MikroTik

I have also encountered your problem. When the number of routers exceeds 32 cores, various strange and unusual issues arise Try disabling hyper threading or shutting down some cores, and most likely the problem will be resolved Re; ... I have also encountered your problem. When the number of router...

What Ethernet cables are connected ?
Where do those Ethernet cables go ( outside ) ?

Follow your ethernet cables - I suspect one or more cables is the source of your moisture problems.

Here is one possible way In Proxmox , - Create your CHR vm and the interfaces you want to use ( no configurations - no configuration ). - Add one more interface to the Proxmox vm - Power on the Proxmox CHR vm - Use Winbox of MacTelnet and connect log-into your new CHR using the MAC address of the la...

Re: .. I'm running RouterOS 7.18.2 stable on a beefy Supermicro Super Server x86_64 with 56 cores. ... Are you running ROS x86 on bare metal ( ISO install ) ? Or , are you running ROS x86 or CHR on a hypervisor such as VmWare or Proxmox ? Many times I have seen that when running ROS CHR ( v6 and v7 ...

I've been asked this a couple of times - how to use a Mikrotik to see neighbors on all of your Vlans. In this case , I used a Mikrotik virtual CHR on one of my Proxmox hypervisors ( license Level free ). - ether1 ( any IP address you want to use for management ) - ether2 ( This port is a trunk port ...

One potential issue with the NetPower 16 is that it does not have any fans. Thus if you mount it in a horizontal ( flat ) position in a rack where the rack is in a remote tower location without air conditioners ( cooling ) , the NetPower 16 may run hotter because of less cooling. The NetPower 16 was...

unfortunately there is no single Mikrotik tool to make backups on one router and then restore that backup on a replacement router ;( :( :( :( :( :( :( There are multiple discussions in these Mikrotik forum topics about this issue and work-arounds. For starters, I suggest always having two backups. -...

2000 users on any router is a lot of users. Little math here --> ( 2000-users x 25-Meg-User-Bandwidth-Peak-Usage-Hours) x 75-Percent-of-active-users ) That's a heck of a lot of bandwidth for a single router. I would break it up into multiple routers ( about 4 or 8 or more ) , and use 40-Gig or 100-G...

** I hate it when passwords are printed in tiny hard to read characters. **

You would think that the Mikrotik ax products on the Mikrotik web page and their documentation/specifications should clearly state : - Does not support nv2 protocol - Does not support nstream protcol I also have ordered some thinking they supported nv2 - but nooooooooooo , now they are in the large ...

Nv2 is the only thing that make usable RouterOS devices for WISP. ... I have replaced with something else where I need to expand or widen the coverage. Just curious, did you replace with 802.11 devices or some other proprietary technology? If I understand you correctly, it's not that 802.11 is unus...

The free version is limited to 1-Meg throughput.

The trial versions do run up to the the trial CHR license speed applied. Example CHR with P10-Unlimited will run up to 40-Gig throughput speeds ( if your hardware goes that fast ). However trial is trial and the license times out.

I've got a few hundred nv2 outdoor APs on many towers and over a thousand nv2 5km+ to 20km remote clients.
Because Mikrotik is dropping nv2 & nstream on all newer AX devices , I think I am being forced migrate into another WISP wireless delivery platform to my customers.

sad sad sad tom

Re: Edit: I just realized my chr is only licensed to 10gbps. That's probably why I'm not seeing more . What you could do is spin up a new 2'nd CHR , upgrade to the P-Unlimited license ( trial ). Then run a speedtest to 127.0.0.1 That should give you an indicator how well your Proxmox server runs a C...

Hello, I manage BGP for our /24 network using multiple carriers. I have a client to whom I would like to allocate a /29 subnet within our /24 IP address space. I'm currently trying to determine if this is feasible and what modifications are necessary to ensure that the remaining IPs continue to fun...

I have read somewhere that Proxmox can not migrate a VM that is using PCI-Passthrough.
If this is correct , how do you migrate a ROS ( x86 and/or CHR ) using PCI-Passthrough to another Proxmox ?
Is it possible to migrate if the Proxmox servers are identical ?

What kind of hardware have you tested this on Tom? My main router used to be a rb5009 up until a month ago. I switch my internet to 5gb fiber so I started using my MS-01 with proxmox & CHR, but I have both WAN and LAN on proxmox bridges that are then connected to CHR. I've benchmarked about 4.5...

note - A CHR VM running on Proxmox without PCI passthrough is still fast enough to handle about 6 Gig of throughput. fyi ; I don't use PCI passthrough on any VMs in my Proxmox cluster. Mostly because I want/need the ability to live-migrate my active routers from one Proxmox server to another without...

Re the reboot script when things don't ping. First , I am not a programmer. ( I used to be really good with some advanced multi-user multi-tasking BASIC programming back in the 1970s ). When it comes to scripting these days , it takes me dozens/hundreds of failures to get something working. I welcom...

Here is a script & netwatch to auto reboot if/when you can't ping something NOTES : Do this at your own risk. I am not responsible for anything you do that breaks your nework. Notes about this set of scripts : ** I have tested this on Mikrotik ROS version 7.18.2 ( I have not tested this on anyth...

Re: ... ping ... monitor an internet connection ... If I was going to try this , I think I would write up a Netwatch script. Have it ping multiple IPs out on the internet and then have the script detect if all the the remote IPs being pinged were down , then take an action to reboot or use an altern...

OK - so now I have some faster nat speeds. In my prior posts in this topic , I was using a Hex-Poe I now also have some Hex-S routers. My head-end network facing these client Mikrotik devices ( Hex-PoE and Hex-S ): - Adtran TA-5000 ( GPON --- 2.4-Gig to customer and 1.2-Gig from the customer ). - ab...

Pick this up tomorrow ... I still suspect there has got to be a method to configure a customer located Mikrotik router to do CGN-NAT ( NAT-444 ) with fw jump tables ( using the WAN IP address ) , and get much faster throughput when compared to Mikrotik's normal NAT. Hope I'm not beating a dead horse...

In my LAB , I have a Hex PoE connected to a 1-Gig network. the Hex PoE has a slow CPU and only reaches about 250 to 280 Meg - but a different much faster Mikrotik can allow the same PC to hit near Gig nat speeds. I still don't understand why you don't just implement Fasttrack. You can achieve near-...

re ... 34000 - 34749 aren't already being used (mapped to another active traffic flow) ... But those ports can be re-used when a customer is connecting to a different computer or multiple different remote remote servers at the same time - this is normal nat overflow - also note when I configured my ...

re: ... example 192.168.0.10 host chooses (say) TCP port 57243 to initiate a new outbound connection from, HOW is it decided which WAN port between 34000 - 34749 this outbound connection is mapped to? ... Pretty much the same way regular normal nat works but the port and IP address are both re-mapped.

My understanding is that this is in fact exactly what "action=netmap" does. I have not, however, benchmarked it against "action=masquerade" or action="src-nat". I suspect any improvement in performance would be negligible, since I'm pretty sure most of the CPU being ta...

Is there a faster way to do NAT ? This is just some out-of-the-box thinking. I don't know if this is even feasible - but here are my rough thoughts ... - A very basic Mikrotik NAT router ( with two ethernet interfaces doing NAT. ) - Bridge WAN - add ether1 - WAN ( dhcp client ) - Bridge LAN - add et...

Can you use both the barrel jack and the 2 pin header to power the rb5009ug+s+in for redundancy? YES you can use dual power inputs. Note , the DC input with the highest voltage will be the one that is actively used and carries the entire load. ( and just to clarify , this is not power supply load s...

.rsc vs .backup ; Both have their advantages and disadvantages and neither as of today is KISS ( Keep It Simple Stupid ). With .rsc , you have an added layer of complexity which may require editing your .rsc files ( and have a full understanding of all the configurations lines in the .rsc file ) whe...

Re: ... As a (W)ISP I do everything you wrote about, without the slightest need to restore .backup files from other devices, but using only configuration scripts. Is there a really valid reason why you have to use the .backup file instead of using the .rsc ??? ... OK - here might be a good reason : ...

In looking at the url image

Everything is in the same vlan ?
Is anything doing nat ?
There are no duplicate MAC addresses for any Mikrotik-interfaces , devices ?

Re: ... Whenever I back data up from my workstation to the server ... Re: ... IPTV starts crashing ... What is the Ethernet link speeds on your interfaces ? Do you see errors on any of your Mikrotik Ethernet interfaces ? What is the normal bandwidth on all of your Mikrotik interfaces when you are no...

Feature Request: Optional ability to restore without keeping MAC addresses Mikrotik backup and restore do work pretty well for restoring a backup on the same device that originally created the backup. - however - When a restore is performed on a different router that did not originally create the ba...

Feature Request: Include NAT speeds in Mikrotik Test Results Documentation I really would like to see Mikrotik include NAT speeds in their published product Test results. We've seen it many times in these forums , where somebody posts a topic about slow Internet performance. Then often follow-up pos...

T1 ? I thought T1's died and went away many many years ago. * Even the Telcos are moving away from T1's & DS3's and moving to fiber when possible. If you are still using a T1 , consider finding a used Cisco 1720 router with a T1 interface then pass the Ethernet into a ( Mikrotik ) router. Depend...

If I remember correctly ...
I think between two distant mikrotiks , you can make a secure ipsec , then put a secure eoip tunnel inside of the ipsec.
And get something that has double encryption on packets as it passes through the public internet and might offer some larger MTU options.

I always wanted have a front-end web server that after bot checks would generate a random btest user/password , then auto remove it 10-minutes later. Just long enough for a btest but not long enough to test an ISPs entire network and prevent time-cron-scheduled auto btests that occur ever hour or d...

re btest / speedtest / iperf It would be interesting if somebody made a speedtest server that did something like this: - http to the web server , authenticate , verify not a bot , verify also by email. - Ask a question ( traditional windows browser speed test , or Mikrotik btest , or iperf / iperf3 ...

Thank you a lot. I don't really get how it works. I don't understand how your firewall works. With this configuration you are able to disconnect a user after x minutes ? Just give it a try on a local Mikrotik. There are two things going on. - /queue simple - and the use of address lists in the fw s...

Hello, I'm currently trying to set up a Bandwidth Test server that automatically disconnects the client after 1 minute. How did you manage to do it? This is/was my public btest server btest-config.jpeg export: /interface ethernet set [ find default-name=ether1 ] advertise=1G-baseT-full disable-runn...

Where are you testing your speeds to ? Your problem could be that your Internet upstream provider ( or your upstream upstream providers feed(s) ) might have some saturated BGP feeds. I would suggest performing multiple speedtests to many local and remote locations. If speedstest(s) look good locally...

re: ... Anyway, whatever they end up doing... I do hope they host it on their RDS ROSE server(s) as proof-point they work in the real-world. ... If I hosted this server , I would go with Proxmox hypervisors Xeon , 40-Gig or 100-Gig network cards , NFS mounts from a TrueNAS ( 512-Gig Ram or 1-TB-Ram ...

Re: ... Sorry but the board is temporarily unavailable, please try again in a few minutes ... What are the problems this forum web server is having ? - Denial of service ? - High number of connections ? - High CPU load ? - Slow CPUs / not enough CPUs ? - Busy database/disk I/O ( same server or exter...

FYI - Here is a basic GPON network design. - Each GPON fiber network ( PON ) uses a single strand of fiber to the optical splitter - Customers can be 20-km in distance - An optical splitter does not require power - Optical splitters can be 1-in-and-8-out or 1-in-and-16-out or 1-in-and-32-out or 1-in...

Topic: GPON and Mikrotik This topic is intended to be a discussion about using Mikrotik routers/switches in a GPON fiber connected network. Use case; Where an ISP utilizes a GPON fiber-to-the-home optical network , and the customer/client end of the fiber network is a Mikrotik device that connects d...

Re my post : " Funny , I was just playing around with my last-remaining still-working Mikrotik GPON SFP module. And although it still works , there is nothing shat shows up on the SFP tab. However , a FS GPON module does show up in the GPON tab. " Later in the day after I posted the above ...

On your Mikrotik CRS , using Winbox Click on Interfaces , then click on sfp interface , then click on the SFP tab. Look at your Tx power and your Rx Power ( verify both sided of your links have a receive Rx-Power that is within spec of your fiber sfp+ module also Click on Interfaces , then click on ...

what type of 802.3ad / LACP bonding are you using ? ( balance-xor , balance-rr , active-backup , broadcast , balance-tlb ). I myself prefer to use active-backup bonding ( one active and the second is fall-back ). Some of the other above methods can be CPU intensive ( a CRS326 is not a CPU power hous...

I'm still old school where a router is a router and a switch is a switch and storage is storage and a nas is a nas ... I've run 24+ TrueNAS servers for a very long time now. On my faster TrueNAS servers , I can hit speeds of almost 100-Gig writes to my NFS TrueNAS system when many machines are writi...

Funny , I was just playing around with my last-remaining still-working Mikrotik GPON SFP module. And although it still works , there is nothing shat shows up on the SFP tab.
However , a FS GPON module does show up in the GPON tab.

yup - I've seen this CHR License Error many times. !!! There is some pattern of restoring a clone from a clone from a clone that triggers it. Once you get the message , just erase and delete the CHR and rebuild it from scratch and reapply the chr license. It seems like it happens at the worst of tim...

anav Re: ... these engineers ... IMO ; Mikrotik has two pretty good OS systems ( ROS & SwOS ). - ROS for L3 routing is very good and easy to understand. Easy to learn and follow their CLI and GUI configurations - even for a newbie admin and/or for most experienced network engineers who are worki...

re - feature request I'm not saying it can't be done. I am saying it's nearly impossible to configure switchport vlans if you are not already experienced with Mikrotik routers/switches. Let's take the Casio and Hotel(s) mentioned for example. 3 very experienced network engineers who are already usin...

... And Tom, feel free to send one of those switches my way :D ... lol - yea right - I'm still thinking what what I'm gonna do with a ton of new still-in-the-box never-installed never-configured 1-Gig PoE /10-Gig/25-Gig/40-Gig/100-Gig switches. - note - the Casino staff member who gave me the ton o...

Also - related to my original post here The single GUI page should also have the ability to manage both HW-bridges and non-HW-bridges. The new GUI could possibly auto-detect if a port is already configured and mark it in the single GUI as non-configurable because the port is already configured in ot...

Subject: Feature request - add interface Vlans & ports & bridge functions into a single easy Winbox/Web settings page IMO : Managing interface Vlans ( mode access vlan and/or mode 802.1q trunk - and configuring what vlans are allowed to go through Trunk interfaces is ( at this time ) very di...

I will be shutting down the btest server I maintain on April 1'st 2025 You might want to clarify that this isn't an April Fools' joke - just to be safe! 😄 Re: You might want to clarify that this isn't an April Fools' joke - just to be safe! 😄 Message reply from North Idaho Tom Jones This is not a j...

The lack of respect is very high, like that ignorant person who tried a 40Gbps test.... re: 40Gbps test Funny - there were a few times when I disabled all the btest queues/rules and did see multiple/sustained 10Gbps btest loads that would never end. Now that was something that would get my attentio...

Re: I'm sad to see it go but I want you to know I found it useful and am grateful it was there. You are one of the primary reasons I ran this community btest server :) - there are many good admins who used this btest server as indended :) Re: Is there anything the user community could offer that mig...

IMO , I will always be for --> classic "NAS" / storage servers. I prefer a ( router be a router) and a (switch be a switch) and a (NAS be a NAS) and a (HyperVisor be a HyperVisor) and virtual machines VMs should not be inside containers. I guess I'm just old school in my opinions for what ...

***** IMPORTANT INFORMATION *****
I will be shutting down the btest server I maintain on April 1'st 2025
It's been on-line for around 10-years and has seen countless terra-bytes pass through it during this time.
*********************************

IMO , when it comes to Mikrotik shipping any Wi‑Fi 6E or Wi‑Fi 7 , it's gonna be "Hurry up and wait for years ... and say to yourself - Will it ever come out ?" And if it does come out , the wireless configuration is 100-percent different and your existing configurations do not work ( incl...

** Changes *** Update information *** March 20'th 2025 - Wait periods between tests *** I made some timeout wait changes to the best server I maintain. - Maximum time for any btest is now 5-minutes or less - You must wait 3 days to run another btest. - If you do not wait the required 3 days , the bt...

StraightUp-jpeg.jpg Back in October , I posted some information about a long-distance link I made from my tower to my home which was 31-km in distance. Yesterday afternoon , we had some serious high winds ( 50+ mph ) and the winds pushed my home dish antenna so that it is now pointing straight up t...

Your best bet for reliability is to not change the factory default CPU clock speed settings. If you increase the CPU clock speed , it may run a little faster but ... It will run hotter and also not as stable. If you decrease the CPU clock speed, it may run slower and cooler ... however there also is...

kind of a head-up on how I run my BIND9 DNS servers. I have qty 1 LAB Live-IP authoritative DNS server I have qty 2 Live-IP authoritative DNS server ( aka normal DNS servers ) I have qty 2 authoritative/caching DNS server behind a firewall that all/most of my customers use - ( the Internet can not o...

By your diagram drawing , I assume you have the following: - A pc with two network interfaces ( or a single network interface and you are using Vlans ) - A switch/hub - a system 1 device ( that can not talk to system-2 ) - a system 2 device ( that can not talk to system-1 ) There are multiple possib...

Moderator note to ; GuilhermeToniate re: de pacote rede interna If you do not know Engligh , please try using a Google translate utility to translate Portuguese to English below the same message but Google translated from English to Portuguese: Nota do moderador para; perca de pacote rede interna Se...

If you are an ISP ... Using external DNS servers ( such as in your case 1.1.1.1 & 8.8.8.8 ) might not deliver fast/quick DNS results. Some issues/problems when using any external ( not yours ) may include some or all of the following potential problems : - Network propagation delays ; The time a...

Thought I would post an update on the new 50-km link I turned up last Friday. First try , it connected on nv2. Only one side of this long-distance link is aimed for best signal. The other remote side has not been properly aimed in yet. (( The plan was to aim it today but it is snowing here right now...

I would love to play around with these types of links, and have plenty of good use for links in the 1-10km (I think in miles, but I'll adapt). Problem is, I've got nothing but mountains and trees for miles in all directions, so unless I erect 200' towers, my line of sight is limited to 1/2 km. Re: ...

Re: ... the documentation says it supports 31 dBm ... Read the wireless specifications on the Mikrotik OmniTIK 5 ac The documentation indicates that at a 6MBit/s transmit rate it supports a transmit power of 31 dBm. It does not say that it has a transmit power of 31 dBm at all transmit speeds. 6MBit...

50km link ( 30-miles ) Today , I'm going to try and bring up a microwave ( mANT30 PA dish with a RB921UAGS-5SHPacT ) 50km link ( 30-miles ). This link will eventually be my secondary ( somewhat out-of-band ) fall-back link after the fiber is connected in about 30-ish days. After the microwave link i...

Not Mikrotik microwave hardware
You sure?

I'm sure , just b4 posting , I pointed my mANT30 PA dish with a RB921UAGS-5SHPacT at Voyager 1 and performed a Wireless-Scan & Snooper , and I did not see any signals in the -160 db range that looked like it was a Mikrotik RB on Voyager 1.

Here is long long long long range microwave link !!! 24 billion kilometers 15 billion miles Voyager 1 A signal sent from Earth takes nearly 23 hours to reach Voyager 1. When a ping is sent , you can expect a received ping reply in about 46 hours. Voyager 1 transmit speed about 160 bit/s. Voyager 1 m...

mkx

question for you ( re the new WiFi configuration ).

I hope this is an easy one for you.
How do you setup a WDS link using the new WiFi configuration so that all MAC address and vlans pass ?
With Wireless WDS , this is/was easy - but I have not tried it on WiFi yet.

North Idaho Tom Jones

I am considering doing almost the same thing at the same 40km distance. For me , I found that with greater than 30km links that only nv2 was stable and that 802.11 would not reliably connect at that distance( using the Wireless config - not WiFi ). If/when you get your 40km link working using the ne...

Re Linear power supplies ..

I am not talking about external power supplies - good external power supplies are indeed normally switching power supplies.
I am talking about simple single IC voltage regulators on circuit boards - for low current , they are normally linier voltage regulators.

Just about every Mikrotik router with a SFP interface ( what the fiber module goes into ) should work. While they are laying your fiber ( house to shop/apartment ) , I might also suggest laying in two Cat6 ethernet cables in the same ditch/conduit. You might be able to get 100 Meg ( possible 1-Gig )...

If I am correct , your SFP module is a GPON adapter. ( I think it is a complete GPON on a stick module ). -- Am I correct ? Have you done a side by side export comparison of your configurations in both of your Mikrotik routers ? You may also ( for the heck of it look at the temperature of your SFP d...

On your Mikrotik - in the interface sfp section ...
What is the distance and signal strength ?
also - did you reset your mac address on the sfp interface ?

I have installed RouterOS (ver7.16) on Proxmox. I have a TP-link T4U USB device connected to the PC running Proxmox. I added the USB device to the RouterOS VM and I can see the USD device in WinBox under System->Resources->USB. It is listed as a Realtek 802.11ac NIC. How can I use this device to se...

Normis - you asked for greater than (30KM+) MikroTik wifi based links? I recently posted my greater than 30KM Mikrotik link in the Mikrotik forum --> Solving 20km wireless link issues This is a new 31km wireless link I configured yesterday. ( most of the link is over water !!! ) At both ends of the ...

I have a feature request. Where --> Using Winbox , In the wireless interfaces , in the [ Frequency-usage ] screen. I would like to see two new usage items added to the screen. - Average-Usage ; shows the total average during the scan. - Maximum-Usage ; shows the maximum peak detected when the scan w...

A good method to measure heat on a 24-Volt to 48+Volt board with a temperature sensor and a common on-board linier power supply. Power the device at 24 Volts, wait for the temperature to become stable , then query the temperature sensor. - next - Power the device at 48 Volts, wait for the temperatur...

Re higher voltage than needed power supplies. If you have a PoE device that that has a voltage range for possible voltage input to power that device , I suggest to use a power supply on the lower end of the voltage input range ( when possible ). Example , if you have a Mikrotik which comes with a 24...

I’d say that’s pretty impressive for an initial alignment of a 31 km link, especially considering it was raining. To me , what's interesting is that on all of my short point-to-point wireless networks ( AP to a single client ) , I've always found that Wireless-Protocol using 802.11 was the fastest ...

Instead of --> Solving 20km wireless link issues How about --> Solving 31km over water wireless link issues ( while it is raining ) This is a new 31km wireless link I configured yesterday. At both ends of the wireless link , I am using the following: - RB922UAGS-5HPacD - RF-Elements twist-port dish ...

no color in the logs ( only black ). I often do log using normal black lines. I often log using something like : log error " *** write a red line in the logs - something is down *** " for a red line in my logs. I often log using something like : :log warning " *** write a blue line in...

It would be nice if Torch showed the EST ( established flag ) for traffic. Or is there another way to easily monitor interface traffic and filter established traffic verses non-established ( new connection ) traffic. ( and possibly other traffic type bits in the packet header ( such as current hop b...

post from: NorthIdahoTomJones

FYI - I rather like the newer ROS speedtest utility ( winbox -> Tools --> Speed Test ).
I tested this using one of my customer's 25-Meg wireless account.

winbox-speedtest.png

I just updated the Mikrotik public btest server I maintain to ROS version 7.16 ** Everything appears to be working correctly. ** This is a Mikrotik CHR ( P unlimited ) running on a Proxmox hypervisor. IPv4: 23.162.144.123 IPv6: 2605:6340:0:1b::123 btest username: North-Idaho-Btest-Server btest passw...

I just updated the Mikrotik public btest server I maintain to ROS version 7.16

IPv4: 23.162.144.123
IPv6: 2605:6340:0:1b::123
btest username: North-Idaho-Btest-Server
btest password: I-Am-Not-A-Cron-Script

North Idaho Tom Jones

1) Are you interested in a central controller for MikroTik devices? If yes: Yes - b) or you are interested to manage all configuration of these MikroTik devices 2) How would you like to run it? b) Self hosted server on X86 (*NIX) A package that can be installed ( example Ubuntu apt-get install mikro...

IMO - in general - When customers get their full upload speeds but do not get their full download speeds , then often the problem is the ISP's upstream Internet connection is saturated and/or the ISP's internal router/switch network is saturated. - The issue could be ; the ISP's upstream internet co...

Re: ... Also, let me ask, is anyone here actually running CHR on Proxmox and can confirm things are running fine? ... I run multiple CHRs on 13-clustomer Proxmox hypervisor servers. No fancy configurations ( No SR-IOV and no special config network cards ). My faster Proxmox servers in the cluster ha...

Try setting the VM CHR on your Proxmox system to use VirtIO network interfaces.
Also , make the VM CHR is a stand-alone VM ( not in a container ).
Verify your Mikrotik CHR license is the correct level.

Re: ... optionally make the binary ".backup" files not bound to the device ... It would be a useful feature to be able to make a backup that is portable to a different replacement Mikrotik device. -or- even better It would be very useful to have a new restore/import feature which would all...

Question: - What are people getting for routing throughput where there are two CHR routers on different servers - where one is on one hypervisor and the other is on another hypervisor ? On my lab network ( all machines are old 2.10-GHz CPUs with PciE-3 and 40-Gig network cards When testing with two ...

Larsa , thanks for the links in your last post.

Wow - I've got some reading to do ....

Hey guys, since this is a MikroTik forum would you mind continuing the VPP/VyOS/pfSense lab discussions elsewhere? Maybe on their respective mailing lists, user forums or perhaps Reddit? :D You are correct re : ... this is a MikroTik forum ... My posts are intended to be targeted towards asking for...

Re: ... Did you test VyoS 1.5 rolling + VPP addons how is it? ... I have not played around with the VPP addons yet. I only updated to the latest rolling release to get the faster control plane. And wow :) I will be testing the VPP add-on packages on my lab network test routers b4 putting VPP into pr...

Today , I upgraded/updated the btest server I maintain From: CHR ROS version 7.15.2 To: CHR ROS version 7.15.3 all btest-jails were cleared during the reboot - so go ahead and give it a try. North Idaho Tom Jones edit - note: If you don't mind ... Please post your results. Many of us like to know if...

@ Tom I hope if you don't mind asking this question do you have current test setup at least with FRR + VPP how's the performance and any gotcha? I don't mind getting my hands dirty again to rollout pure linux solution as long as they are worth it. I'm also eyeing for VyOS but as far as i know they ...

re: ... If pfsense/netgate can do it with their TNSR offering MT can do it too ...

VyOS, Debian, Ubuntu, BSD and some others ( including FRR ) also have VPP packages available.
If CHR had it, I would be all-over-it and testing it out in a heart-beat.

... Mikrotik doesn’t have the expertise or resources needed to develop brand a new user-space NOS ... Am I correct that Mikrotik's ROS is based on Linux ? There are already working available Linux VPP packages. To me it seams like it would be somewhat easy for a tik programmer to spin up a VPP CHR. ...

Isn't it counterintuitive for MT to push their hardware sales rather than CHR + VPP that's why it appears they are not interested to make this happen? I hope this is not the case I think most of the SP guys here including us is willing to pay for a reasonable price just to make this happen anyone c...

Today ( July 29 2024 ) , The public access btest server I maintain is again now on-line. This btest server was renumbered and the user name / password to access the btest have been changed. IPv4: 23.162.144.123 IPv6: 2605:6340:0:1b::123 btest username: North-Idaho-Btest-Server btest password: I-Am-N...

Re: ... i think the current path is towards ASIC ... Well crafted ASICs can and do often improve specific types of I/O throughput on specialized hardware. But what about x86 and CHR ROS on hypervisors and bare-metal machines. There are no router I/O ASICs on common generic motherboards. IMO, if ther...

Well, it won’t work with the current product line. Study the basics and you’ll understand why. re: ... Well, it won’t work with the current product line. ... Are you referring to it wont work with current CHR ? ( if so , CHR does not run on bare-metal ). CHRs don't have direct access to all of the ...

@ OP / Tom We are in the same boat as you we are growing but in a much slowly pace as a side effect I think we can still wait at least a few more years to wait for VYoS or Bison Router to mature, any chance you can share other cost and effective solution you are looking into?, I hate to ask this si...

1. CHR is designed to run in virtual environments and can easily handle Tbps without any issues. But if you really want to run bare-metal, go for ROS x86_64. But why? Properly set up virtual environments are just as fast as bare metal and are way easier to manage. 2. VPP is a user-space solution an...

Feature Request - CHR - VPP & ISO version CHR ROS I've been using thousands of Mikrotik devices and dozens of virtual VM CHRs in my ISP networks for many years now. So far , all of my Mikrotik products have stood up well against the test of time and they have easily handled my ISPs leaps in netw...

Yup , I have it down for now. It was getting tons of abuse by many other Mikrotik network admins. I was seeing whole /24 & /23 & /22 networks where almost every IP address in ( customer ) nework blocks would sequentially one-after-another perform a btest to my Mikrotik btest server. When I s...

Nat at 5-Gig throughput It can be done - but it's asking alot. It's very CPU intensive for any router ! If you are an ISP , I would guess you would be natting something like 100.64.x.x network blocks ( Carrier Grade NAT -or- CGN Nat - or Nat444 - or - RFC-6888 ). I push about this much throughput th...

Re: Increase CHR Free license limit to 10 Mbit/s I agree that the 1-Meg throughput on the free license is rather slow and almost unusable in many test environments. However , you do have some options: - Go ahead and pay $250 for the unlimited CHR license or multiple CHR licenses. You can move the CH...

I think I ran into the same max cpu count of 64 CPUs on some Mikrotik CHR routers a few years ago.

re: ... That's the same as on the first post ? ...

correct

IPv4: 23.162.144.120
btest username: MikrotikBtestServer
btest password: MikrotikBtestServer

Today ( 3/21/2024 ) I performed the following on my public-access Mikrotik btest server I host. IPv4: 23.162.144.120 IPv6: 2605:6340:0:1b::4 btest username: MikrotikBtestServer btest password: MikrotikBtestServer - ROS upgrade/update From: 7.13.5 To: 7.14.1 - I also changed the btest username and pa...

The conversion of a Mikrotik AC powered router or switch to DC is pretty straight forward. On the AC power supply , find your common , +24 and +48 wires. Remove the AC power supply(s). Cut the power supply output wires somewhere that if needed , you can re-splice them together. Note: The +48 volt st...

Mikrotik Speed Test

I recently spotted this selection on one of my Mikrotik CHRs ( must be something that recently came out with a newer ROS version ).
*** fyi - my network is allowed to do anything to my btest server ***

Mikrotik-speedtest.jpg

Tools --> Speed Test

Hello all, testing from São Paulo, Brazil, Vivo 200mbps fiber link: Captura de Tela 2024-02-02 às 07.27.52.png I would love to know the reason for this see-saw behavior... re: ... I would love to know the reason for this see-saw behavior... ... You were testing using TCP. TCP is a protocol that sen...

I am really starting to think a KVM hypervisor ( open source ) might be a possible SR-IOV solution to get my Mikrotik CHRs with SR-IOV running at the speeds I am looking for. If you're not using the vSphere HA stuff (like vMotion etc)... then it should be easy to switch away from VMWare. Personally...

@TomjNorthIdaho I do apologize for running 3 tests last night before reading the rules :? . I will be sure not do that again. Also since this is the first time I have done one I didn't pay attention to the fact that you can set a duration flag. I sincerely appreciate the service you are providing. ...

Btw, here is the new Broadcom VMware licensing model for those unlucky ones who lack the original perpetual licenses. "Foundation" is needed to enable SR-IOV, DirektPath (PCI Passthroug) etc. A one-year subscription is about 40% more expensive. VMware lic.jpg wow - trying to get Mikrotik ...

Yesterday , I found out that the VmWare ESXi essentials license does not support SR-IOV. The SR-IOV feature is available in a VmWare ESXi Enterprise license. So , lets do some math , what's 18 times the cost of a VmWare ESXi Enterprise license ??? I also have a funny feeling about this whole Broadco...

SR-IOV with CHR - What hypervisors are you using ? I've been using CHR's under VmWare ESXi for a long time now. I am wanting to change from VmWare ESXi to another hypervisor that supports SR-IOV so that I can get my CHR's running faster ( 10-Gig to 40-Gig or faster if possible ). I would like to ask...

VLAN configuration is tricky in many different products. Often there is no good overview of what you are doing. It can be done VLAN-centric (you define VLANs and specify which ports are tagged members and which are untagged members) or it can be done port-centric (for each port you can set which VL...

I just worked on this a couple of weeks ago - and got mine running. I am assuming you are BGP peering to something where both BGP servers ( yours and theirs ) are using private AS numbers. What you can do to split the load on a /24 BGP network between two remote BGP peers is configure as prepend on ...

Feature requests - CHR on Bare Metal for faster Network throughput Note: This topic is about achieving very fast network/Ethernet throughput ( as in 10-Gig and faster network routing throughput) I would like to see a CHR that can be installed on a Bare Metal server. Here is my reasoning and justific...

the btest CHR ROS speedtest server I maintain was just now updated
- from ROS ver 7.13.2
- to ROS ver 7.13.3

OK - If you see your IP address list in the image below - and you continue to btest to my btest server without waiting 24 hours between btests, I am going to place your IP address on a 1-year block. All of the IP addresses listed below were supposed to wait 24 hours - but did not wait the required 2...

Im having problems reaching your server it might be a regional problem i did a traceroute from 2 locations still couldnt reach the servers ip the last ip it reached from both was 23.162.144.1 (probably the main router of your server) Im from greece central macedonia both locations use the same isp ...

the btest CHR ROS speedtest server I maintain was just now updated
- from ROS ver 7.13
- to ROS ver 7.13.2

ISP just upgraded me to what they claimed was 1.6gbps ...

Thanks to your server i was able to test that !

M9XmUKYk0U.png

I like your ISP , they say they are selling you a 1.6 Gig account and-however you are able to speedtest/measure 1.7 Gig --- nice. Many ISPs over sell what they can deliver.

Dec 26. 2023

Moments ago , I updated the btest server I manage.

Was CHR ROS ver 7.12.1
Now CHR ROS ver 7.13

All btest time based access lists /address lists were cleared during the upgrade/reboot

North Idaho Tom Jones

I think using 250 ports may cause problems, for example a crowded restaurant... It didn't even come to my mind you might plan on connecting businesses, let alone hospitality ones, this way. Indeed if the whole restaurant is watching youtube, or even worse, if the restaurant has a cloud-based order ...

Thank you for sharing, I am starting to do the same process, only by using netmap instead of src-nat, I aim to reduce the number of rules. It's not the number of firewall/nat rules that slows down throughput and places a large CPU load on the system. What slows down a system is how many rules have ...

I ended up makin a text file and uploaded the text file to the CHR via winbox , then ran the file as a script ( I think my file was a .rsc file ?? ) --- Anyway - that way worked well and pretty fast. North Idaho Tom Jones I was talking about this, yes its better to import it to the CHR .rsc or prep...

nice

It is a good thing to see that when an ISP sells a 1 Gb internet subscription - that the customer can actually measure speeds to/from the Internet at 1 Gb internet subscription speeds. Where were you testing from ?

re: ... wondering that how do you print all these rules on your CHR ... forget about pasting it in - way to many lines of code and chances are high of a dropped line. I ended up makin a text file and uploaded the text file to the CHR via winbox , then ran the file as a script ( I think my file was a...

I'm doing CGNAT for 500+ people on a 1036 with 2.5-3Gbps of traffic at peak and only 5-10% of CPU load running RouterOS 7.11.2. Minimal firewall rules (to protect the router itself) and minimal shaping (about 30 of the 500+ customers). Is your CGNAT doing normal NAT44 or NAT444. NAT444 maps port ra...

IMO , I had a similar throughput issue when I first started using Mikrotik NAT ( Nat 44 ) with a large number of connected clients ( ~ 1,000 clients ). I then changed to a CGN NAT-444 and wow ! - everything got much faster. I use a couple of Mikrotik CHR's for my NAT-444 functions. North Idaho Tom J...

November 14'th 2023 - I updated the public access btest server
from ROS version 7.11.2
to ROS version 7.12

All btest jail access-lists were cleared when I rebooted this server after the ROS update/upgrade

North Idaho Tom Jones

FYI

During the last two weeks , there has been 1,525 unique Internet IP address that have performed btest(s) to the server.

North Idaho Tom Jones

FYI; 8 days ago I rebooted the btest server. Today , 8 days later , there has already been well over 1,000 unique IPs that have performed a btest bandwidth speed test to the server. At that rate , that might be greater than 50+ thousand btest(s) a year. That's a lot of bandwidth & packets. North...

IMO - if you want to graph your network , consider using something like Cacti, or Zabbix , or LibreNMS ( or any other Network Monitoring software ). I prefer a fast non-bloated switch/router that is not also using disk space or cpu processes or memory processes to capture and store graph into. Then ...

I would like to see Mikrotik gain a huge product market share in all Layer-2 ( switches ) and layer-3 ( routing ) markets ( and wireless products ). I've been in the electronics and computer communications industry for almost 50 years now. I've seen countless software and hardware products come and ...

IMO - Vlan configuration in Mikrotik ROS ( Winbox , Web and CLI console ) is near impossible to get it right the first time. I've been doing computer network communications since the mid-70s ( almost 50 years ). I still don't have Mikrotik Layer-2 switch Vlans working. With other switches & rout...

Re: RSSI of 2.4Ghz: about -50 RSSI of 5Ghz: about -70 Move your wireless client device much closer to your dual-band AP. Then see what you default connect to. A -50 connection on 2.4 GHz might be a faster connection than a -70 connection on 5 GHz. Normally , connection rates will shift up to faster ...

I create a new server for bw test on datacenter Jakarta if you come from Indonesia or Asia feel free use this bwtest IP : 103.161.184.37 Username: mid Password: midtest What are your bandwidth QOS settings & time test limits on your btest server ? I ran a btest to it this morning and it started...

I updated the btest server.

To: ROS version 7.11.2

All btest-jail counters were reset/cleared during the ROS upgrade.

North Idaho Tom Jones

From NYC with Verizon FIOS fibre optic service contracted at 300 Mbps service. RouterOS 7.11 on CRS326-24G-2S+ Tx avg: 338.5 Mbps max: 350.3 Mbps Rx avg: 302.8 Mbps max: 307.4 Mbps To me , it looks like they auto configure their bandwidth configurations with some extra bandwidth padding - which is ...

To find out the Public IP address your networks are NATting to , go to www.whatismyipaddress.com

I updated the btest server.

To: ROS version 7.11

All btest-jail counters were reset/cleared during the ROS upgrade.

North Idaho Tom Jones

See subject... I'm configuring a bunch of GPEN21s, and part of the config is that we set the "upstream" port (port 2) to "force on" for PoE output (instead of the default "auto on"). This is being done because in some cases, the GPENs are not supplying power to an upst...

Because I see green angle-polished-connectors ... Never never never never plug a green fiber connector into a blue fiber connector - else you will break the glass where the two ends meet. Also , you have to know the connector type on a SFP module and the fiber cable. Some are angled and some are not...

Hi, I have a mikrotik CCR1072-1G-8S+ with firmware 6.48.6 LTS on which I have hundreds of virtual interfaces (c-vlan , s-vlan). I have some problem with snmp monitoring done by Zabbix 6.0 LTS. occasionally the items stop polling, the monitored interfaces (about 800) have a polling time of 40 second...

I tried to update my Winbox on several of my computers to v3.39

All of them give me "ERROR: Upgrade file was corrupted"

corrupted-001.png
Manual upgrade

OOOooo , I guess I should read the post first then do ...

I tried to update my Winbox on several of my computers to v3.39

All of them give me "ERROR: Upgrade file was corrupted"

corrupted-001.png

Take a look in these Mikrotik forums and go to General --> Public-Mikrotik-Bandwidth-Test-Server(s) I maintain a Mikrotik CHR speedtest server. Although it has 10-Gig interfaces to the Internet , I limit it to somewhere around 3 to 9 Gig. Read the rules and understand how often you can test b4 it wi...

The CCR2004-16G-2S+ id more of a switch than it is a router. The The CPU is a 4-core 1200-MHz AL32400 ARM 64-Bit CPU. This CPU is OK for simple routing , however I suspect it is not fast enough or powerful enough to handle routing & firewalling & NATing at near 10-Gig throughput rates. On my...

I updated the btest server.
From: ROS version 7.10.1
To: ROS version 7.10.2

All btest-jail counters were reset/cleared during the ROS upgrade.

North Idaho Tom Jones

Lil off topic - but still related to file-servers ... Take a look at TrueNAS I run a dozens of TrueNAS file servers. When configured correctly , they can be pretty fast. For example , I have a TrueNAS file-server with 1-TB RAM and about 256-TB of solid-stade SSD drives with 100-GIg network interfac...

Lil off topic - but still related to file-servers ... Take a look at TrueNAS I run a dozens of TrueNAS file servers. When configured correctly , they can be pretty fast. For example , I have a TrueNAS file-server with 1-TB RAM and about 256-TB of solid-stade SSD drives with 100-GIg network interface...

What brand ( operating system ) is the file server ? One possible thing you might be able to do ( depending on your file-server ) ... - WAN interface to your default gateway router to get out to the Internet - Multiple inside LANs on your file-server ( for PCs inside one of your networks ). This all...

Yes to both, and we have been delivering dual stack to all customers since 2017. We just upgraded to Sonar v2 less than two months ago. However, our solution may not work great for everyone, as we use PPPoE, and a lot of ISPs do not. I am one of those ISPs that does not use PPPoE. I am running SONA...

I have the same problem with winbox and notepad. I don't see this issue with any other ssh/telnet client so the suggestions offered, while helpful in most cases, don't really apply here Re: ... don't really apply here ... I assume you know you can ssh and/or telnet into a Mikrotik - so It sure does...

one of the problems with pasting into a cli on any device might be the following: - each time there is a <CR> ( carriage return ) in the paste , the OS performs something and while it is in the process of performing something ( aka processing the command line , new paste data continues coming into t...

Question: SONAR - anybody using SONAR Version 1 or Version 2 in an ISP Mikrotik network? Note: SONAR is set of programs an ISP would use for Billing & bandwidth management & customer management & inventory If you are using SONAR , I would like to ask you a couple of questions: - Do you h...

I met a strange behavior in copying configuration text from a notepad TXT file and paste into winbox terminal windows (right click-paste) in ros 7.10.1 : pasted text put in and out safe mode, often random characters are displayed, causing bad command name. All is fine pasting the same text (from wi...

I'd like to set up my home lab with a few different VLANS like: Trusted - Can go anywhere Untrusted/Guest - Can only go out WAN IoT - Can't go out WAN I currently have a CRS309 to act as a core switch, and an RB5009 that I use as my router, along with an old Cisco managed switch, which I'm going to...

Done. Is there any prize?

1mln.PNG

BartoszP , thanks for the 1-million screen snapshot.
Only took 7 years and a petabyte to get there ...

Re: Done. Is there any prize?
I did get a free cup of coffee at work this morning , does that count ?

North Idaho Tom Jones

I think of ISPs that have no plans to add IPv6 networks to their customers somewhat like those who use a 1998 Windows-95 computer. They will only upgrade when their stuff quits working. Same with IPv6 , there will always be ISPs & customers & web sites who will remain IPv4-only and will not ...

If there is no drop-dead date established , then there will always be those who continue to be IPv4 only. If you have traffic signs for miles indicating " Left lane closed ahead " but no cones blocking the left lane , there will always be those who stay in the left lane. IPv4 need to die w...

Simply forcibly switching to IPv6 "suddenly" has a huge environmental cost. You can't even imagine how much garbage it would create and how much it would cost to rebuild all the billions of devices that already exist that only go with IPv4. ISPs could also forcefully switch to IPv6 and th...

Just noticed a few moments ago ...

It's gonna hit 1-million soon

North Idaho Tom Jones

almost-1million.png

What is your " CRS326-24S+-2Q " doing ? If you are Layer-2 switching ports , then there is almost zero CPU load. If you are Layer-2 bridging ports , then you are forcing all packets to go into the CPU , get some CPU processing , then go out the other interface. This can be very CPU consumi...

IPv4 only should have a drop-dead date ( as in all IPv4 through the Internet will be turned off ). Something like in 5 to 10 years max ( no exceptions ). IPv6 has been out and running for 20+ years. Re: IPv4 ; On 3 February 2011, the Internet Assigned Numbers Authority (IANA) issued the remaining f...

However I currently have 75% of my traffic over IPv6... On 2014, when this topic is open, 0%..... Every ISP should be doing dual-stack ( IPv4 and IPv6 ). I have two /32 IPv6 arin assigned blocks. That works out to ( 2 times ( 4,294,967,296 (2^32) ) I will never run out of IPv6 address space. And so...

OOOooo - and one huge, big advantage All real ISPs with lots of customers will sometimes receive this notice: Notice of Claimed Infringement - Case ID ####### With the document containing: <IP_Address>x.y.z.227</IP_Address> <Port>#####</Port> WIth NAT444 , it is quick, simple & easy to find look...

@ tom, My NAT444 configuration uses jump rules/tables , If IP & port range is this then jump here and scan only a few lines to find what to NAT to/from. hmm, interesting 🤔 which platform did you use to perform this setup? i mean: MT or Linux boxes? since I read that jump statement. in your curr...

FYI - If you are a normal NAT44 customer , then there is really no way to be somewhere out on the Internet and connect to a server/router/device at your home. To do so would require a static port-forward or the use of a middle-man server. If you are a NAT444 customer , then If you know the port rang...

IMO I think NAT444 is often much faster with a far less CPU load than normal NAT44 is because : - Normal NAT44 has to sequentially scan the NAT translation table for each inbound & outbound packet to/from a customer. This can be very CPU time consuming and memory consuming when under heavy NAT l...

I don't use NAT, I just give REAL public IPs to clients, with IPv6 and MTU at 1500, because clients pay me for the service, so I give them The Service... and a CCR by each 512 customers !!! too much Bling-bling 8) re: ... a nd a CCR by each 512 customers !!! ... Nope I use two Mikrotik CHR routers ...

I don't use NAT, I only give REAL Public IPs to Customers, because customers pay me for the service, so I give them a service... My ISP offers two types of accounts ; Residential ( NAT444 ) Business ( Live IP addresses ) My ISP offers multiple account speed options also. If a customer wants Live IP...

IMO - I discovered a couple of years ago than when an ISP has a large number of users ( thousand + ) and you are using a Mikrotik to NAT tens of thousands of RFC-1918 ( 10.0.0.0/8 , 192.168.0.0/16, 172.16.0.0/12 , or carrier grade nat 100.64.0.0/10 ) do not use the normal Mikrotik NAT ( aka NAT44) ,...

I updated the btest server.
From: ROS version 7.10
To: ROS version 7.10.1

All btest-jail counters were reset/cleared during the ROS upgrade.

North Idaho Tom Jones

I'll volunteer to help.

I updated the btest server.
From: ROS version 7.9.2
To: ROS version 7.10

All btest-jail counters were reset/cleared during the ROS upgrade.

North Idaho Tom Jones

From the SF Bay Area on Sonic 10Gbps fiber with a CCR2004. I tried to do TCP but it was much slower; I tried to restart the test and it stalled on connecting. Not sure if I'm in jail, I only had it running a couple minutes at most :] UDP: Tx cur: 3.9 Gbps avg: 3.9 Gbps max: 4.2 Gbps Rx cur: 99.4 Mb...

June 06,2023

This morning , I updated the btest server.
From: ROS version 7.9.1
To: ROS version 7.9.2

All btest-jail counters were reset/cleared during the ROS upgrade.

North Idaho Tom Jones

Hello, Feature request: Add button to log entry so one can create firewall rule to remote address. Log is seen by admin to reveal some undesired activity. Copypasting is time consuming. Consider adding a button which will call New Firewall rule, with pre-filled IP from Log entry. This is supposed t...

May 22 2023

This morning I updated the btest server
from ROS ver 7.9
to ROS ver 7.9.1

FYI - btest jails were reset/cleared again

North Idaho Tom Jones

Yo , Your IP address: x.x.4.14 was in the Address-List ( from a recent prior test ) , I just now cleared it.

Hello Tom,
if possible, could you please remove my IP address from your ban list again?

Zhup , I just now cleared the list again.
North Idaho Tom Jones

I suspect that there are no near-future tik plans for a many-ports 100-Gig switch ( or for WhiteBox switch support ). Which is why I have some Sonic 32-port 100-Gig switches on the way to my NOC ( and several more soon after that ) - I can't wait any longer for tik. ** Once you go 100-Gig , all oth...

What if... just bare with me for a sec, but what if RouterOS 10 had a SONiC installer/image and you could install RouterOS on a white box open networking switch. Why wouldn't hardware/software vendors want to use standards for routers/switches? If the software could take advantage of the switch ASI...

Yo , Your IP address: x.x.4.14 was in the Address-List ( from a recent prior test ) , I just now cleared it.

Search found 1623 matches