Community discussions

MUM Europe 2020

Search found 13 matches

by dne
Tue Dec 01, 2015 5:13 pm
Forum: General
Topic: poor ipsec performance on ccr with aws vpn
Replies: 9
Views: 1469

Re: poor ipsec performance on ccr with aws vpn

In cooperation with our ISP we try a few other upstreams with no improvement. Throughput on CCR is only 60% compared to a Watchguard xtm330 with very limited ipsec capabilities. @IPANetEngineer: I think AWS is definitely not using CCR for their VPN service. So it´s not really comparable to your setup.
by dne
Mon Nov 30, 2015 11:51 am
Forum: General
Topic: poor ipsec performance on ccr with aws vpn
Replies: 9
Views: 1469

Re: poor ipsec performance on ccr with aws vpn

There is no shaping on uplinks to our ISP.
by dne
Fri Nov 27, 2015 1:21 pm
Forum: General
Topic: poor ipsec performance on ccr with aws vpn
Replies: 9
Views: 1469

Re: poor ipsec performance on ccr with aws vpn

We used tcp traffic generated by netio and iperf. dne@xxx:~/netio/bin$ ./linux-x86_64 -s NETIO - Network Throughput Benchmark, Version 1.31 (C) 1997-2010 Kai Uwe Rommel UDP server listening. TCP server listening. TCP connection established ... Receiving from client, packet size 1k ... 9116.44 KByte/...
by dne
Fri Nov 27, 2015 12:16 pm
Forum: General
Topic: poor ipsec performance on ccr with aws vpn
Replies: 9
Views: 1469

Re: poor ipsec performance on ccr with aws vpn

Highest core usage rate is 5% while running tests. Config on ccr is very basic to prevent side-effects and simplify debugging. /system resource print uptime: 3d3h21m52s version: 6.33.1 (stable) build-time: Nov/17/2015 09:55:23 free-memory: 1747.9MiB total-memory: 1956.2MiB cpu: tilegx cpu-count: 9 c...
by dne
Fri Nov 27, 2015 8:45 am
Forum: General
Topic: poor ipsec performance on ccr with aws vpn
Replies: 9
Views: 1469

poor ipsec performance on ccr with aws vpn

Few days ago we set up a vpn connection to aws vpc. On our site we use ccr1009-8g-1s-1s+ an followed the example of jimr http://forum.mikrotik.com/viewtopic.php?t=87844 without using nat. After we script around the mikrotik policy issue the connection seems to be useable for a while. Yesterday we st...
by dne
Wed Nov 25, 2015 4:02 pm
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30325

Re: Amazon AWS VPN -- A Working Configuration Example and Bug

To prevent flapping between both path we used a bgp filter to set a lower distance to the preferred path.

the 100ms delay is only to switch policy faster then one second.
by dne
Wed Nov 25, 2015 3:40 pm
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30325

Re: Amazon AWS VPN -- A Working Configuration Example and Bug

/system scheduler add interval=1s name=setIPSecPolicy on-event=setIPSecPolicy ... :global activeGatewayAWS :global saDstAddress :global IPSecPeer1 ADDR_GW_1 :global IPSecPeer2 ADDR_GW_2 :for timer from=1 to=6 step=1 do={ :global activeGatewayAWS [/ip route get [/ip route find dst-address=172.31.0.0...
by dne
Wed Nov 25, 2015 2:27 pm
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30325

Re: Amazon AWS VPN -- A Working Configuration Example and Bug

Quick and dirty but seems to work. :global activeGatewayAWS [/ip route get [/ip route find dst-address=172.31.0.0/16 bgp active] gateway] :global saDstAddress :if ($activeGatewayAWS=ACTIVE_BGP_GATEWAY_ADDR) do={:global saDstAddress ADDR_GW_1} else={:global saDstAddress ADDR_GW_2} /ip ipsec policy se...
by dne
Mon Oct 05, 2015 9:24 am
Forum: Wireless Networking
Topic: 10MHz channel width on AC chips
Replies: 6
Views: 1395

Re: 10MHz channel width on AC chips

no reply? no news on this?
by dne
Thu May 15, 2014 5:01 pm
Forum: General
Topic: Need help : Bonding with separate Tx and Rx
Replies: 3
Views: 1055

Re: Need help : Bonding with separate Tx and Rx

I have never tried a setup like yours, but maybe this presentation can help you:

http://mum.mikrotik.com/presentations/CN14/jesse.pdf
by dne
Thu Jul 19, 2012 4:33 pm
Forum: Beginner Basics
Topic: no ssh service available after upgrade os to 5.19
Replies: 1
Views: 714

Re: no ssh service available after upgrade os to 5.19

problem solved

my solution:

1. /system reset configuration
2. import config file
by dne
Thu Jul 19, 2012 2:57 pm
Forum: Wireless Networking
Topic: Wat is happening on my network
Replies: 1
Views: 438

Re: Wat is happening on my network

by dne
Thu Jul 19, 2012 1:57 pm
Forum: Beginner Basics
Topic: no ssh service available after upgrade os to 5.19
Replies: 1
Views: 714

no ssh service available after upgrade os to 5.19

Hi. After Upgrade to v5.19 the ssh service is not longer available. [admin@MikroTik] > /system routerboard print routerboard: yes model: 493G serial-number: xxx current-firmware: 2.39 upgrade-firmware: 2.41 [admin@MikroTik] > /ip service print Flags: X - disabled, I - invalid # NAME PORT ADDRESS CER...