Community discussions

Search found 718 matches

by rmichael
Tue Apr 01, 2014 5:14 pm
Forum: Wireless Networking
Topic: Sometimes high latency in wireless network
Replies: 13
Views: 3544

Re: Sometimes high latency in wireless network

Change disconnect-timeout to 1s, hardware retries to 2 and watch for stations that disconnect - those are the ones causing latency (by making AP retransmit for a long time). It could also be ROS bug - which version are you running? I check bitrates and change disconnect-timeout and hwretries - it's...
by rmichael
Mon Mar 31, 2014 7:08 pm
Forum: Wireless Networking
Topic: I have a kind of stupid antenna question.
Replies: 6
Views: 2298

Re: I have a kind of stupid antenna question.

You are going to loose sensitivity and 3dBi of gain when using only one antenna on a MIMO radio. To change it to single antenna you'll need to disable chain that is not connected to the antenna. That said, if you're deploying in a city than you really want MIMO as multipath interference will either ...
by rmichael
Thu Mar 27, 2014 11:11 pm
Forum: Wireless Networking
Topic: For Wireless Experts
Replies: 13
Views: 2566

Re: For Wireless Experts

Consider SXT HG (can provide power PoE for OM2P-HS) for back-haul together with OM2P-HS (open-mesh) unit. Use additional OM2P-HS units as wireless up-links.
by rmichael
Wed Mar 26, 2014 8:06 pm
Forum: Wireless Networking
Topic: I have a kind of stupid antenna question.
Replies: 6
Views: 2298

Re: I have a kind of stupid antenna question.

Keep in mind that antenna coverage must overlap for MIMO to work so sector antennas may not be what you need.
by rmichael
Wed Mar 26, 2014 7:52 pm
Forum: Wireless Networking
Topic: For Wireless Experts
Replies: 13
Views: 2566

Re: For Wireless Experts

Hello Guys, I have been doing lots of research about antennas and radios. I am a MT guy and want to stick with MT but I have found some other equipment that have some claims that makes me wonder. What I am building is a City Wide Hotspot. There will be no CPE involved but the smartphones and laptop...
by rmichael
Wed Mar 26, 2014 3:28 pm
Forum: Wireless Networking
Topic: Custom Layer 2 Protocol for 2000+km range
Replies: 3
Views: 1101

Re: Custom Layer 2 Protocol for 2000+km range

Sounds like a job for nstreme. Use dual radio one for transmit and second for receive.
by rmichael
Wed Mar 26, 2014 3:21 pm
Forum: Wireless Networking
Topic: Sometimes high latency in wireless network
Replies: 13
Views: 3544

Re: Sometimes high latency in wireless network

Change disconnect-timeout to 1s, hardware retries to 2 and watch for stations that disconnect - those are the ones causing latency (by making AP retransmit for a long time). It could also be ROS bug - which version are you running?
by rmichael
Tue Mar 25, 2014 4:20 pm
Forum: General
Topic: attack
Replies: 7
Views: 1320

Re: attack

You can setup port knock routine which would open ssh port only if port knock is correct.

http://wiki.mikrotik.com/wiki/Port_Knocking
by rmichael
Mon Mar 24, 2014 3:21 pm
Forum: Wireless Networking
Topic: Which ROS version would you recommend for WDS over nv2?
Replies: 4
Views: 1138

Re: Which ROS version would you recommend for WDS over nv2?

So I switched to station-bridge and I did notice longer uptime for wireless connections and quicker reconnect (I did not test performance however). I use 2.39 firmware with 5.9 ROS for stations and 5.14 for AP btw.
by rmichael
Fri Mar 21, 2014 12:32 am
Forum: RouterBOARD hardware
Topic: 450G vs 2011UiAS-IN/RM
Replies: 12
Views: 5704

Re: 450G vs 2011UiAS-IN/RM

@NathanA
Which ROS version are you using with MetaRouter?
by rmichael
Thu Mar 20, 2014 10:03 pm
Forum: RouterBOARD hardware
Topic: Low-cost RB1100AHx2-LM version with 512MB RAM, only $339!
Replies: 1
Views: 2013

Re: Low-cost RB1100AHx2-LM version with 512MB RAM, only $339

What the hell is this? RB1100AHx2 is $349 but have 2 GB RAM. Does 1.5 GB RAM worth difference of only $10 ? Is that fault or fail? +1 In addition it has P202ASSE2KFB CPU, for which I cannot find spec sheet for, and is 66Mhz slower than RB1100AHx2 EDIT: from what gather original RB1100AHx2 will be d...
by rmichael
Tue Mar 18, 2014 6:30 pm
Forum: Wireless Networking
Topic: Which ROS version would you recommend for WDS over nv2?
Replies: 4
Views: 1138

Re: Which ROS version would you recommend for WDS over nv2?

you can use station-bridge instead of station-wds. I would recommend to use RouterOS v6.10. Could you explain why station-bridge? From manual, describing station-bridge: This mode is safe to use for L2 bridging and should be used whenever there are sufficient reasons to not use station-wds mode.
by rmichael
Tue Mar 18, 2014 5:53 pm
Forum: Wireless Networking
Topic: Which ROS version would you recommend for WDS over nv2?
Replies: 4
Views: 1138

Which ROS version would you recommend for WDS over nv2?

I'm interested what ROS versions are being considered stable for WDS and nv2. Please post your experience.
by rmichael
Wed Jan 23, 2013 3:31 am
Forum: General
Topic: Winbox for android, when?
Replies: 52
Views: 50340

Re: Winbox for android, when?

Sorry but it is still not clear how Webfig is different from Winbox, if we are talking about Android. The only real difference is MAC connecivity, and that doesn't apply to phones anyway. So you already have Winbox for Android Real differences: MAC Telnet Save passwords and IPs... Access port is no...
by rmichael
Wed Jan 23, 2013 3:30 am
Forum: General
Topic: PCI-DSS/Security Risk Assessment/Gap Analysis
Replies: 4
Views: 1920

Re: PCI-DSS/Security Risk Assessment/Gap Analysis

To answer your question, elevation of privileges, although nice, is not a PCI requirement so I think your QSA is smoking something :). Using Radius for AAA should be sufficient. Myself I don't use mikotik in such environment due to number of things: - Unstable ROS versions. PCI compliancy requires t...
by rmichael
Fri Jan 11, 2013 11:12 pm
Forum: General
Topic: MikroTik why not turn to new Cisco/Juniper?
Replies: 33
Views: 10089

Re: MikroTik why not turn to new Cisco/Juniper?

when you have restricted environment and that is working for you - it is fine, when you grow out of it you have a problem. Either you have to upgrade using technology from your current provider or you have to go to new equipment provider. As far as RouterOS goes - you can get basic device that has ...
by rmichael
Fri Jan 11, 2013 2:43 am
Forum: General
Topic: MikroTik why not turn to new Cisco/Juniper?
Replies: 33
Views: 10089

Re: MikroTik why not turn to new Cisco/Juniper?

If you have a product but no customers, then you will fail, whereas Mikrotik seems to have customers who want way more than company can offer. You might get a better understanding of their approach after watching the interview with Arnis Riekstins. It is an "I do it my way" approach and it's been s...
by rmichael
Thu Jan 10, 2013 7:27 pm
Forum: RouterBOARD hardware
Topic: 2011UAS-2HnD-IN USB Port for APC UPS Monitoring...
Replies: 12
Views: 5422

Re: 2011UAS-2HnD-IN USB Port for APC UPS Monitoring...

@rmichael Above is an opinion/speculation and not an official MT position. My name is not market red. Under my name you will see the status called "member" and not "MikroTik support" Under this is you will see non MikroTik logo. For sure it is speculation, what else should it be, perhaps they will ...
by rmichael
Thu Jan 10, 2013 6:26 pm
Forum: RouterBOARD hardware
Topic: 2011UAS-2HnD-IN USB Port for APC UPS Monitoring...
Replies: 12
Views: 5422

Re: 2011UAS-2HnD-IN USB Port for APC UPS Monitoring...

So ask your self what you want to do if this is your company? Perhaps I am false with this, but I prefer to be realistic. Above is an opinion/speculation and not an official MT position. To the OP - thanks for posting and making us aware of the issue. It would also be helpful to know exact APC mode...
by rmichael
Tue Jan 08, 2013 5:53 pm
Forum: General
Topic: RB2011 Routing speed
Replies: 13
Views: 6330

Re: RB2011 Routing speed

no one gives an opionion?

A switch chip at 100mb of 5 ports, whouls do 5x100 FD of switched traffic, or not?
Yes, minus 25% ethernet MAC overhead.
by rmichael
Mon Jan 07, 2013 7:59 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015661

Re: CLOUD CORE ROUTER

I am about to order one but I had question about port/cpu. The router I am contemplating replacing currently only has ports in use. Wan/Lan, the lan port terminates 20 or so vlans in the building (router on a stick type config) with 1 vlan going to ospf distribution routers for other buildings. Fro...
by rmichael
Mon Jan 07, 2013 5:07 am
Forum: General
Topic: Mikrotik propitiatory solution for FTTx
Replies: 11
Views: 5435

Re: Mikrotik propitiatory solution for FTTx

Your cost calculations do not include any solution for encryption for your endpoints.
by rmichael
Mon Jan 07, 2013 3:44 am
Forum: General
Topic: MikroTik why not turn to new Cisco/Juniper?
Replies: 33
Views: 10089

Re: MikroTik why not turn to new Cisco/Juniper?

The truth is that MT is to cheap. They need to charge more for the software (plus certain features should be additional charge) to fund better development and testing. If they don't do it now - they never will as their market share will only be shrinking.
by rmichael
Mon Jan 07, 2013 3:31 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015661

Re: CLOUD CORE ROUTER

I am about to order one but I had question about port/cpu. The router I am contemplating replacing currently only has ports in use. Wan/Lan, the lan port terminates 20 or so vlans in the building (router on a stick type config) with 1 vlan going to ospf distribution routers for other buildings. Fro...
by rmichael
Sat Jan 05, 2013 2:17 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015661

Re: CLOUD CORE ROUTER

We currently run an x86 based RouterOS systems for our core routers. They were all custom built systems, and we are looking to upgrade for various reasons. We want to make sure that whatever we install are at least as powerful. Currently the systems are Intel Core 2 Duo E8400 based, with 2GB of ram...
by rmichael
Fri Jan 04, 2013 8:26 pm
Forum: General
Topic: v6 rc6 released
Replies: 215
Views: 62330

Re: v6 rc6 released

I'm sorry about that, we have specifically indicated that this must be clarified, but we can't control it 100%. It doesn't bother me so much anymore. I have the device up and running. Maybe you need to clarify to the distributors in future and mark the boxes so there is no way for the distributors ...
by rmichael
Fri Jan 04, 2013 7:14 am
Forum: General
Topic: v6 rc6 released
Replies: 215
Views: 62330

Re: v6 rc6 released

For my way of thinking/approach this CCR "pre-production" is just ideal - you can get only one piece for the lab, just to start experimenting, working with support to get all the necessary stuff working, understanding how much performance you will get and where to put this device when availability ...
by rmichael
Thu Jan 03, 2013 9:20 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015661

Re: CLOUD CORE ROUTER

Been playing with my CCR today, and hit a snag..... Why on earth do we only have a Max MTU of 6130? I run my core at 9000 generally, so the idea of using these in the core one day is completely kiboshed. Earlier Routerboards have had MTU of 9000+ for some time, why the change of heart.... Secondly,...
by rmichael
Fri Dec 14, 2012 2:15 am
Forum: RouterBOARD hardware
Topic: Cloud Core Router pps limit on each port?
Replies: 4
Views: 2292

Re: Cloud Core Router pps limit on each port?

I think it's a valid question, no matter what cumulative maximum pps is: Is CCR able to handle maximum possible frame rate (1 488 095*2) on a 1Gb interface? EDIT: And the answer appears to be Yes...for a router with firewall with 25 rules: http://forum.mikrotik.com/viewtopic.php?f=0&t=67195&p=346775...
by rmichael
Fri Nov 30, 2012 5:25 am
Forum: General
Topic: Logging firewall changes
Replies: 3
Views: 741

Re: Logging firewall changes

Better logging would be a big plus, for PCI compliancy and security in general.
by rmichael
Fri Nov 30, 2012 5:22 am
Forum: Wireless Networking
Topic: Wall Jack APs
Replies: 18
Views: 3543

Re: Wall Jack APs

you don't need a ZD for basic functionality with the wall plates. A ZD only makes your life easier, but that's OT in this post. If you don't use ZD than you loose your claim for Ruckus to be "easy to manage" and "robust". Frankly I don't know of anyone who is using Ruckus w/o ZD for installs with m...
by rmichael
Fri Nov 30, 2012 5:04 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015661

Re: CLOUD CORE ROUTER

@hozmax How many peoples you know at this time (today) who is owning a router from the ccr series? And know tell me who is able to compare this machines for you with an exactly clone of your pc based router? The i7 6core (HT with 12)max CPU load 42%. Simple Queues 1200, L7, 350Mbit / s, this will t...
by rmichael
Thu Nov 29, 2012 11:11 pm
Forum: Wireless Networking
Topic: Wall Jack APs
Replies: 18
Views: 3543

Re: Wall Jack APs

I vote for Ruckus units. Mikrotik's lack of antenna diversity, auto channel coordination and auto tx power adjustments, combined with a lack of centralised control (dude is a monitor, and full of bugs), make MT a very bad choice when you need to manage hundreds of APs. Stick them in a wall plate an...
by rmichael
Thu Nov 29, 2012 10:11 pm
Forum: Wireless Networking
Topic: Wall Jack APs
Replies: 18
Views: 3543

Re: Wall Jack APs

Agreed! And what wireless issues have you been having with Mikrotik? If you know how to configure them properly, they are some of the most reliable access points you can buy. Of course! I must of assumed the 2,000+ Mikrotik radio's we've installed, combined with our complete lack of knowledge of Mi...
by rmichael
Thu Nov 15, 2012 5:34 pm
Forum: General
Topic: Double QoS for v6 is possible
Replies: 71
Views: 45923

Re: Double QoS for v6 is possible

What's the reason for having SQ and QTree on INPUT? DDoS? VPN Tunnel shaping?

Also, what does it mean that PCQ is NAT aware? Is it so the pre src-NAT IP is used as source IP to classify a stream?
by rmichael
Wed Nov 14, 2012 5:24 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015661

Re: CLOUD CORE ROUTER

How come 16 core CCR can do up to 1.5mpps and 32 core up to 8mpps?

Also, if CCRs can do 24mpps or 17.8mpps why don't you quote up to 32Gbps or 24Gbps throughput respectively? Is there a limitation that does not allow each port transmit at 2Gbps?
by rmichael
Mon Oct 29, 2012 3:41 am
Forum: General
Topic: v6 RC2 released
Replies: 98
Views: 30442

Re: v6 RC2 released

NV2 P2MP finally does not disconnect. I thought that it never will. It took two years of release discourage many people forever Have you tested latency on your links. In my tests new versions of NV2 traded disconnects for extremely high latencies and lower bandwidth. I much prefer 1 sec disconnects...
by rmichael
Sat Oct 27, 2012 4:07 pm
Forum: General
Topic: equations that describe packets - A Bandwidth Breakthrough
Replies: 2
Views: 1641

Re: equations that describe packets - A Bandwidth Breakthrou

links from the comments from the original site: http://www.mit.edu/~medard/papers2011/Modeling%20Network%20Coded%20TCP.pdf http://arxiv.org/pdf/1203.2841.pdf http://dandelion-patch.mit.edu/people/medard/papers2011/Network%20CodingMeets%20TCP-%20Theory%20and%20Implementation.pdf Finally this method ...
by rmichael
Fri Oct 26, 2012 2:45 pm
Forum: Wireless Networking
Topic: Which Wireless to choose
Replies: 4
Views: 1299

Re: Which Wireless to choose

you can go with either of them, nstreme and nv2 is going to be faster than vanilla 802.11, and if you are using only RouterOS wifi clients, that is good option to choose.

the fastest of all three would be NV2 in normal conditions.
What are normal conditions?
by rmichael
Fri Oct 26, 2012 2:28 pm
Forum: General
Topic: v6 RC2 released
Replies: 98
Views: 30442

Re: v6 RC2 released

NV2 P2MP finally does not disconnect. I thought that it never will. It took two years of release discourage many people forever Have you tested latency on your links. In my tests new versions of NV2 traded disconnects for extremely high latencies and lower bandwidth. I much prefer 1 sec disconnects...
by rmichael
Thu Oct 25, 2012 7:41 pm
Forum: Wireless Networking
Topic: 300 vehicles in one place
Replies: 5
Views: 1308

Re: 300 vehicles in one place

There are other vendors than Mikrotik that are more suitable for your scenario.
by rmichael
Wed Oct 24, 2012 4:10 pm
Forum: General
Topic: what happens when PCQ is assigned to interface?
Replies: 0
Views: 415

what happens when PCQ is assigned to interface?

I tried this test: rate-limit=1M pcq-src-address-mask=16 (for clients on class C subnet) My expectation was that traffic on that interface should be limited to 1M (since all clients are on the same subnet) but it was not limited at all. It appears that some PCQ features don't work when assigned to i...
by rmichael
Wed Oct 24, 2012 4:01 pm
Forum: General
Topic: Ros 5.21 problem...
Replies: 10
Views: 2107

Re: Ros 5.21 problem...

The only beta I've used was 6.0rc1 and it was working without problems, it is official stable 5.21 that introduced problems. And Yes :) i've got some kind of test zone routerboards, these are connected to my place :) so i've upgraded two routerboard out of few hundreds. And some time ago I realised...
by rmichael
Wed Oct 24, 2012 3:35 am
Forum: General
Topic: frame-priority in NV2
Replies: 0
Views: 516

frame-priority in NV2

According to the manual (http://wiki.mikrotik.com/wiki/Manual:Nv2#Nv2-qos.3Dframe-priority) higher priority packets are dequeued first. PC1 - CPE ....<NV2>.... AP-PC2 PC3 / \ PC4 I'm marking packets <230 bytes priority 0 and remaining packets, that are >231 bytes, priority 0. (I also tried to revers...
by rmichael
Tue Oct 23, 2012 8:31 pm
Forum: General
Topic: Recommended hardware
Replies: 2
Views: 599

Re: Recommended hardware

Just curious what MikroTik product would be a good fit for what we are doing?? It would be one that is running version of ROS w/o the bug...Sound like your setup is triggering a bug so either update to the latest version or, if you're using the latest version, send a message with supout.rif to supp...
by rmichael
Mon Oct 22, 2012 7:09 pm
Forum: RouterBOARD hardware
Topic: strange problem with RB433
Replies: 4
Views: 1108

Re: strange problem with RB433

If it happened after the upgrade, why don't you try to downgrade and see if it helps? Some on this board report problems with traffic stopping so maybe what you're experiencing is due to v5.21...
by rmichael
Sun Oct 21, 2012 11:00 pm
Forum: RouterBOARD hardware
Topic: can RB1100AHx2 support 500 clients?
Replies: 6
Views: 2792

Re: can RB1100AHx2 support 500 clients?

I have one location with 17Mbps internet link, PCC, QoS, netflow (no NAT, L7 or SMTP) and RB1100AH peaks at about 35%. I don't think it would handle 4x more traffic.
by rmichael
Sun Oct 21, 2012 7:02 pm
Forum: General
Topic: Broken SFQ
Replies: 9
Views: 1545

Re: Broken SFQ

Why would you put these types of packets into a 128 packet sized queue that gives only sfq-allot bytes of transmission on each RR cycle? Have you tough of some actually useful benefit of this? I'm reshuffling packets, not transmitting them yet. As I understand it, NV2 and nstreme decide how many pa...
by rmichael
Sat Oct 20, 2012 3:09 pm
Forum: General
Topic: Ros 5.21 problem...
Replies: 10
Views: 2107

Re: Ros 5.21 problem...

1/These reouterboards are in "production" so i won't be back to 5.21 till You solve problem. So i can't send You supout :( 2/And i REALLY need to know how to get rid of 100% cpu usage, now? Im using pppoe. Stations are connected in station-wds mode. I was pinging simultanously few of them and gap i...
by rmichael
Sat Oct 20, 2012 2:26 am
Forum: Beginner Basics
Topic: 5.21 Comments
Replies: 10
Views: 2430

Re: 5.21 Comments

I continue getting 20% more bandwidth when AP is v5.17 and CPE are V5.21 vs V5.21 on both (similar to v5.20)
by rmichael
Sat Oct 20, 2012 1:58 am
Forum: General
Topic: 5.21 released
Replies: 78
Views: 19024

Re: 5.21 released

Hi,

Do I need to uprgrade CPE as well as AP to increase nv2 stability ?

Best Regards
Yes

EDIT: "increase nv2 stability" comes with increased latencies and packet loss, just wanted to clarify that...
by rmichael
Wed Oct 17, 2012 6:57 pm
Forum: General
Topic: 5.21 released
Replies: 78
Views: 19024

Re: 5.21 released

Results for NV2 on the CPE side are not very encouraging (v5.20 AP): [...] EDIT: btw, 5.9 with 3.41 firmware (from 5.21), had low CCQ as well, once "upgraded" to fw 3.38 CCQ improved. your example proofs nothing. Low, or high, CCQ is also depending on traffic and wireless link conditions. I have li...
by rmichael
Wed Oct 17, 2012 4:17 am
Forum: RouterBOARD hardware
Topic: RB44Ge
Replies: 9
Views: 4321

Re: RB44Ge

Windows 2012 supports teaming natively, no custom drivers needed.
by rmichael
Tue Oct 16, 2012 11:15 pm
Forum: Beginner Basics
Topic: 5.21 Comments
Replies: 10
Views: 2430

Re: 5.21 Comments

Please connect with serial cable and check output. RouterBOOT booter 2.41 RouterBoard 493AH CPU frequency: 680 MHz Memory size: 128 MB Press any key within 2 seconds to enter setup.. loading kernel from nand... OK setting up elf image... OK jumping to kernel code execve: No such file or directory K...
by rmichael
Tue Oct 16, 2012 4:25 pm
Forum: Beginner Basics
Topic: 5.21 Comments
Replies: 10
Views: 2430

Re: 5.21 Comments

5.21 upgrade bricked two RB493AH. Never had it happen before and I've been upgrading/downgrading a lot since I'm using NV2...(only other incident was with 5.20 upgrade that froze up RB1100 but reboot fixed that one) Can you please give more details on how you upgraded, and what happened? Did you ch...
by rmichael
Tue Oct 16, 2012 4:09 pm
Forum: Beginner Basics
Topic: 5.21 Comments
Replies: 10
Views: 2430

Re: 5.21 Comments

5.21 upgrade bricked two RB493AH. Never had it happen before and I've been upgrading/downgrading a lot since I'm using NV2...(only other incident was with 5.20 upgrade that froze up RB1100 but reboot fixed that one)
by rmichael
Mon Oct 15, 2012 8:04 pm
Forum: Wireless Networking
Topic: 5.21 improved nv2 stability
Replies: 3
Views: 2285

Re: 5.21 improved nv2 stability

That was my experience: CCQ become good only after upgrading both, CPE and AP.

I notice that with 5.21 release TDMA offset values are much tighter and do not fluctuate as much as before.

Btw, v5.20 and v5.21 releases have a habit of not rebooting after firmware upgrade (RB433AH).
by rmichael
Sun Oct 14, 2012 5:41 am
Forum: General
Topic: 5.21 released
Replies: 78
Views: 19024

Re: 5.21 released

Results for NV2 on the CPE side are not very encouraging (v5.20 AP): Version 5.21: (82/20 value is CCQ) v5.21.JPG Version 5.9: v5.9.JPG EDIT: 5.9 with 3.41 firmware (from 5.21), had low CCQ as well, once "upgraded" to fw 3.38 CCQ improved. EDIT2: keeping old firmware (3.38) I upgraded AP and CPE to ...
by rmichael
Sat Oct 13, 2012 2:30 am
Forum: RouterBOARD hardware
Topic: RouterBOARD testing procedures
Replies: 33
Views: 27172

Re: RouterBOARD testing procedures

If your router is acting purely as a router and nothing else.
Would Equal Cost Multipath still work with fastpath? If so I could use it to distribute traffic to multiple firewall/mangle boxes for higher throughput.
by rmichael
Sat Oct 13, 2012 2:09 am
Forum: RouterBOARD hardware
Topic: RouterBOARD testing procedures
Replies: 33
Views: 27172

Re: RouterBOARD testing procedures

Good article. And its really good to see fast path :) +1. I couldn't agree more. Very nice normis. Great article, I agree. Thank you for the clear explanation on how to replicate your results. Traffic generator seems like another ROS tool that puts Mikrotik above the rest. ...I just don't see the p...
by rmichael
Fri Oct 12, 2012 9:27 pm
Forum: General
Topic: Broken SFQ
Replies: 9
Views: 1545

Re: Broken SFQ

AFAIK for SFQ 'allot' >= 'interface MTU', but this is not mentioned in Wiki.
Try to Google about this.

HTH,
That's too bad...I could use SFQ with smaller allot values for queues that handle small packets like VoIP, DNS, most ack, etc.
by rmichael
Fri Oct 12, 2012 7:34 pm
Forum: General
Topic: Question about global in queue tree V6.x
Replies: 41
Views: 34273

Re: Question about global in queue tree V6.x

It works when you need to limit individual users's bandwidth and at the same time control his/her flows like VoIP, www and p2p. What is there to prove? If that's what you're after, it works. You're mentioning per-user prioritization, which is not possible on mikrotik. It's possible as long each use...
by rmichael
Fri Oct 12, 2012 6:10 pm
Forum: General
Topic: Question about global in queue tree V6.x
Replies: 41
Views: 34273

Re: Question about global in queue tree V6.x

Dual Queue-ing/shaping is Real Can you give me a proof that even in one small scenario dual qos on mikrotik would be effective? It works when you need to limit individual users's bandwidth and at the same time control his/her flows like VoIP, www and p2p. What is there to prove? If that's what you'...
by rmichael
Fri Oct 12, 2012 5:08 pm
Forum: Wireless Networking
Topic: NV2 disconnect problem
Replies: 138
Views: 23056

Re: NV2 disconnect problem

No that is not what Uldis said! Settings that had never any effect on Nv2 have been removed from view. They still work the same as they used to work before. They are available in non-Nv2 modes. so if hide ssid is on with the 802.11 protocol and we switch over to nv2 the hide ssid is still on and wo...
by rmichael
Fri Oct 12, 2012 3:45 pm
Forum: General
Topic: Question about global in queue tree V6.x
Replies: 41
Views: 34273

Re: Question about global in queue tree V6.x

I wonder if I'm the only one using 3 queues (in, total and out) for bandwidth limiting. I'll definitively miss extra queues it in V6. Sure you may find workarounds for Janis QoS example but the workaround would clash if you're already using htb for other things. Story of my life: I've made QoS based...
by rmichael
Mon Oct 08, 2012 4:23 pm
Forum: RouterBOARD hardware
Topic: Hardware recommendations for 45Mbps IPSEC throughput
Replies: 9
Views: 7506

Re: Hardware recommendations for 45Mbps IPSEC throughput

3des is as cpu consuming as aes256. 10Mbps for RB450 sounds right (it was 8Mbps for me IIRC). Btw, US-CERT now says that MD5 "should be considered cryptographically broken and unsuitable for further use"
by rmichael
Mon Oct 08, 2012 4:03 pm
Forum: General
Topic: Broken SFQ
Replies: 9
Views: 1545

Re: Broken SFQ

What about 5.20 ?
There were no change log entries regarding queuing so I assume it's the same. However, since you asked I did test SFQ on a different device running v5.20 with the same result.
by rmichael
Mon Oct 08, 2012 6:11 am
Forum: General
Topic: Broken SFQ
Replies: 9
Views: 1545

Re: Broken SFQ

ROS 5.14
DRR = Deficit Round Robin

thanks.
by rmichael
Mon Oct 08, 2012 6:05 am
Forum: RouterBOARD hardware
Topic: Hardware recommendations for 45Mbps IPSEC throughput
Replies: 9
Views: 7506

Re: Hardware recommendations for 45Mbps IPSEC throughput

AFAIK not all encryption types are hardware accelerated so be sure that you double check if one you want is supported by ROS...
by rmichael
Wed Oct 03, 2012 3:57 pm
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 26902

Re: So, ah, Cloud Core Router CCR1036 Shipping Date? Please.

it is know fact that CONNTRACK_MAX/HASHSIZE in RouterOS is calculated dynamically based on amount of available memory. Also it is known fact that you need to rebuild your hash if there are entry that is new (new connection - not invalid packet). Also in real deployments only fraction of time is spe...
by rmichael
Wed Oct 03, 2012 2:58 pm
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 26902

Re: So, ah, Cloud Core Router CCR1036 Shipping Date? Please.

I see a problem with this setup: the most expensive operation for conn track is to find out that a packet does not belong to any existing connection. Testing with only 120 streams (no new connections?) does not test properly "conn tracking ON" performance. Some link to the source of this assumption...
by rmichael
Wed Oct 03, 2012 2:42 pm
Forum: General
Topic: intel dn2800mt big latency(ros 5.20)
Replies: 6
Views: 1618

Re: intel dn2800mt big latency(ros 5.20)

5% CPU usage at what throughput? NAT+firewall+mangle+conn track?

I'm interested in this board myself as it is cheap and high performance. If I get it, I'm thinking of modifying the pcie x1 slot to accommodate pcie x4 RB44ge card to bypass potential NIC driver incompatibilities in ROS.
by rmichael
Wed Oct 03, 2012 2:26 pm
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 26902

Re: So, ah, Cloud Core Router CCR1036 Shipping Date? Please.

I see a problem with this setup: the most expensive operation for conn track is to find out that a packet does not belong to
any existing connection. Testing with only 120 streams (no new connections?) does not test properly "conn tracking ON" performance.
by rmichael
Wed Oct 03, 2012 1:45 pm
Forum: General
Topic: What is the maximum DHCP pool on RouterOS Level 4
Replies: 4
Views: 1620

Re: What is the maximum DHCP pool on RouterOS Level 4

you can check here for license limitations: http://wiki.mikrotik.com/wiki/Manual:License#License_Levels afaik - dhcp server is not limited by license in any way. Only thing to care about is how much traffic you are going to push through the device and will it be able to handle that. However splitti...
by rmichael
Wed Oct 03, 2012 1:36 pm
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 26902

Re: So, ah, Cloud Core Router CCR1036 Shipping Date? Please.

Switching has nothing to do with our tests, please stop comparing the results to a switch! You can clearly see in the testing tables, which features were used. Routing/Bridging/Firewall etc. Normis, could you describe how do you perform "firewall on" test? Do you have any mangle rules? How many acc...
by rmichael
Wed Oct 03, 2012 6:45 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 92440

Re: RB2011UAS-2HnD-IN Questions Topic

I would like to buy one. Anyone have stock here in the US?
http://bit.ly/UEMNXN
by rmichael
Tue Oct 02, 2012 5:40 pm
Forum: General
Topic: Broken SFQ
Replies: 9
Views: 1545

Broken SFQ

When I assign SFQ to my upload traffic with sfq-allot=1 the queue is not dropping packets and all flows continue. Since there are no packets of 1 byte in size - all traffic should just stop but that is not the case. I see three possibilities: either SFQ allot parameter has no meaning below 1514, SFQ...
by rmichael
Tue Oct 02, 2012 4:36 pm
Forum: Wireless Networking
Topic: NV2 disconnect problem
Replies: 138
Views: 23056

Re: NV2 disconnect problem

@ManyX, I get almost 40% more throughput with TDMA size 8 vs 3, so try that in your test.
by rmichael
Tue Oct 02, 2012 6:18 am
Forum: General
Topic: Question about global in queue tree V6.x
Replies: 41
Views: 34273

Re: Question about global in queue tree V6.x

Good question. I also use global-in, global-out and global-total extensively so I'd really like to hear how would I be able to run packets through queue tree two or three times in ROSv6?
by rmichael
Sun Sep 23, 2012 4:27 pm
Forum: RouterBOARD hardware
Topic: CF to mini PCI-e express SSD Adapter
Replies: 3
Views: 1606

Re: CF to mini PCI-e express SSD Adapter

Maybe this could work for you:

2.5" SATA/USB 2.0 to Compact Flash Adapter
http://www.amazon.com/Syba-Connectivity ... B0036DDXUW
by rmichael
Sun Sep 23, 2012 4:18 pm
Forum: General
Topic: What is the maximum DHCP pool on RouterOS Level 4
Replies: 4
Views: 1620

Re: What is the maximum DHCP pool on RouterOS Level 4

My RB433ah could handle about 700 DHCP registrations.
by rmichael
Sun Sep 23, 2012 2:48 am
Forum: RouterBOARD hardware
Topic: CF to mini PCI-e express SSD Adapter
Replies: 3
Views: 1606

Re: CF to mini PCI-e express SSD Adapter

I don't think it'll work since pcie slot in EeePC that adapter is for is not a real pcie slot. Micron SATA SSD can be had for he same price as flash so why not use SSD drive instead?

Please port your results if you get this board as it looks quite interesting.
by rmichael
Tue Sep 18, 2012 5:03 pm
Forum: General
Topic: Can RouterOS do Broadband Bonding / WAN Virtualization ?
Replies: 8
Views: 3326

Re: Can RouterOS do Broadband Bonding / WAN Virtualization ?

Yes, PPC does something similar for upstream traffic. What MT does not offer is "Truffle or Broadband Bonding Service" which gives higher throughput to single session. (it does cost you extra and most likely you pay per Gb) You could emulate BBS on MT with multilink PPP, but I'n not sure how reliabl...
by rmichael
Mon Sep 17, 2012 7:02 pm
Forum: General
Topic: PCQ, high ping
Replies: 44
Views: 12621

Re: PCQ, high ping

Try this:

1) don't packet mark dns and icmp traffic
2) cut your max limit in your parent queues by half

Do you still get a ping delay?
by rmichael
Sun Sep 16, 2012 9:58 pm
Forum: RouterBOARD hardware
Topic: High Load RB/433AH
Replies: 5
Views: 976

Re: High Load RB/433AH

Based on my setup, I saw 2-4 times improvement going from RB493AH to RB1100AH. Although RB1100AH supposed to be 5x faster based on pps stats mangle and firewall rules slow it down considerably. Considering my experience with RB1100AH, perhaps dual core version could give you 3-6 speed improvement.
by rmichael
Thu Sep 13, 2012 1:36 pm
Forum: RouterBOARD hardware
Topic: Mikrotik 1100AH X2 vs Ubiquti Edge Router
Replies: 26
Views: 28173

Re: Mikrotik 1100AH X2 vs Ubiquti Edge Router

I don't get the negativity on here tbh . Competition is always good for the consumer . Who knows you might get a new hardware revision or hardware facelift on the 1100/1100AX series or perhaps get niceties like SFP's thrown on in the future from MTK ? At this point all you can do is being cynical s...
by rmichael
Thu Sep 13, 2012 6:14 am
Forum: General
Topic: EdgeOS not as good as it appears?
Replies: 2
Views: 5895

EdgeOS not as good as it appears?

Examples taken from: http://dl.ubnt.com/Tolly212128UbiquitiEdgeRouterLitePricePerformanceVsMikroTik.pdf http://routerboard.com/RB1100AHx2 As pictured below Mikrotik's performance numbers for RB1100AHx2 are quite different from Tolly Enterprises test results commissioned by UBNT. The difference is qu...
by rmichael
Thu Sep 13, 2012 12:32 am
Forum: General
Topic: What do you all think of the EdgeRouter?
Replies: 21
Views: 3455

Re: What do you all think of the EdgeRouter?

Before everyone get's on Ubiquiti train lets not forget that UBNT is publicly traded company with many investors trying to unload the stock due to counterfeit fiasco.
by rmichael
Wed Sep 12, 2012 10:04 pm
Forum: RouterBOARD hardware
Topic: Mikrotik 1100AH X2 vs Ubiquti Edge Router
Replies: 26
Views: 28173

Re: Mikrotik 1100AH X2 vs Ubiquti Edge Router

Yes, wondering about this too. Lower price of 1100AH series and Cloud Router for $1000? Also, I'm wondering what they are not telling you. Ubiquiti wireless radios seem very interesting at first but when you want something as simple as having multiple SSID's, you can't do it. Multiple SSID's with d...
by rmichael
Mon Sep 10, 2012 4:15 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153641

Re: how block connection of p2p?

Thank you very much for all of your effort on this code. We got a nasty gram from the Recording Industry Association of America (RIAA) yesterday and are trying to prevent all P2P. (we offer free WiFi to guests) Are you responsible, as an ISP, for users actions? Which country is that? ...perhaps you...
by rmichael
Mon Sep 10, 2012 3:48 pm
Forum: The Dude
Topic: Automated Bandwidth Tests
Replies: 7
Views: 3885

Re: Automated Bandwidth Tests

In that case the test would be useless anyway. Running Btest from routerboard itself will severely affect CPU load, and decrease the test speed by up to 50%. The Btest is run by sending random data to the other end of the link, and this random data has to be generated by the same routerboard you ar...
by rmichael
Mon Sep 10, 2012 3:34 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153641

Re: how block connection of p2p?

Thank you very much for all of your effort on this code. We got a nasty gram from the Recording Industry Association of America (RIAA) yesterday and are trying to prevent all P2P. (we offer free WiFi to guests) Are you responsible, as an ISP, for users actions? Which country is that? ...perhaps you...
by rmichael
Mon Sep 10, 2012 6:43 am
Forum: General
Topic: sd card missing
Replies: 8
Views: 1356

Re: sd card missing

help...
Supposedly class 2 sd cards are recommended.
by rmichael
Mon Sep 10, 2012 2:40 am
Forum: General
Topic: Routing Mark -No inbound access
Replies: 3
Views: 531

Re: Routing Mark -No inbound access

PCC example in wiki describes what you need to do: First it is necessary to manage connection initiated from outside - replies must leave via same interface (from same Public IP) request came. We will mark all new incoming connections, to remember what was the interface. http://wiki.mikrotik.com/wik...
by rmichael
Sun Sep 09, 2012 5:45 pm
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 26902

Re: So, ah, Cloud Core Router CCR1036 Shipping Date? Please.

It will be very difficulty to get this beast running. It's massive parallel so algorithms have to be changed to use it's capacity. This might affect stability in the first releases... Hope to see gigabit routing speeds with 64 Byte packets. It will most likely have two cores assigned to each port, ...
by rmichael
Sun Sep 09, 2012 4:02 pm
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 26902

Re: So, ah, Cloud Core Router CCR1036 Shipping Date? Please.

I'm still curious about the pricing.
The TILE64 cpu itself costs $650...
by rmichael
Sun Sep 09, 2012 3:53 pm
Forum: Wireless Networking
Topic: Wireless Disconnect Extensive Data Loss
Replies: 44
Views: 33458

Re: Wireless Disconnect Extensive Data Loss

i changed the protocol to nv2 and the link is stable now but the throughput is only 4Mbps can any one tell me does the 40mhz channel width really increases the throughput as i am not noticing any difference Change period size to 8 ms and you'll most likely double the throughput from the default 2ms...
by rmichael
Sun Sep 09, 2012 1:21 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 92440

Re: RB2011UAS-2HnD-IN Questions Topic

How useful do you find the LCD?
by rmichael
Fri Sep 07, 2012 9:02 pm
Forum: RouterBOARD hardware
Topic: Routerboard 2011
Replies: 18
Views: 2604

Re: Routerboard 2011

We are looking into the PLC techology. Keep us updated with any other requests you might have
I'm interested. This would be great for old apartment buildings!
by rmichael
Fri Sep 07, 2012 5:42 pm
Forum: Wireless Networking
Topic: NV2 disconnect problem
Replies: 138
Views: 23056

Re: NV2 disconnect problem

I had to TURN OF nv2 on many 5,6ghz sectors. Now is uptime very good (with 802.11). A lot of days. When I turn NV2 on - then still disconnect clients. Every hour :( Clients and AP = ROS 5.20 My new favorite configuration: AP ROS5.17, CPE ROS5.20, single CPE ROS5.9 (this one appeared to be taking do...
by rmichael
Fri Sep 07, 2012 2:37 pm
Forum: RouterBOARD hardware
Topic: NEW PRODUCT - Cloud Core Router
Replies: 104
Views: 34084

Re: NEW PRODUCT - Cloud Core Router

According to wikipedia TILE64 architecture is supported starting from 3.6.36 kernel.
2.6.36 ;)
I don't know what to do now, admit it that I was way off or edit the wikipedia :-)
by rmichael
Fri Sep 07, 2012 2:21 pm
Forum: RouterBOARD hardware
Topic: NEW PRODUCT - Cloud Core Router
Replies: 104
Views: 34084

Re: NEW PRODUCT - Cloud Core Router

According to wikipedia TILE64 architecture is supported starting from 3.6.36 kernel. Since ROS6 is at 3.3.5 right now, doesn't that mean a long wait till core router is ready?
by rmichael
Thu Sep 06, 2012 4:00 am
Forum: General
Topic: CipherLab 8370 hangs with MikroTik
Replies: 8
Views: 1493

Re: CipherLab 8370 hangs with MikroTik

The device is most likely switching into power save mode. See if that works:

remove authentication
set rate selection to legacy
change to 2GHz-B
by rmichael
Wed Sep 05, 2012 5:44 pm
Forum: General
Topic: Firewall Builder support for MikroTik
Replies: 5
Views: 2180

Re: Firewall Builder support for MikroTik

Hi, I am thinking about implementing a patch, which would make the Linux version of Firewall Builder compatible with MikroTik devices. How many of you are interested for such a patch? Would you be prepared to buy it (licensed under non-distributable license), for say $50? Thanks, Nejc I think it's ...
by rmichael
Tue Sep 04, 2012 2:33 am
Forum: General
Topic: Simple http server
Replies: 9
Views: 2780

Re: Simple http server

great, how can you use sftp with mikrotik?
Enable SSH service on MikroTik, SFTP clients are: WinSCP, FileZilla...

Regards,
Thanks, that works quite well.
by rmichael
Tue Sep 04, 2012 1:51 am
Forum: General
Topic: QoS inside QoS
Replies: 5
Views: 795

Re: QoS inside QoS

You already have a working configuration where you mark and shape- just mirror it to create a second one. All important information is on page 11: First QOS: Mark in prerouting Shape in Global-in Second QOS: Mark in forward Shape in Interface HTB I can only Shape in global-out on the forward :( the...
by rmichael
Tue Sep 04, 2012 1:12 am
Forum: General
Topic: QoS inside QoS
Replies: 5
Views: 795

Re: QoS inside QoS

You already have a working configuration where you mark and shape- just mirror it to create a second one. All important information is on page 11:

First QOS:
Mark in prerouting
Shape in Global-in

Second QOS:
Mark in forward
Shape in Interface HTB
by rmichael
Tue Sep 04, 2012 12:30 am
Forum: General
Topic: Simple http server
Replies: 9
Views: 2780

Re: Simple http server

for this job use ftp server.
ftp is insecure
Than you can use sftp
great, how can you use sftp with mikrotik?
by rmichael
Tue Sep 04, 2012 12:27 am
Forum: General
Topic: Simple http server
Replies: 9
Views: 2780

Re: Simple http server

how is HTTP more secure than FTP ?
ftp active connections are less secure than http

In any case, http over SSL would probably be easier for you to implement than sftp and encryption should really be the goal -specially if you ever wanted to sell to PCI DSS market.
by rmichael
Mon Sep 03, 2012 11:53 pm
Forum: General
Topic: QoS inside QoS
Replies: 5
Views: 795

Re: QoS inside QoS

There are few ways to do that. One of them is that you can shape and mark twice as in document below:

http://mum.mikrotik.com/presentations/C ... _Megis.pdf
by rmichael
Fri Aug 31, 2012 5:36 am
Forum: General
Topic: Simple http server
Replies: 9
Views: 2780

Re: Simple http server

for this job use ftp server.
ftp is insecure
by rmichael
Wed Aug 29, 2012 1:51 pm
Forum: Virtualization
Topic: Metarouter for UBNT Unifi controller
Replies: 10
Views: 8932

Re: Metarouter for UBNT Unifi controller

MetaROUTER is a great idea, however, it needs more time to mature. I evaluated it on RB1100AH and it was quite unstable with OpenWRT image.

As I wait for MetaROUTER fixes, for now, I'm looking into variety of cheap ARM boards, like BeagleBoard and SoC based on AllWinner A1x.
by rmichael
Tue Aug 28, 2012 6:23 pm
Forum: General
Topic: Is Nth broken?
Replies: 2
Views: 435

Re: Is Nth broken?

It worked for me most of the time on v4 but v5 is just broken.

I have
nth=75,1
nth=75,2
...
nth=75,75

rules and the furthest it will go is about 75/40, than it'll start from the beginning, 75/1 rule, as if some counter was being reset.
by rmichael
Sun Aug 26, 2012 7:07 am
Forum: General
Topic: possible to open hotspot up if radius server down?
Replies: 3
Views: 690

Re: possible to open hotspot up if radius server down?

Is it possible to set up the hotspot so that if the radius server is down, the whole system is open for everyone to access? I work on an island where the infrastructure is very unreliable. There are times when the internet is working, but our radius server is down. This doesn't happen very often, b...
by rmichael
Thu Aug 23, 2012 12:52 am
Forum: General
Topic: Is Nth broken?
Replies: 2
Views: 435

Is Nth broken?

I look at packet distribution of my setup with Nth and it's very top heavy -as if Nth was restarting from the beginning instead of going through all Nth entries. It was working much better in v4.

Is anyone using Nth under ROS v5 with good results?
by rmichael
Wed Aug 22, 2012 8:09 pm
Forum: Beginner Basics
Topic: active and host count
Replies: 10
Views: 1590

Re: active and host count

Perhaps this can get you started: chain=forward action=add-src-to-address-list src-address=<wifi subnet> src-address-list=!ActiveUsers address-list=ActiveUsers address-list-timeout=10m nth=100,1 Create a rule that will add IP (the user) to the ActiveUsers list when the IP is not already on the list....
by rmichael
Wed Aug 22, 2012 3:35 am
Forum: Virtualization
Topic: MetaROUTER stability issues on certain MIPSBE and PPC boards
Replies: 490
Views: 123130

Re: MetaROUTER stability issues on certain MIPSBE and PPC bo

It seems to take quite a while for such a simple hotfix. Are you kidding? You think making a hypervisor is simple ? Allright then, show us your own mips hypervisor, then you can talk. The first thing I thought when MT released metarouter was: 'wow, MikroTik have some serious balls'. But nothing can...
by rmichael
Tue Aug 21, 2012 11:19 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 365
Views: 243266

Re: Metarouter images

@liquidcz

Build 31244 (MIPSE) seems more stable than 31206 (PCC). Could you update PCC trunk with 31244 build?

31206 crashes while using logread command.

thank you
by rmichael
Tue Aug 21, 2012 11:06 pm
Forum: Virtualization
Topic: MetaROUTER stability issues on certain MIPSBE and PPC boards
Replies: 490
Views: 123130

Re: MetaROUTER stability issues on certain MIPSBE and PPC bo

I'm testing MetaROUTER using liquidcz basic image (http://openwrt.wk.cz/trunk/mr-ppc/openwrt-mr-ppc-rootfs-31206-basic.tar.gz) with no extra packages installed (I just want to use it for dnsmasq). It can run fine for days but whenever I try to logread or go to /dev/log the RB1100AH freezes and only ...
by rmichael
Tue Aug 21, 2012 3:26 pm
Forum: Scripting
Topic: API Bug ?
Replies: 4
Views: 1126

Re: API Bug ?

$API->write('=numbers=*8);
Aren't you missing a closing single quotation mark here?
by rmichael
Mon Aug 20, 2012 4:35 pm
Forum: Wireless Networking
Topic: NV2 disconnect problem
Replies: 138
Views: 23056

Re: NV2 disconnect problem

After I upgraded everything to 5.20, CCQ got quite steady, especially Rx CCQ (on AP). Also, there was much less variation in noise but I got less throughput and all but two radios just lost connection for 10sec at one point which had not happened with other versions. I decided to keep CPEs at 5.20 a...
by rmichael
Mon Aug 20, 2012 1:09 am
Forum: General
Topic: v5.20 released
Replies: 113
Views: 38201

Re: v5.20 released

RB1100AH humming away nicely on 5.20. Just one minor issue so far: I have DUDE monitoring CPU temp using CPU Temp [oid("1.3.6.1.4.1.14988.1.1.3.11.0")/10 (the /10 was a fix for the 1200) It now shows The second ICE age has occurred over night reporting a temp of -273.0 :D Mikrotik can you tell me h...
by rmichael
Thu Aug 16, 2012 11:19 pm
Forum: General
Topic: Newsletter 41: NEW PRODUCTS!
Replies: 64
Views: 25317

Re: Newsletter 41 NEW PRODUCTS!

RB44Ge is just 4x Atheros PCI chipsets with a PCI to PCIe bridge chip :(
It's 4x Atheros PCIe Ethernet, consumer grade, controllers connected to PCIe switch chip:

http://www.plxtech.com/download/file/575

Quick google search reveals myriad of driver issues in Linux...
by rmichael
Thu Aug 16, 2012 3:25 pm
Forum: General
Topic: v5.20 released
Replies: 113
Views: 38201

Re: v5.20 released

I seem to be getting better CCQ for NV2 in PtMP configuration. Can Mikrotik confirm that there were changes made to NV2? I'll not deploy until someone confirms it. Thank you.
by rmichael
Sat Aug 11, 2012 6:45 pm
Forum: Wireless Networking
Topic: NV2 disconnect problem
Replies: 138
Views: 23056

Re: NV2 disconnect problem

Like others I had a good experience with CPE up to 5.9 with AP at 5.17 (but only with firmware from 5.9 - go figure) 5.17 CPE and AP had fewer disconnects but taking much longer, and less bandwidth 5.19 (CPE/AP) even better uptime, quick 2s reconnect, but less bandwidth 5.19 CPE and 5.17 AP, little...
by rmichael
Fri Aug 10, 2012 2:06 pm
Forum: Wireless Networking
Topic: NV2 disconnect problem
Replies: 138
Views: 23056

Re: NV2 disconnect problem

Like others I had a good experience with CPE up to 5.9 with AP at 5.17 (but only with firmware from 5.9 - go figure) 5.17 CPE and AP had fewer disconnects but taking much longer, and less bandwidth 5.19 (CPE/AP) even better uptime, quick 2s reconnect, but less bandwidth 5.19 CPE and 5.17 AP, little ...
by rmichael
Sun Aug 05, 2012 12:15 am
Forum: General
Topic: v5.19 released
Replies: 57
Views: 21329

Re: v5.19 released

Upgrade need in two reason: 1) Fix a critical(for you) bug 2) Add extremely needed features (for you). Why u will upgrade? Security updates, unannounced improvements to wireless and better support (MT support tends to request that you upgrade before offering any help) Speaking of wireless -5.19 has...
by rmichael
Thu Aug 02, 2012 3:37 pm
Forum: General
Topic: v5.19 released
Replies: 57
Views: 21329

Re: v5.19 released

I think, u need to test new ROS before upgrade working devices... 8) +1 :-) Sometimes it's impossible to test everything in the lab environment. Here's what works for me: Upgrade 2 weeks after the release, scan forum for issues related to the release Upgrade one client, no firmware upgrade If it's ...
by rmichael
Thu Aug 02, 2012 3:28 pm
Forum: General
Topic: v5.19 released
Replies: 57
Views: 21329

Re: v5.19 released

I was previously on 3.38 boot and 5.9 clients and 5.17 AP in nv2 mode. Moved everything to 5.19/3.41 and so far no problems, all boards RB433AH and RB493AH. WiFi is as stable as before if not a bit better (fewer disconnects).
by rmichael
Wed Apr 04, 2012 7:46 pm
Forum: General
Topic: BUG : 5.11/5.12 Password Silently Drops Characters
Replies: 4
Views: 1078

Re: BUG : 5.11/5.12 Password Silently Drops Characters

You're probably experiencing password bug as described in other thread (not by me): "changing any attributes of local users unbelievably clears password on that user! for example if you change the group of a user or set comment on user or even disable and enable a user, its password will be cleared....
by rmichael
Thu Mar 22, 2012 6:16 pm
Forum: General
Topic: Stats over PCQ
Replies: 10
Views: 1076

Re: Stats over PCQ

The easiest way is to use off the shelf Trafficflow/netflow software like manageengine's NetFlow (which is free for one interface AFAIK). Another, would be to create a passthrough rule for each of the IP/MAC/etc and pull byte stats from each with a script. Also, I have not done it but I've seen othe...
by rmichael
Thu Mar 22, 2012 1:28 pm
Forum: General
Topic: Stats over PCQ
Replies: 10
Views: 1076

Re: Stats over PCQ

Hi, This is my scenario, I'm a wireless ISP and I admin my bandwidth flow with Mikrotik. I have different types of customers, for that I'm using PCQ. I don't work with hotspots. Now, here is my question, how i could get stats for every single user, like bandwidth usage (daily, weekly, monthly) and ...
by rmichael
Mon Mar 19, 2012 4:01 am
Forum: RouterBOARD hardware
Topic: NV2 compatible radioboards ?
Replies: 16
Views: 2629

Re: NV2 compatible radioboards ?

nv2 seems to have a hard time (worse than nstreme) with multipath interference so I'd say that cards with 802.11n/MIMO are the most suitable for it. How's that? Explain? I use nv2 in heavy spectrum used environment and I have no problems. Yes, they were plenty of adjacent channel interference probl...
by rmichael
Sun Mar 18, 2012 2:30 pm
Forum: RouterBOARD hardware
Topic: Cheap gigabit Routerboard with minipciExpress?
Replies: 10
Views: 3925

Re: Cheap gigabit Routerboard with minipciExpress?

I wonder if miniPCI - miniPCIe adapter would work with routerboard:

http://www.amfeltec.com/products/flexib ... dapter.php
by rmichael
Sun Mar 18, 2012 2:11 pm
Forum: RouterBOARD hardware
Topic: NV2 compatible radioboards ?
Replies: 16
Views: 2629

Re: NV2 compatible radioboards ?

3 antenna cards are not very popular and therefore will have more issues - I would stick to 2x2 MIMO setup unless you absolutely need the extra bandwidth.
by rmichael
Sun Mar 18, 2012 4:49 am
Forum: RouterBOARD hardware
Topic: NV2 compatible radioboards ?
Replies: 16
Views: 2629

Re: NV2 compatible radioboards ?

nv2 seems to have a hard time (worse than nstreme) with multipath interference so I'd say that cards with 802.11n/MIMO are the most suitable for it.
by rmichael
Sun Mar 18, 2012 4:43 am
Forum: General
Topic: strange issue with CCME/cisco phones
Replies: 5
Views: 788

Re: strange issue with CCME/cisco phones

Or, maybe mikrotik's DHCP server is on?
by rmichael
Fri Mar 16, 2012 11:18 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207995

Re: Feature requests - torch

Add new filter "connection mark X" to the Torch to be able to track the performance of the PCQ/Queue Tree
by rmichael
Fri Mar 16, 2012 8:00 pm
Forum: General
Topic: Routerboard Recommendation - Product Choice
Replies: 6
Views: 627

Re: Routerboard Recommendation - Product Choice

I am trying to get an idea of what routerboard (not x86 based) people would say could handle say 15 to 20 SSTP/PPTP connections at a time. Thanks. With that many sessions I'm guessing you'll be looking at more than couple of Mbps of throughput. If that's the case you should drop RB450/RB750/RB2011 ...
by rmichael
Thu Mar 15, 2012 2:02 am
Forum: General
Topic: Rules to stop subnet to subnet traffic
Replies: 14
Views: 4098

Re: Rules to stop subnet to subnet traffic

Basically I want each subnet to be able to get to the internet and to anything else on their /24 subnet, but not talk to any other /24 subnet. add action=reject chain=forward comment="Drop traffic between LAN interfaces/subnets" disabled=no \ dst-address-list=PrivateSubnets in-interface=!WAN reject...
by rmichael
Thu Mar 15, 2012 1:52 am
Forum: General
Topic: Rules to stop subnet to subnet traffic
Replies: 14
Views: 4098

Re: Rules to stop subnet to subnet traffic

RB800 I am going to put 130 different subnets on vlans than push the subnets and dhcp through switches. 192.168.1.1 - 192.168.131.1 I do not want any of the subnets to talk to each other. Is there a way to do this with out making firewall rules for each subnet? I feel like 300+ firewall rules may b...
by rmichael
Mon Mar 12, 2012 8:13 pm
Forum: RouterBOARD hardware
Topic: Using R52Hn in 802.11a/b/g (non-"n") with dual chain/antenna
Replies: 4
Views: 2120

Re: Using R52Hn in 802.11a/b/g (non-"n") with dual chain/ant

I see only 3 possibilities: a) a sort of "digital collision" happens "inside" the NIC chip and both transmissions are discarded b) one of the transmissions will be correctly processed by NIC chip and the other one will be discarded c) a sort of buffering is performed and both transmissions will be ...
by rmichael
Mon Mar 12, 2012 7:23 pm
Forum: General
Topic: Bug in rb1100ahx2 with
Replies: 3
Views: 740

Re: Bug in rb1100ahx2 with

Your setup:

max-limit: 800k
threshold: 400k
burst:3M

RB400 bursts to 3M and turns off for as long as the traffic is pegged at 800k (above threshold)
RB1000 burst kicks in even though average rate is above threshold.

I agree, that looks like a bug.
by rmichael
Mon Mar 12, 2012 4:39 pm
Forum: General
Topic: Bug in rb1100ahx2 with
Replies: 3
Views: 740

Re: Bug in rb1100ahx2 with

Since I've upgraded from rb493AH (4.11)to RB1100AH (5.14) I noticed the difference in behavior as well.

Edited out, as I assumed the differences were similar of what I observed between RB400 and RB1000 - which is not the case :D
by rmichael
Mon Mar 12, 2012 2:00 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 Memorygate v2
Replies: 9
Views: 3593

Re: RB1100AHx2 Memorygate v2

At the time of purchase MetaROUTER was supported, Dude was not supported on any pcc platform but that it that it will be in the future (now, with so little flash, it will not be), usermanager, graphs, logs and backups. Btw, The Dude's home page still shows that PCC RB1000 platform is supported. It w...
by rmichael
Mon Mar 12, 2012 1:58 am
Forum: General
Topic: Using a datacenter in hotspot setups... question
Replies: 6
Views: 1175

Re: Using a datacenter in hotspot setups... question

Check out bonding with balance-xor: http://wiki.mikrotik.com/wiki/Bonding

You should get much higher utilization with bonded link to data center than PCC. However, don't you have to pay additional for data in and out of the data center?
by rmichael
Sun Mar 11, 2012 2:58 pm
Forum: General
Topic: Antenna for the RB751U
Replies: 3
Views: 526

Re: Antenna for the RB751U

Was RB751U even FCC certified for use with external antenna? I cannot find the info.
by rmichael
Sun Mar 11, 2012 2:20 pm
Forum: Wireless Networking
Topic: After upgrade from os 4.17 to os 5.14 major interferance
Replies: 2
Views: 752

Re: After upgrade from os 4.17 to os 5.14 major interferance

Hi, have several links that are running on RB-433AH one, on 5220 MHz with UBNT XR-5 (Atheros AR5413) card and other RB-433AH on 5805 with a UBNT SR-71 card (Atheros 11N), that coexisted on this tower, for a year now with no interfere. They were both running OS 4.17. I upgraded them to 5.14 and I ca...
by rmichael
Sun Mar 11, 2012 2:24 am
Forum: RouterBOARD hardware
Topic: RB1100AHx2 Memorygate v2
Replies: 9
Views: 3593

Re: RB1100AHx2 Memorygate v2

It's incredible that even the re-sellers like roc-noc.com have not stepped up and provided clearer description of what the product is/not capable off. I'm sure there are plenty of people who are ok with 41.7MB of storage - why not include that in the description and keep all of the customers happy? ...
by rmichael
Fri Mar 09, 2012 9:39 pm
Forum: Wireless Networking
Topic: FLR9G30 and XC900M
Replies: 15
Views: 3194

Re: FLR9G30 and XC900M

wow. Do you have polling enabled on nstreme? My settings: Enable Polling Disable CSMA best fit 3200 long preamble (it increases CCQ) Note I originally stated that nv2 worked better - I based it on one way UDP tests. Once I tested using TCP, receive and transmit from three CPEs at the same time the ...
by rmichael
Fri Mar 09, 2012 8:18 pm
Forum: Wireless Networking
Topic: FLR9G30 and XC900M
Replies: 15
Views: 3194

Re: FLR9G30 and XC900M

Just wanted to add to what I wrote above. NV2 did not work out for me and I reverted back to nstreme (on v5.9 this time). During my testing nv2 throughput was about 25% less and very uneven, oscillating widely especially on nodes with <75CCQ. Latency was also all over the place, going as high as 170...
by rmichael
Fri Mar 09, 2012 5:00 am
Forum: Wireless Networking
Topic: station-wds,station-bridge or station w/MPLS forPtMP 802.1g?
Replies: 6
Views: 2198

station-wds,station-bridge or station w/MPLS forPtMP 802.1g?

Which is better (reliability, throughput, latency) for use with nv2: station-wds,station-bridge or station w/MPLS for PtMP, 802.1g WIFI?
by rmichael
Thu Mar 08, 2012 6:23 pm
Forum: Scripting
Topic: Red colour in simple queuse
Replies: 5
Views: 1438

Re: Red colour in simple queuse

Thanks for your response, but you miss understand. When the color change to red
76% - 100% available traffic used - red
there must be a bit set somewhere in a registry and i want to get the status of this and use this in a script
Its a feature of Winbox not ROS.
by rmichael
Thu Mar 08, 2012 4:59 pm
Forum: General
Topic: ROS 5.14
Replies: 8
Views: 1333

Re: ROS 5.14

Hi all i have 100% CPU on usermanager in profile how to solved this issue please help!! :( Thanks Turn off snmp. Hi michael but i have my cacti running to monitor the whole network if i turn off my cacti will stop :( Thanks I'm pretty sure it's bug and turning snmp off is just a workaround. Try it,...
by rmichael
Thu Mar 08, 2012 4:34 pm
Forum: Scripting
Topic: Red colour in simple queuse
Replies: 5
Views: 1438

Re: Red colour in simple queuse

I want to sum how determine when a simple queues color change to red in a script. Can’t seem to find this anywhere. Anny suggestions? From http://wiki.mikrotik.com/wiki/Manual:HTB Queue colors in Winbox: 0% - 50% available traffic used - green 51% - 75% available traffic used - yellow 76% - 100% av...
by rmichael
Thu Mar 08, 2012 3:50 pm
Forum: General
Topic: ROS 5.14
Replies: 8
Views: 1333

Re: ROS 5.14

Hi all

i have 100% CPU on usermanager in profile how to solved this issue please help!! :(

Thanks
Turn off snmp.
by rmichael
Tue Mar 06, 2012 5:53 pm
Forum: The Dude
Topic: get stats with SNMP turned OFF
Replies: 0
Views: 648

get stats with SNMP turned OFF

I had to turn off SNMP due to high cpu usage it was causing on pcc ROS v5.13 and v5.14.

So far I can pull speed info using routeros instead of SNMP and availability via ICMP echo.

Is there a way to pull other information, like number of leases, cpu usage, disk space, w/o using SNMP probes?
by rmichael
Tue Mar 06, 2012 5:45 pm
Forum: General
Topic: PCC reboot resistence
Replies: 1
Views: 298

Re: PCC reboot resistence

v4.x PCC function is seeded and hashed with random values during boot time. I don't think I've seen an official word re v5.x PCC although it's most likely still the case.
by rmichael
Tue Mar 06, 2012 3:57 pm
Forum: General
Topic: ROS v6 Suggestions
Replies: 76
Views: 20648

Re: New Winbox Suggestion

Include packet flow diagram within winbox for easy reference. I find myself time and time again looking for it when things go not as expected :lol: Manual Is accessible from winbox, so you can easily open packet flow diagram in winbox. Hi mrz Currently the diagram is not accessible when internet is...
by rmichael
Tue Mar 06, 2012 2:55 pm
Forum: General
Topic: ROS v6 Suggestions
Replies: 76
Views: 20648

New Winbox Suggestion

Include packet flow diagram within winbox for easy reference. I find myself time and time again looking for it when things go not as expected :lol:
by rmichael
Tue Mar 06, 2012 4:00 am
Forum: General
Topic: hotspot hardware recommended for 5000 concurrent users
Replies: 2
Views: 758

Re: hotspot hardware recommended for 5000 concurrent users

Current revision of RB1100AH does not have enough storage space to run user manager and hotspot packages.
by rmichael
Tue Mar 06, 2012 3:53 am
Forum: General
Topic: v5.14 released
Replies: 73
Views: 20668

Re: v5.14 released

I've had issues with good wifi connection yet no throughput (stops randomly). I've reverted back to v5.9 I think I saw that with new 2.39 firmware. I'm running 5.14 with 2.38 w/o such issue (the only reason I'm on 5.14 is that 5.9 was crashing every 1-2 days - WDS stations actually disconnect more ...
by rmichael
Tue Mar 06, 2012 12:29 am
Forum: RouterBOARD hardware
Topic: RB11000AH for Web Proxy
Replies: 1
Views: 794

Re: RB11000AH for Web Proxy

The build in proxy does not cache dynamic content (like youtube etc) and therefore will not save you a lot of bandwidth. In addition, all of your users will be sharing the same source IP (of the proxy) which may or may not be an issue for you.
by rmichael
Mon Mar 05, 2012 3:16 pm
Forum: General
Topic: RB1100AH 41MB HDD Storage (Instead of 512mb)
Replies: 19
Views: 5555

Re: RB1100AH 41MB HDD Storage (Instead of 512mb)

Product was replaced by a new one, brochure was updated because of it.
Was it intentional for the updated brochure not to list nand storage capacity? It seems that many who purchased the revised RB1100AH did not expect it to be only 41.7MB
by rmichael
Sun Mar 04, 2012 12:59 am
Forum: RouterBOARD hardware
Topic: RB1100AHx2 Memorygate
Replies: 30
Views: 8362

Re: RB1100AHx2 Memorygate

I had this problem before with older models with small flash. Before updating, try to uninstall any unused packages, reboot to complete the uninstall. See that there is at least 30 megs free space. Then upload the separate packages and not the combined one, reboot to complete the update. Then maybe...
by rmichael
Fri Mar 02, 2012 6:25 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 Memorygate
Replies: 30
Views: 8362

Re: RB1100AHx2 Memorygate

I thought I knew what I was getting into but it appears there's either a software issue or 41MB is really way too small. I was about to upgrade to the latest version but I cannot: I have RB1100AH running ROS5.13, (no user-manager or hotspot packages installed) nothing in the file list, 36.5 of 41.7...
by rmichael
Fri Mar 02, 2012 3:49 pm
Forum: General
Topic: RB1100AH 41MB HDD Storage (Instead of 512mb)
Replies: 19
Views: 5555

Re: RB1100AH 41MB HDD Storage (Instead of 512mb)

Here's the problem I have with Mikrotik: 1) nowhere in the brochure or any distributor (strakwave/roc-noc/balticnetworks) site states that it's limited to only 41.7MB NAND storage, if fact neither AH or AHx2 brochures state the size of NAND 2) It's advertised as "extreme performance" vs RB1200 "affo...
by rmichael
Thu Mar 01, 2012 7:11 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 Memorygate
Replies: 30
Views: 8362

Re: RB1100AHx2 Memorygate

I thought I knew what I was getting into but it appears there's either a software issue or 41MB is really way too small. I was about to upgrade to the latest version but I cannot: I have RB1100AH running ROS5.13, (no user-manager or hotspot packages installed) nothing in the file list, 36.5 of 41.7M...
by rmichael
Thu Mar 01, 2012 2:10 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 Memorygate
Replies: 30
Views: 8362

Re: RB1100AHx2 Memorygate

[see below]
by rmichael
Sat Feb 25, 2012 2:50 pm
Forum: General
Topic: v5.14 released
Replies: 73
Views: 20668

Re: v5.14 released

What's new in 5.14 (2012-Feb-22 12:04): *) wireless - improved nv2 link stability to reduce control frame timeouts, only AP requires update; Upgrading the AP to 5.14 did not help. The CPE still disconnects and stability seems worse. Where before, on AP with v5.9, the CPE was disconnecting just for ...
by rmichael
Fri Feb 24, 2012 10:27 pm
Forum: Wireless Networking
Topic: Adaptive Noise Immunity tip
Replies: 1
Views: 1554

Adaptive Noise Immunity tip

I have confirmed empirically that ANI on AP will work the best when RX readings (signal from CPE) are at similar power (I have them at -68 to -58). When range becomes wider, -68 to -40 ANI stops producing any positive results in noise floor readings as well as CCQ.
by rmichael
Fri Feb 24, 2012 4:46 pm
Forum: General
Topic: v5.14 released
Replies: 73
Views: 20668

Re: v5.14 released

What's new in 5.14 (2012-Feb-22 12:04): *) wireless - improved nv2 link stability to reduce control frame timeouts, only AP requires update; Upgrading the AP to 5.14 did not help. The CPE still disconnects and stability seems worse. Where before, on AP with v5.9, the CPE was disconnecting just for ...
by rmichael
Fri Feb 24, 2012 3:12 pm
Forum: General
Topic: v5.14 released
Replies: 73
Views: 20668

Re: v5.14 released

5.14 So far very good? Using a Omni on a busy mast with sectors and Ptp's all working below, 0-3db signal to noise, RX/TX signal 84 to 90db, and yet the link has stayed up for 13:30 hrs so far before it was disconnecting after 15mins or less. Could you test and let us know how are latency and jitte...
by rmichael
Fri Feb 24, 2012 12:16 am
Forum: General
Topic: firewall filter on ipsec, how to identify the IPSec intrfce
Replies: 53
Views: 26738

Re: firewall filter on ipsec, how to identify the IPSec intr

You can use bridge filter to filter out private IP traffic comming through WAN. Bridge filter will not touch the encapsulated IPsec payload with the same private IP.

Of course the filter is only necessary when the IPSec tunnel is down since packets will be automatically dropped otherwise.
by rmichael
Thu Feb 23, 2012 7:39 pm
Forum: General
Topic: snmp - provide extended interface statistics when availabe
Replies: 0
Views: 293

snmp - provide extended interface statistics when availabe

Change log entry from 5.10:
"snmp - provide extended interface statistics when availabe"
Does that mean I can access CCQ, noise floor, etc via SNMP now?
by rmichael
Thu Feb 23, 2012 7:31 pm
Forum: The User Manager
Topic: WiFree service
Replies: 2
Views: 1239

Re: WiFree service

Is mikrotik usermanager protected from Wi-Free ( a service which routes traffic through dns and icmp protocol ) ? Wi-Free Website That's clever technique used first by some of the spyware. To block you can use the firewall: Use content filter and filter out ICMP traffic with anything else than stan...
by rmichael
Thu Feb 23, 2012 5:28 pm
Forum: General
Topic: daily limitation of upload traffic
Replies: 3
Views: 765

Re: daily limitation of upload traffic

Hi, i dont use hot spot, do i need some firewall rule to do this. Best regards. I don't have any example configuration to offer but I've done something like that few years back: Create a mangle OverQuota chain for each IP on your network (with return action). With a script, use byte counters to det...
by rmichael
Thu Feb 23, 2012 5:16 pm
Forum: RouterBOARD hardware
Topic: Question on Ethernet Bypass Mode, RB1100
Replies: 8
Views: 11402

Re: Question on Ethernet Bypass Mode, RB1100

yes, in case of problems, you don't have to flip the switch! this was interpreted incorrectly by poli5681 . switch simply decides whether you will want to use this feature or not. will the bypass activate in the following situations: 1) power outage? 2) router freezes? 3) during reboot? thank you.
by rmichael
Thu Feb 23, 2012 4:57 pm
Forum: Wireless Networking
Topic: FLR9G30 and XC900M
Replies: 15
Views: 3194

Re: FLR9G30 and XC900M

I upgraded receintly from 4.11 (nstreme) to 5.9 (nv2) (all XR9): nv2 seems to work better with all CPE having the same data rate frame control disconnect problems (supposedly fixed in 5.14) AP reboots every day (coredump) nv2 does worse than nstreme with links with CCQ below 75 nv2 does worse than n...
by rmichael
Thu Feb 10, 2011 8:15 pm
Forum: General
Topic: firewall vulnerability?
Replies: 10
Views: 1242

Re: firewall vulnerability?

ver2 :) add action=accept chain=forward comment="accept ESTABLISHED" connection-state=\ established disabled=no add action=accept chain=forward comment="accept RELATED" connection-state=related \ disabled=no add action=drop chain=forward comment="DROP what's not on thelist" \ disabled=no in-interfac...
by rmichael
Thu Feb 10, 2011 8:05 pm
Forum: General
Topic: firewall vulnerability?
Replies: 10
Views: 1242

Re: firewall vulnerability?

Thanks fewi. I'll try adding this to the filter: add action=accept chain=forward comment="accept ESTABLISHED" connection-state=\ established disabled=no add action=accept chain=forward comment="accept RELATED" connection-state=related \ disabled=no add action=drop chain=input comment="DROP what's no...
by rmichael
Thu Feb 10, 2011 6:55 pm
Forum: General
Topic: firewall vulnerability?
Replies: 10
Views: 1242

Re: firewall vulnerability?

accept rules above drop rule: add action=accept chain=input comment="accept ESTABLISHED" connection-state=\ established disabled=no add action=accept chain=input comment="accept RELATED" connection-state=related \ disabled=no the Drop rule: add action=drop chain=input comment="DROP what's not on the...
by rmichael
Thu Feb 10, 2011 6:33 pm
Forum: General
Topic: firewall vulnerability?
Replies: 10
Views: 1242

firewall vulnerability?

I have a rule that drops traffic if src is not on the address-list

drop rule works, however it does NOT drop port forwarded traffic to another IP address.

for example firewall drop rule will block dstnat redirect rule but dstnat dst-nat IP:port will not be blocked

Isn't that strange?

(ROS4.11)
by rmichael
Thu Feb 10, 2011 6:27 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207995

Re: Feature requests

Please add src/dst address list support to torch. It can be useful to see what is going to oversea traffic for example.
I like your idea. Speaking of torch, please add a connection/packet mark filters.
by rmichael
Thu Jan 06, 2011 6:35 pm
Forum: General
Topic: about pcc combining way & distinguishing browsing & download
Replies: 18
Views: 2288

Re: about pcc combining way & distinguishing browsing & down

I use IP src and dst classifier and it's still not evenly distributed. Maybe in your case it'd be better to use nth instead of pcc and to shorten connection tracking timeouts?

EDIT: just realized nth will not work in your situation...
by rmichael
Thu Jan 06, 2011 6:29 pm
Forum: General
Topic: RB750 freezing up
Replies: 7
Views: 1186

Re: RB750 freezing up

as it was mentioned, make sure you have the latest firmware: /system routerboard print to view /system routerboard upgrade to upgrade
by rmichael
Thu Jan 06, 2011 10:22 am
Forum: General
Topic: about pcc combining way & distinguishing browsing & download
Replies: 18
Views: 2288

Re: about pcc combining way & distinguishing browsing & down

Assigning routing mark directly with PCC works fine. The only problem is that it uses a lot more CPU (3x more) as compared to giving connection mark to new connections using PCC and assigning routing mark based on connection mark. You'll not get any different connection distribution however (which i...
by rmichael
Thu Jan 06, 2011 9:47 am
Forum: Beginner Basics
Topic: Best Settings for nlos performance
Replies: 17
Views: 1362

Re: Best Settings for nlos performance

make sure that your antennas are high enough, at least 14m minimum
by rmichael
Thu Jan 06, 2011 9:36 am
Forum: General
Topic: Port knocking from RouterOS
Replies: 3
Views: 1462

Re: Port knocking from RouterOS

fetch also works with the advantage that it can send some "secret" text via URL. For example first fetch command can include a keyword in URL which tells the receiver which port to listen on for the second knock.
by rmichael
Thu Jan 06, 2011 9:25 am
Forum: The Dude
Topic: Dude agent on RB750?
Replies: 3
Views: 1695

Re: Dude agent on RB750?

Thanks. Which ROS version is it running?
by rmichael
Thu Jan 06, 2011 7:01 am
Forum: General
Topic: RB750 freezing up
Replies: 7
Views: 1186

Re: RB750 freezing up

Try version ROS 4.11 or 4.13
by rmichael
Tue Jan 04, 2011 7:48 pm
Forum: General
Topic: Bridge Filter problem
Replies: 9
Views: 1956

Re: Bridge Filter problem

Hello, I have a bridge firewall on a RB493 using 4.14version (ether2,ether9) internet<-->lan, I just want to filter the direction of traffic for example allow http traffic outgoing but block http incoming traffic, seems that the in-bridge-port and the out-bridge port in ip filter advanced setting d...
by rmichael
Mon Jan 03, 2011 3:43 am
Forum: General
Topic: v4.16 released
Replies: 74
Views: 12625

warning about upgrading the firmware to v.29

Firmware upgrade (from v.28 on RB493AH) caused router not to startup (no status lights on any eth port, blue light on). I had it powered off manually and it started up, sys routerboard shows v.29 installed. EDIT3: I may have been premature in my diagnosis. Yesterday, I observed one of the queue tree...
by rmichael
Mon Jan 03, 2011 2:58 am
Forum: The Dude
Topic: Does this program support SNMP traps?
Replies: 22
Views: 20116

Re: Does this program support SNMP traps?

Well I keep seeing old posts from over 2 years ago saying that trap support is coming soon. And then every time I try to find info about it everyone goes all quiet on me like I'm harry potter and have just said Voldemont or something. Like great wizard once said, ROS support for SNMP traps is not l...
by rmichael
Sun Jan 02, 2011 10:47 pm
Forum: The Dude
Topic: Backup settings other than by export
Replies: 4
Views: 1483

Backup settings other than by export

I rearranged one of the panels recently (v3.6) and ever since I'm unable to export the settings: This application has requested the Runtime to terminate in an unsual Way... Changes I've made are in fact saved as upon close and reopen everything is configured as it were. Is there another way to save ...
by rmichael
Sun Jan 02, 2011 7:54 am
Forum: General
Topic: FORUM SECURITY request
Replies: 8
Views: 1367

Re: FORUM SECURITY request

All shared hosting sites prohibit proxies and vpns/ssh tunnels (except a few that are running thor and are using your traffic as a smoke screen) . Collocated servers, vps or even ec2 are pretty expensive. That said I don't think VPN would be a substitute for https - especially now that ISPs are very...
by rmichael
Thu Dec 30, 2010 10:23 am
Forum: General
Topic: FORUM SECURITY request
Replies: 8
Views: 1367

Re: FORUM SECURITY request

I don't think PHPBB supports this.
You can use http rewrite to send only logins to https server:

http://www.phpbb.com/community/viewtopi ... 5&start=15
by rmichael
Thu Dec 30, 2010 4:01 am
Forum: General
Topic: FORUM SECURITY request
Replies: 8
Views: 1367

FORUM SECURITY request

Could you please enable SSL encryption on the login page so the passwords are encrypted? I'm too lazy to change my password every time I access this forum through via open WIFI.

thank you.
by rmichael
Mon Dec 27, 2010 11:58 pm
Forum: Beginner Basics
Topic: DNS Changing to the Fastest
Replies: 6
Views: 1791

Re: DNS Changing to the Fastest

Another option is to write a script that will run every few minutes that will try and resolve stuff and depending on the results, modify the NAT rule that handles the redirect. I'm not sure you'll get any real useful information to be able to use it in a script however. I doubt one can write a scri...
by rmichael
Mon Dec 27, 2010 6:22 pm
Forum: RouterBOARD hardware
Topic: Autonegotiation failure after ROS upgrade
Replies: 7
Views: 1390

Re: Autonegotiation failure after ROS upgrade

I've had no issues with original 500ma PSU on any of my RB750 (2nd version, with silk screen for USB). ROS4.5, 4.10, 4.11.
by rmichael
Mon Dec 27, 2010 5:07 am
Forum: General
Topic: MAC spoofing as a way of saving money (and IPv4 addresses)
Replies: 1
Views: 408

MAC spoofing as a way of saving money (and IPv4 addresses)

If you need an IPSEC concentrator to be separate from a firewall usually you need at least two public IPs to avoid NAT-T. Here's a way to do it with just one public IP:
MACspoofingToRunMultipleDevicesOnOneIP.png
by rmichael
Mon Dec 27, 2010 4:36 am
Forum: Beginner Basics
Topic: DNS Changing to the Fastest
Replies: 6
Views: 1791

Re: DNS Changing to the Fastest

Even better, tinydns will query multiple DNS servers and forward the quickes reply to the client. tinydns runs on linux, but I think Acrylic DNS does something similar on Windows.
by rmichael
Mon Dec 27, 2010 3:47 am
Forum: General
Topic: inaccurate Packet flow chart for IPSEC and bridge filter
Replies: 0
Views: 494

inaccurate Packet flow chart for IPSEC and bridge filter

700px-Packet_Flow_Example_4c.png Based on above flow chart traffic would bypass <IPsec Policy> decision, when bridge is the output interface, going to Bridge Decision instead. What I see is that traffic is treated by <IPSec Policy> before [Bridge Output] where bridge filter is at but after [Policyr...
by rmichael
Mon Dec 27, 2010 12:12 am
Forum: General
Topic: [solved] How to block all private unencrypted traffic...
Replies: 6
Views: 827

[solved] Re: How to block all private unencrypted traffic...

Shaping it down in WAN HTB did not work very well as it does not support 0bps rate. However, I did find a solution: bridge filter!
by rmichael
Sun Dec 26, 2010 11:38 pm
Forum: General
Topic: [solved] How to block all private unencrypted traffic...
Replies: 6
Views: 827

Re: How to block all private unencrypted traffic from going

You understood me right. I should have studied the packet flow before posting (http://wiki.mikrotik.com/wiki/Packet_Flow). Based on the packet flow I could packet mark all RFC1918 traffic in postrouting than shape it down to 0bps (unless IPSEC packets inherit packet marks from the payload) in WAN in...
by rmichael
Sun Dec 26, 2010 10:44 pm
Forum: General
Topic: [solved] How to block all private unencrypted traffic...
Replies: 6
Views: 827

Re: How to block all private unencrypted traffic from going

I'm running some tests and it seems mangle does detect ipsec-esp protocol in postrouting...

EDIT1: I think you're right - even though mangle can see the traffic firewall will not dop it...
by rmichael
Tue Dec 21, 2010 6:31 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207995

Re: Latency measurement via script

To expand, maybe array format (like [find] returns) would probably work good, of course this would mean re-writing current scripts that use the ping command's current output (only successful ping count).

EDIT: MT could add another command switch to return latency/hops values in array format.
by rmichael
Tue Dec 21, 2010 6:08 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207995

Latency measurement via script

When troubleshooting latency problems I would like to be able to output traceroute to a variable. If capturing of traceroute output was possible, script could record path and source of congestion as it happens. In addition return value of ping should be expanded as well to include more information, ...
by rmichael
Mon Dec 20, 2010 9:04 pm
Forum: General
Topic: process files that are larger than 4kB?
Replies: 2
Views: 473

Re: process files that are larger than 4kB?

Thanks for your reply. Your suggestion will work for large deployments however you must admit that maintaining a server to split a file in half is a pretty silly idea, IMHO, :lol: especially if we are talking one router. EDIT: If I had many routers I'd probably prefer each router to process it's own...
by rmichael
Sun Dec 19, 2010 7:21 am
Forum: General
Topic: process files that are larger than 4kB?
Replies: 2
Views: 473

process files that are larger than 4kB?

I would like to build an address list from spamhaus DROP file (hijacked networks) but the list is 9kB big (http://www.spamhaus.org/faq/answers.las ... DROP%20FAQ)

Is there a way to do it right from the router? Can v5 read files >4kB?
by rmichael
Wed Dec 15, 2010 6:18 am
Forum: General
Topic: New PCQ implementation in v5rc5
Replies: 1
Views: 505

New PCQ implementation in v5rc5

Now as soon as new stream activates it will get 1/4th of rate with highest priority. If rate is "0" sub-stream will not have this feature (as 1/4th of "0" is "0")
What does that mean? What priority? For how long will the new stream be guaranteed .25 of the rate?
by rmichael
Wed Dec 15, 2010 6:15 am
Forum: General
Topic: PCQ no more than 5Mbit per user
Replies: 8
Views: 1349

Re: PCQ no more than 5Mbit per user

It might be lost in translation but new Linux Kernel features, this makes PCQ faster and less resource demanding. means to me that new implementation is more efficient. Of course, in MT tradition, if the fix is not mentioned does not mean that it is not there :) It's best to just get a clarification...
by rmichael
Tue Dec 14, 2010 7:53 pm
Forum: The Dude
Topic: Dude agent on RB750?
Replies: 3
Views: 1695

Dude agent on RB750?

Is anyone here running dude agent on RB750?
by rmichael
Tue Dec 14, 2010 7:42 pm
Forum: General
Topic: PCQ no more than 5Mbit per user
Replies: 8
Views: 1349

Re: PCQ no more than 5Mbit per user

PCQ queues give me no more as 10Mbps (any setting of rate, limit, total-limit at queue type). ROS 4.10 x86, CPU load cca 20%. Single user test, cca 20 connections at uTorrent. If I change queue type to pfifo, speed is rising and is limited only max-limit settings at queue. At Mikrotik newsletter 29...
by rmichael
Tue Dec 14, 2010 12:30 am
Forum: Scripting
Topic: dump traceroute to file
Replies: 12
Views: 4300

dump traceroute to file

Is there a way to output traceroute to a file instead of the terminal? I want netwatch run traceroute everytime delay is longer than xxx ms...

TIA
by rmichael
Tue Nov 23, 2010 2:30 am
Forum: General
Topic: RouterOS v5.0 RC4
Replies: 72
Views: 15135

Re: RouterOS v5.0 RC4

It means that you would help if you could please test it. For example - you have a router with PCQ configured passing a lot of traffic. Install the latest RC4 and see if all is fine - traffic distribution and ping times. Compare to previous version. If your clients have 20mbits and above, configure...
by rmichael
Tue Nov 23, 2010 1:01 am
Forum: General
Topic: RouterOS v5.0 RC4
Replies: 72
Views: 15135

Re: RouterOS v5.0 RC4

*) fixed pcq queue type;
What does that mean?
by rmichael
Mon Nov 22, 2010 12:07 am
Forum: Beginner Basics
Topic: Why doesn't PCQ work correctly?
Replies: 10
Views: 2077

Re: Why doesn't PCQ work correctly?

I've changed the value back to 50, but the problem persists. I've set PC1 to download a few files, from external sources. It was downloading them at ~ 2mbps. On PC2, I've opened 3 pages, a google search, an youtube clip, and an wikipedia page. All of them were moving painfully slow. After 30secs I'...
by rmichael
Sun Nov 21, 2010 7:23 am
Forum: General
Topic: throuphput rb800+rb816
Replies: 1
Views: 479

Re: throuphput rb800+rb816

hallo all, can any one help please. i have rb800(1Gb ports)+rb816(16 10/100mb ports) 5 wans 100mb/sec for each port, connect to rb816 ports. local port is one of gigabyte ports on rb800. What is the speed of commutation and transfer between rb800 and rb816, and can i have all avalaible speed(500Mb/...
by rmichael
Sat Nov 20, 2010 12:49 am
Forum: Wireless Networking
Topic: Redundant PoE Power
Replies: 17
Views: 3728

Re: Redundant PoE Power

Probably too expensive for just one device, but this PDU has redundant power option. Plus you can on/off each outlet remotely.

PDUMH15ATNET
by rmichael
Fri Nov 19, 2010 11:03 pm
Forum: General
Topic: PCQ no more than 5Mbit per user
Replies: 8
Views: 1349

Re: PCQ no more than 5Mbit per user

Hi, I have set up PCQ queue, works ok till the rate 5MB, if I set for example 20Mbit, the speed is still maximum at 5Mbits. Tried tuning limit and total limit, but without effect. Affected is one thread downloading, like if I download one file using http. If i do bandwidth test using 20 connections...
by rmichael
Fri Nov 19, 2010 7:03 pm
Forum: Wireless Networking
Topic: Wireless Apartment Complex Not Working So Well
Replies: 8
Views: 1457

Re: Wireless Apartment Complex Not Working So Well

In situations like that it helps if you can confirm that issues really exist using your "reference" hardware. Also be sure to take into account refrigerators, microwave ovens, washers, dryers, porcelain bathtubs as when they are in the path, they will create a "shadows". Directional antenna will giv...
by rmichael
Fri Nov 19, 2010 3:13 am
Forum: General
Topic: what is maximum working value of "Burst Time"?
Replies: 3
Views: 1247

Re: what is maximum working value of "Burst Time"?

I've set these values on Simple Queue: Max Limit: 1M Burst Limit: 80M Burst Threshols: 400k Burst Time: 86400 AFAIK it should mean: If fellow would download more than 4 GB in the last 24 hours (86400s * 400kb/s = cca 4 GB) the speed will be limited to 1 Mbps. It seems to work, but... I worry that m...
by rmichael
Thu Nov 18, 2010 9:36 am
Forum: Wireless Networking
Topic: Wireless Apartment Complex Not Working So Well
Replies: 8
Views: 1457

Re: Wireless Apartment Complex Not Working So Well

You're welcome. It sounds like you have them on the sides of the buildings...just how wide are you shooting from the antenna to the left and right most client maybe you'll need to look for a wider horizontal pattern.
by rmichael
Thu Nov 18, 2010 8:24 am
Forum: Wireless Networking
Topic: Wireless Apartment Complex Not Working So Well
Replies: 8
Views: 1457

Re: Wireless Apartment Complex Not Working So Well

Since you leave out a lot of information here are some ideas that might work: --replace omni with directional antenna: 8 dbi is way to narrow, plus directional antenna will eliminate interference. MD24-12 might work but it all depends how wide and high the building is (I'm assuming 2 floors). --if y...
by rmichael
Wed Nov 17, 2010 12:08 am
Forum: General
Topic: a lot of UDP connection are undefined
Replies: 4
Views: 862

Re: a lot of UDP connection are undefined

All of the connections are unreplied (U). Since unreplied means connection was not established - connection mark will not apply. Not to worry however, all those connections are not passing any traffic. And if they do, (somehow conntrack missed it) you should be able to stop them with a filter to dro...
by rmichael
Tue Nov 16, 2010 9:04 pm
Forum: Beginner Basics
Topic: Why doesn't PCQ work correctly?
Replies: 10
Views: 2077

Re: Why doesn't PCQ work correctly?

For starters queue tree priority will not work w/o max limit defined for the parent. Given that your maximum bandwidth fluctuates using priority queuing or PCQ may not be optimal. I'd try SFQ first: disable everything and create one simple queue with target 10.233.0.0/16 and SFQ queue. See how that ...
by rmichael
Sun Nov 14, 2010 1:00 am
Forum: Beginner Basics
Topic: PCC load balancing Question
Replies: 2
Views: 738

Re: PCC load balancing Question

The only way to tweak PCC is to change classifier. Try changing PCC classifier to both-addresses or both-addresses-and-ports. The last one will not work with sites that track session's src IP.
by rmichael
Sat Nov 13, 2010 10:07 pm
Forum: General
Topic: Queues preference
Replies: 4
Views: 785

Re: Queues preference

Attaching the queue trees on global-total is now working. I can't see bytes and packets counting up.
What is simple queue showing?
by rmichael
Sat Nov 13, 2010 8:29 pm
Forum: General
Topic: Queues preference
Replies: 4
Views: 785

Re: Queues preference

Try attaching queue tree to global-total instead of global-in/global-out.
by rmichael
Sat Nov 13, 2010 12:48 pm
Forum: General
Topic: Weird torch traffic! LAN visable to WAN
Replies: 16
Views: 28019

Re: Weird torch traffic! LAN visable to WAN

Hi! ... 0 ;;; Network NAT chain=srcnat action=masquerade out-interface=Port 1 - WAN Whenever we run a torch on the on the RB1100 eth1 we are seeing the following traffic: 192.168.1.x/24 ranges and 10.1.1.x/24 ranges, this should be natted to the 1.1.1.2 address and 2.2.2.2 address. If I connect beh...
by rmichael
Sat Nov 13, 2010 12:24 pm
Forum: General
Topic: generalized failover/loadbalancer update
Replies: 3
Views: 1779

Re: first attempt at a generalized loadbalancer with failove

I have a few hopefully constructive comments (I'm a beginner so I may not be 100% correct here) I would drop connection-state=invalid packets at the top of your filter. Otherwise you might be accepting connections that are not in conntrack through routing-mark accept rule. Since connection/routing m...
by rmichael
Fri Nov 12, 2010 9:07 pm
Forum: General
Topic: Security of communications using Bonding(MIKROTIK)
Replies: 5
Views: 949

Re: Security of communications using Bonding(MIKROTIK)

But passive taps like calea package don't do that.
by rmichael
Fri Nov 12, 2010 7:19 pm
Forum: General
Topic: Security of communications using Bonding(MIKROTIK)
Replies: 5
Views: 949

Re: Security of communications using Bonding(MIKROTIK)

This is an interesting idea for obfuscating your communication. I would say it could have application in thwarting realtime MiTM attacks but not so much for privacy or long term data security.
by rmichael
Fri Nov 12, 2010 6:44 am
Forum: RouterBOARD hardware
Topic: RB750 PoE on all ports Mod
Replies: 52
Views: 30987

Re: RB750 PoE on all ports Mod

God, Mikrotik and the Laws of Economics all conspire to protect the eager MT User : the PCB power tracks are too thin to support a fire-making current. Basically there's a fire-preventing Fuse already there. AA: I hate to beat this to death, but it's important to point out gross misconceptions. I d...
by rmichael
Fri Nov 12, 2010 1:34 am
Forum: General
Topic: isolating users over a bridge
Replies: 6
Views: 1111

Re: isolating users over a bridge

Glad it's working. I cannot tell from your reply, so make sure that you filter at the AP (closest to the client), if you filter at the other end you'll see traffic dropped but clients will still be able to communicate.
by rmichael
Thu Nov 11, 2010 7:27 pm
Forum: General
Topic: SNMP OID for Script Results
Replies: 17
Views: 8593

Re: SNMP OID for Script Results

For now you can "hack around it" and use currently defined OIDs. For example, simple queue's name has an OID and you can change the name to reflect some value with a script. I also manipulate MTU value, since it's got an OID, of dummy VAP to the same effect. I'm sure you can find others... :)
by rmichael
Thu Nov 11, 2010 12:58 pm
Forum: General
Topic: Traffic Between Multiple LAN Interfaces
Replies: 12
Views: 7701

Re: Traffic Between Multiple LAN Interfaces

Here's another way to do it:
add action=reject chain=forward comment="Drop traffic between LAN interfaces" disabled=no \
    dst-address-list=PrivateSubnets in-interface=!ether2-WAN reject-with=icmp-admin-prohibited
PrivateSubnets list comprises of LAN subnets.
by rmichael
Thu Nov 11, 2010 12:20 am
Forum: General
Topic: isolating users over a bridge
Replies: 6
Views: 1111

Re: isolating users over a bridge

First you need to determine hardware MAC addresses of interfaces your clients are allowed to send and receive frames from. Once you have the mac address(es) setup following rules at the ingress to your network (AP), in the forwarding chain: 1) allow any source MAC to your MAC 2) allow all traffic fr...
by rmichael
Wed Nov 10, 2010 11:59 pm
Forum: General
Topic: isolating users over a bridge
Replies: 6
Views: 1111

Re: isolating users over a bridge

RB433AH should be fine. Blocking broadcast from GW to clients is impossible. Blocking broadcast from clients it's certainly doable by dropping all traffic except from client to your server(s). How many ethernet interfaces are your user computers communicating with (for DHCP, NTP, default GW etc)?
by rmichael
Wed Nov 10, 2010 11:52 pm
Forum: General
Topic: Problem with shaping through pptp
Replies: 9
Views: 1413

Re: Problem with shaping through pptp

Does it make a difference if you mangle in prerouting chain?
by rmichael
Tue Nov 09, 2010 5:43 pm
Forum: General
Topic: Problem with shaping through pptp
Replies: 9
Views: 1413

Re: Problem with shaping through pptp

I am using pptp-server on RouterOS. If it works with encryption then all traffic that shapes with queue-tree and packet mark shapes correctly: if I set max-limit 1Mbps, I get 1Mbps. If it works with no encryption then if I set max-limit 1Mbps, I get 512Kbps. But queue shows me that it consumes 1Mbp...
by rmichael
Sun Nov 07, 2010 7:14 pm
Forum: General
Topic: mark-connection+ mark-packet or mark-packet only
Replies: 14
Views: 5349

Re: mark-connection+ mark-packet or mark-packet only

Based on my tests (ROSv4.5) PCC marking packet directly - instead of marking connection than packet based on connection - is faster, about 50% faster. are you sure you marked each connection only once, not for each packet? =) yes, i only send a packet to pcc when connection-mark is no mark. all pac...
by rmichael
Sun Nov 07, 2010 10:09 am
Forum: General
Topic: MikroTik Queues question
Replies: 5
Views: 1869

Re: MikroTik Queues question

i concur, create separate leaf for voip with limit-at just below max-limit and high priority. Use short pcq with rate limit slighty higher than codec's bitrate and port+ip classifier.
by rmichael
Sat Nov 06, 2010 10:42 pm
Forum: General
Topic: mark-connection+ mark-packet or mark-packet only
Replies: 14
Views: 5349

Re: mark-connection+ mark-packet or mark-packet only

1. There are performance gains wen using connection mark+packet mark. If only packet mark is used, every packet that goes through firewall is processed by each rule until matched. If connection mark is used, then firewall compares assigned connection marks and only if they match packet is processed...
by rmichael
Thu Nov 04, 2010 12:28 am
Forum: General
Topic: support for AR9271 in RC2
Replies: 34
Views: 10883

support for AR9271 in RC2

AR9271:
The Atheros AR9271 single-chip USB solution provides enhanced Wi-Fi performance and value for home gateways, set-top boxes, gaming consoles, printers and a variety of other embedded wireless products
Does that mean that routerboards will now work with USB adapters, like NETGEAR WNA1100?
by rmichael
Tue Nov 02, 2010 7:58 pm
Forum: The Dude
Topic: Negative rather than positive monitoring
Replies: 3
Views: 1405

Re: Negative rather than positive monitoring

I'm trying to use The Dude to do something kind of...odd, but I expect it can do it, I just can't quite work it out. I'm monitoring a bunch of DC-powered Windows PCs that are running surveillance and telemetry on school buses. These units are wifi-enabled. The problem with these units is that they ...
by rmichael
Mon Nov 01, 2010 7:53 pm
Forum: General
Topic: RouterOS v5 RC2
Replies: 91
Views: 14923

Re: RouterOS v5 RC2

Copper's experience seems to mirror mine. I did notice a change in PCQ behavior between v4.5 to v4.10. Not to repeat myself here's what I wrote in another thread: Have anyone noticed PCQ dropping packets or unnecessary queuing even though the packet rate is small, way below any of the limits (even l...