Community discussions

Search found 1045 matches

by IPANetEngineer
Tue Oct 15, 2019 4:31 pm
Forum: General
Topic: config mikrotik router as BRAS
Replies: 2
Views: 225

Re: config mikrotik router as BRAS

Here is a guide on HA PPPoE BRAS with MIkroTik that may be helpful.

https://www.stubarea51.net/2018/04/23/p ... atorsbras/
by IPANetEngineer
Mon Oct 14, 2019 7:47 pm
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 37
Views: 4270

Re: New High Performance Routers ! ?

CHR is super unstable product (at least on vmware). We use it only for "the dude" monitoring and 3 ppptp servers for managment. Total throuput is not even 10mbit/s And Even in that case, it locks up. Needs reboot every week. It looses its winbox port and ssh accesibility. We reboot it from the vm c...
by IPANetEngineer
Mon Oct 14, 2019 7:43 pm
Forum: General
Topic: how to split isp multicast iptv on crs326
Replies: 8
Views: 466

Re: how to split isp multicast iptv on crs326

Are you trying to get PIM or IGMP working or both?
by IPANetEngineer
Mon Oct 14, 2019 7:42 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1678

Re: MikroTik CHR on AWS with IPSec [SOLVED]

Thanks for the update....glad you got it working. :-)

Please mark this as solved
by IPANetEngineer
Sun Oct 13, 2019 6:27 pm
Forum: Forwarding Protocols
Topic: 3 branch offices VLAN over PPTP?
Replies: 5
Views: 642

Re: 3 branch offices VLAN over PPTP?

Sometimes an onsite visit to see what issues people are having can make all the difference in the world.

Glad you figured it out :D
by IPANetEngineer
Sun Oct 13, 2019 5:55 pm
Forum: General
Topic: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)
Replies: 26
Views: 3454

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Here are some example configs and a diagram that should point you in the right direction. A few notes on this - I tried to keep the config as simplistic as possible since you're dealing with very low speeds. There are more efficient ways to do this, but it requires more config. Also, I used 10M down...
by IPANetEngineer
Sun Oct 13, 2019 4:14 pm
Forum: Virtualization
Topic: Routeros docker container image
Replies: 1
Views: 287

Re: Routeros docker container image

I hope so...it would be very useful!
by IPANetEngineer
Sun Oct 13, 2019 3:40 pm
Forum: Beginner Basics
Topic: Using RouterOS to VLAN your network
Replies: 90
Views: 22991

Re: Using RouterOS to VLAN your network

If you're coming from Cisco, this may also be helpful for bridge VLAN configuration in MIkroTik.

https://www.stubarea51.net/2019/02/06/c ... and-vlans/
by IPANetEngineer
Fri Oct 11, 2019 5:39 pm
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 1392

Re: Filters for +500 prefixes

It definitely would be nice to reference a prefix list directly and MikroTik has stated they are working on it. However, from a CPU standpoint, Cisco and Juniper do the same thing mostly Cisco has a route-map that references a prefix list for BGP peers - which requires two different constructs Junip...
by IPANetEngineer
Fri Oct 11, 2019 5:25 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 46
Views: 2526

Re: IPv6 how to use it right

Here is an overview of IPv6 in MikroTik and how it goes from the BGP edge to the last mile with a customer handoff....it might be helpful. The configs for the entire network are in the article. :D https://www.stubarea51.net/2018/09/14/wisp-design-an-overview-of-adding-ipv6-to-your-wisp/ https://www....
by IPANetEngineer
Fri Oct 11, 2019 5:21 pm
Forum: Virtualization
Topic: CHR PROXMOX Performance
Replies: 4
Views: 1118

Re: CHR PROXMOX Performance

Here is a performance comparison I did between ESXi, ProxMox and HyperV

https://www.youtube.com/watch?v=xcgdGA1W_0o
by IPANetEngineer
Thu Oct 10, 2019 4:10 pm
Forum: General
Topic: Best VPN for Mikrotik Router
Replies: 13
Views: 2115

Re: Best VPN for Mikrotik Router

I wouldn't celebrate yet, there's udp in v7, but it wasn't the only missing feature. So it's great step for own use, but not much changed for interoperability with someone else's service using standard OpenVPN. We've been able to interop with non-MikroTik OpenVPN linux builds. It takes a little wor...
by IPANetEngineer
Thu Oct 10, 2019 4:08 pm
Forum: General
Topic: HAVING ISSUES WITH EOIP TUNNEL ON SXT/LHG
Replies: 2
Views: 563

Re: HAVING ISSUES WITH EOIP TUNNEL ON SXT/LHG

What version of RouterOS is running on each device?
by IPANetEngineer
Wed Oct 09, 2019 4:44 pm
Forum: Beginner Basics
Topic: RB2011 slow internet even with fasttrack
Replies: 98
Views: 13511

Re: RB2011 slow internet even with fasttrack

The route cache is set here

[admin@R1] > ip settings set route-cache=no
by IPANetEngineer
Wed Oct 09, 2019 4:03 pm
Forum: Beginner Basics
Topic: Very high latency on CHS with P10 trial.
Replies: 4
Views: 593

Re: Very high latency on CHS with P10 trial.

Something is definitely off - we don't normally see high latency in the CHR like that.

Have you licensed it with a trial license? If not it's restricted to 1 Mbps throughput and that can def cause latency
by IPANetEngineer
Tue Oct 08, 2019 8:50 pm
Forum: Beginner Basics
Topic: Forwarding port 443 causes internet problems to anyone else?
Replies: 4
Views: 536

Re: Forwarding port 443 causes internet problems to anyone else?

In the last couple of weeks, whenever I forward port tcp 443 I get internet issues. All my other port forwardings work fine, except this one. And it's disabled in IP SERVICES before someone asks :) Seems to be on the latest versions, because today I messed around with an 6.43.16 RB and it worked fi...
by IPANetEngineer
Tue Oct 08, 2019 8:45 pm
Forum: General
Topic: IPSec VPN fails to start - shows errors that I don't know how to solve
Replies: 2
Views: 433

Re: IPSec VPN fails to start - shows errors that I don't know how to solve

The last rule appears to be an IPv6 ipsec issue.

Are you trying to terminate the tunnel on IPv4 or IPv6?
by IPANetEngineer
Tue Oct 08, 2019 8:39 pm
Forum: General
Topic: Best VPN for Mikrotik Router
Replies: 13
Views: 2115

Re: Best VPN for Mikrotik Router

Now that OpenVPN has UDP support in ROSv7, I expect we'll see a large migration to that once ROSv7 is prod and stable.

We've scaled OpenVPN to more than 100,000 clients with MikroTik for IoT solutions....it works really well
by IPANetEngineer
Tue Oct 08, 2019 8:35 pm
Forum: General
Topic: IGMP Snooping on the new bridge implementation (6.41 +)
Replies: 4
Views: 2270

Re: IGMP Snooping on the new bridge implementation (6.41 +)

I worked on an IPTV network recently using CCRs in bridge mode with IGMP Snooping and PIM Sparse and I don't think we ran into any issues. Maybe it was a problem in the older ROS version?
by IPANetEngineer
Tue Oct 08, 2019 8:25 pm
Forum: Forwarding Protocols
Topic: MPLS bug?
Replies: 4
Views: 946

Re: MPLS bug?

The MIkroTik implementation of MPLS/LDP does not have fast reroute, so first OSPF timers must expire and then LDP timers have to also expire before a path is moved over. Sometimes this happens under a minute and sometimes it takes longer. In, general though, we've deployed a large number of MPLS bas...
by IPANetEngineer
Tue Oct 08, 2019 8:22 pm
Forum: Forwarding Protocols
Topic: IPSec/L2TP
Replies: 3
Views: 608

Re: IPSec/L2TP

You'll probably need a bit of trial and error with this one but I think this is a fairly close translation into RouterOS from iptables

/ip firewall filter
add action=accept chain=input dst-port=1701 in-interface=ether1 protocol=udp src-port=500
by IPANetEngineer
Tue Oct 08, 2019 8:10 pm
Forum: Forwarding Protocols
Topic: Core DHCP-RADIUS / MPLS/VPLS+VLAN
Replies: 2
Views: 649

Re: Core DHCP-RADIUS / MPLS/VPLS+VLAN

I've done this for a number of clients with Radius DHCP over VPLS except for the dynamic VLAN assignment which can be done one of two ways with radius: via dot1x or on wireless using CAPSMAN. If those don't work for you, I would probably use the API to set the VLAN based on the radius response. Also...
by IPANetEngineer
Tue Oct 08, 2019 4:37 pm
Forum: General
Topic: Best VPN for Mikrotik Router
Replies: 13
Views: 2115

Re: Best VPN for Mikrotik Router

This often depends on what the clients will be... Phones, Laptops, servers, firewalls?? You also need to consider the type of Internet connection the clients will be coming from - in some cases, TCP/443 behind NAT is all you are allowed to use. UDP based VPNs are great if they meet the requirements ...
by IPANetEngineer
Tue Oct 08, 2019 4:28 pm
Forum: Beginner Basics
Topic: ISP Setup
Replies: 9
Views: 1064

Re: ISP Setup

I would strongly recommend the use of a switch-centric design for the core as shown below for several reasons: - Scale - Operational flexibility - Ease of migration and adding capacity - Simplifies failover https://www.stubarea51.net/wp-content/uploads/2018/09/Switch-centric-IPA.png Then utilize Mi...
by IPANetEngineer
Tue Oct 08, 2019 4:12 pm
Forum: Forwarding Protocols
Topic: HTTP Downloads cancels when LDP enabled
Replies: 4
Views: 398

Re: HTTP Downloads cancels when LDP enabled

Typically the issue you are describing indicates a problem with MTU somewhere.

What are your MTU settings for.

L2
L3
MPLS

?
by IPANetEngineer
Mon Oct 07, 2019 11:25 pm
Forum: General
Topic: Daisy Chain on Wire Speed [SOLVED]
Replies: 12
Views: 3325

Re: Daisy Chain on Wire Speed [SOLVED]

Also, if you use the following page, it will tell you what features are supported in 'hw-offload'

https://wiki.mikrotik.com/wiki/Manual:I ... Offloading
by IPANetEngineer
Mon Oct 07, 2019 11:19 pm
Forum: Forwarding Protocols
Topic: nat question
Replies: 3
Views: 528

Re: nat question

Awesome....can you please change the thread to "solved"
by IPANetEngineer
Mon Oct 07, 2019 7:37 pm
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 1392

Re: Filters for +500 prefixes

The option to do this is there, you just have to build more than one filter. First build the prefixes common to multiple peers /routing filter add action=accept chain=as-65000-prefixes prefix=203.0.113.0/29 prefix-length=29-32 add action=accept chain=as-65000-prefixes prefix=203.0.113.8/29 prefix-le...
by IPANetEngineer
Mon Oct 07, 2019 4:00 pm
Forum: Forwarding Protocols
Topic: nat question
Replies: 3
Views: 528

Re: nat question

Here is an example of forwarding port 80 on two different IPs using 203.0.113.0/24 "public" network and the 192.168.0.0/24 private network. /ip firewall nat add chain=dstnat dst-address=203.0.113.11 dst-port=80 action=dst-nat to-addresses=192.168.0.11 to-port=80 /ip firewall nat add chain=dstnat dst...
by IPANetEngineer
Sun Oct 06, 2019 7:04 pm
Forum: Forwarding Protocols
Topic: Static MPLS configuration
Replies: 4
Views: 1322

Re: Static MPLS configuration

OSPF is very easy to setup MPLS with LDP.

Do you have a specific reason why static label distribution is required?
by IPANetEngineer
Sun Oct 06, 2019 7:00 pm
Forum: Forwarding Protocols
Topic: How to connect access router to core router
Replies: 8
Views: 1451

Re: How to connect access router to core router

If you're doing PPPoE, this means that you're working with /32 networking , i'd probably use OSPF to get started and then move to iBGP with OSPF advertising the transit and loopback subnets. You'll have to break OSPF into areas to summarize the users and OSPF is happiest in MIkroTik when you keep th...
by IPANetEngineer
Thu Sep 19, 2019 6:27 pm
Forum: Forwarding Protocols
Topic: UNABLE TO PING OVER EOIP TUNNEL
Replies: 4
Views: 390

Re: UNABLE TO PING OVER EOIP TUNNEL

Can you share your config?
by IPANetEngineer
Wed Sep 18, 2019 4:56 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35939

Re: RouterOS v7.0beta1 (ARM)

Out of interest is there an expected release date of new revisions, e.g v7.0beta2 every couple weeks? Or would we only get updates every quarter? Thanksk There are no set release schedules for the next beta releases. We will release beta2 once were done fixing current bugs that were found in beta1 ...
by IPANetEngineer
Sun Sep 15, 2019 5:11 am
Forum: Wireless Networking
Topic: Migrating a WISP from Bridged to Routed
Replies: 0
Views: 326

Migrating a WISP from Bridged to Routed

Although not specifically a MikroTik article, there are a lot of WISP operators in here and thought this might be helpful for some of you (and MikroTik is mentioned :wink: ) If you're struggling to figure out how to migrate a WISP from Bridged to Routed, here is a guide to help you get started. http...
by IPANetEngineer
Sat Sep 14, 2019 3:30 pm
Forum: Forwarding Protocols
Topic: OSPF down problem
Replies: 11
Views: 1543

Re: OSPF down problem

I would suggest running a long term packet capture only for IP Protcol 89 on each side of the link so that we can look at the packets as it's failing. You may need to let it run for a while so be sure to give it enough memory and only allow OSPF packets which are small. That's how I normally trouble...
by IPANetEngineer
Fri Sep 13, 2019 11:37 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1678

Re: MikroTik CHR on AWS with IPSec [SOLVED]

AWS gives you full control over the FW. To permit IP Protocol 50, you need this type of rule


Image
by IPANetEngineer
Fri Sep 13, 2019 11:20 pm
Forum: Forwarding Protocols
Topic: REACHING BRANCHES THROUGH DHCP
Replies: 1
Views: 360

Re: REACHING BRANCHES THROUGH DHCP

What you're trying to do is a little unclear...do you have a drawing of what you want to do or can you make one?
by IPANetEngineer
Fri Sep 13, 2019 4:56 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1678

Re: MikroTik CHR on AWS with IPSec [SOLVED]

Here is a good tutorial on how to open ports in AWS. And I do not agree that you should just open all ports. Unless you are an ISP or Hosting Data Center that has other security appliances deployed, You should only allow the ports that you need and deny the rest. AWS Has great security appliances th...
by IPANetEngineer
Thu Sep 12, 2019 11:59 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1000

Re: Redundant routers/switches

You'll never get 10 Gbps through the CRS317 when routing L3 packets. It maxes out at 2 to 3 Gbps because L3 is handled by a CPU not an ASIC. https://mikrotik.com/product/crs317_1g_16s_rm#fndtn-testresults Here is a guide I did on MikroTik and VLANs to convert from Cisco that may be helpful (testing ...
by IPANetEngineer
Thu Sep 12, 2019 9:07 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1678

Re: MikroTik CHR on AWS with IPSec [SOLVED]

I literally finished setting this up myself this morning. Absolutely as above. You get a private LAN which is 1:1 NAT with a real public IP. You need NAT traversal and the key for me was IPSEC-ESP being open in the firewall. My CHR at home connects no problem as well as parents RB750 but I had to d...
by IPANetEngineer
Thu Sep 12, 2019 5:45 pm
Forum: General
Topic: Public IP Routing
Replies: 6
Views: 731

Re: Public IP Routing

You don't need to use a public subnet between routers, you can use 10.x.x.x or 100.64.x.x ranges.

Then you can put a single IP on the Router that has the PCs using a new bridge as a loopback and NAT to the single IP. Just replace the /30 route with a /32 route.
by IPANetEngineer
Thu Sep 12, 2019 5:41 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1678

Re: MikroTik CHR on AWS with IPSec [SOLVED]

AWS Doesn't normally pass a true public to the guest VM so you need to make sure that you have NAT Traversal enabled for IPSEC. What are the settings you are using? Can you share your config?
by IPANetEngineer
Thu Sep 12, 2019 5:38 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1000

Re: Redundant routers/switches

The CRS317 is intended for 10G L2 switching and not routing.

What kind of throughput do you need through the Hypervisors?
by IPANetEngineer
Thu Sep 12, 2019 1:53 am
Forum: RouterOS v7 BETA
Topic: Should OSPF work?
Replies: 3
Views: 1239

Re: Should OSPF work?

I'm trying to configure OSPF for IPv6 to test recursive routing in v7 to route ipv6 you should use OSPFv3. as far as i see, you have set this under /routing ospf instance using the new 'version' attribute [admin@hgw] /routing/ospf/instance> print Flags: D - dynamic, X - disabled, I - inactive 0 ver...
by IPANetEngineer
Wed Sep 11, 2019 11:41 pm
Forum: RouterOS v7 BETA
Topic: Should OSPF work?
Replies: 3
Views: 1239

Should OSPF work?

I'm trying to configure OSPF for IPv6 to test recursive routing in v7 Since this is a limited release, should it be working? Everything seems in order and I can ping on the /64 between routers, but there is no neighbor adjacency R1 - RB3011 /routing ospf instance add name=ospf-instance-1 router-id=1...
by IPANetEngineer
Wed Sep 11, 2019 9:31 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208064

Re: Feature requests

Is it what you expect or what you're afraid of? Because it's like this by design: if you broke access 'forever', it will be rolled back. But generally ssh is quite tolerant to network instability. Well, it is certainly a weak point in the RouterOS "safe mode" that it immediately rolls back all chan...
by IPANetEngineer
Wed Sep 11, 2019 9:11 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154943

Re: RouterOS v7.0 beta1 - when?

Recursive nexthops in v7 works without any scripts.
❤️
Woahhhhhhhhhhhh!!!!

+1000000000000 :lol:
by IPANetEngineer
Sat Sep 07, 2019 5:00 pm
Forum: Forwarding Protocols
Topic: OSPFv3 problem
Replies: 2
Views: 436

Re: OSPFv3 problem

I believe this problem was discussed here:

viewtopic.php?f=14&t=151650

The workaround was to run two OSPF instances since there is no way to change the link local
by IPANetEngineer
Fri Sep 06, 2019 4:46 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35939

Re: RouterOS v7.0beta1 (ARM)

Image
by IPANetEngineer
Wed Sep 04, 2019 6:34 pm
Forum: Forwarding Protocols
Topic: Packet marking by BGP peer
Replies: 2
Views: 462

Re: Packet marking by BGP peer

When you say that you need to "account" for it, what does that mean exactly?

Seems like you could use netflow for this purpose and then pull the data out of a netflow collector instead of adding the CPU overhead of marking every single packet
by IPANetEngineer
Sat Aug 31, 2019 3:25 am
Forum: Forwarding Protocols
Topic: OSPF redundancy and load balancing with different capacity
Replies: 3
Views: 602

Re: OSPF redundancy and load balancing with different capacity

We came up with a design to solve this problem for a client WISP and then published the solution which is here: https://www.stubarea51.net/2016/10/27/wisp-design-using-ospf-to-build-a-transit-fabric-over-unequal-links/ We took it a step further and paired it with BGP and presented the design at the ...
by IPANetEngineer
Wed Aug 28, 2019 7:46 pm
Forum: General
Topic: VLAN configuration approach, correct or not ?
Replies: 5
Views: 656

Re: VLAN configuration approach, correct or not ?

I actually wrote an article to help people who have learned Layer 2 in Cisco migrate to MikroTik VLAN configuration.

https://www.stubarea51.net/2019/02/06/c ... and-vlans/
by IPANetEngineer
Wed Aug 28, 2019 6:01 pm
Forum: Forwarding Protocols
Topic: BGP and more specific routes.
Replies: 10
Views: 1025

Re: BGP and more specific routes.

Try using 'aggregate' instead of 'network' and check the include IGP option, that should fix the issue you're seeing.
by IPANetEngineer
Wed Aug 28, 2019 4:44 pm
Forum: Forwarding Protocols
Topic: VPN4 BGP routes loading [SOLVED]
Replies: 5
Views: 710

Re: VPN4 BGP routes loading [SOLVED]

Any chance you can grab a packet capture from BGP / MPLS when the routes are going in and out? Might provide a clue as to what it's unhappy about
by IPANetEngineer
Wed Aug 28, 2019 4:41 pm
Forum: Forwarding Protocols
Topic: IPTV with CRS328-24P-4S+RM 700 Mbit
Replies: 1
Views: 417

Re: IPTV with CRS328-24P-4S+RM 700 Mbit

Are you trying to create a Rendezvous Point for the headend feed from your upstream provider?
by IPANetEngineer
Wed Aug 28, 2019 3:47 pm
Forum: Forwarding Protocols
Topic: BGP and more specific routes.
Replies: 10
Views: 1025

Re: BGP and more specific routes.

Turn synchronization off and announce the prefixes you need. Unlike Cisco, MikroTik will announce whatever prefix length you specify in networks if synchronization is turned off. You don't need a static route for the BGP advertisement.
by IPANetEngineer
Tue Aug 27, 2019 7:05 pm
Forum: Forwarding Protocols
Topic: BGP Multihomed (Single Router)
Replies: 5
Views: 596

Re: BGP Multihomed (Single Router)

I agree with pe1chi , if you're using your border routers as a stateful firewall for traffic to customers and BGP full tables, you need to redesign the way you are doing things and break out security devices into a separate box - independent of the border router.
by IPANetEngineer
Tue Aug 27, 2019 6:50 pm
Forum: Forwarding Protocols
Topic: BGP Multihomed (Single Router)
Replies: 5
Views: 596

Re: BGP Multihomed (Single Router)

Prepending doesn't work very well these days so i'd choose another strategy. If your ISPs support communities and most large ISPs do, then you can set communities on your routes to either prioritize or deprioritize them via a specific peer. You can also split the prefixes up and advertise specific r...
by IPANetEngineer
Tue Aug 27, 2019 6:25 pm
Forum: Forwarding Protocols
Topic: OSPF Redundant On bridged network
Replies: 3
Views: 372

Re: OSPF Redundant On bridged network

Why not put the subnet into a VPLS tunnel? Then it will exist as one L2 segment at each switch and you can have a routed network with failover underneath it. here is an example....you don't have to use S-Tag though, you could set it to untagged or a standard 802.1q tag https://www.stubarea51.net/201...
by IPANetEngineer
Tue Aug 27, 2019 5:00 pm
Forum: Forwarding Protocols
Topic: OSPF Redundant On bridged network
Replies: 3
Views: 372

Re: OSPF Redundant On bridged network

OSPF is not going to help you when the network is bridged. You need to convert to independently routed subnets between the routers and at the towers. Here is an example of migrating from bridged to routed in a presentation I did last year Bridged https://www.stubarea51.net/wp-content/uploads/2019/08...
by IPANetEngineer
Mon Aug 26, 2019 7:15 pm
Forum: Forwarding Protocols
Topic: Site-to-Multisite VPLS
Replies: 3
Views: 434

Re: Site-to-Multisite VPLS

Watch this podcast (which I am a guest on) and you can listen to us discuss the issues with extending Layer 2

https://thenetworkcollective.com/2017/0 ... nd-layer2/
by IPANetEngineer
Mon Aug 26, 2019 6:03 pm
Forum: Forwarding Protocols
Topic: Site-to-Multisite VPLS
Replies: 3
Views: 434

Re: Site-to-Multisite VPLS

Extending Layer 2 is complicated and not recommended across countries for data centers. I strongly recommend against this.

Is there a specific reason why each datacenter can't have a routable subnet assigned to it?
by IPANetEngineer
Mon Aug 26, 2019 5:17 pm
Forum: Forwarding Protocols
Topic: EoIP no RX on main side of the bridge
Replies: 5
Views: 493

Re: EoIP no RX on main side of the bridge

You have an MTU Mismatch and it appears to be inheriting it from the bridge. You need to get the MTUs to match even if you have to lower the whole segment MTU

192.168.30.15
actual-mtu=1380

10.14.100.81
actual-mtu=1458
by IPANetEngineer
Mon Aug 26, 2019 5:08 pm
Forum: Forwarding Protocols
Topic: VPN4 BGP routes loading [SOLVED]
Replies: 5
Views: 710

Re: VPN4 BGP routes loading [SOLVED]

What does your MPLS config look like?
by IPANetEngineer
Mon Aug 26, 2019 5:01 pm
Forum: Forwarding Protocols
Topic: /ip route print where ... slow
Replies: 2
Views: 964

Re: /ip route print where ... slow

Route lookups and routing table convergence is significantly faster when using the CHR as a border router.

Here is a presentation I did at MUM Europe in 2018 on that topic.
https://www.youtube.com/watch?v=xcgdGA1W_0o
by IPANetEngineer
Mon Aug 26, 2019 4:34 pm
Forum: Forwarding Protocols
Topic: OSPF Network Statement [SOLVED]
Replies: 3
Views: 575

Re: OSPF Network Statement [SOLVED]

OSPF, by design will learn and advertise all subnets that it learns to every other router in the area.

What problem are you trying to solve by limiting the subnets that are advertised?
by IPANetEngineer
Tue Jul 16, 2019 4:59 pm
Forum: Forwarding Protocols
Topic: Multicast to PPP clients
Replies: 12
Views: 1260

Re: Multicast to PPP clients

What is the TTL set for on the multicast source? If it's too low, it won't work. If you can't see or set it on the multicast source, then do a packet capture at the PIM RP and see what it's set to.

Run into this issue more than once.
by IPANetEngineer
Tue Jul 16, 2019 4:54 pm
Forum: Forwarding Protocols
Topic: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect
Replies: 6
Views: 678

Re: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect

Be sure that you are explicitly defining LDP interfaces and setting the transport to the loopback address. In your configs, it doesn't appear to be set.

VPLS requires targeted LDP sessions and needs the transport IP explicitly set.
by IPANetEngineer
Tue Jul 16, 2019 4:36 pm
Forum: Forwarding Protocols
Topic: OSPF Interface all passive
Replies: 9
Views: 1260

Re: OSPF Interface all passive

Are you saying the interfaces are physically up but show as down in OSPF passive?
by IPANetEngineer
Mon Jul 15, 2019 9:34 pm
Forum: Forwarding Protocols
Topic: MPLS, BGP and OSPF design for wisp
Replies: 27
Views: 5876

Re: MPLS, BGP and OSPF design for wisp

I'd use a 4011...compact and 10 gig capable if needed. It's a fantastic tower router and can even be a border router.
by IPANetEngineer
Mon Jul 15, 2019 8:10 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 13660

Re: IS-IS

Also, in the world of ever increasing security threats, IS-IS runs at Layer 2 and not Layer 3 to form IGP adjacencies, so it is much harder to DDoS the control plane when it doesn't use L3.
by IPANetEngineer
Mon Jul 15, 2019 7:36 pm
Forum: Forwarding Protocols
Topic: OSPF Loopback + MPLS Loopback
Replies: 7
Views: 1224

Re: OSPF Loopback + MPLS Loopback

The other reason for this would be for ECMP as MikroTik does not implement ECMP for LDP.
by IPANetEngineer
Mon Jul 15, 2019 7:35 pm
Forum: Forwarding Protocols
Topic: How to correctly work an OSPF multi area network?
Replies: 3
Views: 617

Re: How to correctly work an OSPF multi area network?

The backbone area is a fundamental part of OSPF.

What kind of network is this? ISP, Data Center?
by IPANetEngineer
Sat Mar 30, 2019 1:47 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40122

Re: UKNOF 43 CVE

Normis...i'm pretty confident we have replicated the conditions of one of the CVEs from doing some digging on our own for this issue. Without the rules, the router crashed. When we added the rules the router stayed online. Meanwhile CVE-2018-19299 still needs fixing, because even with those perform...
by IPANetEngineer
Sat Mar 30, 2019 2:03 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40122

Re: UKNOF 43 CVE

We believe that we have now recreated the conditions of both CVEs and have been able to cause a memory leak and router crash in both of the conditions listed below using software from a common offensive linux security tool for IPv6. soft lockup when forwarding IPv6 packets (CVE-2018-19299); soft loc...
by IPANetEngineer
Fri Mar 29, 2019 6:15 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40122

Re: UKNOF 43 CVE

Until we release the next beta with memory exhaustion fix, this firewall config should stop any attack even with small amount of RAM: admin@MikroTik] /ipv6 firewall> export /ipv6 firewall filter add action=drop chain=forward connection-mark=drop connection-state=new /ipv6 firewall mangle add action...
by IPANetEngineer
Fri Mar 29, 2019 10:01 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40122

Re: UKNOF 43 CVE

Would somebody please post some additional information about this. I need to understand what is the problem, the potential impact and what vulnerabilities are possible. Where can I find information to read/learn about this? I am not aware of any workarounds or mitigations any of us can use. I belie...
by IPANetEngineer
Fri Mar 29, 2019 9:45 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40122

Re: UKNOF 43 CVE

That's normal standard from Mikrotik when they are faced with a problem to resolve That is not true at all! We have always reacted to issues quickly, all the previous vulnerabilities have been fixed within hours or days time. Even in this case, we did reproduce and acknowledge the issue. In this ca...
by IPANetEngineer
Thu Mar 28, 2019 4:07 pm
Forum: General
Topic: Running IPv6 on Mikrotik? You're out of business in 12 days time
Replies: 32
Views: 15443

Re: Running IPv6 on Mikrotik? You're out of business in 12 days time

Even if there is no way to firewall it on a MikroTik, i'm assuming that once we know what is being set in the packet header, it can be mitigated with another solution based on flow detection and dropping the traffic in a switch. That won't work for everyone obviously, but it would work for a lot of ...
by IPANetEngineer
Thu Mar 28, 2019 3:17 pm
Forum: General
Topic: Running IPv6 on Mikrotik? You're out of business in 12 days time
Replies: 32
Views: 15443

Re: Running IPv6 on Mikrotik? You're out of business in 12 days time

This is also a new one for me...will be digging into it
by IPANetEngineer
Thu Mar 21, 2019 3:34 pm
Forum: Forwarding Protocols
Topic: bgp routing best practice for outbound?
Replies: 3
Views: 643

Re: bgp routing best practice for outbound?

AS Path prepending is not a technology used for outbound route selection (it controls inbound) and it has limited use in the BGP Global Table these days due to provider traffic engineering with localpref overriding it. My question before commenting would be what are you trying to achieve? Equal load...
by IPANetEngineer
Thu Mar 21, 2019 3:27 pm
Forum: Virtualization
Topic: CHR Hardware
Replies: 12
Views: 2120

Re: CHR Hardware

Hyper-V is hands down the best hypervisor for using a CHR as a BGP edge router. Mostly this is because MikroTIk spent a lot of time building the Hyper-V drivers for the CHR and they used off the shelf drivers for KVM/ESXi The single biggest impact is to get a CPU with a higher clock speed and fewer ...
by IPANetEngineer
Wed Feb 06, 2019 2:50 am
Forum: General
Topic: Cisco to MikroTik – A guide to switching and VLANs
Replies: 0
Views: 442

Cisco to MikroTik – A guide to switching and VLANs

This MikroTik to Cisco article has been on my to-do list for a while. If you know Cisco and want to understand how to work with VLANs in MikroTik's CRS3xx series of switches, here is a guide to get you started. https://www.stubarea51.net/2019/02/06/cisco-to-mikrotik-switching-and-vlans/ https://www....
by IPANetEngineer
Mon Jan 07, 2019 8:21 pm
Forum: Forwarding Protocols
Topic: Redundancy with OSPF
Replies: 2
Views: 504

Re: Redundancy with OSPF

If you want absolute control over your traffic paths, eBGP will work well, otherwise OSPF will be better than static routes but is more limited in its ability to manipulate traffic. Here is a presentation I did at the US MUM in 2017 which covers a lot of the questions you have in the first half. htt...
by IPANetEngineer
Sun Jan 06, 2019 6:43 pm
Forum: Forwarding Protocols
Topic: BGP/OSPF interaction weiredness (simple lab setup)
Replies: 5
Views: 704

Re: BGP/OSPF interaction weiredness (simple lab setup)

Nothing weird about this. R2 is going to pick the best route for prefix 3.3.3.0/24 to put into the FIB and it has two choices. 1) An iBGP route with an admin distance of 200 2) An OSPF intra-area route with an admin distance of 110 It's going to pick the OSPF route which means there will be no activ...
by IPANetEngineer
Fri Jan 04, 2019 5:39 pm
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 1188

Re: OSPF Database error

What are your MTU settings for Layer 2 and Layer 3 on each side of the link OSPF is trying to form a neighbor on? Normally getting stuck in two way indicates MTU, have also seen it occur as the result of a network type mismatch. What is the config for the other router? Here is a presentation I did o...
by IPANetEngineer
Thu Jan 03, 2019 5:18 pm
Forum: Forwarding Protocols
Topic: MPLS LDP Neighbor Addresses Blank
Replies: 6
Views: 1501

Re: MPLS LDP Neighbor Addresses Blank

The VPLS MTU is the size of the MTU you want to hand off to your customer. The interface MTU should be set to accommodate the overhead of VPLS. You need at least 1530 to send an 802.1q tagged frame through a VPLS tunnel. https://wiki.mikrotik.com/images/3/35/MTUVPLS.png Take a look at this MUM prese...
by IPANetEngineer
Thu Jan 03, 2019 4:38 pm
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 1188

Re: OSPF Database error

Can you post your configuration?
by IPANetEngineer
Sat Nov 10, 2018 4:06 pm
Forum: Forwarding Protocols
Topic: mpls/vpls over vlan
Replies: 5
Views: 1337

Re: mpls/vpls over vlan

Take a look at this if you want an example of a production deployment with HA for VPLS and public subnets. Configs are in this post - https://www.stubarea51.net/2018/04/23/wisp-design-building-highly-available-vpls-for-public-subnets/ https://dev.stubarea51.net/wp-content/uploads/2018/08/vpls-1.png
by IPANetEngineer
Sat Oct 13, 2018 5:25 pm
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 8177

Re: RB4011 vs. CCR1009 BGP

Thanks for doing the testing MIke! I'm looking forward to putting a 4011 in our lab and benchmarking it against a hardware router.

I'm excited about where MikroTik is headed with more ARM based routers :-)
by IPANetEngineer
Mon Oct 01, 2018 9:37 pm
Forum: Beginner Basics
Topic: BGP Route not used on router
Replies: 3
Views: 309

Re: BGP Route not used on router

Can you post your config minus sensitive information?
export compact hide-sensitive 
by IPANetEngineer
Fri Sep 28, 2018 11:47 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 55
Views: 18924

Re: MIkrotik BGP Monitoring

This would be really nice to have ;-)
by IPANetEngineer
Fri Sep 21, 2018 4:27 pm
Forum: Forwarding Protocols
Topic: OSPF: wrong lsa type
Replies: 14
Views: 1127

Re: OSPF: wrong lsa type

To clarify what you are trying to do here... Are you trying to advertise a summary route out of the stub area? If so, the area range command is what you're looking for. /routing ospf area range add advertise=yes area=backbone cost=default disabled=no range=192.168.88.0/24 add advertise=yes area=area...
by IPANetEngineer
Tue Sep 18, 2018 5:39 pm
Forum: General
Topic: CCR1009 +- 1500 pppoe
Replies: 2
Views: 387

Re: CCR1009 +- 1500 pppoe

I would consider a design like this with multiple CCRs so that you have redundancy and the ability to add resources. This can also be done in a CHR very well. We've deployed this for clients with a lot of success. https://www.stubarea51.net/2018/04/23/pppoe-high-availability-design-incorporating-mul...
by IPANetEngineer
Tue Sep 18, 2018 5:19 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39158

Re: v6.43.1 [stable] is released!

Thanks! Just tried it on a CRS317-1G-16S+ and it worked perfectly for the RouterOS and Firmware upgrades :-)
by IPANetEngineer
Mon Sep 17, 2018 6:19 pm
Forum: Forwarding Protocols
Topic: OSPF: Filter routes using firewall
Replies: 4
Views: 535

Re: OSPF: Filter routes using firewall

It might be more helpful to understand why you want to filter OSPF?
by IPANetEngineer
Sun Sep 16, 2018 5:09 pm
Forum: General
Topic: Mikrotik attacked. No idea how.
Replies: 7
Views: 851

Re: Mikrotik attacked. No idea how.

We've worked with a number of clients that have had compromised routers. As others have suggested, the two best things you can possibly do are

1) Netinstall
2) Restore config from text

When we have done this, we have not seen any further issues with the routers
by IPANetEngineer
Sat Sep 15, 2018 5:30 pm
Forum: Forwarding Protocols
Topic: Juniper - Mikrotik LDP/BGP based VPLS
Replies: 9
Views: 1889

Re: Juniper - Mikrotik LDP/BGP based VPLS

Can you post the output of the MPLS forwarding tables for the Juniper and MIkroTIk routers?
by IPANetEngineer
Sat Sep 15, 2018 5:10 pm
Forum: Forwarding Protocols
Topic: OSPF: Manual cost on PPTP [SOLVED]
Replies: 9
Views: 866

Re: OSPF: Manual cost on PPTP [SOLVED]

Many many thanks for your great help and idea! It did exactly what I wanted!
Perfect, glad I could help...just update the status of the thread to 'Solved' :-)
by IPANetEngineer
Sat Sep 15, 2018 3:55 pm
Forum: Forwarding Protocols
Topic: OSPF: Manual cost on PPTP [SOLVED]
Replies: 9
Views: 866

Re: OSPF: Manual cost on PPTP [SOLVED]

No problem! OSPF can be very complicated and takes a while to learn :-) To makes things much easier for yourself, here is what I would do. 1. Put all subnets that connect routers together into the backbone area aka transit links like your PPTP interfaces/subnets 2. Put all subnets that aren't involv...
by IPANetEngineer
Sat Sep 15, 2018 3:05 pm
Forum: Forwarding Protocols
Topic: OSPF: Manual cost on PPTP [SOLVED]
Replies: 9
Views: 866

Re: OSPF: Manual cost on PPTP [SOLVED]

At first glance, the main issue is with your design. If you look at the MIkroTik Wiki on OSPF area design, you'll see that multiple areas are all attached to the backbone area.But not Area 1 going to Area 2 https://wiki.mikrotik.com/images/c/cf/Image6006.gif OSPF is not intended for areas other than...
by IPANetEngineer
Sat Sep 15, 2018 2:30 pm
Forum: General
Topic: MikroTik WISP Design – An overview of adding IPv6 to your WISP
Replies: 2
Views: 420

MikroTik WISP Design – An overview of adding IPv6 to your WISP

Just wrote an article on how to add IPv6 to your WISP using MIkroTik, complete with configs. It covers adding IPv6 at the Core, the Tower and the subscriber as well as a subscriber device. Hope this is helpful for someone! https://www.stubarea51.net/2018/09/14/wisp-design-an-overview-of-adding-ipv6-...
by IPANetEngineer
Sat Sep 15, 2018 2:21 pm
Forum: Forwarding Protocols
Topic: Routing bug
Replies: 1
Views: 341

Re: Routing bug

There are a lot of stable MIkroTik networks with BGP, OSPF, MPLS/VPLS on the CCR series.

Can you post your config? Do you have a network diagram?
by IPANetEngineer
Sat Sep 15, 2018 2:15 pm
Forum: Forwarding Protocols
Topic: OSPF: Manual cost on PPTP [SOLVED]
Replies: 9
Views: 866

Re: OSPF: Manual cost on PPTP [SOLVED]

Can you post your config? That might be helpful.

Also please post the output of these commands on each router:
routing ospf interface print detail
routing ospf network print detail
routing ospf lsa print detail
by IPANetEngineer
Sat Sep 15, 2018 7:40 am
Forum: Forwarding Protocols
Topic: MPLS, BGP and OSPF design for wisp
Replies: 27
Views: 5876

Re: MPLS, BGP and OSPF design for wisp

You definitely don't want to do it with a small CRS. Look at using a 3011 at smaller sites and CCR at others.
by IPANetEngineer
Fri Sep 14, 2018 9:42 pm
Forum: Announcements
Topic: Winbox v3.18 released!
Replies: 49
Views: 71407

Re: Winbox v3.18 released!

Thanks! will test it in our MirkoTik lab :-)
by IPANetEngineer
Fri Sep 14, 2018 6:51 pm
Forum: Forwarding Protocols
Topic: Injecting partial BGP/Aggregate routes into OSPF
Replies: 7
Views: 913

Re: Injecting partial BGP/Aggregate routes into OSPF

On the BGP routers, turn on bgp redistribution then add only the wanted routes into ospf-out filter denying the others, so it will redistribute only those? Done this? I fear as the BGP process is single threaded and eats a whole cpu of the CCR it may cause problems. You have to get into hundreds of...
by IPANetEngineer
Thu Sep 13, 2018 5:25 am
Forum: Forwarding Protocols
Topic: MPLS, BGP and OSPF design for wisp
Replies: 27
Views: 5876

Re: MPLS, BGP and OSPF design for wisp

Thanks. On the MTU size, I see some people set it to 1530 for MPLS, some 1580, 1600, and 2000. Is there any downside to setting it to 2000 across the board? Also I am having issues getting the MPLS working out in the field through the various wireless links even though on my lab it works fine. I ha...
by IPANetEngineer
Wed Sep 12, 2018 9:14 pm
Forum: Forwarding Protocols
Topic: Injecting partial BGP/Aggregate routes into OSPF
Replies: 7
Views: 913

Re: Injecting partial BGP/Aggregate routes into OSPF

How many routes do you want to put in OSPF?
by IPANetEngineer
Wed Sep 12, 2018 4:46 pm
Forum: Forwarding Protocols
Topic: MPLS, BGP and OSPF design for wisp
Replies: 27
Views: 5876

Re: MPLS, BGP and OSPF design for wisp

Here's an example of OSPF/MPLS/VPLS for a WISP with HA DCs and with configs....I'll see what I can dig up for BGP :-)

https://www.stubarea51.net/2018/04/23/w ... c-subnets/
by IPANetEngineer
Mon Sep 10, 2018 2:26 am
Forum: Forwarding Protocols
Topic: MPLS, BGP and OSPF design for wisp
Replies: 27
Views: 5876

Re: MPLS, BGP and OSPF design for wisp

This depends on your use case. Some ISPs may use LDP signalled VPLS for private transport circuits. Other ISPs may use BGP signalled VPLS. In most cases, it's helpful to have iBGP to advertise public subjects and /32 loopbacks even if the majority of traffic is in VPLS. In short, having BGP on the i...
by IPANetEngineer
Sat Sep 08, 2018 9:49 pm
Forum: Forwarding Protocols
Topic: BGP ECMP (multipathing)
Replies: 36
Views: 11651

Re: BGP ECMP (multipathing)

I've been wanting to see this as well, but i'd rather have recursive routing in IPv6 for BGP fixed first. :-)
by IPANetEngineer
Sat Sep 08, 2018 9:46 pm
Forum: Forwarding Protocols
Topic: Packet loss Routers
Replies: 2
Views: 562

Re: Packet loss Routers

What model and type of routers are you using?
by IPANetEngineer
Sat Sep 08, 2018 4:32 pm
Forum: Forwarding Protocols
Topic: Connecting to a public Internet exchange and a transit provider
Replies: 1
Views: 449

Re: Connecting to a public Internet exchange and a transit provider

I would consider a design like this and use local pref to prefer the IX routes.

Image
by IPANetEngineer
Fri Sep 07, 2018 8:34 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70626

Re: RB4011

Everyone's use case is different, but I'm actually happy they stripped some things out. I look at this a different way - now you have a router capable of routing 10 Gbps peak throughput which is very close to CCR1009 number for half the cost. All of the bells and whistles are nice, I agree, but i'll...
by IPANetEngineer
Fri Sep 07, 2018 8:26 pm
Forum: Forwarding Protocols
Topic: BGP Peering Advice
Replies: 6
Views: 802

Re: BGP Peering Advice

This largely depends on your BGP edge design and whether or not the peers are fully meshed inside your AS. If the routes learned from your upstreams are only present at the border routers then you'll need aggregate routes injected form the border routers to draw traffic towards one of those peers. A...
by IPANetEngineer
Fri Sep 07, 2018 8:12 pm
Forum: Forwarding Protocols
Topic: OSPF connected interfaces
Replies: 1
Views: 406

Re: OSPF connected interfaces

The may be some options using policy routing. Can you post a diagram of what you have? It would be much easier to comment with some context as to the layout.
by IPANetEngineer
Tue Sep 04, 2018 9:56 pm
Forum: Forwarding Protocols
Topic: Migrating from switch to Mikrotik Router
Replies: 10
Views: 1080

Re: Migrating from switch to Mikrotik Router

If you run it on a switch, you can ask your upstream provider if you can maintain dual peerings and that way you'll have edge router redundancy if you lose a router or need to upgrade the RouterOS code, it can be done without an outage by failing traffic from one to the other. It still doesn't help ...
by IPANetEngineer
Sun Sep 02, 2018 6:32 pm
Forum: Forwarding Protocols
Topic: Migrating from switch to Mikrotik Router
Replies: 10
Views: 1080

Re: Migrating from switch to Mikrotik Router

I've done a lot of Enterprise networks and there are some key things when you're trying to migrate and the network is a mess. 1) If you don't have detailed documentation of how the current network is laid out, take the time to create it. Layer 1 - Document physical connections to all network equipme...
by IPANetEngineer
Sun Sep 02, 2018 5:24 pm
Forum: Forwarding Protocols
Topic: Migrating from switch to Mikrotik Router
Replies: 10
Views: 1080

Re: Migrating from switch to Mikrotik Router

We've been incredibly successful with switch-centric designs over the years and have deployed it on every continent except Antarctica. Switch stacks are not a single point of failure as they form a pair of HA switches that are logically a single switch from sa spanning tree perspective. Using a swit...
by IPANetEngineer
Sat Sep 01, 2018 3:39 pm
Forum: Forwarding Protocols
Topic: Migrating from switch to Mikrotik Router
Replies: 10
Views: 1080

Re: Migrating from switch to Mikrotik Router

We work on this type of design frequently. I would suggest a switch-centric architecture where all of the links terminate in the switch stack and you use LACP to connect the MikroTik routers and hypervisors. Then connect the internet circuits on different switches in the stack for redundancy. Switch...
by IPANetEngineer
Fri Aug 31, 2018 6:54 pm
Forum: Forwarding Protocols
Topic: AS Path prepend Cisco to Mikrotik command Help
Replies: 2
Views: 566

Re: AS Path prepend Cisco to Mikrotik command Help

This is what you're looking for...hope it helps!
/routing bgp instance
set default as=200
/routing bgp network
add network=10.1.1.0/24
/routing bgp peer
add name=peer1 out-filter=PREPEND remote-address=192.168.1.5 remote-as=100
/routing filter
add action=accept chain=PREPEND set-bgp-prepend=3
by IPANetEngineer
Fri Aug 31, 2018 3:32 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70626

Re: RB4011

I'm actually interested to test this router with a full BGP table given the high clock speed and 10 gig port.

Who knows? Could be a diamond in the rough for a border router ;-)
by IPANetEngineer
Fri Aug 31, 2018 3:30 pm
Forum: General
Topic: Feature Request: TACACS/TACACS+
Replies: 35
Views: 8598

Re: Feature Request: TACACS/TACACS+

I would like to see TACACS+ support as well. Being able to restrict the commands that a user can execute is incredibly important. Especially with all of the attacks against MikroTik devices - it provides another layer of protection in addition to the firewall if a lower level user account is comprom...
by IPANetEngineer
Thu Aug 30, 2018 4:44 pm
Forum: RouterBOARD hardware
Topic: CCR1036 SFP1 problem
Replies: 1
Views: 277

Re: CCR1036 SFP1 problem

That's interesting, I haven't heard of this behavior yet, but will certainly look for it.
by IPANetEngineer
Wed Aug 29, 2018 9:44 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM RSTP root not working with SFP
Replies: 4
Views: 1043

Re: CSS326-24G-2S+RM RSTP root not working with SFP

Don't use the edge-port type for 802.1q trunking to another switch. Also you might try MSTP as it can sometimes solve STP interop issues with other switches. Setup 1 This works great. The VLAN is accessible on the second CSS326-24G-2S+RM 1GbE. VLAN1 : (meraki switch) over 1GbE -> (1)CSS326-24G-2S+RM...
by IPANetEngineer
Wed Aug 29, 2018 7:48 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 108
Views: 23712

Re: IPv6 recursive nexthops via iBGP

@IPANetEngineer If it would be important for them, they would have fixed this issue years ago. Just proceed with FRRouting :-) It's better anyways. Depends on your use case. I like FRR and talk to a number of the developers at FRR on a regular basis. However, it's still software that's go to go on ...
by IPANetEngineer
Wed Aug 29, 2018 6:25 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 108
Views: 23712

Re: IPv6 recursive nexthops via iBGP

We could really use an update on this MikroTik. :-)

We are seeing IPv6 adoption move at a much faster pace in 2018 and are having to modify the routing architecture or use other brand routers for our clients to solve this problem.

This has been an issue for a long time but we could really use a fix
by IPANetEngineer
Wed Aug 29, 2018 6:21 pm
Forum: Forwarding Protocols
Topic: Different vrfs Same BGP Peer IP.
Replies: 1
Views: 395

Re: Different vrfs Same BGP Peer IP.

Short answer is no, it's not possible...please see my reply in this thread.

viewtopic.php?f=14&t=138551
by IPANetEngineer
Wed Aug 29, 2018 6:19 pm
Forum: Forwarding Protocols
Topic: Configure BGP to have multiple peers with the same IP in VLAN+VRF combo [SOLVED]
Replies: 1
Views: 693

Re: Configure BGP to have multiple peers with the same IP in VLAN+VRF combo [SOLVED]

In MikroTik, you cannot duplicate the transit IP or subnet inside a VRF the same way you can in Cisco.

Duplicated prefixes inside of a BGP route are fine, but the subnets used for peering or an IGP must be discrete and separate.

This is a limitation of the 6.x kernel from what I've been told.
by IPANetEngineer
Fri Aug 24, 2018 8:09 pm
Forum: Forwarding Protocols
Topic: Configuring a VRF on Single MT Router
Replies: 3
Views: 1236

Re: Configuring a VRF on Single MT Router

You're close but you need to add the WAN interface to the VRF interfaces as well.

Also remove the routing-table=INTERNET on the NAT rule and just match on routing mark
by IPANetEngineer
Fri Aug 24, 2018 8:03 pm
Forum: Forwarding Protocols
Topic: HELP - BGP dynamic route flickering [SOLVED]
Replies: 6
Views: 816

Re: HELP - BGP dynamic route flickering [SOLVED]

Start a continuous ping to the peer address...do you see packet loss or bouncing of the peer? Also start a packet capture on that peering and filter for BGP, that way you can review the BGP updates and messages between your router and the upstream peer to see if your router is signalling a withdraw ...
by IPANetEngineer
Fri Aug 17, 2018 7:12 pm
Forum: General
Topic: Feature request: BGP4-MIB (RFC 4273)
Replies: 32
Views: 5612

Re: Feature request: BGP4-MIB (RFC 4273)

+1 for this feature
by IPANetEngineer
Thu Aug 16, 2018 11:01 pm
Forum: Forwarding Protocols
Topic: BGP check neighbor advertising IPv4
Replies: 1
Views: 375

Re: BGP check neighbor advertising IPv4

One of the best ways is to use a public route server. From there you can see what your prefixes look like advertised into the BGP global table

http://routeserver.org/

Also, BGPLay allows you to visualize subnets and connected ASes

https://stat.ripe.net/special/bgplay
by IPANetEngineer
Thu Aug 16, 2018 10:50 pm
Forum: Forwarding Protocols
Topic: Juniper - Mikrotik LDP/BGP based VPLS
Replies: 9
Views: 1889

Re: Juniper - Mikrotik LDP/BGP based VPLS

Have you tired setting explicit null?

In the topology you have it looks like the PHP routers would be MikroTik and Juniper. We've seen issues before when the PHP routers are different vendors.
by IPANetEngineer
Wed Aug 15, 2018 4:36 pm
Forum: General
Topic: Convert from Cisco to Mikrotik [SOLVED]
Replies: 7
Views: 1425

Re: Convert from Cisco to Mikrotik [SOLVED]

Just a tip, MikroTik recommends using src-nat instead of masquerade when possible as the performance is much better than masquerade.
by IPANetEngineer
Tue Aug 14, 2018 10:57 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113457

Re: v6.43rc [release candidate] is released!

*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only); *) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only); Could we please get some examples of how to use these features on the Wiki ? I cannot see any of the options I would expect, e...
by IPANetEngineer
Tue Aug 14, 2018 10:56 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 365
Views: 243312

Re: Metarouter images

I think Metarouter running something else than RouterOS is a long abandoned concept...
Unfortunately I think yo're right...we all got so excited when CCR came out that it could be an inexpensive hypervisor but I don't think it will happen.
by IPANetEngineer
Tue Aug 14, 2018 10:53 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208064

Re: Feature requests - SNMP OID Ethernet link speed

Feature requests - SNMP OID Ethernet link speed It would be great to have SNMP OIDs for Ethernet link speeds. (if they are there , I have not spotted them yet). These could be very useful to detect when an Ethernet link changes link speed. Such as when what is/was supposed to be a 1-Gig link change...
by IPANetEngineer
Fri Aug 10, 2018 8:43 pm
Forum: Forwarding Protocols
Topic: BGP Failover issues
Replies: 6
Views: 779

Re: BGP Failover issues

So we need to understand whether you're trying to influence traffic coming in from your upstream (normally a "download" for a user) or traffic from your network going outbound (normally an "upload" for a user)

There are different ways to influence BGP depending on what you're trying to do.
by IPANetEngineer
Fri Aug 10, 2018 1:02 am
Forum: General
Topic: Dealing with VLANs on cisco switch.
Replies: 40
Views: 2721

Re: Dealing with VLANs on cisco switch.

So is VLAN 959 tagged towards the MikroTik router from the ISP Cisco Distribution Switch or not?

Can you validate tagged or untagged by using the MikroTik to perform a packet capture using /tool sniffer?
by IPANetEngineer
Fri Aug 10, 2018 12:51 am
Forum: Forwarding Protocols
Topic: Public IPs on network with OSPF
Replies: 3
Views: 607

Re: Public IPs on network with OSPF

If you want a single public IP on each tower, the easiest thing to do is create a loopback using a public IP and then advertise it in OSPF. That way you can keep using non-public IPs for the subnets that connect the towers. Even though this presentation I did is on OSPF troubleshooting, you can see ...
by IPANetEngineer
Wed Aug 08, 2018 4:27 pm
Forum: General
Topic: Stale PPPoE
Replies: 5
Views: 593

Re: Stale PPPoE

What's your CPU load look like? CHR does a pretty good job of terminating PPPoE...you might consider a design like this for HA and scaling. http://www.stubarea51.net/2018/04/23/pppoe-high-availability-design-incorporating-multiple-access-concentratorsbras/ http://www.stubarea51.net/wp-content/upload...
by IPANetEngineer
Wed Aug 08, 2018 4:12 pm
Forum: Forwarding Protocols
Topic: VPLS with QinQ breakouts?
Replies: 1
Views: 659

Re: VPLS with QinQ breakouts?

As a start take a look at this: http://www.stubarea51.net/2018/08/07/mikrotik-isp-design-building-an-802-1q-trunk-between-sites-using-vpls-and-s-tag/ Also if you need professional help, we can certainly assist as we design, build and troubleshoot ISP networks all around the world. Visit iparchitechs...
by IPANetEngineer
Thu Aug 02, 2018 11:10 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 807

Re: MED When same AS_PATH

If you're trying to influence traffic out of an AS (which is what you appear to be doing) then I would start with marking localpref higher on the route you want to be preferred. localpref, unlike weight will be learned by every router in the AS (unlike weight)
by IPANetEngineer
Wed May 30, 2018 6:36 pm
Forum: Forwarding Protocols
Topic: Failover Design
Replies: 3
Views: 572

Re: Failover Design

If you can go into more detail on what "failover" is needed exactly, we can probably give you a more accurate answer. Are you trying to use the same public subnet at two different locations? This article I wrote may be helpful: http://www.stubarea51.net/2018/04/23/wisp-design-building-highly-availab...
by IPANetEngineer
Sat Apr 28, 2018 3:01 am
Forum: General
Topic: MPLS hardware forwarding on new switches?
Replies: 5
Views: 1393

Re: MPLS hardware forwarding on new switches?

Doing MPLS/VPLS and VXLAN in Hardware on switches is a HUGE opportunity for Mikrotik to carve out a niche. I know if this was supported, I wouldn't be buying 1 or 2 switches per year, it would be hundreds if not thousands of switches per year. Couldn't agree with you more...nobody has VXLAN in anyt...
by IPANetEngineer
Thu Apr 26, 2018 4:43 pm
Forum: Virtualization
Topic: looks like chr will never perform for me
Replies: 3
Views: 865

Re: looks like chr will never perform for me

Currently Hyper-V performs way better for CHR than either ESXi or ProxMox

We did extensive performance testing on CHR in our lab and the results are in this presentation from Berlin, Germany at MUM Europe 2018

https://www.youtube.com/watch?time_cont ... cgdGA1W_0o
by IPANetEngineer
Thu Apr 26, 2018 3:47 am
Forum: Forwarding Protocols
Topic: Static routing instead of OSPF
Replies: 2
Views: 476

Re: Static routing instead of OSPF

OSPF is incredibly resilient to routing loops unless you're redistributing prefixes and have a config or design issue. It is the backbone of almost every network we work on for MikroTik - whether by itself or as the transport for iBGP and MPLS/LDP. It sounds like you may have a config or other issue...
by IPANetEngineer
Sat Apr 21, 2018 3:28 am
Forum: Forwarding Protocols
Topic: MPLS - massive throughput difference on CHR when using explicit nulls
Replies: 56
Views: 8406

Re: MPLS - massive throughput difference on CHR when using explicit nulls

I moved my lab to Hyper-V Core 2012 R2, and can confirm that MPLS runs fine on that. That's great info...we did a bunch of CHR testing on different hypervisors for BGP and presented the results in Berlin at MUM Europe 2018. Hyper-V was way better than ESXi and ProxMox (KVM) by a significant margin.
by IPANetEngineer
Wed Apr 18, 2018 5:55 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 13660

Re: IS-IS

IS-IS can scale much larger than OSPF due to the way it designs the hierarchy of flooding domains and by using Incremental SPF. This is why it's used as the IGP of choice for most large ISPs and Data Centers I have an ISP customer with around 200 POP's and OSPF scalability is a real problem. We hav...
by IPANetEngineer
Wed Apr 18, 2018 5:52 pm
Forum: Forwarding Protocols
Topic: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?
Replies: 7
Views: 718

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

No problem...glad you connected with someone. A large part of the IPA sales team has been travelling for the European, US and Mexico MUMs so that could be why you had an issue via phone - although it still shouldn't happen and I'll pass it along to the sales team :-) There are two issues that plague...
by IPANetEngineer
Wed Apr 18, 2018 5:24 pm
Forum: Forwarding Protocols
Topic: OSPFv3 No route to host
Replies: 2
Views: 445

Re: OSPFv3 No route to host

Unfortunately IPv6 routing recursion has been broken for a while and is a limitation of the kernel being used.

viewtopic.php?f=14&t=42268&hilit=ipv6+recursive
by IPANetEngineer
Tue Apr 17, 2018 9:01 pm
Forum: Forwarding Protocols
Topic: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?
Replies: 7
Views: 718

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

This is what BGP is designed for. OSPF doesn't manage traffic very well when you're trying to take a path that isn't the "shortest" While this design may not be exactly what you need, it will give you some ideas on the limitations of OSPF and how you can use BGP communities to set up traffic enginee...
by IPANetEngineer
Tue Apr 17, 2018 8:48 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 13660

Re: IS-IS

Its just sooooo coooooooooool protocol... I'd really like to know where hell I can use it in real life, so please tell the truth :) So to say, I have neither ISPs to establish ISIS with, nor software/hardware within the LAN to use it internally. But the proto is nice, really. IS-IS can scale much l...
by IPANetEngineer
Tue Apr 17, 2018 8:46 pm
Forum: Forwarding Protocols
Topic: Network Design suggestions......
Replies: 4
Views: 597

Re: Network Design suggestions......

Since you're using VPLS already, I would probably use MPLS TE to define paths for traffic rather than OSPF cost. OSPF cost doesn't scale well and can create suboptimal traffic scenarios. This is assuming that traffic engineering is your most important requirement. I normally recommend the bugfix ver...
by IPANetEngineer
Mon Apr 16, 2018 5:19 pm
Forum: Forwarding Protocols
Topic: Duel Firewall rule or HA failover
Replies: 9
Views: 1269

Re: Duel Firewall rule or HA failover

There is a project on Github that worked on this concept (link below) and there are a number of examples of config synch scripts out there.

https://github.com/svlsResearch/ha-mikrotik
by IPANetEngineer
Mon Apr 16, 2018 5:08 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 13660

Re: IS-IS

I don't think it will ever show up in v6 but we may see it in v7 whenever that comes out. :-)
by IPANetEngineer
Fri Apr 13, 2018 7:02 pm
Forum: Forwarding Protocols
Topic: "Ring" Configuration
Replies: 3
Views: 1025

Re: "Ring" Configuration

without knowing all of your requirements, I would probably recommend using something like a CCR1036-8G-2S+ or CCR1072 in a ring topology and configure OSPF for routing and possibly MPLS if you have a need for Layer2 VLANs to go between sites.
by IPANetEngineer
Thu Feb 01, 2018 7:36 pm
Forum: Forwarding Protocols
Topic: MPLS - massive throughput difference on CHR when using explicit nulls
Replies: 56
Views: 8406

Re: MPLS - massive throughput difference on CHR when using explicit nulls

Any updates on this MikroTik? I've been holding off on deploying CHR for MPLS because of this and would love to see this fixed.
by IPANetEngineer
Wed Jan 24, 2018 3:56 pm
Forum: Forwarding Protocols
Topic: BGP route reflectors and cluster-id
Replies: 6
Views: 1662

Re: BGP route reflectors and cluster-id

Your route reflectors should also be peered with each other (but not reflected) is that the way you have it setup? Even if you don't set the cluster-id or set a different cluster id, you're still going to see one route active and one inactive because BGP in MIkroTik doesn't support ECMP. There is a ...
by IPANetEngineer
Thu Jan 11, 2018 2:37 am
Forum: Forwarding Protocols
Topic: MPLS, BGP and OSPF design for wisp
Replies: 27
Views: 5876

Re: MPLS, BGP and OSPF design for wisp

Your BGP peer remote-addresses are wrong. These should be the peer's address on the /30 links.

Not true...in an iBGP design you want the peering address to use loopbacks that are advertised by OSPF so that if an interface goes down and another path is available, the peering will stay online.
by IPANetEngineer
Thu Jan 11, 2018 2:33 am
Forum: Forwarding Protocols
Topic: MPLS, BGP and OSPF design for wisp
Replies: 27
Views: 5876

Re: MPLS, BGP and OSPF design for wisp

Here are a couple of presentations I've done at different MUMs that may help you out with design for this type of network. Hope this helps! BGP as an IGP for Carrier/Enterprise Networks https://mum.mikrotik.com//presentations/US13/kevin.pdf ISP Architecture – MPLS Overview, Design and Implementation...
by IPANetEngineer
Wed Jan 10, 2018 4:43 pm
Forum: Forwarding Protocols
Topic: BGP Multipath Load Balancing
Replies: 14
Views: 2912

Re: BGP Multipath Load Balancing

It can be changed if made a filter to discard half of ISP1 prefixes? If you do that, and ISP2 goes down, then any IP within those prefixes not being advertised to ISP1 will not have Internet connectivity. No, here I mean the route prefixes that I receive from ISP1 and not my advertised networks pre...
by IPANetEngineer
Tue Jan 09, 2018 10:33 pm
Forum: General
Topic: Hiring a consultant for configuration support
Replies: 3
Views: 476

Re: Hiring a consultant for configuration support

Has anyone got experience on hiring people online to write/edit/support a Mikrotik config? We have a single office router that needs to load share and prioritise traffic over three adsl links with the usual firewall protection and a couple of pinholes for SSH and VPN We have enough in house experti...
by IPANetEngineer
Tue Jan 09, 2018 7:08 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 13660

Re: IS-IS

+1 to add IS-IS to Router OS. I think we would be able to to build larger IGP flooding domains with IS-IS due to features like incremental SPF - especially since the Tilera processor doesn't do as well under a heavy computational load like what we have seen in large BGP table sizes and slow converge...
by IPANetEngineer
Tue Jan 09, 2018 5:28 pm
Forum: Forwarding Protocols
Topic: BGP Multipath Load Balancing
Replies: 14
Views: 2912

Re: BGP Multipath Load Balancing

Increase local preference for prefixes you get from ISP2 thanks for your replay, sorry but I don't have experience on tuning BGP I made a filter accept role with BGP Local Pref = 200 And I applied to peer ISP2(less used) in-filter. That bgp-peers prefixes now have 200 local pref value. But I don't ...
by IPANetEngineer
Mon Jan 08, 2018 8:08 pm
Forum: Forwarding Protocols
Topic: Automating address list maintenance - MANRS compliance
Replies: 4
Views: 888

Re: Automating address list maintenance - MANRS compliance

This is great work! thanks for posting :-)
by IPANetEngineer
Mon Jan 08, 2018 8:01 pm
Forum: Announcements
Topic: Newsletter 79 (MUM EUROPE ANNOUNCED!)
Replies: 33
Views: 12424

Re: Newsletter 79 (MUM EUROPE ANNOUNCED!)

Will be in Berlin in April exhibiting and presenting with IP ArchiTechs...can't wait to see everyone. Haven't been back to MUM Europe since Slovenia :-)
by IPANetEngineer
Sat Jan 06, 2018 4:54 am
Forum: Forwarding Protocols
Topic: Cisco to MikroTik command translation - OSPF
Replies: 1
Views: 485

Cisco to MikroTik command translation - OSPF

Wrote another post in a series I started on Cisco to MikroTik command translation to make it easier for engineers that know Cisco to get into MikroTik.

http://www.stubarea51.net/2018/01/05/ci ... tion-ospf/
by IPANetEngineer
Sat Jan 06, 2018 12:50 am
Forum: Forwarding Protocols
Topic: Changing bridget network to RIP
Replies: 5
Views: 596

Re: Changing bridget network to RIP

Hello, I have a network bridget together. It looks like on the attached image (don't pay attention to the addresses at this time). Should I change it into a routed network? For example a RIP routing with addresses like in the image? Or should i go into a OSPF routing? https://thumb.ibb.co/dtwOpw/ne...
by IPANetEngineer
Tue Dec 19, 2017 4:39 pm
Forum: Forwarding Protocols
Topic: Mtu and Mpls
Replies: 5
Views: 796

Re: Mtu and Mpls

Is the L3 transport over a connection that you control or is it a private circuit?
by IPANetEngineer
Fri Dec 08, 2017 12:31 am
Forum: Forwarding Protocols
Topic: MPLS hardware offload in CRS317...how to enable?
Replies: 4
Views: 1466

Re: MPLS hardware offload in CRS317...how to enable?

I have the CRS setup as a P router in the middle of two CCR1036 routers acting as PE routers. It only shows one path as hardware offloaded [admin@MikroTik] > mpls forwarding-table print Flags: H - hw-offload, L - ldp, V - vpls, T - traffic-eng # IN-LABEL OUT-LABELS DESTINATION INTERFACE NEXTHOP 0 ex...
by IPANetEngineer
Thu Dec 07, 2017 5:07 pm
Forum: Beginner Basics
Topic: IPv6 on WAN no cimp
Replies: 15
Views: 1011

Re: IPv6 on WAN no cimp

Have you tried setting the next hop to the link local address instead of the global unicast?
by IPANetEngineer
Thu Dec 07, 2017 5:02 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154943

Re: RouterOS v7.0 beta1 - when?

Dear Santa Claus,

I would like RouterOS v7 for Christmas :-)
of which year?
2017...I'm hoping for a Christmas Miracle :lol:
by IPANetEngineer
Wed Dec 06, 2017 9:06 pm
Forum: Forwarding Protocols
Topic: MPLS hardware offload in CRS317...how to enable?
Replies: 4
Views: 1466

MPLS hardware offload in CRS317...how to enable?

I've been trying to test MPLS hw offload in my lab based on the following entry in the release notes *) crs317 - added initial support for HW offloaded MPLS forwarding; I've built an MPLS network using two CCR1036 routers connected at 10 gig with the CRS317 in the middle (6.41rc47). When i perform a...
by IPANetEngineer
Wed Dec 06, 2017 8:06 pm
Forum: Beginner Basics
Topic: IPv6 on WAN no cimp
Replies: 15
Views: 1011

Re: IPv6 on WAN no cimp

Try disabling the gateway check on the static default route
by IPANetEngineer
Wed Dec 06, 2017 7:47 pm
Forum: Beginner Basics
Topic: IPv6 on WAN no cimp
Replies: 15
Views: 1011

Re: IPv6 on WAN no cimp

You have a static route set for the gateway of 2a01:4a0:4a::1/128 istead of using the directly connected route. That forces the MT to use routing recursion which is not yet supported in RouterOS for IPv6. Try removing the static route and see if the defualt route for global unicast goes active.
by IPANetEngineer
Wed Dec 06, 2017 7:33 pm
Forum: Beginner Basics
Topic: IPv6 on WAN no cimp
Replies: 15
Views: 1011

Re: IPv6 on WAN no cimp

For some reason, the route you have for 2000::/3 isn't active. Is the next hop reachable?
by IPANetEngineer
Wed Dec 06, 2017 7:08 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154943

Re: RouterOS v7.0 beta1 - when?

Dear Santa Claus,

I would like RouterOS v7 for Christmas :-)
by IPANetEngineer
Wed Dec 06, 2017 6:35 pm
Forum: Forwarding Protocols
Topic: QoS in MPLS using the EXP
Replies: 1
Views: 555

Re: QoS in MPLS using the EXP

There have been a few attempts to work around this before. Here is one of them:

viewtopic.php?t=111215
by IPANetEngineer
Wed Dec 06, 2017 6:32 pm
Forum: Forwarding Protocols
Topic: use server xeon like bgp router
Replies: 2
Views: 746

Re: use server xeon like bgp router

I would consider a packet scrubber in between the upstream peer and the border router. This is what they are designed for.

We've used these successfully with both CCRs and CHRs to defend against DDoS attacks and use RTBH

http://www.serveru.us/en/
by IPANetEngineer
Wed Dec 06, 2017 6:22 pm
Forum: Forwarding Protocols
Topic: MPLS + TE two path two VPLS tunnels
Replies: 4
Views: 1092

Re: MPLS + TE two path two VPLS tunnels

I don't think MRZ is suggesting a loopback per subscriber but rather a pair of loopbacks so that you can set different policy for the path of the VPLS tunnel.
by IPANetEngineer
Wed Dec 06, 2017 6:15 pm
Forum: Beginner Basics
Topic: IPv6 on WAN no cimp
Replies: 15
Views: 1011

Re: IPv6 on WAN no cimp

what is the output of /ipv6 route print ?
by IPANetEngineer
Wed Dec 06, 2017 6:00 pm
Forum: General
Topic: NAT table not cleared correctly [SOLVED]
Replies: 77
Views: 6837

Re: NAT table not cleared correctly [SOLVED]

Will be interesting to see what comes of this. I've had the exact same issue of having to clear UDP/5060 sessions manually when there is a failover or outage. I've not put much time into troubleshooting as it doesn't happen very often, but it seems to be the same issue everyone else is having.
by IPANetEngineer
Wed Dec 06, 2017 5:54 pm
Forum: General
Topic: Bad Speeds on CRS125 [SOLVED]
Replies: 6
Views: 504

Re: Bad Speeds on CRS125 [SOLVED]

The CPU of the CRS is very underpowered and struggles to reach anything close to a gig. This is a very common complaint and scenario on the CRS. You really need an RB3011, 100AHx2 or 4 or CCR1009 for the routing part.
by IPANetEngineer
Wed Dec 06, 2017 5:51 pm
Forum: Forwarding Protocols
Topic: multi site connectivity
Replies: 3
Views: 547

Re: multi site connectivity

SSTP works pretty well as a VPN that branches can "dial" back into a central location. Benefits are: 1) AES256 encryption - can be cert based 2) Uses TCP/443 so having ports blocked for VPN is rarely an issue 3) Is a native protocol on Microsoft operating systems and can be setup very easily in wind...
by IPANetEngineer
Tue Dec 05, 2017 6:45 pm
Forum: Virtualization
Topic: ESXI MPLS CHR
Replies: 1
Views: 838

Re: ESXI MPLS CHR

There are some issues with MPLS throughput in the CHR. I don't believe MikroTik has fixed this yet

viewtopic.php?t=122446
by IPANetEngineer
Tue Dec 05, 2017 6:38 pm
Forum: General
Topic: Mikrotik SSTP client is slow
Replies: 2
Views: 876

Re: Mikrotik SSTP client is slow

It is always a best practice to use the same routeros version on each end of the tunnel.

Have you tried matching the ros version and retesting?
by IPANetEngineer
Tue Dec 05, 2017 6:15 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS Packet Loss and Slow Speeds
Replies: 6
Views: 1105

Re: MPLS/VPLS Packet Loss and Slow Speeds

Two questions: 1) Have you run an RFC2544 test on the base RF link without MPLS to see if it passes? 2) What are your MTU settings for: L2MTU, L3 MTU and MPLS MTU on the MikroTik routers? This is a presentation I did for WISPs that want to use MPLS at the 2016 US MUM https://mum.mikrotik.com//presen...
by IPANetEngineer
Sun Oct 01, 2017 4:37 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM MPLS Support
Replies: 53
Views: 14164

Re: CRS317-1G-16S+RM MPLS Support

So with the 6.41rc releases Mikrotik have added "MPLS Forwarding" to the CRS317. In my opinion just being able to forward MPLS packets based on the label is pointless. It wont make me buy the CRS317 over any other plain Layer2 switch. The MPLS features that would make me buy a CRS317 over another d...
by IPANetEngineer
Sun Oct 01, 2017 3:48 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM - Hardware specification
Replies: 34
Views: 7287

Re: CRS317-1G-16S+RM - Hardware specification

Definitely modular PS units. In most cases, we will do all AC or all DC.
by IPANetEngineer
Sat Sep 30, 2017 2:00 pm
Forum: Forwarding Protocols
Topic: MPLS - massive throughput difference on CHR when using explicit nulls
Replies: 56
Views: 8406

Re: MPLS - massive throughput difference on CHR when using explicit nulls

Great troubleshooting work guys! I'm anxious to see the results of this fix as we have been planning to use CHR for a number of MPLS applications.
by IPANetEngineer
Fri Jun 23, 2017 3:09 pm
Forum: Forwarding Protocols
Topic: MPLS - massive throughput difference on CHR when using explicit nulls
Replies: 56
Views: 8406

Re: MPLS - massive throughput difference on CHR when using explicit nulls

Which VNIC are you guys using in VMWARE. VMXNET3 or something else?
by IPANetEngineer
Mon Jun 19, 2017 4:00 pm
Forum: Forwarding Protocols
Topic: BFD not working correctly? Or is this intended?
Replies: 4
Views: 861

Re: BFD not working correctly? Or is this intended?

Nice work and thanks for the info. We've been doing more and more with BFD in MikroTik now that it's been patched.
by IPANetEngineer
Fri Jun 16, 2017 3:23 pm
Forum: Virtualization
Topic: 40Gb interfaces with CHR
Replies: 6
Views: 2416

Re: 40Gb interfaces with CHR

I'm interested to know the answer to this as well.
by IPANetEngineer
Fri Jun 16, 2017 3:14 pm
Forum: Forwarding Protocols
Topic: BFD not working correctly? Or is this intended?
Replies: 4
Views: 861

Re: BFD not working correctly? Or is this intended?

What version of RouterOS are you seeing this on?
by IPANetEngineer
Fri Jun 16, 2017 3:10 pm
Forum: Forwarding Protocols
Topic: OSPF and BGP Issues
Replies: 10
Views: 1800

Re: OSPF and BGP Issues

As far as RouterOS version, I advise all of my clients to run bigfix code as it is much more stable in production. One other practice that can contribute to OSPF/BGP instability is running a lot of mismatched versions on the routers. 6.37.5 bugfix has worked well for a lot of our clients that depend...
by IPANetEngineer
Fri Jun 16, 2017 3:07 pm
Forum: Forwarding Protocols
Topic: OSPF and BGP Issues
Replies: 10
Views: 1800

Re: OSPF and BGP Issues

sir, in Cisco you have a "sh tech" command that we can actually analyze - does Mikrotik have any similar commands? I'm a newbie with Mikrotik and I was hoping I could check something out of the normal "log" files in Mikrotik that would somehow give me a clue as to what is causing or being a trigger...
by IPANetEngineer
Thu Jun 15, 2017 4:14 pm
Forum: General
Topic: CCR1072 as a route server?
Replies: 7
Views: 1291

Re: CCR1072 as a route server?

The CCR1072 is best utilized for large volumes of IP transit 72 cores and 16GB RAM, just screams BGP router rather than packet forwarder. Shame it doesn't live up to that. I'll look in to BIRD as well, I was thinking of creating a looking glass anyway. It actually handles BGP very well in network d...
by IPANetEngineer
Thu Jun 15, 2017 4:09 pm
Forum: General
Topic: CCR1072 as a route server?
Replies: 7
Views: 1291

Re: CCR1072 as a route server?

I'm inclined to agree with Savage. As a route server, you'll probably want to use BIRD or Free Range Routing.

The CCR1072 is best utilized for large volumes of IP transit - it does that job very well.
by IPANetEngineer
Wed Jun 14, 2017 4:21 pm
Forum: Forwarding Protocols
Topic: Assign Public IP across Private Network
Replies: 5
Views: 1201

Re: Assign Public IP across Private Network

Hello, I am trying to configure one of my clients with a public IP that is reachable from the web. He is at a remote site on the LAN side of my Mikrotik router. He has a private ip currently. I have tried so many different NAT rules to accomplish this. I have is router bound to a private IP in the ...
by IPANetEngineer
Wed Jun 14, 2017 4:20 pm
Forum: Forwarding Protocols
Topic: BGP Announce Problem
Replies: 10
Views: 1785

Re: BGP Announce Problem

Actually on MikroTik it doesn't need to be in the routing table at all to be originated No, but it still needs to be originated somewhere. If it hasn't been explicitly configured, BGP won't advertise them. I'm just trying to find out from the OP how those /24 blocks are being generated, as all he's...
by IPANetEngineer
Wed Jun 14, 2017 4:16 pm
Forum: Forwarding Protocols
Topic: BGP CAN'T RECEIVE PREFIX
Replies: 3
Views: 460

Re: BGP CAN'T RECEIVE PREFIX

Has any of your configuration changed?

If not, i'd disable and re-enable the peering and then upgrade to the latest bugfix version of ROuterOS
by IPANetEngineer
Mon Jun 12, 2017 4:00 pm
Forum: Forwarding Protocols
Topic: BGP Announce Problem
Replies: 10
Views: 1785

Re: BGP Announce Problem

Do all four /24 from that block exist in your local route table as /24? BGP won't advertise a prefix unless it has an exact match present in the routing table. That is certainly the behavior of some routing platforms like Cisco, but MikroTik can advertise a prefix without it existing in the routing...
by IPANetEngineer
Fri Jun 09, 2017 4:11 pm
Forum: Forwarding Protocols
Topic: Route customers according to IP address over OSPF
Replies: 4
Views: 580

Re: Route customers according to IP address over OSPF

You can't do this with OSPF, hence, Open Shortest Path First in the name. All traffic will traverse R6, unless the path becomes unavailable. If Cust2 to Cust4 somehow is tunneled to R3, possibilities opens up with OSPF and then it could become interesting though. At best, you're looking at VPLS Tun...
by IPANetEngineer
Thu Jun 08, 2017 4:47 pm
Forum: Forwarding Protocols
Topic: OSPFv3 received routes not in routing table
Replies: 12
Views: 1354

Re: OSPFv3 received routes not in routing table

Good find...thanks for the info!
by IPANetEngineer
Wed Jun 07, 2017 4:00 pm
Forum: Forwarding Protocols
Topic: OSPFv3 received routes not in routing table
Replies: 12
Views: 1354

Re: OSPFv3 received routes not in routing table

That's an interesting point, have you tried replicating the topology with CHRs in a virtual environment like GNS3? it would be interesting to see if it works there
by IPANetEngineer
Tue Jun 06, 2017 3:28 pm
Forum: Forwarding Protocols
Topic: BGP Announcements
Replies: 1
Views: 339

Re: BGP Announcements

By default, most routing implementations will not accept any advertisements that have their own AS in the path. Also, the router won't advertise the routes it learns from one peer back to the same peer.

That said, it's generally a good idea to use BGP filters as soon as you are able to put them in.
by IPANetEngineer
Mon Jun 05, 2017 9:55 pm
Forum: General
Topic: Half duplex 100 only and link duplex mismatch on hAP Lite and EPON
Replies: 22
Views: 3694

Re: Half duplex 100 only and link duplex mismatch on hAP Lite and EPON

Setting one side to auto and then the other to hard coded causes duplex mismatch on 100 Meg links but should work on 1 gig links. Ideally you want to match on both sides. Have you tried any other versions of RouterOS to see if there is any difference? Another easy test is to put a cheap dumb switch ...
by IPANetEngineer
Mon Jun 05, 2017 9:26 pm
Forum: General
Topic: Half duplex 100 only and link duplex mismatch on hAP Lite and EPON
Replies: 22
Views: 3694

Re: Half duplex 100 only and link duplex mismatch on hAP Lite and EPON

What happens if you hard code speed/duplex on each side to 100/Full or 1000/Full ?
by IPANetEngineer
Tue May 30, 2017 4:59 pm
Forum: Forwarding Protocols
Topic: BGP Peer Selection
Replies: 3
Views: 448

Re: BGP Peer Selection

Hello, We have recently bought a ddos protection from a company. They require a GRE tunnel and a BGP peer connected to them. Right now we have two Mikrotik routers each with a BGP connection to our ISP. The problem is that i want incoming traffic to pass through the ddos service provider ( new BGP ...
by IPANetEngineer
Sun May 28, 2017 1:19 am
Forum: Forwarding Protocols
Topic: Understanding MPLS with a switch in between
Replies: 30
Views: 2436

Re: Understanding MPLS with a switch in between

You also want to make sure the switch in between supports at least a 1530 byte frame size to be able to leverage all the features of MPLS like VPLS. Most switches do, but there are still some out there that don't
by IPANetEngineer
Mon May 22, 2017 4:12 pm
Forum: Forwarding Protocols
Topic: Multiple OSPFv3 adjacencies between two routers: Bug ?
Replies: 4
Views: 638

Re: Multiple OSPFv3 adjacencies between two routers: Bug ?

What RouterOS versions have you tried?
by IPANetEngineer
Thu May 18, 2017 4:03 pm
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 1318

Re: BGP Converge time

It's typically due to better clock speeds on a single core for a VM since the process is still confined to a single core. The Tilera family of processors is optimized to move packets. BGP has a heavy computational load with large route tables and so Intel x86 chipsets are able the chew through the d...
by IPANetEngineer
Tue May 16, 2017 4:42 pm
Forum: General
Topic: IPV6 and RouterOs CHR, error
Replies: 5
Views: 629

Re: IPV6 and RouterOs CHR, error

I just ran into this issue when trying to use IPv6 on Windows 10 with GNS3. As soon as I enabled the IPv6 package, the CLI would hang. Here is what I did to resolve it: Increase the memory for the VM from 128MB to 256MB Select "legacy networking mode" in GNS3 and use the Legacy paravirtualized NIC (...
by IPANetEngineer
Tue May 16, 2017 3:52 pm
Forum: Forwarding Protocols
Topic: BGP Issue / Duplicate remote RouterID:
Replies: 11
Views: 1537

Re: BGP Issue / Duplicate remote RouterID:

I'd probably be doing a packet capture at this point and reviewing the peering conversation on each side. That will probably yield some insight.
by IPANetEngineer
Tue May 16, 2017 3:49 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 168
Views: 25924

Re: Which types of ports would you like to see for a high speed router

I respectfully disagree. Those chipsets from Broadcom are fully functional and capable routers. I was hoping Mikrotik could jump into the bandwagon to disrupt Cisco/Juniper/Nokia and bring down the overall costs of networking. Eventually I'd like to start an ISP business, but well.....equipment isn...
by IPANetEngineer
Mon May 15, 2017 9:55 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 168
Views: 25924

Re: Which types of ports would you like to see for a high speed router

I respectfully disagree. Those chipsets from Broadcom are fully functional and capable routers. I was hoping Mikrotik could jump into the bandwagon to disrupt Cisco/Juniper/Nokia and bring down the overall costs of networking. Eventually I'd like to start an ISP business, but well.....equipment isn...
by IPANetEngineer
Mon May 15, 2017 4:35 pm
Forum: Forwarding Protocols
Topic: Can RouterOS do Inter-AS MPLS with Option A/B/C?
Replies: 11
Views: 1476

Re: Can RouterOS do Inter-AS MPLS with Option A/B/C?

If I remember correctly, inter AS MPLS will work as long as you enable BGP multi hop over OSPF and run LDP between the two peers. While this isn't the same solution you using with the Cisco routers, it should allow you to exchange labels. Also, VRF leaking does work. We've built a number of producti...
by IPANetEngineer
Fri May 12, 2017 6:26 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 168
Views: 25924

Re: Which types of ports would you like to see for a high speed router

Great thread!

25 and 40 gig would be my focus. I'll post a longer response when I have a spare minute to think about specific port configurations. Right now, I've got to get ready for the US MUM :-)
by IPANetEngineer
Fri Apr 28, 2017 3:42 pm
Forum: Forwarding Protocols
Topic: OSPFv3 - Static Routes
Replies: 3
Views: 685

Re: OSPFv3 - Static Routes

What RouterOS version is this? Have you tried any others?
by IPANetEngineer
Thu Apr 27, 2017 3:48 pm
Forum: Forwarding Protocols
Topic: BGP default route, 4 peers.
Replies: 2
Views: 850

Re: BGP default route, 4 peers.

If these are public BGP Autonomous Systems, you could always get the provider to whitelist all the prefixes for each envrionment out of each AS and ensure you have peering between your ASes and then you could gradually migrate the IP space over because it would be reachable in both.
by IPANetEngineer
Mon Apr 24, 2017 3:46 pm
Forum: Forwarding Protocols
Topic: MikroTik and MPLS
Replies: 2
Views: 705

Re: MikroTik and MPLS

MikroTik doesn't support ECMP for LDP yet, which is what you need to have ECMP in MPLS.
by IPANetEngineer
Wed Apr 12, 2017 3:59 pm
Forum: Forwarding Protocols
Topic: OSPF star network
Replies: 5
Views: 1030

Re: OSPF star network

Homer, A couple of pointers for you. 1) Don't redistribute into OSPF unless you absolutely have no choice. It creates external routes and breaks the area boundaries of OSPF. Use network statements instead. 2) Areas are what contain the SPF calculations and provide boundaries for LSAs. Use them if se...
by IPANetEngineer
Sun Apr 09, 2017 5:20 pm
Forum: Forwarding Protocols
Topic: OSPF, MLPS/VPLS, PPPoE
Replies: 2
Views: 680

Re: OSPF, MLPS/VPLS, PPPoE

I would argue completely the opposite for a few reasons: 1) IPv4 address efficiency. PPPoE is the best at this as it hands out a /32 by default 2) PPPoE over VPLS is a validated design that works well and has its origins in the telco DSL world, which is why it's used by ISPs all over the globe - it'...
by IPANetEngineer
Thu Mar 30, 2017 12:20 pm
Forum: General
Topic: Virtual Tour of the 2017 Europe MUM Exhibition Hall at 4PM (GMT +2)
Replies: 0
Views: 305

Virtual Tour of the 2017 Europe MUM Exhibition Hall at 4PM (GMT +2)

http://www.iparchitechs.com/wp-content/uploads/2017/03/MUM-2017-Europe-svirtual-tour.png Visit the IP ArchiTechs Facebook page at 4 PM (Local MUM time GMT +2) 10 AM (US Eastern Time GMT -4) for a live streamed tour of the Exhibition Hall at the 2017 Europe MikroTik User Meeting in Milan, Italy. htt...
by IPANetEngineer
Mon Mar 27, 2017 4:27 pm
Forum: Forwarding Protocols
Topic: OSPF without area 0
Replies: 13
Views: 2295

Re: OSPF without area 0

Two questions I would have are:

1) Why do you want to avoid using the backbone area?

2) Do you plan to add more areas (or asked differently - do you plan to grow your network?)
by IPANetEngineer
Sat Mar 25, 2017 8:29 pm
Forum: Forwarding Protocols
Topic: Any plans to implement segment routing
Replies: 5
Views: 1529

Re: Any plans to implement segment routing

+1000 Segment routing would be amazing!!!
by IPANetEngineer
Wed Mar 08, 2017 9:02 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45637

Re: Statement on Vault 7 document release

Thanks for the update Normis.

So as far as you can tell or are aware, the only way to exploit a router is if port 80 is open to the internet and the HTTP service is enabled?
by IPANetEngineer
Fri Mar 03, 2017 10:27 pm
Forum: Forwarding Protocols
Topic: /25 blok ip
Replies: 3
Views: 598

Re: /25 blok ip

You can't divide it exactly into 3 but you can do 4.

An example would be:

10.0.0.0/25 - Block

Subnet #1 - 10.0.0.0/27
Subnet #2 - 10.0.0.32/27
Subnet #3 - 10.0.0.64/27
Subnet #4 - 10.0.0.96/27
by IPANetEngineer
Fri Mar 03, 2017 4:26 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2017: new hardware incoming!
Replies: 86
Views: 20740

Re: MUM Europe 2017: new hardware incoming?

I only have one guess :-)

Router OS v7 beta

C'mon MikroTik, you know you want to!!!!! :-)
by IPANetEngineer
Thu Mar 02, 2017 8:10 pm
Forum: Forwarding Protocols
Topic: Branches not ping each other
Replies: 5
Views: 772

Re: Branches not ping each other

You are most likely hitting the split horizon limitation of RIP. I don't believe that MikroTik has the capability to disable split horizon like you can in Cisco. The options you can consider are: 1. Move to OSPF - it is a far better and faster routing protocol than RIP 2. Enable a full mesh of tunne...
by IPANetEngineer
Wed Mar 01, 2017 8:52 am
Forum: Beginner Basics
Topic: Using OVPN, or VPN to connect 2 networks?
Replies: 3
Views: 580

Re: Using OVPN, or VPN to connect 2 networks?

Any of the MikroTik VPN options would work well for this - i'd prob look at EoIP, SSTP or IPSEC.

Then you can either turn on OSPF for dynamic routing for put static routes in to get the subnets routed across the VPN.
by IPANetEngineer
Mon Feb 27, 2017 4:04 pm
Forum: Forwarding Protocols
Topic: MPLS forwarding table bug?
Replies: 3
Views: 720

Re: MPLS forwarding table bug?

Are both of the VRFs advertised within the VPNv4 community?
by IPANetEngineer
Sat Feb 25, 2017 3:10 am
Forum: Beginner Basics
Topic: MikroTik, Cisco and QinQ
Replies: 3
Views: 1836

Re: MikroTik, Cisco and QinQ

Glad you figured it out! Might want to change the title to SOLVED :-)
by IPANetEngineer
Sat Feb 25, 2017 1:17 am
Forum: RouterBOARD hardware
Topic: CSS326-24G-2S+RM benchmark on the routerboard.com
Replies: 5
Views: 1891

Re: CSS326-24G-2S+RM benchmark on the routerboard.com

Shout out to MIkroTik for suggestion: Why not get some White box switches (brocade silicon) and use MirkoTik SWOS ontop? use the ONIE boot/installer.... It makes me question! As some GREAT white box hardware out there. I would drool over MikroTik taking some whitebox switching hardware and making i...
by IPANetEngineer
Fri Feb 24, 2017 6:13 pm
Forum: General
Topic: DHCP server says "offered"
Replies: 4
Views: 5830

Re: DHCP server says "offered"

Do a packet capture on the host and make sure the full DHCP process is completing. The phases are listed here. We use the acronym DORA for short. https://upload.wikimedia.org/wikipedia/commons/thumb/e/e4/DHCP_session.svg/260px-DHCP_session.svg.png https://en.wikipedia.org/wiki/Dynamic_Host_Configura...
by IPANetEngineer
Fri Feb 24, 2017 6:08 pm
Forum: Beginner Basics
Topic: Problem with site to site vpn on mikrotik.
Replies: 2
Views: 723

Re: Problem with site to site vpn on mikrotik.

Also turn on logging for ipsec in case you have other issues or mismatches. That way you can post the log here and get some help with any settings that don't match up.
by IPANetEngineer
Fri Feb 24, 2017 6:06 pm
Forum: Forwarding Protocols
Topic: 2 wan - ipip - 2 wan
Replies: 2
Views: 460

Re: 2 wan - ipip - 2 wan

So if you have public IPs, what is the challenge in building a second tunnel?
by IPANetEngineer
Thu Feb 23, 2017 6:25 pm
Forum: Beginner Basics
Topic: Tower 1 to Tower 2 transport data
Replies: 6
Views: 613

Re: Tower 1 to Tower 2 transport data

Ideally you need a router at each tower and start with OSPF. BGP is really ideal in the long term as OSPF quickly becomes unmanageable for traffic engineering but you can get started with OSPF. because you are PPPoE based, you can use EoIP until you are comfortable enough to use VPLS over OSPF which...
by IPANetEngineer
Thu Feb 23, 2017 6:09 pm
Forum: Forwarding Protocols
Topic: Adding ipv6 to existing BGP peer
Replies: 5
Views: 1291

Re: Adding ipv6 to existing BGP peer

Be sure to create basic IPV6 firewall rules to keep the bad packets out and let BGP in :-)
by IPANetEngineer
Thu Feb 23, 2017 1:37 am
Forum: The Dude
Topic: a small tribute to Mikrotik
Replies: 2
Views: 664

Re: a small tribute to Mikrotik

Awesome and always nice to see positive feedback towards MT :-)
by IPANetEngineer
Wed Feb 22, 2017 10:47 pm
Forum: General
Topic: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)
Replies: 134
Views: 26301

Re: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)

Glad to see this issue is getting attention still. Been waiting to see a fix on it ever since Alex brought it up at the 2016 US MUM.