MikroTik

Sanity

when using a standard CPU like E5-2698 v4 That is not standard, that is outdated. That is a 2016 CPU. Given a 5 year replacement cycle - that should have been retired in 2021. Hence, you know, it is slow compared to a modern CPU. It is also a (for that time) high Core count cpu, which means bad per...

Sanity

Hi, I have set up Tor relay now, of course, the number of connections has increased Router (RB951G-2HnD) now very often has a CPU load of 100% Is this a problem or should I add some cooling? Thanks.... Do not use some device that is quite bottom of the barrel in terms of CPU for a CPU intensive app...

Sanity

Well, the CRS504 is not designed for server-rooms - it has all the wrong features. It's made for a city/metro network as I see it. Go buy white-box/bare-metal 100G switches if you need it for you servers. Don't see the point why Mikrotik should make it. Two VmWare ESXi servers with two 100-Gig port...

Sanity

Mikrotik is not considered enterprise level equipment. Get proper switches for datacenter use if you need features like reverse airflow. By their own accord they classify some of the high end switches as enterprise grade. This is not about me - this is about THEM. They want into this market, they b...

Sanity

i hope MikroTik is working on a 8 x 100g switch but it will take months to come, i think maybe until the next year, and off course it will be far more expensive adittionally an 8 x 100g switch puts MikroTik on a predicament, almost in the obligation to release a possible CCR2316 with 4 x 100g + 12 ...

Sanity

I am with you - I could use some, too, but you are likely right - there simply is no ready SOC to put in. What is there is propietary and not available to Mikrotik, Hence asking for the 6 port. The switch chip they use can actually handle 6x100g ;) And given that they use this switch chip already - ...

Sanity

It is also not only about the case - it is also about the power supplies. They have their own fans and I generally do not like opening power supplies - at least you would need 2 sets of power supplies or a switch. And seriously "money they cannot afford"? ARE YOU JOKING? You get a high-end...

Sanity

It may be timing and getting some 100g out first. That said, I have this problem - I am going to switch soon to a 4x100, and I am running a 3 machinecluster, so I can go 3x100 and 1x4x25 (i.e. fan out) cable for uplink - but I have ZERO reserve capacity on that.I would really love a little more poss...

Sanity

I.e. TOR equipment. You normally have a hot and a cold isle - and, funny enough, because you do not want to mix air, running cables from back to front is not that easy. It is standard to have switches then mounted in a reverse - patch cables to the back, power supplies to the front. Equipment that m...

Sanity

...using the same chipset that is in the high end router / switches now (i.e. Marvell Pristera). The CRS504-4XQ-IN is just a little too limiting. Yes, 4 ports are good - but you lose one port for an uplink and possibly 2 for a chain. That leaves 2 or 3 ports usable. On a 6-port switch - which the ch...

Sanity

CHR does not care about hardware - it cares about what your virtualization platform exposes. So, as long as you get the Supermicro card properly installed on the hypervisor, CHR will be good.

Sanity

Greta, Maybe familiarize yourself with data centers and you will see that most have A+B power. Just because you lack understanding doesn't mean we all should devolve to your level. If everyone felt woke like you the reliability of enterprise networks and the Internet would be greatly diminished due...

Sanity

Because we feed the device from 2 seperate UPS's or Incoming Circuit + ATS/Battery Backup to maximize uptime. Trust me you don't want to relive the CCR1036 days where it came with 1x psu and that psu came with a design flaw ... In our datacenters, equipments that do not have dual PSU's are not even...

Sanity

USB type C max 5V and 3A (15W) USB-PD increase that limit: https://www.digikey.com/-/media/Images/Article%20Library/TechZone%20Articles/2017/March/Designing%20In%20USB%20Type-C%20and%20Using%20Power%20Delivery%20for%20Rapid%20Charging/article-2017march-designing-in-usb-type-c-fig3.jpg 5, 9, 15, 20V...

Sanity

But why would a professional installation ever use a dual power supply? Because we feed the device from 2 seperate UPS's or Incoming Circuit + ATS/Battery Backup to maximize uptime. Trust me you don't want to relive the CCR1036 days where it came with 1x psu and that psu came with a design flaw ......

Sanity

.... seriously. Remove it and add a USB port (USB-C) JUST for powering. And do not bother to provide a loading adapter in the box. Saves money and.... ...follows the guidelines for phones, you know. Point is, that USB is well the standard for loading phones and because it is SO dominant, I now live ...

Sanity

Jesh, feel stupid even writing it as a headline, but it happens NVidia has too much money and went out and spend some buying Mellanox and now the whole high end Ethernet market is NVidia. I know from the past that DAC's for 100G are a complicated theme between NIC and Switch providers. There is a re...

Sanity

I am acutally perfectly ok with 8 ports - that is 7 ports down to 7 servers and one either up to a TOR level switch or a breakout for external connectivity. 100 gbit are a nice backbone for distributed storage ;) 3 is just a little on the low side. Yeah, I hope for a 8-16 port switch - that would pu...

Sanity

4 is kind of on the low side for even a server cluster (3-5 machines). 8/12/16 would work, but 4 leave 3 the moment you take one out for an uplink. 8 would work. Leaves 7 for internal use and one for uplink, or a way to handle 7 clusters down and one uplink for external traffic. But cudos for finall...

Sanity

Let me say if that thing goes for 5000 (€) it likely is going to sell. Look up proces of Mellanox 2100s for a shock. Hint: list price is multiple times that. And I am not talking double ;)

Sanity

Yeah. a 100g x 12 "top of rack" with a decent SOC - look at the prices of those switches and Mikrotik kan make a real dent in the market.

Sanity

That would be not good enough - it would have 40g links, which... let me quote from the newletter: > In the near future, the network will be upgraded to a 100 Gbps data transfer rate, using MikroTik devices that will be released soon. I would read this as something with 100g ports - SOME of them (i....

Sanity

Because that is the ONE thing I read that I really really really like in the September newsletter.

Sanity

> Main issue is that there is not even official list of hardware supported by x86/x64 ROS.

Hyper-V. As logn as you get that running, you can run CHR. That is what I do - and the trests from Mikrotik showing Hyper-V having the most superior network scalabiity compared to VM Ware and KVM.

Sanity

Something with like 12-14 ports full switching 40g qoul be appreciated - now that Mikrotik starts offering 40g, we lack a way to tie that into the backbone of a cluster.

Sanity

Good idea? I klnow that in general one should not abuse switches as routers. Not what I plan, and it sort of would help me keeping this part isolated. * I have asmallish office. Say half a dozen rooms. double that as employees. * Central to that, outside our data center style setup, is a CRS328-24P-...

Sanity

It acutally is an IDEA- albeit on Hyper-V (Vmware free zone, no intent to change this). The amazing thing is that I can try it with virtual adapters connected to the Mellanox 100G cards and see how it goes. * It gives Mikrotik time to come upü with new products * It will allow me to define exactly w...

Sanity

10G should be quite rare - basically that happens when someoone copies VM images over, install iso images etc.. We also run a 10g connection up to our offices main distribution point, but go on with 1g from there, so this is not one tcp session. And then we have the "in vm backup" for some...

Sanity

I am considering putting a Mikrotik into my cloud as core router. Now, the CCR series is nice - but most are so low throughput it is not funny. My cloud backbone runss on 200g per server (2x100g) backboned in a Mellanox switch. Before anyone starts complaining about internet speeds- this is not the ...

Sanity

50gb? What for to start with? I run CHR on a 128MB disc. That is MEGAbytes, not GIGAbytes. What are you storing on 50gb?

Sanity

Have to step in here... the next logical step would be a SFP28 / QSFP uplink SWITCH - routing not SO much needed, you can start with an Ethernet switch (though RouterOS would be appreciated). "Cloud Core" is moving to 25gbit, not alone because Intel has no network card (that I could find) ...

Sanity

Same problem here. Is there anything that must be done on the CAPsMAN machine EXFCEPT pressing Upgrade?

Sanity

To be super concrete - the lagacy adapter is simulating ancient hardware, from a time 10mbit where seen as fast. I think it triggers one interrupt per byte received or something awful like this. You just blow up whatever CPU you have. Makes no sense. The reason they do it is because it is a last lin...

Sanity

Stupid question. I Know you have this fancy new website now (which is soooo nice it has a ton less information than the last one). Anyhow, last newsletter is MAY 2016. Now is end of october. Is there really nothing new in all those months? This is quite an unusual time from past experience, so don't...

Sanity

You are ignoring realities of: * Bad lines * Partially lower latency links in the game. How is the last mile running - DSL alone can introduce 12ms to 60ms for example. The "middle east" can be a lot of places, and I would assume a lot of them are not superbly connected. Which adds latency...

Sanity

Just an update.... i got it working by adding a srcnat entry...

3 chain=srcnat action=src-nat to-addresses=XXXXXXX out-interface=internet log=no log-prefix=""

THAT one is getting traffic - which makes me think that masquerade may be broken in the current stable version of CHR?

Sanity

I have started to put a CHR trial into my chicago cloud and so far from the performance etc. it looks amazing. FINALLY I can move that part over to Mikrotik from a WIndows Server RRAS install. No, there was no real chance to put mikrotik there before - we use HyperV and hardware is not an option wit...

Sanity

When told to shut up (ah, shut down) it reacts to it. Commencing testing now. Extremely happy about it. Seriously. I love windows as server OS, but for a pure VPN endpoint is is too expensive (financially and in terms of ressources used on the VM) and not powerful enough. FINALLY I can start moving ...

Sanity

No, I have not. Time to do another test now - if that works, I am going to get a license and start seriously testing CHR.

Sanity

Any news on that? I would love starting to test CHR to replace a quite not up to what I want installation using a windows instance for some cloud routing. But I NEED CHR to shut down when the host tells it to - because otherwise a restart after patching the host will require a manual power off of th...

Sanity

Just installing my first install CHR and playing with it. Hyper-V host. The time service is off. It seems to take the time from the host. But it ignores the datetime offset. If I configure CHR timezone, the offset gets applied twice ;) Quite obvious for me, as I am in europe, the machine in chicago ...

Sanity

Which is what I use - so I will start testing it on our chicago node

Any word on Azure?

Sanity

Just 2 environments ;) * Confirmed running and well behaving on Hyper-V? Then I will grab one and start playing with it for our external hub link. * Did anyone get it running on Azure? I Know Azure has their own service for VPN etc. - but besides the cost of it (which is unreasonable) - I consider a...

Sanity

Can you comment on a timeframe for availability? not a release date, more like "planned in Q1 2016"... for planning. I really want to get rid of a certain virtual VPN endpoint

Sanity

The simulated hardware in Hyper-V is quite - ancient. It is EXTREMELY Interrupt heavy. This makes them extremely unsuitable for high throughput scenarios. The virtual NIC's that have drivers are modern designs. They do not rely on an interrupt (per byte or something like that) to push the data, mean...

Sanity

I second that. As a Hyper-V user I would like all non-desktop related Hyper-V elements to work. Particularly: * Obviously integrated network adapters. No need to work with the awfully slow (Interrupt intensive) simulated hardware. * Shutdown requests. Basically: It must behave to requests from the h...

Sanity

OMFG. Seriously? AMAZING. This means that at some point this year (not toooo far in the future), I will be able to retire a VM Running a Server 2012 R2 with Routing and Remote Access that has the only sense in keeping a VPN connection to our office alife from our US servers? And replace it with a Mi...

Sanity

Any particular reason to not allow incoming ICMP? ICMP is used for some things and that will just make debugging internet connections and having decent TCP performance harder. ICMP is used for MTU discovery, you know ;) http://security.stackexchange.com/questions/22711/is-it-a-bad-idea-for-a-firewal...

Sanity

RB951 can not do dual-band. I would recommend the RB912UAG-2HPnD or BaseBox2 and add a R11e-5HnD card for 5GHz. Later you can change this card for an AC card. Gets a lot more sensible when you dump the "hey, I am an as ugly as hell looking box for outdoor mounting that is just here at the wall...

Sanity

Mikrotik seems to ignore this area with their ready to made products (and personally I do not ting the 750 series boxes so nice I want them hanging on walls). WHat is the recommended hardware for a smaller office that needs 3-6 dual band access points? Anyone knows of any MIkrotik reseller that pres...

Sanity

Due to some - unforeseen circumstances I am considering renting some office space that will need to link back to my main offices. The distance is about 100 meters, free line of sight. What would be the best way to establish a wireless point to point link? Preferabl a 1gigabit+ bandwidth thing, prefe...

Sanity

Asking because I find it funny that that router is called "Cloud Core Router" but seemingly is totally ignorant of any of the new Networking Standards being developped by both MS and Cisco to replace VLAN's in - ah - you know - a Cloud. Notable MS usage in Hyper-V since Server 2012 to use ...

Sanity

Hello. I write from Italy and I would like to have your opinion about CCR1036-12G-4S. I wish to use it in the net of a paper mill. It will be the router for 4 switch. On each switch there are about 10/11 PLC . Each one is an IP. What about using it in industrial automation? Thank you in advance Wel...

Sanity

It seems to me that MK is just ignoring the customers it has currently and saying we will never touch it. Sorry but I have repeatedly said that we have no plans to make HyperV support. Yes, and like the poster that you answer here I will now also look for alternatives. Your religious war interferes...

Sanity

Yes, it works - did that until some months ago, now all my infrastructure is in our server room. THAT SAID: performance will vary as packets can arrive out of order. It will be a LOT better than nothing, obviously, but it will be tricky to get full speed because Mikrotik's one "religious we do ...

Sanity

Aynthing from Mikrotik to recommend? This is for a smaller office setup. Dual band required (2.4 AND 5ghz - we try to use 5ghz where possible, but not all devices can do it). Need good throughput and enough power to 2 walls ;) I found ntohing from Mikrotik that seems to fit - considering netgear now...

Sanity

It would give them recogniztion, market share and visibility.

But it would violate someones religious believes, so it wont't happen.

And it HAS to be religious believes, if you look at the arguments for not supporting it.

Sanity

I think yo ucan stop discussing it. This is quite a "intelligent design" type of religious matter. Someone high up in Mikrotik thinks that his balls will rot when they support Hyper-V and that their children will die and they serve a millenia in hell or something. Given that Linux FULLY su...

Sanity

-1. Not needed anymore? Is there any case where a decently modern windows still falls back to WINS?

Sanity

I agree.

I dont caer about VOIP a lot, but I have a constant stream of financial data that goes over my network that has to have absoluet priority

Sanity

Thanks. As I said - it should at least work with the non-integrated hardware levels, anything else points to an issue somewhere. After all, if Hyper-V emulates an IDE drive, for example, either their emulation has an error, or the driver on your end. Performance is another thing, bit as long as the ...

Sanity

MT should be concerned that RouterOS is working well with Hyper-V cause then you can create High Availability Solutions. In a project we're switching over from physical servers to Virtual Servers with SAN storage solution and Fail Over Clustering for High Availibility. One of our goal was to virtua...

Sanity

queueing has nothing to do with balancing. you need balance, not QoS, don't you? It actually has. In a load balancing scenario you will still queue outgoing packets in a (small) queue and then have every outgoing link send packets from there - actually send fragments, so that a LARGE packet goes ov...

Sanity

the topic sounds like possible advanced QuickSet feature anyway, I still can't imagine how to properly balance links with unknown bandwidth :) Why? Other - even low feature end user routers - manage QOS without (!) knowing the bandwdith. It is quite simple - all you need to know is to implement pro...

Sanity

It would be nice to have RouterOS with native multi-wan support, where we could be able to add our wan links, specify link speeds and it justs works. No more hard working on PCC and/or other ways of doing multi-wan Why even specify link speed - that can vary at times. Multi link transmits with prop...

Sanity

if you use XEN full virtualization RotuerOS works there as a guest OS, same goes for VMware virtual guests. Ok, so you think I should replace my whole platform with another one because one of the large virtualization platforms suck in your eyes, or what? Seriously, I yet have to see XEN used in an ...

Sanity

if you use XEN full virtualization RotuerOS works there as a guest OS, same goes for VMware virtual guests. Ok, so you think I should replace my whole platform with another one because one of the large virtualization platforms suck in your eyes, or what? Seriously, I yet have to see XEN used in an ...

Sanity

I'd say fine, don't support it. Just don't turn off the drivers in the kernel.

Amen. And maybe make sure that not only YOUR part, but also the little loader on the ISO file is not totally outdated?

Let the Linux people handle it

Sanity

RouterOS works fine as a regular x86 OS virtualized; I use it in xen. My understanding of their support for virtualization was to provide a special version that would work for paravirtualization, where the underlying CPU didn't need to specifically support actual virtualization. Well, it does not w...

Sanity

Tried to install on Hyper-V - does not even go to the installer from ISO image. Starts, hangs when it says "Ready" but nothing more happens. 3 steps backward from v5 - on a kernel that SHOULD support Hyper-V (though I suspect that is a lot more the old ISOLINUX version - I suspect taht the...

Sanity

Maybe you could wait for new MT beta3 which would have new linux kernel with Hyper-V support integrated inside, so you could use normal network adapters instead of legacy ones and everything should work out-of-the-box... I hate to tell you. I contacted support, got my hands on an early 6.0 beta3. ;...

Sanity

Ok, got my hands on a 6.0 b3 current build.

Does not even install. The iso is stuck on booting - seems compatibility with IDE drives (as this is what Hyper-V no simulates) got downgraded to not important

Sanity

Kernel version is not set in stone, but it is likely that next beta will have new kernel. I cannot promise you what kernel version will be in v6 final. It might be v3.3.5, it might be something else. v6beta3 is expected this or next week. I highly doubt there will be Hyper-V support in any upcoming...

Sanity

I did not say beta.

Oh, come, stop playing child games

http://forum.mikrotik.com/viewtopic.php?f=19&t=62109

has the information - Beta 3 is the new kernel, and looks like it is quite close to release

Time for a little waiting.

Sanity

In RouterOS v6 we will have this:
*) upgraded drivers and kernel (to linux-3.3.5);

Which beta?

Just checking the download and it reads:

updated drivers and kernel (to linux-2.6.38.2);

which is not 3.3.5

Is that beta 3?

When can we expect that?

Sanity

when Microsoft Hyper-X driver code will be made as a part of kernel, it will be added to the RouterOS the same way as Intel drivers are. The answer to my feature request was as i have stated before - either code is added to the kernel and hence to the RouterOS or it is not. It is not that just code...

Sanity

Now you tell me it is not valid to test RouterOS on a new coming Hyper-Visor generation? THAT Is a new one, seriously. In my eyes NOW is the time to nail that down and see who is at fault here - so that possibly a ticket can be opened with Microsoft. You assume that MikroTik tests against this new ...

Sanity

Sorry, ;) KVM does not cut it. Most larger enterprises either use VmWare or smaller ones as well as larger ones are moving to Hyper-V for the reason that they get all from one hand. THere is a seroius need for router / firewall appliances, not only because people use clusters of virtulaization machi...

Sanity

Sanity Well first of all stop insulting people who try to help; the only one acting religious here is you. From my point of view you have two options: 1.) Stop using prerelease version of microsoft operating systems for production use. Then maybe one might be willing and able to help you. I assume ...

Sanity

Besides not being an answer - but totally useless - will you pay me the about 550 USD MONTHLY that it costs me to rent a second machine (100 USD), the colocation (400 USD) and the backend swtiching (50 USD) that I need to install a second machine in that particular data center? Like "Put your ...

Sanity

Just install some linux box with KVM. You can try Proxmox VE - really amazing virtualization environment. Then you can freely install RouterOS and Windows box. RouterOS already has support for VirtIO drivers. Performance on top of such setup is amazing :) Besides not being an answer - but totally u...

Sanity

Especially if you also focus on the privacy aspect

Sanity

Just trying to set up a PPTP / NAT server in Hyper-V - and no, hardware is NOT an option (would cost me 400 USD monthly hosting costs, plus additional for network ports). I can see the ARP info for the IP addresses on the mikrotik on the hyper-v "server" (via "arp -a"), so obviou...

Sanity

I want to wake that up because I am now in that position trying to get a x86 RouterOS installation working. I have a fabric built on Hyper-V as routers, with which I am very happy with 2 small nudges - first the lack of a PPTP server, which I rally could need (connecting an ovffice to a data center ...

Sanity

You can not do it because the moment you route, there is no hostname anymore only an IP address. It also only works for large sites - small sites may use the same IP for a lot of hosts at the same time. So, priority by IP based on the assumption the IP only hosts one site (or set of sites from one c...

Sanity

You need proper QOS, especially for the uplink (you can not do it downstream anyway, not under your control). Particularly as 400kb is TINY so if your VOIP packets do not get a higher priority queue, you pretty much are dead when someone does a download. That is about it. NAT is SIP aware good enoug...

Sanity

I run something quite similar, just 3 links and PPTP. * You need 1 IP address per link on the data center. * You force route that IP address per link over a different ADSL connection. * YOu then use nth rules for all traffic to distribute the traffic over the links. It is QUITE simple to set up. SAD...

Sanity

You do not need EIOP I think.

PPTP link (should always work), Briding enabled on both sides (obviously on both sides), then you can use the bridge interface.

No need to run EOIP on top.

Sanity

Your statements make little sense. > Why vlan? I think it's less resource hungry then vpls, or especially eoip Actually I would argue that VLAN and anything ethernet based is inefficient here. if you have limited bandwidth, then ROUTING should be used because VLANS will broadcast a lot of broadcast ...

Sanity

Possibly but sadly not solvable with Mikrotik not implementinng MLPPP properly (i.e. also server side). It seems they willfully ignore this part (i.e. the amount of people putting various links together for different reasons and with the will to load balance them) and I may have to put up some money...

Sanity

Got it sorted out by chance. The intefaces for the pptp users got somehow deleted.

Sanity

Anyone any clue? I took that up with support so far but they keep telling me that is expected, interfaces do not get renamed (to the names of the secrets) all while totally ignoring that my screenshots show ONE of FOUR actually being renamed. Seems like "first level support blindness". Mea...

Sanity

A lot is possible using scripts. Does not mean the feature is useless.

Sanity

This is actually TOTALLY NOT NEEDED. INSTEAD - Mikrotik should finally give us a MLPPP server. Then we get dynamic balancing over multuiple lines with full bndwidth management without writing mangle rules. The MLPPP client is there, just the server is missing. I would rather prefer that becasue it h...

Sanity

Started this morning and takes down a backlink for my company. I use 3 PPTP connections from an office to the main cluster. PPTP, named users. Now on the incoming connection, SO FAR: * incoming connections came in and were nameed "<pptp-fabric-00-01.1>" etc., THEN got immediately renamed t...

Sanity

The prlbmei is that this simply is not the same - dynami bandwidth management being the main culprit. I think missing MLPPP server (I would love MLPPTP) really is an obvious missing issue.

Sanity

It is easy to do. I ahve this running - 3 links. * You need separate IP addresses on the data cetner side for every VPN link. * On the office, generate one VPN link or every physical link. ROute all traffic do one physical link via IP based routing (i.e. target IP 1 = dsl 1, taret IP 2 = dsl 2 etc.)...

Sanity

he can not because this is not what you can do with PCC. PCC can only ever assign one connection to one line. The only way to combine speeds is: * Use multiple VPN links to a central outside point (like a mikrotik in a data center) * use nth routing to distribute packets over the VPN connections. Fi...

Sanity

I also am happy with my 750G that I carry around because it just allows me more than 100mbit when I occasionally need it (someone plugs a laptop in at a meeting and we transfer a large file or two). You have wasted $80 - cheapest 2 port switch is patchcord or crossed cable (if nobody supports MDI-X...

Sanity

Hi All, My ISP provides 100mbit internet access through PPTP with no encryption. I need a router that can connect to ISP using PPTP and share this connection to LAN with upto 5 PCs. Will be 450G sufficient for this? Can it handle such routing: from lan to pptp at 100mbit? Thanks! :D I think you wil...

Sanity

With an update - manually setting the MTU to 1440 seems to have fixed some issues, at least RDP works fine now. Anyone an explanation for this?

Sanity

Hello, second try. I am running into a serious problem with a VPN setup that I sort of need to get going ;) I run one office and a data center cluster, all hooked up with mikrotik and for a project we are integrating one, then in a month another external location. On the first I have a problem. It i...

Sanity

:shock: :lol: @Sanity: Because you don't use jumbo frame support on your routerboard means the world shouldn't? This feature is crucial, even you are using it too on your LAN... Moreover what you say doesn't make sense at all... Who would buy a 450G (1G) over a simple 450 (100Mb) only to share an i...

Sanity

Hi, When I discovered that my RB450G was hardware limited to 1500 MTU, I almost felt off my chair :). I bought a gigabit router, and I was stuck to 1500 MTU on my whole LAN because of it... When I discovered that all MIPS routerboard were ... waw. Actually only PPC routerboards don't have this incr...

Sanity

Hi I run a wireless ospf network and i have one 4Meg dsl's + radius server in one location and a 1 Meg Dsl in a different location on my network. Currently i use ospf to distribute my default routes as type 1. This works fine but i want it to be able to do load balancing on the entire wireless netw...

Sanity

Thanks for reply, But i was asking for more detailed hardware specifications, something like how much ram memory do I need? what kind of processor should I get? I will for sure get good hard drive, even maybe SSD or will put them SATA disks in RAID mode, but I was thinking about RAM memory and Proc...

Sanity

...possible?

Basically I look for a way to distribute upv6 traffic over 3 links between a data center and my main office. The links have diferent sizes up (to the data center) and the same down (x6mbit).

Any chance?

Routing marks seem to miss from Ipv6. Any plans?

Sanity

Simple question.

My main concern is:

* I have both IPv4 and IPV6 on a queue tree. They obviously seem to be separate - so how will the bandwidth be split between v4 and v6? For example trying to envorce priorities in 6 priorities over a limited bandwidth link.

Sanity

It is very likely a fragmentation issue. Fragmentation of real time protocols causes slow down even when the fragmentation occurs in working fashion. Now you don't get immediate feedback from the RDP server, but have to wait until the second fragment arrives and has been reassembled. Rarther than r...

Sanity

Ok, this one is a little tricky. I already have in use a nice syste mcomposing of a 1100AH in a data center and a 450G at my core office, bunding with nth 3 internet links over PPTP - no problems there. I now have a satellite location that is regularly used (like every day). I work on a virtual work...

Sanity

I got amail from my ISP that there is spyware being caused by conficker, This is a critical problem and needs to be addresses immediately. Kindly let me know what to do to cease the situation quickly. Thanks Alternatives: * Call ISP, work with them. * Hire specialist, if that is over your head. * W...

Sanity

Greetings fellow mikrotikers I have the task to implement a VPN as only entry point to our network. I'm starting to read docs now, and one of the first things i notice is there are some trouble to expect with ISP-NATed clients (especially with IPSEC, would seem). Do you have any advice/pointers on ...

Sanity

:) As usual, i think you need to find actual accepted RFCs, to get some normal discussion starting. Sorry, but so far this topic looks like "Make my router so that it will configure itself and exactly like i need" MLPPP isnot only a RFC but widely accepted, too ;) PPTP with ML capabilitie...

Sanity

Load balancing by packets - nth. Yeah,. Which is as primitive as it gets. Zero dynamics, needs tons of complex scripting to readjust with one link down etc. What about you add: * A feedback look to distribute by someweight per link? No more manual configuration. Better: * Get real on MLPPP. Client,...

Sanity

Got it ;) NAT gets in my way. Sucks ;) I just turned in a logger. All packets from my high quality source get logged. They show up with the public IP address, so the destination mangling never works. THAT sucks ;) Is there technically a way to do nth distribution with NAT involved? I.e. a place I ca...

Sanity

If you use masquerade - forget about nth use: http://wiki.mikrotik.com/wiki/Manual:PCC If no masquerade involved you can stay with nth, but you need to use nth to mark connections, and then mark all outgoing packets for those connection with routing mark. Without masquerade you can also use example...

Sanity

Ok, this one really is a liittle funny for me. * I have 2 pptp connections gbetween two mikrotiks, routed over two physical links. * I get aconstant UDP / TCP stream from an external provider. * I use a two stage routing setup to apply nth routing. So far so good. Acording to my premarking rule, abo...

Sanity

Anyone an explanation? New phenomenon supposedly. The performance is horrific over PPTP. I try using multiple using nth routing to distribute traffic (1 pptp, 2 uplinks, from my office to a data center, but even with turning off all those rules and just using one PPTP link it sucks. Equiment is a Mi...

Sanity

/ip firewall mangle { remove [find chain=chainName] };

Nice, thanks

I will put it on top of my qos chain scripts so I delete all old entries and add new ones

I assume the same also works for ip address lists?

I have some lists of computers with very high priority

Sanity

;) Anyone an idea? What is behind that? I have to maintain multple routers. I use connection marks to mark connections by QOS parameter. I move them now into a separate chain (qos-cmark). I jump into this chain from both, rerouting as well as output if no connection mark is present ;) Now, this obvi...

Sanity

How fast is it? Here is what I try to do: * I have a central mikrotik where some offices link up with 1+ different pptp lines, so I use nth routing to distirbute the traffic. * Checking for the different address spaces obviously is expensive (multiple address checks every time), so my idea is: * I d...

Sanity

Hi Dear; Im using a RB1000 and Routeros 5.2 stable version. Im Created VPN PPTP default-enc. and secrets tab add to user this. Ok, no problem, i Connected the network. But i have more /24 Class Ip's. I did the C class IP VPN connection at all to services that reach, but other C class IP 's say I ca...

Sanity

Not saying it is possible but if one wanted to do this, they would set their default route to use the default gateway for ISP 1 and then create a source NAT rule using the IP of the ISP 2 connection. Ah, no. WIll not work. YOu can not establish a TCP connection when half of the connection is NATted...

Sanity

Hi to all i have two ISPs and need to use the uplink from ISP1 and downlink from ISP2 , i have search in wike but didn't found anything helpful. i do appreciate if any one past me any weki example or advice how to do the above config. Regards Ok, you are finished. As in fired. As in given a task th...

Sanity

What version of ROS are you running, i think there was a 100% cpu bug on early versions of 3.x with pppoe.

let me quote his post: Any idea what could be wrong? RouterOS is version 5.2, RB 133.

Sanity

Dear Support, Kindly, I want to make server mail , coz i have more that 200 client so i need to make every client mail from my domain ( private domain ) from same network, and if i need to send message to all client from same network ... Please help me about that if possible ... Dear Provider, as a...

Sanity

Dear Support, Kindly, I want to make server mail , coz i have more that 200 client so i need to make every client mail from my domain ( private domain ) from same network, and if i need to send message to all client from same network ... Please help me about that if possible ... Dear Provider, as a...

Sanity

what is 105 no buffer space available.

It is an error message.

Sorry, this is the smartest answer anyone can provide without actually even knowing any more context. it also is technically correct

And totally useless as an answer

Sanity

What about the compression? Shouldn't it compress at least a little bit? Yes and no. Again, the RAR compression is flawed. RAR looks at the FILE and can for example find larger repetitions. Ip packing can only look at the content of a single ip packet (as there is only one in a block when the packe...

Sanity

Anyone have any real world compression ratios for ip packing? I'm trying to compress data on a PTP T1 link and I'm barely getting any increase in speed. Here's my setup - Computer -- Switch -- RB433AH -- Cisco 1720 -- T1 -- Cisco 1720 -- RB433AH -- Computer I'm running ROS 5.1 and I'm transferring ...

Sanity

I have serious problems getting VLANS working on a Hyper-V host with an indel network card. The hardware: * A router / switch (linux software bridge) which is a Mikrotik 1100 AH, Router OS 5.1 * A hyper-V server with a 4 port intel NIX * On the nic ther are 1-4 active ports (whend down to one to tes...

Sanity

Putting RB411U's into limousines, and want to use the Hotspot feature to keep the 5g Bandwidth limit from being abused by an open network. I am running the MT v5.2 and am curious what the easiest way is to allow access without having to do RADIUS and everything else. Is there a way to just have one...

Sanity

Yeah, I've already checked out the r0c-n0c routers, but I think that compared to a ~$130 RB450G, a $600 appliance is a little more than an "upgrade" :) They don't really seem to be in the same league... The same I can say for a 120mbit home link and even a more traditionlal ADSL line of w...

Sanity

Heck, there are parts of the world people would laugh at you for a mikrotik... because you get internet via 1gbit connection as part of your appartement rent ;) No joke ;) A poor 450 would probably melt. Not literally. Well, Mikrotik routers are practically unbeatable in price/performance ratio. Bu...

Sanity

Alright, thanks. I have a 450G at hand to toy with so I'll do some testing. I'm hoping it might still be enough, altho the device should be chosen for the theoretical maximum load, with all possible circumstances taken into consideration. This is why I would recomment it to be "taxed". it...

Sanity

Hm, thank you for the insightful answer. So the theoretical/advertised routing performance of several hundred megabits of the most common MT routers won't suffice for such a connection? I'm rather surprised. We've measured a 4-5% CPU load on a 750G for a 10/10 Mbits connection saturated in one dire...

Sanity

Sorry if this question has been answered before already, search didn't really help me in this case. We're about to install a new router at a customer's office next week. They have a 120 Mbps connection at the local cable company, and we're looking for recommendations on a specific routerboard model...

Sanity

Hello, I have a 1100AH in the data center and a 450G in my home/office. I run 2 VPN so far between the 450G and the 1100AH. The 450G is quite often quite taxes when I am moving data down through my max link, 12mbit (on 2 links, 2x5mbit in the queues). I use PPTP as carrier protocol. And the 450G is ...

Sanity

I figured it out. This is what I received from our ISP: our IP: x.33.31.45 GW: x.33.31.17 255.255.255.240 Is that even possible? Netmask /28 is only for 16 IP-addresses. How is it that the GW is then 28 IP:s "away". I put netmask /26 and it started working. Is this right or should I conta...

Sanity

I have reset the router to "factory settings". What do I need to do in order to get it working like this: 192.168.11.x (ether3) --> NAT --> PublicIP (ether2) I also noticed that the green led by the other (other than ether1) interfaces is not active. Only te orange one is blinking. Normal...

Sanity

Hi. First timer here and only computer literate with a little of self-learned router issues.... Existing 4.17 RouterBoard 533 under roof eve and repeater way back yonder in the complex. Too slow of speed prompted me to upgrade existing Comcast cable internet speed from 12mbps to 100mbps modem and w...

Sanity

wiki topic you are mentioning is not part of RouterOS manual but is user generated example. If you wish, you can register as a user on our wiki and make necessary changes for this example to work or point out the errors. Nice try. So a user seeking help is supposed toregister in the wiki and FIX it...

Sanity

Does mark-connection do anything for connectionless protocols? Sure. COnnection is not "connection in the procotol", it is "connection in the connection tracker". THere is no "connectionless" protocol there. UDP streams - identified as connection (with timeout). Otherw...

Sanity

IPv6 RFC initially stated that Routers must not receive advertised addresses, that is why RouterOS can't do it. However we will change it in the future, it is in a todo list. Thanks. All I need to know ;) I wondered whether there is a setting. Obviously for scenarios like mine ("cluster core r...

Sanity

How can I set this up? On my uplink I am getting IP from my data center. if I bridget that interface, the comuters I add there get IP addresses asigned ;) Nice. Sadly the Mikrotik does not. I also find no option anywhere to enable this. How is this supposed to work? Do I have to MANUALLY set up an I...

Sanity

Keeping duplicate things is not a good idea. It gives two times more work to debug, support, and compile. It makes the code bigger as well and slower. Why would you need CDP ? Everyone is supporting LLDP today and manufacturers start to remove CDP. Perhaps for compatibility with older hardware ? Pe...

Sanity

Also the PCC matcher is just that, you can use it as many times as you want in different locations, regardless if you are using it to mark connections. If you don't mind me asking, why are you using PCC with connection marks to mark packets for QoS? Unless I'm reading your post wrong. Because this ...

Sanity

i cant understand..any picture or video?

No, learn reading. Seriously, get a book and use google to get some basics understanding. The world is full of people who want to do things without spending effort. You want tk now what you do, or behave professional, learn reading documentation.

Sanity

You can use the PCC classifier when marking for routing, or for anything else for in the firewall. It's just recommended on the connections since it uses less CPU time (only needs to be calculated once on a new connection). By using PCC on a mark-routing rule it has to calculate the PCC matcher for...

Sanity

;) Or any other tunnels. Two locations: Data center, RB1100AH, Office RB 450G. Problem: 10mbit traffic down, the office is at 50% capacity CPU wise ;) I plan going to 4 links (currently 2 in use) and fear 100% cpu. Overclocking is an option, but then I fisrst would like some hints. I have: * Queues ...

Sanity

Still no sign of IPv6 mangle mark routing ??? so still can't do nth load balancing. I think whis will never make it to the TODO list... ...because in v5 Winbox I already see Ipv6 firewall mangling. What about a NOT-IPV6 todo list? My wishlist: * MLPPP, mostly PPPTP or anything else server AND clien...

Sanity

I would also recommend putting connection-state=new in your mark connection rules to cut down on CPU time as well. Once a connection has a mark, no sense in marking each packet again. There is IMHO a better way. I do marking in the prerouting chain at the moment for connections, forward for packets...

Sanity

While there is only one big monopoly ''golddiger''ISP in my country, there is no possibilities for challenger's like me. It's cheaper to give flash drives some guys with bicycles and pay them for data transfering from one city to another.. :lol: I have to get very cheap and ''legal'' concection to ...

Sanity

Thanks! I'm not so big to jump in BGP - I'm just in TCP :) ..and I dont have so much potential clients around here to pay for it. ..but - maybe it is possible to take domestic connection (officialy and available in my city) ~ 100Mbit and one (not commercial) optical connection in another city (not ...

Sanity

anyone else help me.. becoz ali bro is ask for some installation charges.. How much and will it work? Hello n21roadie, His charges are 5000 PKR or 60$. But i think its too much just for some settings and help. Can you help us. Whow. Get real. I currently charge 100 USD per hour on a LONG TERM proje...

Sanity

Given: 2 Mikrotik, one in a data center, the otherin the office. The office has 2 ADSL, uses 2 different PPTP connections. I have made sure both PPTP connections use one ADSL each. That works nice. PTP uses ransfer addresses (the loopbacks, each) So, the center has 10.225.255.1 and the office 10.255...

Sanity

I'm a MT rookie and planning to deploy MT router on our network. We have been using Microsoft ISA server but since getting to know about MT, i felt we should use it rather than ISA. The MT will be used as a router, firewall, VPN with Active Directory Authentication, etc. The network also includes a...

Sanity

I am just starting out, need to be able to monitor and support a growing number of MT v5 3G Hotspot Routers. Hardware: Mobile Router: RB411U - R52 - Sprint 3G (Novatel U760 / Sierra Wireless U598), ROS v5 DuDe Server: x86, Win7 Ent. Support/Monitoring Data Line has dynamic IP Sprints 3G Data Servic...

Sanity

Hello, I'm implementing QoS on my RB450G, I've a 8Mbps pipe and I want to serve 16 clients. I've used NetworkPRO tutotial and looks like it works fine when I've multiple clients (example, when I set maximum bandwidth to 200Kbps, and I use 180Kbps in one client, the second client has a good latency)...

Sanity

Why would one want to introduce latency in the first place? :shock: ......... your trying to destroy someone else's network? :lol: There are many scenarios for this, mostly around developing software that has to handle latency and the fact that your lab network is an ultral low latency setup comapr...

Sanity

You can not control latency. if you queue more packets than the link can handle, they will queue up. Physics cna not be cheated. What you CAN do is havedifferent queues and put higher priority packets (that need to go first) into a queue that is handled first. At the cost of the others which then wi...

Sanity

If there's any help here is result of a telnet to port 80, and then just hit ENTER: HTTP/1.0 400 Bad Request Connection: close Content-Length: 113 Date: Sat, 09 Apr 2011 11:16:50 GMT Expires: 0 <html> <head><title>Error 400: Bad Request</title></head> <body> <h1>Error 400: Bad Request</h1> </body> ...

Sanity

Not possible. This is called bonding and your service provider has to support it. Some do but they supply there own routers. Closes is with PPC but the max speed will be 4 Meg although with some download managers it might appear as though you run 8 Meg because they are using both lines. VERY Possib...

Sanity

Hi. I want to use RB1100 to control 3 different segments of my network, with bandwidth control based in the traffic of the WAN interface. RB1100 has two switch groups and 3 additional interfaces, including bypass. My intention is to use port 11 for WAN and port 12 for user's switches, so both ports...

Sanity

got any links? or tuts on how to do that? Sounds like it could work. Not really. Mikrotik documentation is not a larning guide, and otherwise network admins are supposed to know the basics of how firewals work. Basiaclly: * Remove NAT. Make sure you receive pakets for your formerly hidden network. ...

Sanity

hi ! I'm anew user of mikrotik ,and i have the same problem i think the MAC address in not unique it can change easily so ,is any way that we can make relation between the mikrotik and the client processor id?? my scenario is that.. 1- the login page in hotspot must contain block of code that reads...

Sanity

I just have the nat to hide the computers from the network above it, its not for secutiry. Is there not any other configuration that i can setup that will allow for the computers to be isolated but availble for certain ports and ips? Well, there is the standard way: do NOT use NAT but use smart fil...

Sanity

Anyone a good setup / howto?

No problem running both VPLS links over separate pptp links.

Sanity

ah kak, I see what you mean. Even if the connection is initiated by the computer below the router ? Cause reason i am asking, In this network the computers below the network connect to a server up stream using Novel, an dif they login now, the novel server connects to the IP of the router, so if so...

Sanity

I start having a number of Mikrotik devices in different places. Need to secure them. For this I think of putting up a VLAN (using VPLS) for them, with every router having one specific IP. This would run into a central location where it would be bridged with all of them as well as one vlan port that...

Sanity

Howist, How do you allot a certain ip or protocal to bypass your firewall with mikrotik? I have a rotuer (NAT) and i want to let certain computers above the nat router see into my network?? What do i do? Thanks Nothing. There is no bypass possibility because these computers upstairs DONT KNOW HOW T...

Sanity

You typically do not run OSPF with an ISP. OSPF is what is called an interior protocol that you run on your own network. You really should not NAT to private IPs. Ah - why? All internal adresses etc. of an ISP are pretty much an example of an internal network, or? With BGP on the edges to handle th...

Sanity

mikrotik with ether1 and ppp-out1 interface (LAN card 100TX and USB OPTION connected to internet) but there is no routing between those 2 interface??? (from ppp interface I can ping public ip, but no from private interface) Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU L2...

Sanity

Both running Mikrotik for routing. Needed: * Routing with IP * Occasional bridgind (Which wuold allow installation or testing or separate ethernet locations from the office. We have some separate routing domains there, and right now we can not add computers before moving them to the data center, wit...

Sanity

ny way? The idea would be: * Multiple VPLS links over a physical link, * Using QOS based on type of service WITHIN the VPLS links. The reasoning: * Locations are to be attached to a multi location virtual mesh. I need admin VLANS etc. to span the location. I obviously do not want an admin VLAN firmw...

Sanity

There is a wiki article showing how to move two VPLS connect6ions over to ADSL links using BPG... which I try to avoid. The article is at http://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks_using_MPLS_extended. I am no so much a specialisst at BGP (so to say), and it can get complicated ...

Sanity

Send them an email. Likeky it should have been 1xx instead of 2xx in the price.

Sanity

Ok, i got it. a VLAN in Mikrotik is just an ethernet card. Multiple VLANS dont share anything. If I want it to run left and right.... I need to put in a bridge and add them to the bridge.

Sanity

Ok, i know what they are. Am used to use them from extreme networks. Just seem not to be able to get them going on mikrotik. How are vlan ports on different other ports connected? I mean, I only see ports, not the vlan definition itself: add arp=enabled comment="Hosting Frontbone Vlan" dis...

Sanity

There are three possibilities as you mentioned * VRF * Firewall filters * metarouters You should chose one that is most effective in your setup. That rules out metarouters, also because they do not really scale at all (8 max is nice for now, but what later?). Is there any vrf documentation that han...

Sanity

Hi Guys I have setup a VoIP server in my office and want to priorities the VoIP connection above the internet connection. My VOIP server IP is 192.168.1.253 and the port I’m working on is 5060.My SIP Provider host is sip99.telfreesa.com .How will I do it and set VoIP priority first and then my inte...

Sanity

Possibly VRF, but I just dont find it. I have a couple of Mikrotiks soon serving as router in a distributed environment (i.e. not an ISP, they baisically all VPN into a central cluster). 4 different environments to be exact. One "hosting" environment, with an internal backbone. This has va...

Sanity

Thanks. Thought the same. Simply too much real bandwidth to bother. Obviously different on those parts that DO have limitations (vpn connections), but the raw box just hits it all by haiving so much reserves.

Sanity

Thanks

Worked, they show up now.

Sanity

Sorry,

can not get LDP working. Realize now it is IP based in the communicaton, so my firewall will drop it (incoming filter). SImple question: WHat is the needed rule? Google turns up nothing.

Sanity

...possible without mangle rule? I basically have X uplinks (currently 2, soon 4) and want to open X pptp connections over the different links to my central server, then bundle them using MPLS / VPLS and bondingto one larger one. Like so many I am stuck with bad connectivity, but can get multiple li...

Sanity

THat worked - got me a nice list of possible values. Thanks.

Sanity

Have you considered NOT doing a bridged network but using routing, together with MPLS etc. for ethernet pass through / vlans should that be needed? The setup of the backbone and the whole configuration as beridget (if I undersatand this right) wounds like a little nightmare. I would use a normal swi...

Sanity

Good. Can you give me valid numbers there? as in: I am totally lost WHAT NUMBERS to enter for RAM

Sadly this little menu does only say "invalid" and not "ok, these are valid numbers".

Sanity

Noone picks this up? I noe have both mirkrotiks here, but balancing these still eludes me. Does not help that the wiki pages for this topic are... nonexistent. Noone here is load balancing multiple vpls tunnels?

Sanity

What are the valid values?

1500 keeps getting rejected, and I dont ahve a serial cable to figure out whether the boot monitor shows the values. THe terminal does not.... So, what can I enter there?

Sanity

The scenario: I am replacing a router / switch setup in a central cluster ina hosting center with a RB 1100 AH (just 2 servers at the moment). I will use a bridget to an internal switch group to manage the servers there, use the other switch group for now as internal backbone. There is a 100mbit upl...

Sanity

Hm, hello? Was that not supposed to have two switch grouns of 5 like the 1100?

I connect with Winbox: no switch tab on the left.

I connect with Terminal.... I see the switch chips.

What is the problem here? Why does Winbox not show the switch chips?

Sanity

Is this asking too much of this router? I have one set up at a site and when I route ~15Mbps or more over it the CPU starts choking out stuck at %100. I upgraded one site to RB1100 and it helped but I thought RB450G could handle it? From waht I read, MPLS would be more efficient than PPPOE. I remem...

Sanity

And how to solve problem if links are not equal? I am also working on this problem. Looking on MPLS TE tunnels. Any suggestions would be appreciated. From hat I hear you should leave the fintgers from PPPOE on top of MPLS and rather use VSPLS or so - same result, a LOT lower overhead. The size / sp...

Sanity

If DSL links are equal why don't you try bonding with "balance rr".

They are, i jsut wonder whether there is something more efficient than that. THere is a wiki page that has sections for that, but these parts only exist as titles.

Sanity

Sorry ;) Wiki has no example for that - only an empty section. Anything special to consider? My requirements: * Mikrotik based central location * An external office with two same provider DSL links that must be uplinked and use the bandwidth as good as possible (I.e. not one tcp conncetion on one li...

Sanity

Hello given are: * An office with a Mikrotik 450G. Due to contraints of available providers (ouch) there are 2 uplinks there with 6mbit down, 512kbit up. I can go up to 4 providers via cable modem. IP addresses there are semi static. They dont chnge often, but they can - so we need to dial out from ...

Search found 198 matches