MikroTik

IPANetEngineer

Doing MPLS/VPLS and VXLAN in Hardware on switches is a HUGE opportunity for Mikrotik to carve out a niche. I know if this was supported, I wouldn't be buying 1 or 2 switches per year, it would be hundreds if not thousands of switches per year. Couldn't agree with you more...nobody has VXLAN in anyt...

IPANetEngineer

Currently Hyper-V performs way better for CHR than either ESXi or ProxMox

We did extensive performance testing on CHR in our lab and the results are in this presentation from Berlin, Germany at MUM Europe 2018

https://www.youtube.com/watch?time_cont ... cgdGA1W_0o

IPANetEngineer

OSPF is incredibly resilient to routing loops unless you're redistributing prefixes and have a config or design issue. It is the backbone of almost every network we work on for MikroTik - whether by itself or as the transport for iBGP and MPLS/LDP. It sounds like you may have a config or other issue...

IPANetEngineer

I moved my lab to Hyper-V Core 2012 R2, and can confirm that MPLS runs fine on that. That's great info...we did a bunch of CHR testing on different hypervisors for BGP and presented the results in Berlin at MUM Europe 2018. Hyper-V was way better than ESXi and ProxMox (KVM) by a significant margin.

IPANetEngineer

IS-IS can scale much larger than OSPF due to the way it designs the hierarchy of flooding domains and by using Incremental SPF. This is why it's used as the IGP of choice for most large ISPs and Data Centers I have an ISP customer with around 200 POP's and OSPF scalability is a real problem. We hav...

IPANetEngineer

No problem...glad you connected with someone. A large part of the IPA sales team has been travelling for the European, US and Mexico MUMs so that could be why you had an issue via phone - although it still shouldn't happen and I'll pass it along to the sales team :-) There are two issues that plague...

IPANetEngineer

Unfortunately IPv6 routing recursion has been broken for a while and is a limitation of the kernel being used.

viewtopic.php?f=14&t=42268&hilit=ipv6+recursive

IPANetEngineer

This is what BGP is designed for. OSPF doesn't manage traffic very well when you're trying to take a path that isn't the "shortest" While this design may not be exactly what you need, it will give you some ideas on the limitations of OSPF and how you can use BGP communities to set up traffic enginee...

IPANetEngineer

Its just sooooo coooooooooool protocol... I'd really like to know where hell I can use it in real life, so please tell the truth :) So to say, I have neither ISPs to establish ISIS with, nor software/hardware within the LAN to use it internally. But the proto is nice, really. IS-IS can scale much l...

IPANetEngineer

Since you're using VPLS already, I would probably use MPLS TE to define paths for traffic rather than OSPF cost. OSPF cost doesn't scale well and can create suboptimal traffic scenarios. This is assuming that traffic engineering is your most important requirement. I normally recommend the bugfix ver...

IPANetEngineer

There is a project on Github that worked on this concept (link below) and there are a number of examples of config synch scripts out there.

https://github.com/svlsResearch/ha-mikrotik

IPANetEngineer

I don't think it will ever show up in v6 but we may see it in v7 whenever that comes out.

IPANetEngineer

without knowing all of your requirements, I would probably recommend using something like a CCR1036-8G-2S+ or CCR1072 in a ring topology and configure OSPF for routing and possibly MPLS if you have a need for Layer2 VLANs to go between sites.

IPANetEngineer

Any updates on this MikroTik? I've been holding off on deploying CHR for MPLS because of this and would love to see this fixed.

IPANetEngineer

Your route reflectors should also be peered with each other (but not reflected) is that the way you have it setup? Even if you don't set the cluster-id or set a different cluster id, you're still going to see one route active and one inactive because BGP in MIkroTik doesn't support ECMP. There is a ...

IPANetEngineer

Your BGP peer remote-addresses are wrong. These should be the peer's address on the /30 links.

Not true...in an iBGP design you want the peering address to use loopbacks that are advertised by OSPF so that if an interface goes down and another path is available, the peering will stay online.

IPANetEngineer

Here are a couple of presentations I've done at different MUMs that may help you out with design for this type of network. Hope this helps! BGP as an IGP for Carrier/Enterprise Networks https://mum.mikrotik.com//presentations/US13/kevin.pdf ISP Architecture – MPLS Overview, Design and Implementation...

IPANetEngineer

It can be changed if made a filter to discard half of ISP1 prefixes? If you do that, and ISP2 goes down, then any IP within those prefixes not being advertised to ISP1 will not have Internet connectivity. No, here I mean the route prefixes that I receive from ISP1 and not my advertised networks pre...

IPANetEngineer

Has anyone got experience on hiring people online to write/edit/support a Mikrotik config? We have a single office router that needs to load share and prioritise traffic over three adsl links with the usual firewall protection and a couple of pinholes for SSH and VPN We have enough in house experti...

IPANetEngineer

+1 to add IS-IS to Router OS. I think we would be able to to build larger IGP flooding domains with IS-IS due to features like incremental SPF - especially since the Tilera processor doesn't do as well under a heavy computational load like what we have seen in large BGP table sizes and slow converge...

IPANetEngineer

Increase local preference for prefixes you get from ISP2 thanks for your replay, sorry but I don't have experience on tuning BGP I made a filter accept role with BGP Local Pref = 200 And I applied to peer ISP2(less used) in-filter. That bgp-peers prefixes now have 200 local pref value. But I don't ...

IPANetEngineer

This is great work! thanks for posting

IPANetEngineer

Will be in Berlin in April exhibiting and presenting with IP ArchiTechs...can't wait to see everyone. Haven't been back to MUM Europe since Slovenia

IPANetEngineer

Wrote another post in a series I started on Cisco to MikroTik command translation to make it easier for engineers that know Cisco to get into MikroTik.

http://www.stubarea51.net/2018/01/05/ci ... tion-ospf/

IPANetEngineer

Hello, I have a network bridget together. It looks like on the attached image (don't pay attention to the addresses at this time). Should I change it into a routed network? For example a RIP routing with addresses like in the image? Or should i go into a OSPF routing? https://thumb.ibb.co/dtwOpw/ne...

IPANetEngineer

Is the L3 transport over a connection that you control or is it a private circuit?

IPANetEngineer

I have the CRS setup as a P router in the middle of two CCR1036 routers acting as PE routers. It only shows one path as hardware offloaded [admin@MikroTik] > mpls forwarding-table print Flags: H - hw-offload, L - ldp, V - vpls, T - traffic-eng # IN-LABEL OUT-LABELS DESTINATION INTERFACE NEXTHOP 0 ex...

IPANetEngineer

Have you tried setting the next hop to the link local address instead of the global unicast?

IPANetEngineer

Dear Santa Claus,

I would like RouterOS v7 for Christmas
of which year?

2017...I'm hoping for a Christmas Miracle

IPANetEngineer

I've been trying to test MPLS hw offload in my lab based on the following entry in the release notes *) crs317 - added initial support for HW offloaded MPLS forwarding; I've built an MPLS network using two CCR1036 routers connected at 10 gig with the CRS317 in the middle (6.41rc47). When i perform a...

IPANetEngineer

Try disabling the gateway check on the static default route

IPANetEngineer

You have a static route set for the gateway of 2a01:4a0:4a::1/128 istead of using the directly connected route. That forces the MT to use routing recursion which is not yet supported in RouterOS for IPv6. Try removing the static route and see if the defualt route for global unicast goes active.

IPANetEngineer

For some reason, the route you have for 2000::/3 isn't active. Is the next hop reachable?

IPANetEngineer

Dear Santa Claus,

I would like RouterOS v7 for Christmas

IPANetEngineer

There have been a few attempts to work around this before. Here is one of them:

viewtopic.php?t=111215

IPANetEngineer

I would consider a packet scrubber in between the upstream peer and the border router. This is what they are designed for.

We've used these successfully with both CCRs and CHRs to defend against DDoS attacks and use RTBH

http://www.serveru.us/en/

IPANetEngineer

I don't think MRZ is suggesting a loopback per subscriber but rather a pair of loopbacks so that you can set different policy for the path of the VPLS tunnel.

IPANetEngineer

what is the output of /ipv6 route print ?

IPANetEngineer

Will be interesting to see what comes of this. I've had the exact same issue of having to clear UDP/5060 sessions manually when there is a failover or outage. I've not put much time into troubleshooting as it doesn't happen very often, but it seems to be the same issue everyone else is having.

IPANetEngineer

The CPU of the CRS is very underpowered and struggles to reach anything close to a gig. This is a very common complaint and scenario on the CRS. You really need an RB3011, 100AHx2 or 4 or CCR1009 for the routing part.

IPANetEngineer

SSTP works pretty well as a VPN that branches can "dial" back into a central location. Benefits are: 1) AES256 encryption - can be cert based 2) Uses TCP/443 so having ports blocked for VPN is rarely an issue 3) Is a native protocol on Microsoft operating systems and can be setup very easily in wind...

IPANetEngineer

There are some issues with MPLS throughput in the CHR. I don't believe MikroTik has fixed this yet

viewtopic.php?t=122446

IPANetEngineer

It is always a best practice to use the same routeros version on each end of the tunnel.

Have you tried matching the ros version and retesting?

IPANetEngineer

Two questions: 1) Have you run an RFC2544 test on the base RF link without MPLS to see if it passes? 2) What are your MTU settings for: L2MTU, L3 MTU and MPLS MTU on the MikroTik routers? This is a presentation I did for WISPs that want to use MPLS at the 2016 US MUM https://mum.mikrotik.com//presen...

IPANetEngineer

any update on this MikroTIk?

IPANetEngineer

So with the 6.41rc releases Mikrotik have added "MPLS Forwarding" to the CRS317. In my opinion just being able to forward MPLS packets based on the label is pointless. It wont make me buy the CRS317 over any other plain Layer2 switch. The MPLS features that would make me buy a CRS317 over another d...

IPANetEngineer

Definitely modular PS units. In most cases, we will do all AC or all DC.

IPANetEngineer

Great troubleshooting work guys! I'm anxious to see the results of this fix as we have been planning to use CHR for a number of MPLS applications.

IPANetEngineer

Which VNIC are you guys using in VMWARE. VMXNET3 or something else?

IPANetEngineer

Nice work and thanks for the info. We've been doing more and more with BFD in MikroTik now that it's been patched.

Search found 894 matches