First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP! Of course you can Here's one router I have # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADb 0.0.0.0/0 172.26.114.241 20 1 ADb 10.67.57.0/24 172.26.114.241 20 2 ADb 10.168.30.0/24 172.26.114.241 20 3 ADb 10.169.42.9/3...

So on each router you have an eoip interface, a physical port, and a bridge that contains both?

I'm guessing there's no entry in the arp tables?

Route filters * Wan1-out -- set 10.10.2.0/24 to as-prepend of 2 * Wan2-out -- set 103.107.224.0/23 to as-prepend of 2 That would mean that incoming traffic would However for outgoing traffic I think you'd have to use routing marks if you only have one router, and from memory that involves using /rou...

I have a test network set up as a sqare A1 --- B1 | | A2 --- B2 A1 and A2 are in AS1 B1 and B2 are in AS2 Each link has a /30 p2p address A1 and A2 have an ibgp session between the two /30 IIPs B1 and B2 have an ibgp session A1 and B1 have an ebgp session with local pref of 100 A2 and B2 have an ebg...

Thanks for this, > Another thing to note, how does your OSPF process learn the prefixes advertised from AS 65011? If the answer is redistribution of BGP into OSPF then you need to ensure you are redistributing with external type1, your post was really helpful in working out what's going on. I believ...

I have a network setup that looks like this https://tinyurl.com/ydx8e6db https://i.imgur.com/VQpqYny.png With Orange being OSPF, and Blue being eBGP. BGP has a cost of 20, and OSPF 110 I can use a variety of BGP tricks to force traffic from R11 to prefer going via R1 or R2 (local pref, med, ASpath p...

I have a fairly complicated router config running on an 1100AHx4 on version 6.42.9. When I remove all the devices and just do laptop to laptop, port 4 (bridge) to port 11 (seperate bridge), via a srcnat, and some queue trees, and stream 290mbit of traffic via iperf from one side to another, it works...

Certainly not the unix way {code} ~$ grep testu /etc/passwd testuser:x :1003:1003:,,,:/home/testuser:/bin/bash ~$ sudo userdel testuser ~$ grep testu /etc/passwd {code} But that's fine. The way the underlying file system isn't wiped on an upgrade does make me slightly more concerned about how the in...

What architecture is your potentially compromised system? This was a in-house lab x86 system (non-production - but live Internet connected) system we sometimes used to ping to and btest to. Because it was not production and stand-alone , it had no firewalls on it. Interesting I have a similar box, ...

Clearly if the bulk of your traffic is from one IP to another IP you can't balance it -- at least not without an ISP providing something like LACP or ECMP (and even then I believe it's good practice to send the same IP/port/src-dst down the same link to avoid reorders. I've not really used either pr...

I think you could use something like: /ip firewall mangle add action=mark-connection chain=prerouting new-connection-mark=via_1 per-connection-classifier=dst-address:2/0 add action=mark-connection chain=prerouting new-connection-mark=via_2 per-connection-classifier=dst-address:2/1 add action=mark-ro...

I can confirm that applies to the x86 version in a VM (which had >7gb allocated)





However the CHR version has no such limit

If you hardware the switching, does the bandwidth used shows up on the interface? Can you run packet captures on the traffic?

The compromised port and were the vulnerability get into my router was API 8728. I got this because i'm checking dayly my routers, and the rules was placed 3 minutes before, and i got this in the log. the router that i have is a Lab router to catch this kind of issues: This is what i get in my log ...

In looking into one of my possible compromised Mikrotik ROS systems, I see in the underlying vmlinuz ( compressed Linux kernel ) user dat file what appears to be two additional user accounts which are not visible in the Mikrotik user manager system. The two accounts in question are: admin b (as in ...

Yes, that is to be expected, there was a vulnerability locked down in 6.40.8 "What's new in 6.40.8 (2018-Apr-23 11:34): !) winbox - fixed vulnerability that allowed to gain access to an unsecured router;" I wonder how that worked, and what "unsecured" means. As a rule I tend to have the following c...

That's rather funny! 1) Restore your config to a backup version before you got hacked, update the firmware to the latest version 2) Keep your firmware updtodate. Don't use an easy to guess password. 3) Block non-established input traffic from the internet, especially control traffic, unless you know...

We could guess and assume it's related to viewtopic.php?f=21&t=132499#p650812, as suggested in the other thread (viewtopic.php?f=2&t=134754&p=663554). It would be good to have that confirmed.

So you want to send multicast to subscribers who haven't actually subscribed to it?

If you've been given a virtual ethernet cable then just treat it as if it was a real ethernet cable. There's a few protocols that may be stripped (but may not be - I've had both) -- lldp, LACP, etc, but the beauty of a layer 2 link is you can simply treat it as a 100km ethernet cable. The Tier-1 ISP...

The entire network looks like https://i.imgur.com/eOzNLLE.png With Box 1 / 2 / 3 being able to plug into either Edge 1 or Edge 2 depending on the day (but not into both locations at the same time). Edge 1 or Edge 2 then advertises the box into the core. Edge1 advertises via BGP: * 192.168.1.0/24 * 1...

I have a typical router with multiple networks on 192.168.1.0/25 192.168.1.128/26 192.168.1.192/28 192.168.1.255/32 etc. This leads to a dozen or so routes advertised by OSPF, and this makes a messy routing table when there are 5 or 6 of these routers connected together. If I add a static route for ...

The application is using windows-style libraries, the core OS (e.g. the network stack) isn't though.

Sure (Private network on 192.168.81.254/24, local pc on .100, usual masquerading) Set up your router like this /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 /ip dns static add address=192.168.81.100 name=mypc.me.com add address=192.168.81.254 name=myrouter.me.com Then run this on you...

OK, that was a dumb move. I'd set up the ebgp peering, but not the ibgp peering.

In a far better state now

I split AB and CD into two AS numbers, and got rid of OSPF on those 4. Kept EF as a single one. Peer from B-C, E-F, B-E and C-F. Routes all seem to work regardless of the failures.

I have two networks, which I want to join using BGP The first network consists of 4 routers, with ethernet /30 links in line A-B-C-D Call it AS 65501 They run OSPF, and all is well. I also have a large network running OSPF, with 2 routers, and gigabit connectivity, AS65500 E-F | | (various other bit...

Well you get around the requirement for interaction and passwords by using ssh keys, however that doesn't help when you run the script from the scheduler Here's my script: add name=remotebackup policy=read,write,test source="/log info \"start backup\"; /log info \"Get R1\"; /system ssh 1.2.3.4 user=...

I've never trusted multicast I'm afraid, so don't have any experience of how it's supposed to work, other than vague notions of magic. It would, however, simplify one project I'm working on I have 2 mikrotik 1100AHs, linked together with a single gigabit cable on ether1, making about 15 of the ports...

(I'm aware of the irony of the mis-spelt subject, I blame the jet lag)

So will that work when plugged into any of the ports?

OK, I had a routerboard 1200 responding on eth1 to the IP 192.168.88.1 I accidentally dropped this interface, rendering the entire machine useless. I don't have a serial port on my laptop, let alone the inevitable mess of cables. Now I've booted with the reset button pressed, with the reset jumper s...

Hi, I currently use a program called "samplicator" (http://code.google.com/p/samplicator/), to listen to UDP traffic coming in, and forward it onto multiple machines. Now this seems a bit of a waste of a computer, and the usual overhead of maintaining it. I'd like to ideally run something on a route...