematical operations required for sha-1 2) sha-1 hashing algorithm implem...
by hedele
Mon Jul 18, 2011 1:28 pm
Forum: General
Topic: High CPU on RB1100AH
Replies: 10
Views: 3682

Re: High CPU on RB1100AH

Well, only creating a Metarouter (but not running it) already doubles CPU usage for any amount of traffic running through. I suppose, that is because there is an invisible bridge being created, where the physical and virtual ethernet ports are then attached, so there is an additional forwarding deci...
by hedele
Thu Jul 07, 2011 11:43 pm
Forum: General
Topic: Bonding of 2 ADSL lines, performance on http/ftp download
Replies: 15
Views: 9520

Re: Bonding of 2 ADSL lines, performance on http/ftp downloa

Well... that's exactly why I always mentioned cisco router :) and also why there is no ML-PPPoE Server in Mikrotik RouterOS.
I think there is a very rudimentary MLPPP server for BSD based systems, but I am not sure.
by hedele
Wed Jul 06, 2011 4:59 pm
Forum: General
Topic: Bonding of 2 ADSL lines, performance on http/ftp download
Replies: 15
Views: 9520

Re: Bonding of 2 ADSL lines, performance on http/ftp downloa

Yeah give it a try, as ML-PPPoE does segment and packet reordering. It should give the expected results.
by hedele
Wed Jul 06, 2011 4:28 pm
Forum: General
Topic: Bonding of 2 ADSL lines, performance on http/ftp download
Replies: 15
Views: 9520

Re: Bonding of 2 ADSL lines, performance on http/ftp downloa

Hi, No, extra QoS or queue-tree should not be needed. Just do whatever you normally do in terms of QoS. As far as I know, there is only one way of reliably bonding two links together - using ML PPPoE. If your ISP cannot enable ML-PPPoE for your two circuits, you will have to create an EoIP over each...
by hedele
Wed Jul 06, 2011 12:39 pm
Forum: General
Topic: Bonding of 2 ADSL lines, performance on http/ftp download
Replies: 15
Views: 9520

Re: Bonding of 2 ADSL lines, performance on http/ftp downloa

Hi, You will have problems with TCP Downloads, because bonding interfaces with balance-rr mode will make packets arrive out of order. So, if the server sends packets numbered 1,2,3,4 they could arrive in order 1,2,4,3 Therefore, the TCP algorithm will assume that packet 3 is lost, because it receive...
by hedele
Tue Jul 05, 2011 8:33 pm
Forum: General
Topic: vlan + sniffing = problem
Replies: 11
Views: 3701

Re: vlan + sniffing = problem

I have also seen that kind of problem. Built like this on a RB450G 4.5 (yeah, old): Bridge (Ports: ether2 + ether3) No VLAN Interfaces configured, so full VLAN trunk is passing between ether2 and ether3 Torching on the bridge shows no VLAN ID on tagged packets arriving from a Cisco Router on VLAN 20...
by hedele
Thu Jun 30, 2011 1:30 pm
Forum: General
Topic: RB1200 ROS 5.0 - up to 5.5 - randomly reboots (BGPv4 and v6)
Replies: 62
Views: 15103

Re: RB1200 ROS 5.0 - up to 5.5 - randomly reboots (BGPv4 and

NO you cannot!
RB 1200 is not supported by ROS 4.17.
Trying to downgrade will effectively brick the Router, and
you will have to netinstall it again with ROS 5.5

There is a thread somewhere in the General section where someone tried to do that and failed.
by hedele
Thu Jun 09, 2011 1:47 pm
Forum: RouterBOARD hardware
Topic: No Kernell Found, Help installing kernell
Replies: 6
Views: 1052

Re: No Kernell Found, Help installing kernell

write to support@mikrotik.com; they will provide you with another license key - if you state your problem, you should get it without charge.
by hedele
Tue May 17, 2011 11:03 pm
Forum: General
Topic: Also RB600 throughput issues, max 276 mbit/s
Replies: 4
Views: 951

Re: Also RB600 throughput issues, max 276 mbit/s

You should try downgrading to ROS 4.16 or 4.17. I can easily reach 500 Mbit/s using VPLS transport (which is arguably more stressful) between two RB 600s...
by hedele
Tue Mar 22, 2011 8:24 pm
Forum: General
Topic: Make ROS services VRF-aware
Replies: 8
Views: 2369

Re: Make ROS services VRF-aware

and DHCP-server is VRF aware..
Well thanks for pointing that out :)
Are there any plans of bringing VRF awareness at least the other key services like PPP?
by hedele
Tue Mar 22, 2011 12:40 am
Forum: General
Topic: Make ROS services VRF-aware
Replies: 8
Views: 2369

Re: Make ROS services VRF-aware

It does not consume an additional license, and i think virtualization is implemented in x86 using KVM. I never tried it though :)
by hedele
Tue Mar 22, 2011 12:37 am
Forum: Forwarding Protocols
Topic: VLAN + VPLS + MPLS l2mtu 1516 or 1530?
Replies: 5
Views: 2596

Re: VLAN + VPLS + MPLS l2mtu 1516 or 1530?

You don't need to provision them manually. Try using BGP autodiscovery for VPLS (there's a wiki entry for that). It works like a charm. It's a lot less work than fondling around with VPLS tunnels by hand. Also, I wouldn't break too much of a sweat about having to fragment. As RouterOS is using VPLS ...
by hedele
Mon Mar 21, 2011 6:32 pm
Forum: Forwarding Protocols
Topic: VLAN + VPLS + MPLS l2mtu 1516 or 1530?
Replies: 5
Views: 2596

Re: VLAN + VPLS + MPLS l2mtu 1516 or 1530?

If you are using VLAN, VPLS needs to encapsulate the appropriate ethernet header as well.
So in that case, you have an outer ethernet header (for Transport on wire) and an inner ethernet header (where your VLAN is contained).
Therefore, your L2MTU is 1530.
by hedele
Mon Mar 21, 2011 8:43 am
Forum: General
Topic: Make ROS services VRF-aware
Replies: 8
Views: 2369

Make ROS services VRF-aware

Hi all, I recently tried to make ROS work with two VRFs, which by itself worked fine. However, I have a problem with the router accessing services within the VRFs. I have two VRFs, RED and BLUE. Both RED and BLUE are using the 10.0.0.0/24 subnet. RED is on interface ether4, BLUE on interface ether5....
by hedele
Sun Mar 20, 2011 6:48 pm
Forum: RouterBOARD hardware
Topic: CPU Frequences on an 1100AH? ;)
Replies: 4
Views: 863

Re: CPU Frequences on an 1100AH? ;)

You first have to adjust RAM clock speed, in order to be able to set CPU clock to 1500 MHz.
RAM Clock speed adjustment is also done in /system routerboard settings menu.
by hedele
Mon Mar 14, 2011 10:35 am
Forum: RouterBOARD hardware
Topic: RB1100 Fan issue
Replies: 46
Views: 17887

Re: RB1100 Fan issue

Thanks normis - by the way, would you mind telling me if 75°C CPU Temp on a RB 1100AH is normal, problematic or just a wrong display? :)
by hedele
Sat Mar 12, 2011 1:09 pm
Forum: General
Topic: Block access to akamaitechnologies.com ?
Replies: 12
Views: 4242

Re: Block access to akamaitechnologies.com ?

Well if that customer is not educated enough to know that his computer does stuff without him telling it to do so, he should not be using one :) Windows DOES tell the user it has downloaded updates and would like to install them. Also, I think he would be a lot more pissed if his computer would keep...
by hedele
Sat Mar 12, 2011 12:26 am
Forum: RouterBOARD hardware
Topic: RB1100 Fan issue
Replies: 46
Views: 17887

Re: RB1100 Fan issue

The RB1100AH I just got has a CPU temp of about 75°C, while doing absolutely nothing...
Also, the Fan sounds like a turbine :D

Is that normal? I would suppose the CPU Temp should be a lot lower...
The other Temperature measured (Board/Environment) is about 29°C.
by hedele
Fri Mar 11, 2011 8:07 pm
Forum: General
Topic: Block access to akamaitechnologies.com ?
Replies: 12
Views: 4242

Re: Block access to akamaitechnologies.com ?

I don't see how that would be your problem...
by hedele
Thu Mar 10, 2011 7:59 pm
Forum: RouterBOARD hardware
Topic: New Products
Replies: 188
Views: 28541

Re: New Products

Now that was unexpected :) I didn't know that FTTx is common anywhere in the world right now ... Well, now that you put it that way, it of course does make sense... Still, any plans on incorporating SFP into the high-end routerboards? If I might make a wish, please include 2 SFP ports to be able to ...
by hedele
Thu Mar 10, 2011 7:52 pm
Forum: General
Topic: 10 second delay on outbound traffic
Replies: 2
Views: 573

Re: 10 second delay on outbound traffic

Are you maybe using an invalid primary DNS server?
It would be one explanation for why everything takes some time to work (until first dns resolve try fails),
but then spontaneously works (secondary dns resolves normally).
by hedele
Thu Mar 10, 2011 7:32 pm
Forum: RouterBOARD hardware
Topic: New Products
Replies: 188
Views: 28541

Re: New Products

Hi Normis, Is there also going to be a RB1100 AH X2-style Board with SFP onboard sometime soon? To be honest, I actually assumed that these higher class boards would be the first to be outfitted with SFP :) I know of absolutely nobody who would need a low-cost SFP CPE... FTTx is just way too uncommo...
by hedele
Thu Mar 10, 2011 12:03 pm
Forum: General
Topic: MUM in Europe 2011 announced
Replies: 45
Views: 10980

Re: MUM in Europe 2011 announced

Damn, I missed the new product announcements :(
so did I
I didn't but the live-stream wasn't working during that time...
by hedele
Fri Mar 04, 2011 2:22 am
Forum: General
Topic: PPPoE Server CPU Optimizing
Replies: 3
Views: 1106

Re: PPPoE Server CPU Optimizing

Disable conntrack if you don't need it
Rework your queueing system, if you are using it
rework your firewall rules...

... the usual stuff ;)
by hedele
Fri Mar 04, 2011 2:18 am
Forum: RouterBOARD hardware
Topic: RB411U and 3G USB modem
Replies: 5
Views: 1655

Re: RB411U and 3G USB modem

I unfortunately know of these problems... usually a reboot or USB power cycle should fix the problem...
by hedele
Sun Feb 20, 2011 6:35 pm
Forum: General
Topic: rb1100 for isp (topic was locked)
Replies: 6
Views: 827

Re: rb1100 for isp (topic was locked)

I would not risk that if I were you, and would rather try out a RB1100AH when it is shipping...
Even then, you might have to overclock it to 1500 MHz, depending on your Firewall and Queue Setup.
by hedele
Thu Feb 10, 2011 9:43 am
Forum: General
Topic: 5.0rc8 IPv6 packets over IPv4 IPsec tunnel
Replies: 2
Views: 1185

Re: 5.0rc8 IPv6 packets over IPv4 IPsec tunnel

transform ipv6 into ipv4.
Well, of course it does, it essentially sticks an IPv4 Header in front of the IPv6 packet, and off it goes (also over IPSECv4)...
by hedele
Fri Feb 04, 2011 7:49 pm
Forum: General
Topic: Checking of failed link
Replies: 1
Views: 352

Re: Checking of failed link

You could try using a host route (/32) to the host you are pinging to check the availability of ISP 1. No packet filtering or marking is required. so for example: 123.123.123.1/32 gateway1-ip 0.0.0.0/0 gateway1-ip X 0.0.0.0/0 gateway2-ip Then use Tools -> Netwatch to ping the pinghost. use "on down"...
by hedele
Thu Feb 03, 2011 8:07 pm
Forum: RouterBOARD hardware
Topic: RB1100 low bridging/shapping performance
Replies: 57
Views: 10216

Re: RB1100 low bridging/shapping performance

Hi, Simple Queues and L7 inspection slaughter the CPU. Please do not use them, or at least don't use hundreds or thousands of them. No Routerboard will be able to cope with that kind of (useless, because redundant) work. Try to convert your simple queues to a queue tree, or to PCQ simple queues. Dro...
by hedele
Mon Jan 31, 2011 11:29 pm
Forum: RouterBOARD hardware
Topic: RB1100 Does it have battery for clock?
Replies: 14
Views: 4501

Re: RB1100 Does it have battery for clock?

@normis: ever thought about how it would be nice to know when a "unwanted reboot, probably power outage?" happened? ;)
That's what you need a clock battery for...

if I connect to a router which has had several power outages, all of them are shown as 1.1.1970 at 02:00:02 .... very helpful... not.
by hedele
Mon Jan 31, 2011 8:26 pm
Forum: RouterBOARD hardware
Topic: RB1100 - hardware switch, how fast?
Replies: 3
Views: 916

Re: RB1100 - hardware switch, how fast?

Correct, you can use full performance between the 5 servers on the same switchgroup - just remember to configure switching for the interfaces! Out of the box, the Ports work as standard routed interfaces. The other 8 ports can be used individually (keeping in mind that the second switchgroup also sh...
by hedele
Mon Jan 31, 2011 8:07 pm
Forum: RouterBOARD hardware
Topic: RB1100 - Overclocking results
Replies: 32
Views: 11611

Re: RB1100 - Overclocking results

I never said it would be used as a core device... Our core devices push in excess of 10 Gbits, so there is no way in hell any amount of RB 1000s (or any MTik device at all) could cope with that. However, the RB 1100 is "just too slow" to use for a single Gbit Link (be it in the distribution or acces...
by hedele
Sat Jan 29, 2011 11:53 pm
Forum: General
Topic: Unreliable Metarouter Ros 5.0 RC6
Replies: 5
Views: 1395

Re: Unreliable Metarouter Ros 5.0 RC6

Also, Metarouter doubles CPU usage. Well no sh*t, all frames have to be handled by both the physical router, and the Metarouter...
Since it also brings down my RB1000s every few days (completely irrelevant which ROS version I use), I completely stopped using it alltogether...
by hedele
Fri Jan 28, 2011 8:41 pm
Forum: RouterBOARD hardware
Topic: RB1100 - Overclocking results
Replies: 32
Views: 11611

Re: RB1100 - Overclocking results

Thanks for the quick reply, disca. 1066 is still a nice chunk slower than the old RB 1000, but still better than nothing... @MT Staff: Isn't it possible to re-enable 1333 MHz with a RouterBoot Upgrade? We are really dependent on every CPU cycle we can get for pushing traffic through... Right now, if...
by hedele
Fri Jan 28, 2011 8:35 pm
Forum: RouterBOARD hardware
Topic: RB1100 - hardware switch, how fast?
Replies: 3
Views: 916

Re: RB1100 - hardware switch, how fast?

Since you have in essence two 5-port gigabit switches connected together with 1 Gbit, on a RB1100 you can not do that. Switchgroup A <---> Switchgroup B will always only share 1 Gbit. So, All 5 servers together will share only 1 Gbit towards the "front". The five ports within each Switchgroup howeve...
by hedele
Fri Jan 28, 2011 7:29 pm
Forum: RouterBOARD hardware
Topic: RB1100 - Overclocking results
Replies: 32
Views: 11611

Re: RB1100 - Overclocking results

OK, so what is the maximum "non-accidential" Speed a RB800 or RB1100 can be overclocked to? :)
by hedele
Tue Jan 25, 2011 10:12 pm
Forum: RouterBOARD hardware
Topic: RB1100 - Overclocking results
Replies: 32
Views: 11611

Re: RB1100 - Overclocking results

Does anyone know if the stock RAM is capable of running at 533 MHz?
I might consider a RB1100 as suitable replacement for dying RB1000's if I can reliably clock them to 1333/533 MHz... :)
by hedele
Tue Jan 25, 2011 9:57 pm
Forum: General
Topic: MT help us with NV2 for PTMP Please.
Replies: 62
Views: 12581

Re: MT help us with NV2 for PTMP Please.

D'oh, you guys DO know of the existence of Skype and the free calling all around the globe that comes with it? ;)

On a related note - are there any news on this topic?
I would like to try NV2 in PTMP as well, but I am quite reluctant from what I read here :/
by hedele
Tue Jan 04, 2011 12:17 pm
Forum: General
Topic: Switch chip rules and delivering packets to VLAN interfaces
Replies: 5
Views: 5164

Re: Switch chip rules and delivering packets to VLAN interfa

Hi,

I think you need to enable this in your switch rule:
redirect-to-cpu=yes

Otherwise, RouterOS cannot see the Packet and it will not be handled by VLAN interfaces on the RB!
by hedele
Tue Dec 14, 2010 8:43 am
Forum: Forwarding Protocols
Topic: Realworld results with RB1000U - IPSEC
Replies: 6
Views: 904

Re: Realworld results with RB1000U - IPSEC

Biggest gotcha: This board is EOL and EOS since ... about a year? ;)
It will be incredibly hard to find one, if you don't have it in your stockpile already.
by hedele
Fri Dec 03, 2010 10:31 am
Forum: RouterBOARD hardware
Topic: [RB1100] NAT performance
Replies: 5
Views: 1718

Re: [RB1100] NAT performance

It does, but probably not using NAT. I would expect at most a Gigabit total traffic while NATing.
by hedele
Fri Dec 03, 2010 10:00 am
Forum: Forwarding Protocols
Topic: MPLS L2 MTU bigger
Replies: 7
Views: 3469

Re: MPLS L2 MTU bigger

If you use ethernet cards which are built around the same ethernet chips you can find in Routerboards (eg some VIA Gigabit chips),
you can set L2MTU in x86 based Routers! The only trick is to find them :)
by hedele
Fri Dec 03, 2010 9:54 am
Forum: General
Topic: RouterOS border router need more IPv6 support
Replies: 12
Views: 3775

Re: RouterOS border router need more IPv6 support

DHCPv6 client / server [RFC3315] <- Pretty please? :)
We would urgently need this capability to dispatch Mikrotik CPEs for IPv6 enabled customers...
by hedele
Fri Nov 12, 2010 11:59 pm
Forum: RouterBOARD hardware
Topic: 433 NAND
Replies: 2
Views: 820

Re: 433 NAND

Stuff like that happens all the time...
I have already seen RB450 with differing amounts of RAM, RB1000s with 512 NAND instead of 64 MB...

It's like Mikrotik is using whatever is lying around in the shack... :D
by hedele
Thu Oct 28, 2010 1:53 pm
Forum: RouterBOARD hardware
Topic: RB411U + MC8795V and MC8790 SIM PIN Error
Replies: 6
Views: 5593

Re: RB411U + MC8795V and MC8790 SIM PIN Error

Hi, I have similar experiences with many USB modems. While it is possible to enter the PIN code in the ppp-client, most of the time unlocking the SIM does not work. Another problem is that ROS tries to enter PIN every time the ppp-client connects. If the SIM is already unlocked, the Modem returns ER...
by hedele
Fri Oct 01, 2010 9:08 pm
Forum: General
Topic: RB1000 and RouterOS = Pants
Replies: 3
Views: 532

Re: RB1000 and RouterOS = Pants

Some ppl here are quite happy with ROS 3.20 I think - others go for various ROS 4.x Look around a bit in the forums, there are a lot of discussions involving BGP related behaviour. Edit: A rather wonky workaround would be to restart your RB every night at 3 am by the built-in scheduler when nobody n...
by hedele
Fri Oct 01, 2010 8:59 pm
Forum: RouterBOARD hardware
Topic: RB711 OS from 4.11 to 3.30 - lost built-in wireless card?
Replies: 12
Views: 4602

Re: RB711 OS from 4.11 to 3.30 - lost built-in wireless card

roadie you completely confuse the RB crossroads with the rb711!

you need mipsbe packages for the rb711 - and 4.11 or above to make it work right as it is a very new product.
be happy it works at all right now.
by hedele
Tue Sep 28, 2010 8:03 pm
Forum: RouterBOARD hardware
Topic: Performance x86 - Bandwidth Tester.
Replies: 3
Views: 1692

Re: Performance x86 - Bandwidth Tester.

Also - if this is an old P4, you are probably using PCI-based Gigabit cards - and the PCI bus is simply not capable of transporting a very high packet count per second (pci bus latency timers) as it is a shared bus which all devices in the PC have to use in parallel. The PCI bus is also only 133 Meg...
by hedele
Wed Sep 22, 2010 9:23 pm
Forum: Forwarding Protocols
Topic: RB1000 100% CPU at relatively low forwarding load
Replies: 3
Views: 1970

Re: RB1000 100% CPU at relatively low forwarding load

Well the main problem seems to be that the RB1000 is not nearly as powerful as the performance tests make you think... I have about 340 megabits of traffic running to a RB 1000 (IPTV multicast), which results in a constant ~40-45% CPU load (with conntracking). That board does pretty much nothing exc...
by hedele
Mon Sep 20, 2010 3:04 pm
Forum: General
Topic: How to connect my MikroTik device to other MikroTik HotSpot
Replies: 3
Views: 538

Re: How to connect my MikroTik device to other MikroTik HotS

I think he means the second Mikrotik should log itself in at the Hotspot. That will most likely not work - you will probably have to work with firewall rules to except the second Mikrotik from Hotspot authentication. Maybe Walled Garden gives you the possibility to give a source IP, so you can pass ...
by hedele
Fri Sep 10, 2010 8:53 am
Forum: General
Topic: Feature Request: PVST+/MSTP
Replies: 8
Views: 5710

Re: Feature Request: PVST+

Well, actually i dont care at all which one of those techniques is implemented :)
As long as there is any possibility for multiple STP instances on one bridge, I am happy.
by hedele
Fri Sep 10, 2010 12:15 am
Forum: General
Topic: feature request : GRE tunnel
Replies: 56
Views: 27960

Re: feature request : GRE tunnel

Whoopie and it even gives the option of source-ip! :)
Now bless L2TP, PPTP and EoIP with the same source-ip option and there will be a lot of happiness in Mikrotik land :)
by hedele
Fri Sep 10, 2010 12:13 am
Forum: General
Topic: Feature Request: PVST+/MSTP
Replies: 8
Views: 5710

Feature Request: PVST+/MSTP

Hi there :) Are there any plans to include PVST+ (or MSTP) as an option for Bridges? While it is an option to create a separate bridge for each VLAN and enable RSTP, this pretty much sucks when you have to bridge more then a couple of VLANs. Then again... I don't see how a Bridge would know about al...
by hedele
Thu Sep 09, 2010 11:59 pm
Forum: General
Topic: Feature Request: Cisco-style OSPF interface cost calculation
Replies: 6
Views: 1864

Re: Feature Request: Cisco-style OSPF interface cost calcula

While dynamic cost calculation would be very much appreciated, I just have one question :) How often do ethernet interface speeds change in your setups so that you need scripts to dynamically adjust costs? There would have to be something really wrong in your network to have an ethernet port randoml...
by hedele
Thu Sep 09, 2010 11:55 pm
Forum: General
Topic: BUG on RouterOS 4.11
Replies: 1
Views: 1333

Re: BUG on RouterOS 4.11

Well, just deleting the bridge would still have the ethernet ports assigned to a bridge port with "unknown" bridge value.
Delete the bridge ports and assigning the ethernet ports to switch will work again.
by hedele
Wed Sep 08, 2010 11:57 pm
Forum: General
Topic: Set EoIP Tunnel src address?
Replies: 2
Views: 600

Re: Set EoIP Tunnel src address?

Well there is a rather long way...

Create a host route (/32) to the EoIP tunnel destination and set the source ip you want to use as preferred-source in the route parameters.
However, that only works if both EoIP tunnels go to different destination IPs ;)

So please MT: add a source IP option :)
by hedele
Wed Sep 08, 2010 7:37 pm
Forum: RouterBOARD hardware
Topic: RB1100 Hardware Shortage in Australia?
Replies: 11
Views: 1559

Re: RB1100 Hardware Shortage in Australia?

I know that the situation in Europe is about the same - but we still get October shipping date estimations... If you can somehow work with three Gigabit ports, then you might want to try the RB 800, it has the same CPU and throughput capabilities as a RB1100. A RB450G will probably not be powerful e...
by hedele
Mon Sep 06, 2010 11:53 am
Forum: Forwarding Protocols
Topic: Multicast PIM Help
Replies: 3
Views: 1760

Re: Multicast PIM Help

As far as I know, Multicasts do not work over any PPP connection, so using PPPoE to transport Multicasts will not work.
You will probably need an EoIP Tunnel for that.
by hedele
Fri Sep 03, 2010 12:52 pm
Forum: RouterBOARD hardware
Topic: Problem About Routerboard 411u
Replies: 2
Views: 725

Re: Problem About Routerboard 411u

I think it's the old (but still existing) problem of Huawei-based USB 3g Modems only working every second reboot or so. You know, modem works fine when it's plugged in, but after a reboot the USB port created (usb2 or something) remains Invalid. After some more reboots the USB port becomes valid aga...
by hedele
Wed Sep 01, 2010 10:31 am
Forum: Wireless Networking
Topic: max sub count with pppoe
Replies: 14
Views: 2677

Re: max sub count with pppoe

I'm not really an expert regarding wireless networks, but there are some fm transmitters on the same wireless tower as our antennas. could rf interferance from fm transmitters be causing this erratic behavior high powered FM transmitters can really fuck ethernet connections up, big time... even if y...
by hedele
Tue Aug 31, 2010 5:22 pm
Forum: RouterBOARD hardware
Topic: Is anyone using fiber optics on a Routerboard
Replies: 12
Views: 4882

Re: Is anyone using fiber optics on a Routerboard

There is still the remote chance of Mikrotik releasing an updated Routerboard 1000/1100 with one or two SFP slots.
At least there has been a lot of begging in the Forums and MT seemed to consider thinking about building something like that :)
by hedele
Tue Aug 31, 2010 8:51 am
Forum: RouterBOARD hardware
Topic: Is anyone using fiber optics on a Routerboard
Replies: 12
Views: 4882

Re: Is anyone using fiber optics on a Routerboard

I guess the only way to mate Mikrotik and Fibers right now is using x86 equipment and intel network cards with SFP slots on them. There is no such thing as a mini-pci SFP, to be honest the PCI bus would be way too slow for Gigabit Ethernet anyways. Sooo.... just put up with one of those so-called "c...
by hedele
Fri Aug 27, 2010 11:14 pm
Forum: RouterBOARD hardware
Topic: port to port latency Mikrotik routers
Replies: 7
Views: 1585

Re: port to port latency Mikrotik routers

Well, that really depends on the CPU load of the board, the type of board itself, count of firewall rules and queues applied to each packet, and the saturation of the link. There is no way of accurately forecasting how long a packet will take through the routerboard. Also, just switching the packet ...
by hedele
Mon Aug 23, 2010 8:56 am
Forum: General
Topic: wds bridge Beta5 R6
Replies: 3
Views: 1165

Re: wds bridge Beta5 R6

Its not a bug, but a known issue
Some features are not ready yet for Nv2: no support WDS,Security,Virtual AP,some details in the registration table and status
Sometimes it really does help to read the release notes ;)
by hedele
Mon Aug 23, 2010 8:54 am
Forum: General
Topic: NAT64 and DNS64
Replies: 77
Views: 25291

Re: NAT64 and DNS64

Well, since I do think that eventually we will completely run out of IPv4 Resources and will have to go IPv6 only,
any means to let IPv6-only users access the rest of the internet would be very much appreciated :)

so yes, please implement NAT64 and DNS64 :)
by hedele
Thu Aug 05, 2010 10:56 pm
Forum: General
Topic: Bonding ADSL for file transfer from branch office ?
Replies: 9
Views: 2539

Re: Bonding ADSL for file transfer from branch office ?

Well i think by default the bandwidth test is using UDP, but you can make it use TCP as well. You will see rather bad results using TCP bandwidth test :) MLPPP does have mechanisms to reorder packets, so by using multilink PPPoE across the two EoIP interfaces, you actually can get almost double the ...
by hedele
Thu Aug 05, 2010 9:00 pm
Forum: General
Topic: Bonding ADSL for file transfer from branch office ?
Replies: 9
Views: 2539

Re: Bonding ADSL for file transfer from branch office ?

I tried a setup like this many times :) It just didn't work correctly over ADSL lines during my tests and also showed rather erratic behaviour. I figured that this problem results from slightly deviating round-trip latency times through the two ADSL lines, which makes packets arrive out of order. Un...
by hedele
Mon Aug 02, 2010 8:58 am
Forum: RouterBOARD hardware
Topic: RouterOS on Dlink hardware
Replies: 9
Views: 5244

Re: RouterOS on Dlink hardware

That's like asking "hey why can't windows 7 run on my mobile phone?"

D-link is crap, live with it :)
by hedele
Wed Jul 21, 2010 11:23 am
Forum: General
Topic: Feature Request: IPv6 Hotspot support
Replies: 95
Views: 21603

Re: Feature Request: IPv6 Hotspot support (with bounty)

You may want to add at least two zeroes at the end of that figure, else I suppose nobody at mikrotik will be interested.
by hedele
Sat Jul 10, 2010 7:35 pm
Forum: Forwarding Protocols
Topic: BGP prefix disappearing without reason version 3
Replies: 5
Views: 1705

Re: BGP prefix disappearing without reason version 3

I would rebuild that a little bit. create a loopback bridge on each router with a loopback address, and announce the loopback addresses via OSPF. then set up the BGP peers using the loopback addresses. Should a link fail, OSPF will converge and route packets the other way, keeping the BGP session al...
by hedele
Wed Jul 07, 2010 7:48 pm
Forum: General
Topic: PPTP VPN connection to StrongVPN slow and inconsistent
Replies: 7
Views: 5850

Re: PPTP VPN connection to StrongVPN slow and inconsistent

I think you should further reduce MTU to 1440 on the PPTP interface, just to be sure (I always use MTU size of host interface - 40 bytes). Also, instead of playing around with routing marks try to only set a host route on the PPPoE interface towards the strongvpn IP, and then let the PPTP client cre...
by hedele
Thu Jun 17, 2010 10:42 am
Forum: General
Topic: ADSL2+ RFC1483 Zyxel 660h-T1 v2 Bridge Mode How To? RB1100
Replies: 11
Views: 4042

Re: ADSL2+ RFC1483 Zyxel 660h-T1 v2 Bridge Mode How To? RB11

Also, after configuring your Zyxel modem to Bridge, you will have to enable PPPoE Passthrough on the Zyxel if your ISP requires PPPoE - otherwise you will not be able to connect with the RB1100. This option can be found in both the webinterface and the telnet interface.
by hedele
Wed Jun 09, 2010 6:19 pm
Forum: RouterBOARD hardware
Topic: Usb port invalid
Replies: 45
Views: 22100

Re: Usb port invalid

I had strange issues with 5.0 beta 2 on a RB433UAH - namely that connecting the ppp-client worked only once, after that the modem would no longer respond - ROS would send ATH, +++, ATH, +++, ATH, +++ ... and so on (Huawei E122) With RouterOS 4.10 the usb port is invalid about every second reboot :) ...
by hedele
Wed Jun 09, 2010 9:06 am
Forum: RouterBOARD hardware
Topic: RB750G LAN SHOWING 10MBPS URGENT HELP
Replies: 18
Views: 4696

Re: RB750G LAN SHOWING 10MBPS URGENT HELP

Ouch. Trying to use a tower with existing FM radio equipment is a recipe for trouble... FM interference will reliably kill your Ethernet transmissions again and again. You can try using highest-quality Ethernet Cables and proper grounding/shielding, but it will probably be useless anyways. Another p...
by hedele
Tue Jun 08, 2010 8:01 am
Forum: General
Topic: How many entries in FW can RB450G handle?
Replies: 2
Views: 486

Re: How many entries in FW can RB450G handle?

Sure everything is possible, but don't expect your routerboard to route stuff faster than ISDN speeds with 1 billion rules :)
Assuming all that stuff fits in flash and ram ...
by hedele
Tue Jun 08, 2010 7:58 am
Forum: RouterBOARD hardware
Topic: RB750G LAN SHOWING 10MBPS URGENT HELP
Replies: 18
Views: 4696

Re: RB750G LAN SHOWING 10MBPS URGENT HELP

Do you maybe have a lot of interference on the tower?
That may cause Ethernet to switch down to 10 Megabits.
by hedele
Mon Jun 07, 2010 7:03 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 89327

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Isn't SSTP also TCP-based and suffers from the TCP-meltdown problem?
by hedele
Sat Jun 05, 2010 9:51 am
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 89327

Re: Feature Request: OpenVPN [ovpn] udp tunnels

I think the official opinion on this is "Why do you need that, if you want UDP based tunneling use L2TP"

To be honest, L2TP does work rather nicely :)
by hedele
Thu Jun 03, 2010 11:35 am
Forum: General
Topic: Ros V5 beta new intel drivers
Replies: 109
Views: 36355

Re: Ros V5 beta new intel drivers

Hey at least there is no soap down here! :lol:
On the downside, there's also no better intel drivers there :(
by hedele
Fri May 28, 2010 11:28 am
Forum: General
Topic: MAC Winbox No Longer Works on New Laptops (Toshiba + Vista)
Replies: 29
Views: 11375

Re: MAC Winbox No Longer Works on New Laptops (Toshiba + Vis

While ranting sure is an option - Maybe you could try to reproduce my findings :)
by hedele
Thu May 27, 2010 9:35 pm
Forum: General
Topic: MAC Winbox No Longer Works on New Laptops (Toshiba + Vista)
Replies: 29
Views: 11375

Re: MAC Winbox No Longer Works on New Laptops (Toshiba + Vis

What I know definitely, is that winbox device discovery fails if you are currently using a PPPoE connection or any other kind of PPP connection (like 3G/UMTS). Also, connecting using a known MAC address is not possible unless i terminate any PPP(oE) connections previously. That's on Windows 7 and Vi...
by hedele
Thu May 27, 2010 11:31 am
Forum: RouterBOARD hardware
Topic: RB1100
Replies: 185
Views: 64193

Re: RB1100

maxrate, great that you received new RouterBOARDs. SFP port would not allow the price, RB1100 has sold currently.
Maybe GBIC would be cheaper? :D
by hedele
Thu May 27, 2010 9:13 am
Forum: Forwarding Protocols
Topic: MLPPP server suggestion
Replies: 6
Views: 2473

Re: MLPPP server suggestion

I suppose 2811 or upwards. Cisco recommends a Cisco 2821 for LNS duties up to 40 Mbps. I am not an expert on cisco hardware capabilities though - maybe you can get a used cisco 3700 series router for a reasonable price. What kind of performance you can expect from 3700 series routers, I don't know :...
by hedele
Wed May 26, 2010 8:40 pm
Forum: General
Topic: Many VLANs bug
Replies: 8
Views: 1814

Re: Many VLANs bug

Terminating wholesale L2 DSL services... That sounds like an interesting to handle wholesale DSL... The way I know from our home market is L2TP for run-off-the-mill DSL services or getting VLANs based on regions/cities, rather than per-customer. However I do know that eg. in the czech republic symm...
  • 1
  • 2