Community discussions

MUM Europe 2020

Search found 20 matches

by dankunwizard
Mon May 08, 2017 3:09 am
Forum: General
Topic: unicast flood protection
Replies: 1
Views: 980

unicast flood protection

Hello Is there any way to automatically detect/block unicast flooding in bridge mode or in a vlan? i.e. frame with the unknown destination address flooding to all of its ports. Cisco appears to have this feature http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-1...
by dankunwizard
Sat Dec 28, 2013 1:01 pm
Forum: General
Topic: v6.7 released
Replies: 225
Views: 110817

Re: v6.7 released

Possible Dos attack of somekind maybe?
CPU load was 0%, traffic was normal but all BGP sessions were down.
It also had firewall rules on input chain filtering tcp port 179 traffic, so only allowed peers could communicate and establish bgp peering.
"/system reboot" fixed the problem.
by dankunwizard
Sat Dec 28, 2013 8:00 am
Forum: General
Topic: v6.7 released
Replies: 225
Views: 110817

Re: v6.7 released

CCR router running ROS v6.7 locked up and stopped forwarding packets after running for about two weeks. It also didn't respond to icmp echo packets. When connected to console, it was up but the log had hundred lines of BGP connection error messages: RemoteAddress=xxx.xxx.xxx.xxx Failed to open TCP c...
by dankunwizard
Mon Dec 02, 2013 1:53 am
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 73680

Re: RouterOS v6.6 released

64-bit counter of in/out bytes statistics for bonding and vrrp interfaces do not work on ROS v6.6 x86 but works properly on tile arch.
please fix this bug asap
by dankunwizard
Tue Nov 12, 2013 9:24 am
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 73680

Re: RouterOS v6.6 released

so, currently there's no way to limit total amount of huge traffic on MikroTik devices?.. Queue tree - Interface HTB is the fastest one, HTB Global requires little bit more processing. regardless of whether htb is on interface or global, CCR cannot police/shape more than 600-800Mbps per queue inclu...
by dankunwizard
Fri Nov 08, 2013 4:43 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 73680

Re: RouterOS v6.6 released

you have 36 cores and you wanna put everything in single simple queue -- really? it was noted in RouterOS v6 presentation at the MUM Russia (and US if i'm not mistaken), that on CCR simple queues gets max performance if there are at least 32 simple queues massive multi-core devices require differen...
by dankunwizard
Fri Nov 08, 2013 1:15 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 73680

Re: RouterOS v6.6 released

you have 36 cores and you wanna put everything in single simple queue -- really? it was noted in RouterOS v6 presentation at the MUM Russia (and US if i'm not mistaken), that on CCR simple queues gets max performance if there are at least 32 simple queues massive multi-core devices require differen...
by dankunwizard
Fri Nov 08, 2013 11:26 am
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 73680

Re: RouterOS v6.6 released

I'm testing CCR-1036-12G-4S with latest ROSv6 but it cannot route more than 600-800Mbps with one simple queue entry (no firewall or mangle). This is very disappointing. Is this a known issue or maximum HW limit of CCR? Setup: Two bonding interfaces (802.3ad, layer 2 n 3 hash) bonding1 - eth7, eth8 b...
by dankunwizard
Thu Feb 28, 2013 1:05 pm
Forum: RouterBOARD hardware
Topic: Cloud Core CCR1036-12G-4S - link aggregation
Replies: 2
Views: 1765

Cloud Core CCR1036-12G-4S - link aggregation

I'm considering to use CCR1036-12G-4S to route about 2Gbit of traffic (200-300k pps). Because it does not have a 10G port, I'm thinking to use 802.3ad to aggregate two gigabit ports and connect to a switch. Has anyone tried link aggregation with cloud core router? Is it stable? How does CCR perform ...
by dankunwizard
Fri Oct 05, 2012 6:47 am
Forum: General
Topic: Firewall filter in 5.20ppc not filtering ntp traffic
Replies: 4
Views: 1126

Re: Firewall filter in 5.20ppc not filtering ntp traffic

if you're trying to filter locally generated traffic then it needs to be placed in input or output, not forward
by dankunwizard
Tue Oct 02, 2012 12:34 am
Forum: General
Topic: RB1100AHx2 Performance
Replies: 3
Views: 2120

Re: RB1100AHx2 Performance

Well my guess was that the mangle rules counted as firewall. However I have no idea why I see cpu usage for both queuing and ethernet. There is only default only-hardware-queue for each gige interface and that is it, no simple/htb queues configured at all. Tx/Rx drop counters are all zero. IMHO the ...
by dankunwizard
Mon Oct 01, 2012 6:48 am
Forum: General
Topic: RB1100AHx2 Performance
Replies: 3
Views: 2120

RB1100AHx2 Performance

I have a RB1100AHx2 (v5.12) with below configuration - Running BGP, 6 x iBGP peers, 7000 routes in routing table - Connection tracking disabled, no firewall, no bridges, no queues, no NAT, no vlan, no bonding - Two lines of mangle rules for routing mark (matching from 20 lines of address-list) - Tra...
by dankunwizard
Tue Nov 29, 2011 12:33 am
Forum: General
Topic: no ip redirects
Replies: 1
Views: 722

no ip redirects

How can I disable icmp redirects?
by dankunwizard
Tue Oct 25, 2011 11:45 pm
Forum: General
Topic: DHCP and IP unnumbered
Replies: 4
Views: 3481

Re: DHCP and IP unnumbered

Thank you for your reply. Yes I know it's possible with having an IP for each VLAN but if there are hundreds of VLANs it's not very practical. Also if only one IP needs to be assigned by DHCP to a VLAN, a /30 needs to be assigned and wasting IP address resource. Is there any other way of having DHCP...
by dankunwizard
Tue Oct 25, 2011 6:46 am
Forum: General
Topic: DHCP and IP unnumbered
Replies: 4
Views: 3481

DHCP and IP unnumbered

Hi I'm trying to migrate a Cisco router to Mikrotik. It currently runs a DHCP server over multiple VLANs with each VLAN configured as ip unnumbered, something like below. Can Mikrotik support this? or do I need to assign an IP address to each VLAN? Thanks in advance. interface Loopback0 ip address 1...
by dankunwizard
Mon Oct 11, 2010 1:26 am
Forum: General
Topic: Too many bugs
Replies: 40
Views: 5047

Re: Too many bugs

It's logged and got an auto reply from Mikrotik support on 1/10/10 but no further response yet =(
by dankunwizard
Sat Oct 02, 2010 5:29 am
Forum: General
Topic: Too many bugs
Replies: 40
Views: 5047

Re: Too many bugs

Yes, PPPoE only. No, it's not configured to accumulate. As posted earlier, below is a radius accounting packet sent by the mikrotik router, it clearly shows that the radius server is not the problem here. Wed Sep 15 10:24:57 2010 ...... Acct-Session-Time = 23 Acct-Input-Octets = 859413130 Acct-Input...
by dankunwizard
Fri Oct 01, 2010 4:39 am
Forum: General
Topic: Too many bugs
Replies: 40
Views: 5047

Re: Too many bugs

Yes, it seems icmp replies with RTT more than interval are discarded. 20ms show no packet loss. Thanks!! :) Here's details for radius issue, basically previous session's in/out octet counters are carried over to next session. So each time this user gets disconnection for some reason, usage doubles p...
by dankunwizard
Fri Oct 01, 2010 2:02 am
Forum: General
Topic: Too many bugs
Replies: 40
Views: 5047

Re: Too many bugs

I was more frustrated with the ping issue than radius accounting issue. How many network admins assume ping could be reporting inaccurate result? Ping is the first tool that I use for any network issue. Except some firewall environment, it's still a very useful tool to diagnose and usually a packet ...
by dankunwizard
Thu Sep 30, 2010 2:03 pm
Forum: General
Topic: Too many bugs
Replies: 40
Views: 5047

Too many bugs

I've been testing RouterOS for about a month and there are just too many bugs. 1. Ping Sending ICMP packets from Mikrotik to a host on same network always report packet loss but pinging from the host reports no packet loss. Mikrotik 4.10, 4.11, 5.0rc1 all same result. Icmp rate limit sysctl was set ...