Community discussions

Search found 106 matches

by cololine
Wed Aug 22, 2012 7:14 pm
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 27136

Re: So, ah, Cloud Core Router CCR1036 Shipping Date? Please.

Last month of Q3 is rapidly approaching - how we doin', Mirotik?? :D
by cololine
Mon Aug 13, 2012 6:07 pm
Forum: General
Topic: mikrotik drops connection
Replies: 19
Views: 8850

Re: mikrotik drops connection

Forcing the router port for your lan connection probably won't work since the switch on the other side is unmanaged, so you have no way to forces similar settings on it. I'd suggest swapping out that switch and/or the cable that connects it to the router (one thing at at time) to see if that fixes it.
by cololine
Sat Aug 11, 2012 6:44 pm
Forum: General
Topic: mikrotik drops connection
Replies: 19
Views: 8850

Re: mikrotik drops connection

What's a on the other side of the router's LAN port - a switch? Is it managed or unmanaged? If managed, have you check the settings on that device's port that connects to the router? Have you tried going into a different port on the switch, or swapping it out?
by cololine
Fri Aug 10, 2012 5:09 pm
Forum: General
Topic: mikrotik drops connection
Replies: 19
Views: 8850

Re: mikrotik drops connection

Check the counters on your uplink interface for errors and also have your uplink provider do the same for your side. If it is an issue of mismatched settings, Tx/Rx and/or CRC errors will almost certainly result. While you are at it, you can compare your settings with your providers, and perhaps try...
by cololine
Thu Aug 09, 2012 4:36 pm
Forum: General
Topic: Feature requests for watchdog timer
Replies: 5
Views: 809

Re: Feature requests for watchdog timer

I hear you. But if there is going to be a ping function, it should be implemented properly with parameters that can be controlled. Currently it's pretty much useless. BTW I have occasionally seen Ethernet ports go haywire and enter a blocking state, so that's where this ping function could be used. ...
by cololine
Thu Aug 09, 2012 12:45 am
Forum: General
Topic: Feature requests for watchdog timer
Replies: 5
Views: 809

Feature requests for watchdog timer

Hello - Having just started working with the watchdog feature, I see some deficiencies that could be fixed with a few improvements, adding a few new fields/values: 1. More than one target IP for ping - I'd like to be able to specify up to three, because just one IP is putting all your eggs in one ba...
by cololine
Sun Aug 05, 2012 3:02 am
Forum: General
Topic: Very strange router stability issue, please help
Replies: 1
Views: 469

Re: Very strange router stability issue, please help

Update on this: the Watchdog reset was unrelated, that was a goof on my part, and here's a tip for others: if you are going to use the ping feature of watchdog, make sure you are not constraining pings with firewall filters to the point that you start getting timeouts. This can cause the watchdog to...
by cololine
Sat Aug 04, 2012 3:13 am
Forum: General
Topic: Very strange router stability issue, please help
Replies: 1
Views: 469

Very strange router stability issue, please help

Hello all - I've been having a lot of trouble with a RoS installation at one of my sites. It's running on an Axiomtek NA-510. I've had issues with it rebooting itself spontaneously sometimes, other times going unresponsive and having to be rebooted. Interestingly, I've already replaced the unit with...
by cololine
Fri Aug 03, 2012 11:24 pm
Forum: General
Topic: Safe Mode and Watchdog: together = problem?
Replies: 0
Views: 994

Safe Mode and Watchdog: together = problem?

Hi all - Reading the wiki docs about Safe Mode, I saw the following: Now, if telnet connection (or winbox terminal) is cut, then after a while (TCP timeout is 9 minutes) all changes that were made while in safe mode will be undone. Exiting session by [Ctrl]+[D] also undoes all safe mode changes, whi...
by cololine
Fri Aug 03, 2012 5:59 pm
Forum: General
Topic: Will RouterOS be able to cope with fully realized IPv6?
Replies: 6
Views: 1261

Re: Will RouterOS be able to cope with fully realized IPv6?

going to play devils advocate here... lets ignore the power consumption and heat issues, but talk about distances and number of machines... 13 port router -> 13 48 port switches which each connect to 48 switches, and again the next level... assuming you have 1 WAN uplink on the router, this would g...
by cololine
Wed Aug 01, 2012 8:13 pm
Forum: General
Topic: Will RouterOS be able to cope with fully realized IPv6?
Replies: 6
Views: 1261

Will RouterOS be able to cope with fully realized IPv6?

Hello all - Yes, IPv6 implementation is barely at a crawl; I can count my clients who are actually using it on one hand. But it's not to early to get the worry beads out, because a tipping point is coming, some day. My question: can RouterOS in current or even future incarnations really handle the f...
by cololine
Wed Jul 18, 2012 1:01 am
Forum: General
Topic: Looking for tips: capturing data for crash post-mortum
Replies: 2
Views: 494

Re: Looking for tips: capturing data for crash post-mortum

be careful to log to CF. Ita easy destroyed by to many rewrites. Log to a syslog server, and if you want a lot of information. Log debug. Thanks, I'm using industrial grade CF that supports 2M write cycles and also rotates writing regions like other CF, so I think I'm safe to do this short-term. I ...
by cololine
Tue Jul 17, 2012 8:08 pm
Forum: General
Topic: Looking for tips: capturing data for crash post-mortum
Replies: 2
Views: 494

Looking for tips: capturing data for crash post-mortum

Hello - I'm soliciting suggestions on various types of logging that can be set on RouterOS, that would be useful in analyzing the cause of a router crash. I've already set the four default logging types - info, warning, error and critical - to log to disk so that I have a file to examine after a cra...
by cololine
Tue Jul 17, 2012 4:54 pm
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 27136

Re: So, ah, Cloud Core Router CCR1036 Shipping Date? Please.

Alternatively this build has worked well for us for the last 2 years ;-) http://www.reddit.com/r/mikrotik/comments/undhn/x86_1ru_mikrotik_our_cheap_reliable_build/ Thanks, but I'm only interested in industrial-grade. We are still on track to releasing within Q3 Awesome, so no later than end of Sept...
by cololine
Tue Jul 17, 2012 2:23 am
Forum: RouterBOARD hardware
Topic: So, ah, Cloud Core Router CCR1036 Shipping Date? Please...
Replies: 115
Views: 27136

So, ah, Cloud Core Router CCR1036 Shipping Date? Please...

Hi all - It did not take long at all to outgrow those Axiomtek NA-820s (A.k.a. PowerRouter 732 and clones) with their rather meager packet-handling capabilities. Just upgraded two sites to the NA-510, with much faster Ethernet chipsets and Core i7 processors - a pain with the id'ing and renumbering ...
by cololine
Tue Mar 27, 2012 3:56 am
Forum: General
Topic: Problems with data updating in Winbox v5.x
Replies: 2
Views: 482

Re: Problems with data updating in Winbox v5.x

By IP. And I'm running winbox on Windows 7.
by cololine
Mon Mar 26, 2012 11:45 pm
Forum: General
Topic: Problems with data updating in Winbox v5.x
Replies: 2
Views: 482

Problems with data updating in Winbox v5.x

Hello all - I've updated most of my X86 routers to RoS v5.x. I've noticed that I'm now getting a winbox interface issue on these: after performing a few operations, the interface stops updating: it stays open, but basically all the data freezes: traffic stats in the Interface menu, resources values,...
by cololine
Mon Mar 26, 2012 11:30 pm
Forum: Forwarding Protocols
Topic: Cogent BGP: how to change forwarding-nexthop for loopback?
Replies: 3
Views: 1807

RESOLVED Cogent BGP: how to change forwarding-nexthop...

So it turns out that Cogent had screwed up my BGP config on their side and were not sending me the route for my loopback, causing all my outbound traffic via the other peer. This being finally discovered after Cogent had sworn to me that everything was okey-dokey on their side. My configs in RouterO...
by cololine
Mon Mar 26, 2012 4:52 pm
Forum: Forwarding Protocols
Topic: Cogent BGP: how to change forwarding-nexthop for loopback?
Replies: 3
Views: 1807

Re: Cogent BGP: how to change forwarding-nexthop for loopbac

I did try various combinations of doing that and it did not work. Thanks for your example, but it's not specific enough for working code: there's an 'in nexthop', 'in nexthop direct', and an 'out nexthop' - which one would I set? Also, there are two sessions for cogent; one for the routes I announce...
by cololine
Sun Mar 25, 2012 4:52 am
Forum: Forwarding Protocols
Topic: Cogent BGP: how to change forwarding-nexthop for loopback?
Replies: 3
Views: 1807

Cogent BGP: how to change forwarding-nexthop for loopback?

Hello all - I've recently set up that funky Cogent A/B BGP for some redundancy on my router, which already had BGP with my primary provider. Both the regular and loopback Cogent BGP sessions are connected, I'm getting Cogent's full route table, they are getting my announcements, my filters are set a...
by cololine
Tue Feb 28, 2012 6:33 pm
Forum: General
Topic: Ethernet chipset with best packets per second throughput?
Replies: 0
Views: 548

Ethernet chipset with best packets per second throughput?

Hi all - Sorry if this is a bit OT, but I'd like to know which of the rOS supported networking chipsets has the best throughput in terms of packets per second? I have SmartBit tests from a couple of the Axiomtek network appliances, which measure packet forwarding efficiency of the unit's Ethernet su...
by cololine
Tue Feb 28, 2012 6:12 pm
Forum: General
Topic: How to announce client IP address space under our ASN?
Replies: 10
Views: 3201

Re: How to announce client IP address space under our ASN?

RESOLUTION: Hurricane Electric (the carrier with which we were having this issue) requires a 'valid nexthop' or they will drop the nets being announced back to them, so the solution was to chose 'force self' for the nexthop choice in the BGP session. Hope this will help someone else in the future.
by cololine
Wed Feb 08, 2012 11:47 pm
Forum: General
Topic: How to announce client IP address space under our ASN?
Replies: 10
Views: 3201

Re: How to announce client IP address space under our ASN?

The /24 is not the net in question. I was checking the route using my upstream's looking glass and it confirmed what I was seeing in the RoS Adv list. In any case, this is on hold now as I just found out the client jumped the gun, we've back it all out. Hopefully things will go smoothly the second t...
by cololine
Wed Feb 08, 2012 9:39 pm
Forum: General
Topic: How to announce client IP address space under our ASN?
Replies: 10
Views: 3201

Re: How to announce client IP address space under our ASN?

That's correct, I am not using synchronize. The client is advertising these subnets with another provider right now, my provider appears to have the routes for those. But shouldn't my advertisement take precedence on their network?
by cololine
Wed Feb 08, 2012 8:58 pm
Forum: General
Topic: How to announce client IP address space under our ASN?
Replies: 10
Views: 3201

Re: How to announce client IP address space under our ASN?

Update to this: my carrier did a 'soft clear' of the BGP session from their side, and when it came back up, they saw the advertisements for the clients nets. But as soon as their router finished sending me the full route table, the advertisements went away on their side. All along they've shown as b...
by cololine
Wed Feb 08, 2012 8:32 pm
Forum: General
Topic: How to announce client IP address space under our ASN?
Replies: 10
Views: 3201

Re: How to announce client IP address space under our ASN?

Ok, so I've got this set up... and it's not working. I've added the client's subnets to my networks and filters and I've had the upstream add them to their filters so they can accept them back. They appear to be advertising back to my carrier's side of the session: /routing bgp advertisements print ...
by cololine
Wed Feb 08, 2012 6:24 pm
Forum: General
Topic: How to announce client IP address space under our ASN?
Replies: 10
Views: 3201

Re: How to announce client IP address space under our ASN?

Yep, it turns out it's just that easy. A little disturbing, though, how easy it can be to hijack someone else's address space. Yes, the upstream won't allow your advertisements through without an LOA, but still....

Ed
by cololine
Tue Feb 07, 2012 9:43 pm
Forum: General
Topic: How to announce client IP address space under our ASN?
Replies: 10
Views: 3201

How to announce client IP address space under our ASN?

Hello all - I have a client who is going to be bringing in some of their own direct IPv4 allocation. I checked with our carrier, assuming we'd need to get them an LOA from the client authorizing them to announce the client's address space and then accept those same prefixes back from our RouterOS ro...
by cololine
Wed Jun 15, 2011 5:34 pm
Forum: General
Topic: Will RPS let me use the full potential of a multi-core sys?
Replies: 7
Views: 2195

Re: Will RPS let me use the full potential of a multi-core s

Thanks for that, I gave it a look. So did you try the suggestions others posted, or find something else to get your CPU usage down? I read a bit of the Mikrotik docs on Receive Packet Steering and it seems it should be possible to get a significant increase in packet-rate capability with multiple co...
by cololine
Tue Jun 14, 2011 6:53 pm
Forum: General
Topic: Will RPS let me use the full potential of a multi-core sys?
Replies: 7
Views: 2195

Re: Will RPS let me use the full potential of a multi-core s

Hi -

I think you forgot to include the link to your other post - please do so, I'd like to give it a read.
by cololine
Tue Jun 14, 2011 5:55 pm
Forum: General
Topic: Will RPS let me use the full potential of a multi-core sys?
Replies: 7
Views: 2195

Re: Will RPS let me use the full potential of a multi-core s

Thanks for sharing that info. I have been using single-core systems up to this point and I am wanting a performance improvement. Since I started this thread, I have built out an eight-core system but have not put it into service yet. Can you explain a bit as to what kinds of problems you are having ...
by cololine
Fri Apr 22, 2011 1:21 am
Forum: General
Topic: Will RPS let me use the full potential of a multi-core sys?
Replies: 7
Views: 2195

Will RPS let me use the full potential of a multi-core sys?

Hello All - I'm looking at upgrading my RoS platform in one of my busiest sites from the current x86 single-core to a single-socket or dual-socket quad-core platform (so four or eight cores total). I understand that RoS 5 now has Receive Packet Steering, which (correct me if I'm wrong) will balance ...
by cololine
Fri Feb 11, 2011 5:44 pm
Forum: General
Topic: Limit to the number of IPs that RouterOS can handle?
Replies: 5
Views: 680

Re: Limit to the number of IPs that RouterOS can handle?

It's running on a 3.6GHz P4 with 1Gig RAM. But I guess your answer is "until you run out of RAM and/or max out the CPU"?

Ed
by cololine
Fri Feb 11, 2011 4:42 pm
Forum: General
Topic: Limit to the number of IPs that RouterOS can handle?
Replies: 5
Views: 680

Re: Limit to the number of IPs that RouterOS can handle?

Thanks. Is there a theoretical limit, like perhaps with the MAC address table, at which point performance might suffer?

Ed
by cololine
Thu Feb 10, 2011 9:14 pm
Forum: General
Topic: Limit to the number of IPs that RouterOS can handle?
Replies: 5
Views: 680

Limit to the number of IPs that RouterOS can handle?

Hello all -

Could not find it in the documentation, so asking here: is there a hard limit to the number of IP subnets or individual IPs (v4 or v6) that RouterOS can handle?

Thanks!
Ed
by cololine
Thu Oct 07, 2010 3:11 am
Forum: General
Topic: Simple Queue Not Working With UDP Traffic?
Replies: 0
Views: 533

Simple Queue Not Working With UDP Traffic?

Hello all - Running RoS 4.9 x86. I have several simple Queues set up for client VLANs - all are nearly identical to this, only the interface and max-limit values vary: name="Some Name" dst-address=0.0.0.0/0 interface=Some Interface parent=none direction=both priority=8 queue=default-small/default-sm...
by cololine
Sun Aug 29, 2010 7:15 pm
Forum: General
Topic: RouterOS with Axiomtek NA-820 LCD
Replies: 16
Views: 4232

Re: RouterOS with Axiomtek NA-820 LCD

There's a hardware installer's manual here, which has a few pages on how to set the text display of the NA-820 LCD. It's one of those ESL-written things, so it can be maddingly vague and confusing at times, but it's a start. I have not tried it: http://eservice.axiomtek.com.tw/attach_files/K07110019...
by cololine
Mon Jun 14, 2010 8:35 pm
Forum: General
Topic: ROS and MRTG and SNMPv3 - anybody know the magic formula?
Replies: 2
Views: 2797

Re: ROS and MRTG and SNMPv3 - anybody know the magic formula

Yes indeedee, from snmpwalk: ... IF-MIB::ifHCInOctets.43 = Counter64: 142241289 IF-MIB::ifHCInOctets.44 = Counter64: 6960307 ... At this point I've refined my mrtg cfgmaker statement a bit: /usr/local/mrtg-2/bin/cfgmaker --global 'Workdir: /path/to/workdir' --global 'Options[_]: bits, growright' --i...
by cololine
Sat Jun 12, 2010 12:10 am
Forum: General
Topic: ROS and MRTG and SNMPv3 - anybody know the magic formula?
Replies: 2
Views: 2797

ROS and MRTG and SNMPv3 - anybody know the magic formula?

Hi all - I have ROS 4.9, and MRTG 2.15.0 running on Linux. I've been using MRTG with SNMPv1 to monitor traffic on the router without trouble. I want to switch to snmp v3 to take advantage of the 64-bit counters. I followed the example at the bottom this post to configure a community on the router: h...
by cololine
Wed May 05, 2010 9:40 pm
Forum: General
Topic: You MUST Reboot RouterOS after license update!
Replies: 7
Views: 1558

Re: You MUST Reboot RouterOS after license update!

The overwhelming likelihood is that it's a bug of some sort. I had the exact same thing happen twice, once while working on an RB1000 remotely, and the second time with an RB1000 sitting right on my desk next to me, connected to my wired LAN. I really doubt that two unrelated incidents happened at e...
by cololine
Wed May 05, 2010 5:14 pm
Forum: General
Topic: You MUST Reboot RouterOS after license update!
Replies: 7
Views: 1558

Re: You MUST Reboot RouterOS after license update!

Please take a look at support ticket #2010042266000694, there's a lot of information there. To answer your question: after updating the firmware and logging into Winbox, I was presented with a popup dialog box advising me that I must update the license. I clicked Yes (or OK, don't recall which it wa...
by cololine
Mon May 03, 2010 5:14 pm
Forum: General
Topic: You MUST Reboot RouterOS after license update!
Replies: 7
Views: 1558

Re: You MUST Reboot RouterOS after license update!

Incorrect - it's NOT clearly written that the router requires a reboot after the license update, irrespective of any other operations. This is from that note: If you are currently running an older version of RouterOS, where license can't be upgraded to the new format, you can still upgrade, but abso...
by cololine
Fri Apr 30, 2010 5:16 pm
Forum: General
Topic: You MUST Reboot RouterOS after license update!
Replies: 7
Views: 1558

You MUST Reboot RouterOS after license update!

Hello all - Just a word of warning, so you can avoid the unpleasantness that I and a few others have experienced when upgrading from v3.x to v4.x: you must reboot RouterOS after the license update, or it will completely lock you out of the router and cease all routing functions 72 hours later - just...
by cololine
Mon Apr 26, 2010 6:10 pm
Forum: General
Topic: SYN flood DDoS? Or something else?
Replies: 8
Views: 3406

Re: SYN flood DDoS? Or something else?

Hi Chronos - I completely agree. And my humble opinion is that the RouterBoard products work great - if everything runs perfectly all the time, which of course it does not. The RB1000's worked great for me for most of last year and handled a surprising amount of *legitimate* traffic, in excess of 50...
by cololine
Fri Apr 23, 2010 5:29 pm
Forum: General
Topic: RouterOS License and v4 questions
Replies: 116
Views: 48085

Re: RouterOS License and v4 questions

I have just experienced a similar issue. I have a RB450G, had 3.28; I upgraded the bootloader, then the firmware to 4.4; I logged in and was met with the upgrade key dialogue; I did what it asked for and received an appropriate key message; rebooted; and everything was fine. No further messages and...
by cololine
Thu Apr 22, 2010 10:18 pm
Forum: Beginner Basics
Topic: 3.28 to 4.4
Replies: 4
Views: 946

Re: 3.28 to 4.4

Same thing just happened to me on an RB1000 going from 3.30 to 4.6. Here's what I did: 1. updated the boot loader via command line 2. Uploaded the new 4.6 ppc firmware to the router an did a reboot 3. Logged back into winbox and was presented with a dialog box advising me that the license key needed...
by cololine
Sun Apr 18, 2010 5:30 pm
Forum: General
Topic: Protect an IP against accidental deletion
Replies: 6
Views: 917

Re: Protect an IP against accidental deletion

Thanks for weighing in. Mac-telent and -winbox apparently only work between two routers, and though the docs do not say so, I suspect they would have to be on the same L2 network in order for it to work. That does not help me or anyone else who has a single RoS device running in a remote location ac...
by cololine
Sat Apr 17, 2010 10:55 pm
Forum: General
Topic: Protect an IP against accidental deletion
Replies: 6
Views: 917

Protect an IP against accidental deletion

Hi all - Just wondering if there is any way to protect an IP address against accidental deletion in RoS? Really my only concern is the IP that's used for management of the router itself. If that was accidentally deleted, the result is no management unless you are right there and can console in (I am...
by cololine
Fri Apr 16, 2010 12:15 am
Forum: General
Topic: Does the SYN protect chain really protect anything?
Replies: 5
Views: 1621

Re: Does the SYN protect chain really protect anything?

How syn cookie works is described pretty clearly here: http://en.wikipedia.org/wiki/SYN_cookies You've been very helpful on this board so far. I'm a firewall newbie, I understand some basics but I'm not real comfortable writing my own rules from scratch and I probably would not know a lean and effic...
by cololine
Thu Apr 15, 2010 10:46 pm
Forum: General
Topic: Does the SYN protect chain really protect anything?
Replies: 5
Views: 1621

Does the SYN protect chain really protect anything?

Hi All - I'm currently working on hardening my RoS RB1000's from malicous traffic, and with the help of the wiki, this forum and it's many gracious users I've got several rules in place. One is the SYN protection chain that can be found in the wiki under protecting from DDoS, slightly modified here ...
by cololine
Tue Apr 13, 2010 10:58 pm
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

According to my admittedly feeble understanding, the syncookie may help valid connections get through if the router is being bombarded with false connections: http://en.wikipedia.org/wiki/SYN_cookies . If that's true, then I want to use it. But I'll definitely give a listen to why I should not. The ...
by cololine
Tue Apr 13, 2010 6:16 pm
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

Yes, using the extended string of flags in the mangle rule does show an average packet rate that comes pretty close to what I saw with connection-state=new. It also seems to show peaks in more definition, and proves that I occasionally do get bursts of new SYNs that are as much as three times the mo...
by cololine
Tue Apr 13, 2010 3:02 am
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

Like this - note that I removed connection-state=new?: /ip firewall filter add chain=forward protocol=tcp tcp-flags=syn,!fin,!rst,!psh,!ack,!urg,!ece,!cwr action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes /ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn...
by cololine
Tue Apr 13, 2010 1:41 am
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

I took your good suggestion from last night and wrote a mangle rule so I could see what kind of packet rate for new SYNs that I was getting on my network. So I re-enabled that, then removed the 'new' state for a bit. The packets getting tagged by the rule doubles - take a look at the big bump below ...
by cololine
Tue Apr 13, 2010 1:15 am
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

dont use connection-state=new... only use tcp-flags=SYN. I also think you need to ! the rest of the flag types if I remember correctly. See if that improves your cpu use. The SYN DDoS attacks work by the attacker sending SYN requests for new connections and then not answering the acknowlegement, so...
by cololine
Mon Apr 12, 2010 11:42 pm
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

UPDATE: I've now had to push the limit up to 1200/s and the burst up to 300 due to the occasional dropped packet, so I guess the new SYN rates on my network are a lot more burst-y than the values that were being reported in the statistics pane for the mangle filter. Either that, or it's all FUBAR. :...
by cololine
Mon Apr 12, 2010 10:30 pm
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

So I went ahead and added the mangle rule that I wrote above, and the statistics pane for the rule in winbox showed anywhere between 350 - 600 pps for new SYN packets passing through the router. So then I added the SYN protect lines shown here, increasing the limit value appropriately: /ip firewall ...
by cololine
Mon Apr 12, 2010 5:47 pm
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

Hi - thanks for the suggestion, sounds like a good one. I'm pretty new to firewall rules and I'd be much obliged if you were to post a sample. Would it be something like: /ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=mark-packet new-packet-mark="foobar"...
by cololine
Mon Apr 12, 2010 5:43 pm
Forum: General
Topic: SYN flood DDoS? Or something else?
Replies: 8
Views: 3406

Re: SYN flood DDoS? Or something else?

...on the syn rules, instead of connection-state=NEW it should be tcp-flags=SYN ... otherwise you have to check the connection-tracking table for every single one of those, which is more work than just looking at the TCP flags in the packet. if no one posts them I will try tomorrow morning. The rul...
by cololine
Mon Apr 12, 2010 5:17 pm
Forum: General
Topic: SYN flood DDoS? Or something else?
Replies: 8
Views: 3406

Re: SYN flood DDoS? Or something else?

if your not logging anything, or have anything in the your firewall filters, maybe the attack was against your SSH port, or something directed at the router that would cause it to be busy? Do you know what they were attacking? Normally you could pass that amount of traffic if your not doing anythin...
by cololine
Mon Apr 12, 2010 3:19 am
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

Re: How to find typical SYN packet rate in my current networ

Thanks, I've done that once before, so it's easy to repeat. My network has a pretty consistent usage profile so I can probably get by with a shorter sample. So do you if those syn flood protect firewall rules are applied globally, or on a per-destination basis? That makes a *big* difference in the v...
by cololine
Mon Apr 12, 2010 2:59 am
Forum: General
Topic: How to find typical SYN packet rate in my current network?
Replies: 18
Views: 3550

How to find typical SYN packet rate in my current network?

Hi all - I want to set up the syn flood protect firewall script that's shown in the Mikrotik wiki. That code uses 400 new syn packets over a 5-second period as the threshold to kick in - but I have no idea of this is the right value for my network, nor do I know how to find out, I must confess. What...
by cololine
Sun Apr 11, 2010 8:25 pm
Forum: General
Topic: SYN flood DDoS? Or something else?
Replies: 8
Views: 3406

Re: SYN flood DDoS? Or something else?

are you logging all those drops? logging will kill a router under any type of heavy load. no firewall rules, no connection tracking, no sniffing or logging. It seems that I should consider adding some global firewall rules to the router to help mitigate attacks. I found this thread: http://forum.mi...
by cololine
Sun Apr 11, 2010 6:26 pm
Forum: General
Topic: SYN flood DDoS? Or something else?
Replies: 8
Views: 3406

SYN flood DDoS? Or something else?

Hi all - Running RoS 3.24 on a RB1000. Last night one of my colocation clients downstream from the router got hit with a DDoS. The data center NOC said is was a SYN flood and ended up null-routing the target IP address (he stopped counting when source IP entries approached 5000). All is well now, bu...
by cololine
Sun Mar 21, 2010 8:03 pm
Forum: Scripting
Topic: Need script to start sniffer if CPU load exceeds threshold
Replies: 5
Views: 1334

Re: Need script to start sniffer if CPU load exceeds thresho

I completely understand what you are saying, but I do need to capture and analyze some data during a few anomalous traffic instances that seem to be happening from time to time. Running the sniffer all the time generates loads of traffic to my streaming target and puts a lot of load on the CPU. I'll...
by cololine
Sun Mar 21, 2010 7:52 pm
Forum: General
Topic: Can ROS ignore packets below a specified size?
Replies: 13
Views: 1118

Re: Can ROS ignore packets below a specified size?

Unfortunately this does not apply to me. All my equipment: the router and the L2 switch network which distributes bandwidth to clients is in the same data center as the client's equipment. The L2 switch this client is connected to has no means of managing traffic by packet size, I can rate-limit by ...
by cololine
Sun Mar 21, 2010 6:47 pm
Forum: General
Topic: Can ROS ignore packets below a specified size?
Replies: 13
Views: 1118

Re: Can ROS ignore packets below a specified size?

Thanks very much for your response - apologies for my ignorance here, but what is the 'CPE' in my context - what does that stand for?
by cololine
Sun Mar 21, 2010 6:44 pm
Forum: Scripting
Topic: Need script to start sniffer if CPU load exceeds threshold
Replies: 5
Views: 1334

Need script to start sniffer if CPU load exceeds threshold

Hi guys - The subject says it in a nutshell - I'm looking for a script that will start the sniffer with it's the current settings that I've configured in Winbox if the system CPU load exceeds a certain value (which can be hard-coded in the script). I guess this script has to be run periodically from...
by cololine
Sun Mar 21, 2010 4:32 pm
Forum: General
Topic: Can ROS ignore packets below a specified size?
Replies: 13
Views: 1118

Re: Can ROS ignore packets below a specified size?

I've seen false spikes too, but that's not the case here. Not only do the traffic, PPS and CPU spikes line up exactly, but there were also corresponding spikes on the router trunk ethernet port, router WAN ethernet port, core switch router WAN and main uplink ports, and on the master traffic graphs ...
by cololine
Sun Mar 21, 2010 5:38 am
Forum: General
Topic: Can ROS ignore packets below a specified size?
Replies: 13
Views: 1118

Re: Can ROS ignore packets below a specified size?

Lower fifo queue size for offending VLAN
I'm already using default-small: 10 pfifo packets. How much smaller can one go?
by cololine
Sun Mar 21, 2010 4:17 am
Forum: General
Topic: Can ROS ignore packets below a specified size?
Replies: 13
Views: 1118

Re: Can ROS ignore packets below a specified size?

How do you know that it was those particular clients? If you control/have access to CPE exquipment it's best to shape traffic there. If each client is connected to particular interface you could limit the rate by changing size of the queue on the interface. The traffic spike which corresponds to th...
by cololine
Sun Mar 21, 2010 3:28 am
Forum: General
Topic: Can ROS ignore packets below a specified size?
Replies: 13
Views: 1118

Can ROS ignore packets below a specified size?

Hi all - Running ROS 3.24 on RB1000 in a data center setting, routing traffic to/from client VLANs via a network of L2 switches. I have a couple of clients in my network who occasionally seem to create or receive little "packet storms": brief bursts of traffic that are moderate in terms of Mbps but ...
by cololine
Fri Feb 19, 2010 5:38 pm
Forum: General
Topic: moderate traffic on one vlan = 100% CPU usage on RB1000
Replies: 6
Views: 1914

Re: moderate traffic on one vlan = 100% CPU usage on RB1000

Thanks for looking into that. I adapted that tempate a bit for my device, then pasted it into the mrtg config file for the router and gave it a run. I get this error: SNMP Error: Received SNMP response with error code error status: noSuchName index 1 (OID: 1.3.6.1.2.1.2.2.1.11.11) SNMPv1_Session (re...
by cololine
Thu Feb 18, 2010 5:00 pm
Forum: General
Topic: moderate traffic on one vlan = 100% CPU usage on RB1000
Replies: 6
Views: 1914

Re: moderate traffic on one vlan = 100% CPU usage on RB1000

I had suspected a high packet rate of very small packets. I understand what you are saying about the sampling frequency and the possibility to miss small extreme bursts in the graph. However, the client who was implicated in this is on a 100Mbps uplink, so that would be the limit of his burst, and a...
by cololine
Thu Feb 18, 2010 3:49 am
Forum: General
Topic: moderate traffic on one vlan = 100% CPU usage on RB1000
Replies: 6
Views: 1914

moderate traffic on one vlan = 100% CPU usage on RB1000

Hello All - Running ROS 3.24 on RB1000U, doing VLAN routing of IP traffic, most other features disabled, have a few simple queues, that's about it. Today I saw something that is a first in nearly a year (since I put this configuration into production): CPU usage briefly spiked to nearly 100%, and la...
by cololine
Fri Aug 14, 2009 11:03 pm
Forum: General
Topic: Intermittent response to ipv6 solicitations
Replies: 3
Views: 491

Re: Intermittent response to ipv6 solicitations

MikroTik has informed me that they will address this problem in v3.29. :D
by cololine
Thu Aug 13, 2009 1:32 am
Forum: General
Topic: Intermittent response to ipv6 solicitations
Replies: 3
Views: 491

Re: Intermittent response to ipv6 solicitations

Ok - given that there's still not much production IPv6 stuff being done at this time (as compared to IPv4), I'll consider the fact that at least one other user has experienced this issue enough cause to open a support ticket with Mikrotik. I could not find much of anything on ND in the docs Wiki, so...
by cololine
Fri Aug 07, 2009 6:21 pm
Forum: General
Topic: Intermittent response to ipv6 solicitations
Replies: 3
Views: 491

Intermittent response to ipv6 solicitations

Hello All - I have ROS 3.24 running on an RB1000. One of my clients behind the router is running IPv6 and I am advertising the subnet to his VLAN. All is well, except that he is complaining that the router responds to solicitations for an IPv6 address from him cleint machines only intermittently. He...
by cololine
Mon Jul 20, 2009 6:29 pm
Forum: General
Topic: Feature Request: *really* support SNMP v2C
Replies: 18
Views: 5372

Re: Feature Request: *really* support SNMP v2C

The changelog for the latest release (v3.27) does not say anything about snmpv2c support improvements. Mikrotik, can you tell us, in what version can we expect this?

Thanks!

Ed
by cololine
Tue Jun 23, 2009 5:19 pm
Forum: General
Topic: ARP Aging Time
Replies: 4
Views: 1469

Re: ARP Aging Time

Well, 90 seconds - 10 minutes is quite a range. I guess I'll write to Mikrotik support on this one. I think that it could be useful to have this as a configurable value.
by cololine
Mon Jun 22, 2009 10:53 pm
Forum: General
Topic: ARP Aging Time
Replies: 4
Views: 1469

Re: ARP Aging Time

Thanks for your input! Mikrotik, can you confirm or correct?

Ed
by cololine
Mon Jun 22, 2009 6:42 pm
Forum: General
Topic: ARP Aging Time
Replies: 4
Views: 1469

ARP Aging Time

Hello all -

I took a quick look through the docs, but cannot find any information on the default ip arp aging time, and how to set/change. Does anyone have any info to share on this?

Thanks!

Ed
by cololine
Tue Jun 16, 2009 6:17 pm
Forum: General
Topic: Feature Request: *really* support SNMP v2C
Replies: 18
Views: 5372

Re: Feature Request: *really* support SNMP v2C

Good news - I've received notice form MikroTik techinical support that they are working on full SNMPv2C compatibility. :D
by cololine
Mon Jun 15, 2009 5:44 pm
Forum: General
Topic: MRTG with SNMPv2c and RouterOS?
Replies: 1
Views: 821

Re: MRTG with SNMPv2c and RouterOS?

I've moved this discussion to here: http://forum.mikrotik.com/viewtopic.php?f=1&t=32647, because the proper support of SNMPv2C in ROS is feature request for the next verision.
by cololine
Mon Jun 15, 2009 5:44 pm
Forum: General
Topic: Feature Request: *really* support SNMP v2C
Replies: 18
Views: 5372

Re: Feature Request: *really* support SNMP v2C

I've moved this discussion to here: http://forum.mikrotik.com/viewtopic.php?f=1&t=32647, because the proper support of SNMPv2C in ROS is feature request for the next verision.
by cololine
Mon Jun 15, 2009 5:40 pm
Forum: General
Topic: Feature Suggestion: 64-bit counters
Replies: 11
Views: 3584

Re: Feature Suggestion: 64-bit counters

Further tests indicated that SNMPv2C support in ROS is pseudo at best; you can get a response to some queries, but it does not support important features over v2C like getbulk and 64-bit counter value returns. One of the developers of the venerable MRTG was kindly working with me on this, and he sai...
by cololine
Sun Jun 14, 2009 7:15 pm
Forum: General
Topic: Feature Request: *really* support SNMP v2C
Replies: 18
Views: 5372

Re: Feature Request: support SNMP getbulk

ROS only supports SNMPv1 as far as I know
Clearly it does offer support for v2C, perhaps with some limits, see above test with snmpwalk as well as other posts around this board. But it does appear to need some work.
by cololine
Sun Jun 14, 2009 6:19 pm
Forum: General
Topic: Feature Request: *really* support SNMP v2C
Replies: 18
Views: 5372

Feature Request: *really* support SNMP v2C

Hello - I've been troubleshooting an issue in which I cannot query ROS with MRTG using SNMPv2C, and after some kindly help from the MRTG developers, it appears the issue may be that the current stable version of ROS only offers psuedo-support of SNMPv2C: snmpwalk -c public -v 2c r1.0 SNMPv2-MIB::sys...
by cololine
Sun Jun 14, 2009 4:18 am
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 4382

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

Graphing?..
I did turn off graphing several days ago in a effort to try to reduce the backup file size, but it did not help with several backups since then the file size only went down after that minor change. I suppose it would be easy enough to test though, when I have some time....
by cololine
Sun Jun 14, 2009 1:31 am
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 4382

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

Hello - I have the same issue. I have two RB1000's both running RouterOS 3.24. Each is just set up with some VLANs, IP addresses and a few routes, with one having somewhat more entries than the other. The unit with the fewer entries has a backup file size of about 15KB, the one with somewhat more e...
by cololine
Fri Jun 12, 2009 5:16 pm
Forum: General
Topic: Feature Suggestion: 64-bit counters
Replies: 11
Views: 3584

Re: Feature Suggestion: 64-bit counters

Ehm, MikroTik, if you could please support SNMPv2C and only return Counter64 varbinds in SNMPv2C. A lot of SNMP monitors don't like receiving 64-bit counters in SNMPv1. Essentially, you are breaking the RFC's here... The other thing I discovered when investigating this is that I can't even query RO...
by cololine
Thu Jun 11, 2009 10:03 pm
Forum: General
Topic: MRTG with SNMPv2c and RouterOS?
Replies: 1
Views: 821

MRTG with SNMPv2c and RouterOS?

Hello all - Has anyone out there had any luck querying RouterOS via MRTG with SNMPv2c? If I use an binary version of snmpwalk that I found lying around, I do get data back from RouterOS via v2c with that. And MTRG works fine with RouterOS via SNMPv1. But with v2c I just get this from the cfgmaker: S...
by cololine
Thu Jun 11, 2009 2:34 am
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 4382

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

Still no explanation of the big file size discrepancy? Seems very odd...
by cololine
Mon Jun 08, 2009 8:31 pm
Forum: General
Topic: Feature Suggestion: 64-bit counters
Replies: 11
Views: 3584

Re: Feature Suggestion: 64-bit counters

We do it with MRTG now. Just query with v1, and then change MaxBytes to 125000000 and it should work. I think : ) Changing MaxBytes will not help if MRTG does not fetch a 64-bit value in v1 mode - the following is from the MRTG docs: SNMPv2c If you have a fast router you might want to try to poll t...
by cololine
Mon Jun 08, 2009 7:58 pm
Forum: General
Topic: Feature Suggestion: 64-bit counters
Replies: 11
Views: 3584

Re: Feature Suggestion: 64-bit counters

interface counters are 64bit for a long time already When I try to query the RB1000 in SNMPv2c with MRTG, it does not respond: --base: Get Device Info on public@r1.0:::::2 SNMP Error: no response received SNMPv2c_Session (remote host: "r1.0" [xxx.xxx.xxx.xxx].161) community: "public" request ID: 18...
by cololine
Mon Jun 08, 2009 5:17 pm
Forum: General
Topic: IPv6 client behind router responds to pings, cannot ping out
Replies: 7
Views: 1806

Re: IPv6 client behind router responds to pings, cannot ping out

Ok, after all that, this problem has nothing to do with ROS. The client machine had picked up an IPv6 address from a different subnet which was being advertised by the NOC - apparently the router was passing these advertisements to all interfaces. The client was using that address on outbound reques...
by cololine
Sat Jun 06, 2009 6:22 pm
Forum: General
Topic: Feature Suggestion: 64-bit counters
Replies: 11
Views: 3584

Feature Suggestion: 64-bit counters

Hello - If it has not already been suggested and/or implemented, I'd like to propose 64-bit counters, at least for octets in/out of interfaces and VLANs. I monitor that traffic by fetching it via SNMP with a tool like MRTG. Apparently the counters in ROS 3.x are 32-bit, which means that 5-minute sam...
by cololine
Fri Jun 05, 2009 12:32 am
Forum: General
Topic: IPv6 client behind router responds to pings, cannot ping out
Replies: 7
Views: 1806

Re: IPv6 client behind router responds to pings, cannot ping out

i asked that because im wondering if its an MTU issue on the VLAN maybe. Or possibly ipv6 and vlan's don't mix / not implemented yet. Can you continue your testing but using the native ethernet port instead of a vlan? I have been wondering about that myself: if it's a matter of IPv6 not working wit...
by cololine
Thu Jun 04, 2009 7:09 pm
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 4382

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

/export is plain config! /export file=mycfg That's true. When I export the whole system I get a file of about 33K in size, and nothing inside that would not be expected. What I am wondering, and what this thread is all about, is why the backup file is so much larger, assuming that it contains essen...
by cololine
Thu Jun 04, 2009 7:02 pm
Forum: General
Topic: IPv6 client behind router responds to pings, cannot ping out
Replies: 7
Views: 1806

Re: IPv6 client behind router responds to pings, cannot ping out

at quick glance that looks right. can you make it work without vlan ? Yes, I can. Basically, the router takes all client traffic on the WAN port (ether1) and routes it to client VLANS configured on ether2, which goes out to a network of VLAN-segmented L2 switches. The way things are physically conn...
by cololine
Thu Jun 04, 2009 5:18 pm
Forum: General
Topic: IPv6 client behind router responds to pings, cannot ping out
Replies: 7
Views: 1806

Re: IPv6 client behind router responds to pings, cannot ping out

Well, this has really generated a flurry of excitement on this board! :( I sure wish someone could help me with this. Is anyone out there using IPv6 in production in the data center, like I am trying to do, and is it working for them? I'll post the ipv6 config export below. One thing I did not note ...
by cololine
Thu Jun 04, 2009 5:08 pm
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 4382

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

/export ?.. No sir. And those would show up under /file anyway. As I said before, nothing in /file except a 6k auto-before-reset.backup that's been there since the beginning. Any other ideas? Too bad the backup file is binary, otherwise we could just peek inside and see the whole system config. All...
by cololine
Wed Jun 03, 2009 11:56 pm
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 4382

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

logs? hotspot? some files stored? branding? I don't have a any custom logs set, just the default logs in the dist, they appear to only be about 100 lines each according to the config. No hotpsots created. No files stored on the file area. No branding. The size of the backup file is now 680KB, up ab...
by cololine
Wed Jun 03, 2009 8:52 pm
Forum: General
Topic: IPv6 client behind router responds to pings, cannot ping out
Replies: 7
Views: 1806

IPv6 client behind router responds to pings, cannot ping out

Hello - I've got RouterOS 3.24 on an RB1000 in a data center, doing IPv4 and v6 routing. The DC gave me a couple of /64's, one for the router and one for a client machine behind it (mine). I assigned my side of the /64 for the router to the router port that I am using for WAN, and set a route for ou...
by cololine
Wed May 27, 2009 6:55 pm
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 4382

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

Hello - thanks. I am not particularly worried, just trying to understand why this backup file is so much larger than the other one. I've checked the configs for all the various router features, and I don't see any other services being used that could account for the additional size. There must be so...
by cololine
Wed May 27, 2009 1:15 am
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 4382

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

Hello - I have the same issue. I have two RB1000's both running RouterOS 3.24. Each is just set up with some VLANs, IP addresses and a few routes, with one having somewhat more entries than the other. The unit with the fewer entries has a backup file size of about 15KB, the one with somewhat more en...