MikroTik

doneware

Sure it is cheap when you need only plain VLAN switching. modern switch chips used by Mikrotik, like the Marvell Prestera series can do much more in hw assisted manner: https://www.marvell.com/switching/assets/Prestera_98DX3336_pb.pdf just take 802.1BR port extender: pair this with a router and you...

doneware

traffic generator essentially a packet generator that runs on the CPU. CRS305 is _mainly_ a switch. so it can deliver non blocking switching performance, but the CPU is far from that. check out the block diagram: https://i.mt.lv/cdn/rb_files/CRS305-1G-4Splus-181016084346.png what you see here is the...

doneware

With CRS326-24S+2Q+RM there is a Switch with 40G Port. I guess next RoutingHW will have 40G too. So there will be new faster combinations. i on the other hand would cherish solutions with NBase-T (like the sole crs with nXG ports) so it supports 2.5GbE and 5GbE on a single port rather than using LA...

doneware

It's not hardware nat. Hardware NAT implemented completely in hardware, work on wire speed, and do not use CPU. following your logic, CCRs don't have encryption in HW either, right? btw, can you please point out any _non_cpu_hardware_element_ in the CCR series routers? network operations "done in h...

doneware

Personally I think a RB4011 or a RB1100AHx4 with a SIM slot and either a M.2 with USB support or a mPCIe would be nice to have for situations where you want to back up a single WAN and no other options are available other than cellular or you want to send SMS easily from the Dude edition. you can e...

doneware

I am very surprised that Mikrotik does not use hardware NAT'ing. A10, one of the real high performance CGN manufacturers doesn't necessarily use hw NAT either. we have some boxes from them, they handle several 10s of gbps with sw only nat on dual xeon CPUs (their hw appliance). believe or not, NAT ...

doneware

We use it only for "the dude" monitoring and 3 ppptp servers for managment.

i know it will not improve the performance, but you should really move away from pptp, esp if it is used for sensitive stuff, like management.

doneware

make sure there's nothing attached to the serial console if the device has one. this was a very hard issue to track down: we had devices with long serial cables connected to the router and the other end of the cable (~10m long) wasn't connected to anything. it picked up some EM noise and constantly ...

doneware

/system routerboard usb set type=mini-PCIe so this tells me there are 2 usb ports, one is hardwired to the 1st mpcie slot, while the other is switchable between the 2nd mpcie slot and the type-a external port. :-( i was totally hoping for 3 independent ports so i can use this box as a mobile connec...

doneware

But one should never do a network wide upgrade: it should be staged - at least to minimize the convergence time of routes and everything else. I don't want to imagine 10k routers rebooting a few minutes apart one from another. ok, further info about the upgrade process - something that was ingeniou...

doneware

I don't think it would be that big of a problem. If your network has thousands of routers the bandwidth must be equally big. it is a bit tricky to serve this amount of data quickly. esp. upgrading large number of CPEs managed by some tr-069 based system can be a bottleneck. sw delivery with torrent...

doneware

torrent is used in the Terragraph ecosystem for node software distribution. just saying. in this interpretation to me it perfectly makes sense to download stuff only to ramdisk. please, think in scale: upgrading 10s or 100s of 1000s CPEs can run into serious bottleneck. but i do support the exile of...

doneware

Ok so it is something like the mini-PCI modules used for LTE (and, mainly in the past, also for WiFi)?

i doubt. Mikrotik calls their modules as R11e-xxxx.

doneware

well...the second pci slot is populated with gps as i see... no. as with the ltap mini, the gps is on-board and not socketed. the 2nd mpcie slot is still free. that’s why i suggested back in april that the m33 or ltap (biggie) is the ideal platform for distant deployments. but if you already have I...

doneware

Or just add an USB 3.0 HUB chip... would probably cost $2 instead of $1... And back to the RB 450Gx4, it doesn't even have mPCIe slot, so no excuses here in case of the 450Gx4 it was a crucial goal to keep the same form factor as the 850Gx2 and 450/450G. alao it is rated for harsh temperatures so y...

doneware

The 'ad' in the name may refer to the "real 802.11ad", not the proprietary protocol stuff like the current 60GHz product line. all the 60GHz units made by MikroTik have the 'ad' letters in their product code RBwAPG-60ad-SA (wAP 60Gx3 AP) RBwAPG-60ad (wAP 60G) RBSXTsq-60ad (SXTsq Lite60) RBLHG-60ad ...

doneware

Yes, M could be for Mesh possibly. Could it be for Terragraph? terragraph depends on the QCA64xx baseband from qualcomm and most features it is essentially part of the .11ay standard. the current terragraph has modified MAC&PHY layers, frame structure, basically everything - so it is absolutely not...

doneware

Well, it appears that MikroTik is moving from the small-ISP-backbone world to the home consumer world i might rephrase this a bit: extending instead of moving. but that's just my feeling. It would seem natural to have protocols like BGP, OSPF and MPLS disabled by defauit on such devices, to reduce ...

doneware

Put SMB, Torrent, and other things that have no place in ISP infrastructure into another package. with the SMB thing i am totally OK. with the torrent - do we know the purpose of the torrent client here? i saw a couple of devices which included torrent functionality for sw distribution - and i mean...

doneware

I'm trying to configure OSPF for IPv6 to test recursive routing in v7 to route ipv6 you should use OSPFv3. as far as i see, you have set this under /routing ospf instance using the new 'version' attribute [admin@hgw] /routing/ospf/instance> print Flags: D - dynamic, X - disabled, I - inactive 0 ver...

doneware

It's like putting a switch in between a switch learns mac-adresses ... a switch ages mac-adresses !? a switch with 2 ports doesn't need to learn no MAC addresses and henceforth not responsible for any aging procedures. it neither runs no loop prevention algorythm. whatever is received from port A w...

doneware

L7 application identification with the growing number of <you-name-it>-over-HTTPS applications around, if your app can be identified in the transmission path, then encryption is not working quite right. the network isn't there to solve all the possible issues what in general sw devs are too lazy to...

doneware

There will be interference problems sooner or later, especially if these radios will continue to be used for P2MP covering wide sectors. Phased antenna can do wonders, but it does have some limitations at suppressing interference... and GPS sync doesn't help if it's not your radios that are causing...

doneware

On one pole u cant use same channels...antennas can see each other..the direction of the antenna doesnt matter. sorry, but i see otherwise and i have quite some proof for it. we run a 60GHz single frequency mesh network in Márkó, Hungary (using just a single 2GHz channel, channel #2). we have 4 rad...

doneware

re-checked it with 6.45 on MIPS - works as well. [admin@hgw] > /sys reso usb print detail 0 device="1-0" vendor="Linux 3.3.5 ehci_hcd" name="RB400 EHCI" serial-number="rb400_usb" vendor-id="0x1d6b" device-id="0x0002" speed="480" ports=1 usb-version=" 2.00" 1 device="1-1" name="USB2.0-Serial" vendor-...

doneware

I already read CCR support won’t take years and there is no ETA, but... is it expected to be released in this year or not? if you check out the video that was posted previously (from april 2019) - the multi core BGP test was run on a CCR1016. ( https://www.youtube.com/watch?v=NbfKplzda7I ) as far a...

doneware

C0CAF0AA-D612-42C9-A768-E4E43B3473CA-3191-0000028F5EFFE2C2.jpeg just tried with this chinese arduino nano knockoff which has a WCH340G usb serial adapter, and it works fine. i agree, the device naming is somewhat medeival: [admin@hgw] > /system/resource/usb/print Columns: DEVice, VENDOR, NAME, SPEE...

doneware

I want to use CH340 usb-to-serial adapter. but Mikrotik not support yet.

i saw ch341 kernel module in the newly released routeros7.0 beta1.
tomorrow i will hook on a ch34x based USB to serial to the upgraded router and report back my findings.

doneware

@Normis,
do i correctly assume that from v7 on IPv6 will be part of the 'system' package and will be enabled by default?

[please say yes]

doneware

which program did you use to unzip?

judging the previous images to me it seems it was 7z(ip). at least this was the icon i saw on the posted png.

7zip.png

doneware

just upgraded a wAP60G to see if there's anything new on the wigig part. found nothing spectacular so far, but noticed that there's already a settable 'region' parameter: [admin@2also] /interface/w60g> set 0 region= asia australia canada china eu japan no-region-set usa [admin@2also] /interface/w60g...

doneware

BGP/MPLS are disabled intentionally, as this is a home router test. some traces are visible though :-) - i love the extra insights, like /routing/forwarding-path/print and /routing/route/print. i assume, the debug.* attributes will not be around in the official releases. is there any source that de...

doneware

I lost BGP, but I gained /routing/pimsm and /routing/fantasy, is this the real life, or is this "/routing/fantasy"? mpls is also gone. but looking at /system/packages, i'd say this is really just a preview/snapshot, as all packages are gone. [admin@MikroTik] /system/ntp/server> /sys package/print d...

doneware

still no ipv6 support for L2TP and SSTP client/server, but hey, hello MACSec!!! macsec.png and vrf has been moved from 'ip route vrf' to 'ip vrf'. but export verbose dies on it :-( ipvrf.png on the other hand, environment(?) vars are now possible in DHCP client option values? dhcp-opt-dyn-vars.png f...

doneware

Added ext4 support ?

[admin@MikroTik] > sys reso print 
                   uptime: 2m16s
                  version: 7.0beta1 (development)
               build-time: Sep/05/2019 15:08:48

[admin@MikroTik] /disk> format-drive file-system=
ext3  fat32

i guess not.

doneware

+1! do you have a release date yet?

i just talked to the local distributor in hungary, they already received the price list that includes lora stuff:

R11e-LoRa8
wAP2ND+R11e-LoRa8
and an ~1m long tuned omni antenna for lora

this tells me that availability is pretty much imminent

doneware

having 1GHz channel width reduces the available bandwidth greatly. and it is also not compliant to the original WiGiG standard. so it is a vendor lock for sure. there's a reason why 60GHz gear is so low-power: with this amount of wireless spectrum available in a single channel you don't need no comp...

doneware

the stuff they do is huawei proprietary. it is dome with modified GRE tunnels, and there's a device called HAAP that is merging the two halves together. in most cases the traffic uses the LTE link as the idea of this hybrid access came from the fixed access folks who wanted to work around shitty cop...

doneware

hi, if your repeater connects to a non-mikrotik AP - so you cannot use 'proper' bridge mode on wifi, but only the pseudo-bridge ones - you can run into problems. ipv6 "L3->L2 address mapping" relies on multicast, unlike ipv4 where ARP uses 'just' broadcast. if wireless frames have enough mac address...

doneware

try to use channel 5 (freq 66.96) as this is the closest to the e-band supported by RouterOS - if you are allowed to use it. most countries in eu only allow the lower 4 channels. here the attenuation of O2 will be less noticeable in this frequency range and you can get longer links up. and get a sol...

doneware

plz clarify: wireless wire or wireless wire dish?

doneware

so far only ap-sta and bridge-sta links are supported. once the first terragraph phy compatible units come out - you will have support for arbitrary ap-ap links and therefore a true mess will be possible. until then you need to manually configure your devices as ap or station, and sometimes place mo...

doneware

Thanks for the reply. Any plans/timeline to officially update ROS to support non-mikrotik devices? https://blog.mikrotik.com/announcements/mikrotik-accelerates-the-adoption-of-60-ghz-technologies-with-terragraph.html but this might not address your issue as vanilla WiGig is not compatible with Terr...

doneware

I am afraid this is a misconception. If you use BCP in PPP connections, it doesn't switch the tunnel over from L3 mode to L2 one. It creates an L2 tunnel in addition to the basic L3 one, which is totally independent from it. So the IP address indicated in secret or profile is assigned to the L3 int...

doneware

the problem is with the ppp profile definition: /ppp profile add bridge=hangmaffia_vpn_bridge comment=SITE-TO-SITE-Layer2-VPN local-address=10.11.0.1 name=hangmaffia_vpn if you do BCP, you may not have _any_ IP address configured on any PPP interfaces. so if you want to have IP addresses, just stick...

doneware

strange, mine did work well, albeit it was an upgrade from 44.3 to 45.1 also included flash usage to see how much free space you usually ought to have with a clean setup. this one has almost literally no config in it: /interface bridge add name=bridge1 protocol-mode=none /interface ethernet set [ fi...

doneware

when speaking of native winbox for unices, i might opt for native netinstall instead of winbox.
it mustn't even be GUI based, in fact i'd prefer a scriptable version

doneware

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted: https://wiki.mikrotik.com/wiki/RouterBOOT_changelog now since 6.3-something the routerboot numbering is according to routerOS releases, its version keep on increasing, and we (or I) don't know what has been changed, e...

doneware

CEPT has opened from 57 to 71 GHz

sadly CEPT =/= local regulator

doneware

but ipv6 fastrack is a must.

btw, instead of ds-lite i'd have a nat64 gw

and xlat464 & dns64 resolver in the clients.

doneware

hAP ac2 (and all new IPQ401x based gear) happily can do up to 1Gbps.
i test this regularly with the on-board speedtest (tool speedtest) command.

doneware

soon a new boy will join the party:

https://fccid.io/TV7R11ELT6L

this is the modem we'll have in the LTE version of audience. this is LTE Cat 6, so will support carrier aggregation.

doneware

The well-know NAT64 prefix is only a choice. I typically suggest to our customers, to use their own prefixes, and use several in different NAT64 servers, for some HA. this is a 'me too' moment. although the 'anycast' NAT64 seems to be more or less ok, it gives you less control. with actual unicast ...

doneware

for me DNS64/NAT64 works as expected. with modern devices, that support DS. Apple, Android, freeware unices, and even Windows 7+. that is enough for most folks. but the old or tiny (literally all the uController based stuff) still relies on IPv4. so XLAT464 implementation would be a must in the CPEs...

doneware

I undressed it and saw it from the inside Everything is fine and there is no break inside solder joints beneath BGA chips can easily break due to shock. i have a wAP-LTE, that was pushed off the table by the customer. now it cannot boot unless i press and hold the soldered RAM onto the board. then ...

doneware

I created an environment in routerOS, that enables IoT-like (i.e. the server doesn't talk to the router, but the router talks to the server) operation. it works in a reasonable way, but i'd think i'd be better of with a proper MQTT client implementation in the device, that enables subscribing and po...

doneware

it's not necessarily a lie.
you need a certain hw revision of your hap lites/map lites/whatevers with microUSB on them.

the best way to check this out is to upgrade them to 6.44.x+ and if you have an /interface pwr-line entry after the upgrade, you have a compatible one.

doneware

I want to create a function on my dude server, the function should be able to retrieve the string value of the user from the l2tp interface. I don't know if this is possible, can someone please help? i am not 100% sure how you'd do it on the dude, but i can give you the commands inside routeros for...

doneware

tx-packet-error-rate: 12% this error rate is way too high. also notice that the AP side uses lower modulation scheme (7 vs 8). most probably you get quite some noise there. i don't know your setup, but it you line up your relays back-to-back, and use the same frequency on both of them, you might ge...

doneware

Why to print this info now? Maybe in the future we 'll have another tx-mode

https://blog.mikrotik.com/announcements ... graph.html

doneware

All Mikrotik 60G hardware is so far compatible, so you can mix LHGs and WAPs as you like. But don't expect it to work with other vendors, even if it uses common 802.11ad platform. Everyone is playing on it's own playground, there is no intercompatibility due to customized protocols and different ve...

doneware

Does it out POE power on both ports? that'll be my question too. it would be so nice to have poe out on both ports, so you could just have the indoor CPE connected by a single ethernet and hide the wall wart. also, it would bring more straightforward troubleshooting: - if power is connected, both d...

doneware

Hello. There are new r2 versions LHG60 on the market. the image of "old design" is actually a bit different for the LHG60. the LEDs are on the side populated, and there's no DC barrel jack on the PCB. see images from an actual LHG60 i took apart. with regards to the internals (the block diagram on ...

doneware

there’s a way to enable support for more ram. i have an installation with 24GB RAM, and ROS sees it all. there was a 6.3x version rc that enabled switching on 64bit support, and afterwards all subsequent upgrades retained this setting. i am however sure that this is not supported at all. it does run...

doneware

Wap has 3 Antenna Elements but uses only one Channel, the maximum is 8 Clients not 24. All distances over 150m with WAP to WAP. Or WAP to sXT needs 5 GHz Backup, with LHG with more then 500m, but they need it too. So why in the hell they don’t make it useable? For my business it is impossible to of...

doneware

they are digging their own grave!

sub 6GHz is not always necessary. we have a reasonably big - 145 links in one of the networks - 60GHz routed mesh (with a different equipment) without any 5GHz backup links, without any problems.

doneware

This thing looks great from the inside. I'm just guessing, but the photos i was able to take in Vienna tell some story. now here's my theory: It is very likely this box is built around QCA6335 baseband, which has support 8 (!) phased array antennas. if you look closely, you can see the unpopulated p...

doneware

Can be integrated in any RouterBOARD product with mPCIe slot that has USB support. For example LTAP mini, M11, M33 and others. Requires LoRa package installation. to me, the M33 and LTAP (not mini) integration makes the most sense, because i can add LTE uplink (but might be that 2G is more than eno...

doneware

- new, improved SXT LTE kit with two Ethernet ports Same price but ....inferior....:( Yes, hope MT stops recycling those old modems, and give us some LTE product with LTE 6+ category maybe this will make your day https://fccid.io/TV711ELTE6 no visible specs so far, but the 6 at the end looks promis...

doneware

Just spotted on fcc.io a new model: RBLtAP-2HnD

this must be the long awaited LTAP, the big brother of LTAP mini - wondering what it packs for CPU... i'd love to see an arm or mmips based one. reason: hw crypto.

doneware

Whats about smaller Channels?

you can be OK with this channel mapping. you can have the 100Mbps clients run the same high MCS, and ultimately serve more safely and do buffering on the FE part. i'm more interested in TDD - cause this is the key to boost client numbers.

doneware

channel capacity is so much higher than what we can use currently. let's be easy with that. if you can't have more than MCS9 (SC), then 1Gbps is just ok. .11ad doesn't have channel bonding, so in general you couldn't use the available extra juice anyway. .11ad has at least channel bonding, they sai...

doneware

chipset limit is 8 there was a press announcement from Qualcomm and Mikrotik back in october around the 17th or so, emphasising Qualcomm's upcoming QCA64x8 and QCA64x1 chipsets, promising .11ay. https://www.qualcomm.com/news/releases/2018/10/16/qualcomm-dramatically-extends-wi-fi-experiences-5g-era...

doneware

the 4011 doesn’t have 2 sfp+ ports, but you can squeeze out way more than 1gbps. and it has no fans. there is one thing i don’t quite understand: 10Gbps internet connnectivity for home? this is quite an overkill square! but let’s assume you need this bw, but why’d you place the router into your livi...

doneware

the EU doesn’t certify anything. the just pass the laws, and the technology working groups create documents describing the requirements the device mst comply. testing is usually done by the vendor or an independent lab. then you put together the documentation with the results. but each country in th...

doneware

in general you don't have specificly LAN or WAN ports in routeros. those are just ports, and they act as you configure them. you can have all ports as wan if you wish so. with regards if throughput: you can get 1Gbps pppoe+routing+nat with hex, hex-s, hap ac, hap ac2, 4011 and anything of the ccr se...

doneware

Ok, so I managed to get the SFP to work. Turns out, you need to force it to 1000M by turning off auto negotiation. Furthermore, you need to power down the CRS, plug in the SFP, and then power up the CRS. It might take a few power down/up cycles, but eventually, the CRS will bring the SFP up and it ...

doneware

If so, it it possible to remove the supplied 1.5dBi antennas and upgrade them to something more substantial? i added external LTE antennas a while ago to one. there is a good pdf describing the process with some internal pictures on mikrotik's hw section https://i.mt.lv/cdn/rb_files/Ltap_guide-1807...

doneware

subscriber-number: +CME ERROR: 100

btw, this translates to:

CME ERROR: 100 Unknown error

source: CME ERROR (GSM Equipment Related errors) - https://www.micromedia-int.com/en/gsm-2 ... ted-errors

doneware

/interface lte info 0 once the look for the uicc device info: RouterBOARD wAP R-2nD, 6.42.9 (long-term) as per experience, uicc is only available in 6.43+ Need to get a phone number if you're looking for MSISDN (i.e. the number you dial), as far as i know you can't. you can query the IMSI, which co...

doneware

and usually the same filtering applies as with IPv4 on the MNO side: you can not reach the endpoint over ipv6 if the device just connects to the internet via the mobile operators. they just allow sessions that have been initiated by the mobile end device. so in general it’s not just the NAT that sto...

doneware

and finaly you can get ipv6 address for this device? yes, your MNO must support dual stack or ipv6only access, and the sim card (i.e. your mobile subscription) must be also ipv6/DS enabled on a particular APN you want to connect to. you should know that most (if not every) operator just provide a /...

doneware

yes,
i have both devices (ltap mini, wap lte kit) in operation running 6.43 with dual stack on lte interface.

doneware

consider the following code: admin@mfx-XXXXXXXXXXX] /system gps> :global ttt [/interface bridge host print detail as-value where bridge=bridge1 ] it produces this variable data: [admin@mfx-XXXXXXXXXXX] /system gps> :put $ttt .id=*23;age=00:00:54;bridge=bridge1;comment=;interface=*7;mac-address=00:00...

doneware

those cards are essentially USB devices. your wi-fi is a PCIe device.

check under /system routerboard usb what is set as type. it shall be mini-PCIe

[admin@router] /system routerboard usb> set type=
USB-type-A mini-PCIe

this is just a wild guess, i faced similar issue with a basebox

doneware

i don't understand the outrage about the switch chip functional. with the recent (6.41) bridge changes you can easily do whatever you require on these "more router-ish" devices. stuff will be done in hw, whenever it is possible, and here we have a quite beefy CPU to deal with. yes, it would give mor...

doneware

I'm desperately looking for one with WiFi in Europe

this is a non-wifi unit. i was also told that wireless ones are almost impossible to come by for now.

doneware

sorry for the delay, i have a bunch of other things to focus on. but here's something many were curious about. yes, it does work with DAC cables.

dac4011.png

doneware

just tested a 4011 - i paired it up with a CCR1009-8G-1S-1S+ using GE only. with regards to its single-core CPU performance, i'd say it is at par with the 1.2GHz tilera core, or i might say it is superior just a tiny little bit. i tested it for a project where we use a cr*pload of tunnel/encapsulati...

doneware

I do not see any security problem with this

ok, what abouth the command

/user set admin password=dragon

or doing the same for your bgp passwords, ipsec secrets, etc

doneware

but yeah, at lest the object name in question could be included in the message.
i asked the same with system history

doneware

sadly logging a complete command could ezpose sensitive information to
- all cli/winboz users
- anyone who has access to the syslog server
- anyone who can intervept the traffic between the router and the syslog server, as syslog communication is not encrypted

doneware

Without an example we can not comment why you are not being able to import .rsc file. in case of big export files you can run into situations, when the next command is just not accepted. like you add an object as nameA, then try to set something on the same object by its name, and CLI responds as "...

doneware

Why can't device-specific stuff like MAC-addresses simply be removed from the backup files? i'd like to have something like '/sys backup load name="filename.backup" password="dragon" keep-mac-addresses=yes or an ability to auto-run commands upon successful restore (like a cli command to restore ori...

doneware

yes, 1 file slot per router and it is free for all the platforms that can use IP Cloud will there maybe an API we could use to interact with the backup file? my aim is to have a "remote controlled" set of CPEs... i make changes to the "cloud-twin" and it is (pulled) "replicated" to the physical one...

doneware

Just ran into this issue today.

opened a support request for it earlier today:

Ticket#2018090722004616

doneware

rfc 6286 - AS-wide Unique BGP Identifier for BGP-4 support for routerOS BGP. it relaxes some strict definitions: routerid can be now an arbitrary 32 bit unsigned integer, while the older definition restricts it to "valid unicast address". this breaks BGP compatibility with mikrotik devices right now...

doneware

you can use these: https://www.ebay.com/itm/222636570847 it uses prolific PL2303 usb to serial chip, which is supported by RouterOS. then you just use routeros' built in rfc2217 serial over tcp feature described here: https://wiki.mikrotik.com/wiki/Serial_Port_Usage#Accessing_a_serial_device_as_if_i...

doneware

I don't understand this step about 4011, since fccid made it public - many resourses already made review, publish photos and some tech specs, based on photo and fccid leaks. It's not secret anymore. Mikrotik requested specific parts (schematics, operation description, block diagram) to remain confi...

doneware

4x4 5GHz + 2x2 2Ghz

doneware

no need to wait much

https://fccid.io/TV74011GS-5HQ2HD/Exter ... os-3948604

https://fccid.io/TV74011GS-5HQ2HD/User- ... 948609.pdf

96B069CE-DDE8-4B12-9BF9-10E0CDF544A1.jpeg

doneware

You could use Splunk/syslog for some of these. Then you could make a graphical dashboard showing you when link goes up/down. If Syslog server is on Lan side, you get bot up and down message. If Syslog are on the Wan side and you monitoring Wan side, it will only show when it goes up. i don't want t...

doneware

viewtopic.php?f=1&t=135702

doneware

mikrotik its aware of CDWM importance CWDM-MIKROTIK.jpg well, you can also use OADMs, and just a single optical cable, so you can drop/add wavelengths on each pop. that is the fiber topology will be just a line or a ring, but you can have each node (or more) connected as star or dual-star logical t...

doneware

The FS.com 1310's are listed as working on the wiki page, so I can't see why the CWDM versions of those wouldn't also work. there would have been issues prior 6.31 to be honest. normal (gray) SFPs have different unit code than C/DWDM ones. so mikrotik devices couldn't even detect them. https://www....

doneware

the internal ip starts with 100.x.x.x . The external usualy are 78.x.x.x or 5.x.x.x you should create a ppp profile unique for this service, and use its "on-up" attribute to trigger your script. and the script should be something like this: :local pppoe "<insert the name of your pppoe client here>"...

doneware

True, but it is still good practice to do anti-spoofing filtering on a border router in terms of bogons, you can just blackhole them automatically via BGP. and it shall not affect fastpath. http://www.team-cymru.com/bgp-examples.html#mikrotik-trad http://www.team-cymru.com/bgp-examples.html#mikroti...

doneware

We have updated the manual with some more letters -<n>G+ number of 2.5G Ethernet ports -<n>P+ number of 2.5G Ethernet ports with PoE-out -<n>C+ number of combo 10G Ethernet/SFP+ ports -<n>S+ number of 10G SFP+ ports -<n>XG number of 5G/10G Ethernet ports -<n>XP number of 5G/10G Ethernet ports with ...

doneware

BGP IPv6 With 2 Mikrotiks unusable, eventually it just sends the link local address instead of the actual address for next hop.
OPSFv3 Broken with similar issues.

can you please share some specifics? i have working ipv6 AFI BGPs in multivendor environment with mikrotik [almost] w/o any issues.

doneware

YMMV, but we usually prefer per packet load-sharing it varies. Per packet load sharing will restrict your RTT to the worst value among your available paths/links, that severly limits tcp performance in an unpredictable way. instead, per destination/flow sharing will limit the throughput of your flo...

doneware

if MLPPP is so minor then cisco and juniper should abandoned that function.

trust me, there’s no mlppp support on ios-xr and it’s not even planned. indeed it would be nice to have it

doneware

Little bit better but the issue still present

can you show some results? i was experiencing performance varying between 250-430Mbps using SXTsq ACs with early 6.43rc builds even under excellent conditions.

doneware

i have DWDM ER SFP+ working in there, but it also works with DWDM ZR optics: [me@myswitch] /interface ethernet> monitor 16 once name: sfp-sfpplus16 status: link-ok auto-negotiation: done rate: 10Gbps full-duplex: yes tx-flow-control: no rx-flow-control: no advertising: link-partner-advertising: sfp-...

doneware

i have it running with eoipv6 on large scale with 10s of tunnes.
both ends use FQDN to resolve the other party's address.

keep in mind though, that EoIP is session-less/stateless, and cannot traverse NAT w/o specific rules (requires 1:1 mapping), unlike L2TP over UDP. or SSTP.

doneware

what is the type of the tunnel? but anyway, you can use keepalives to make sure, the tunnel is actually transmitting traffic, and it will then go "down" if it doesn't. like keepalive=10s,4 - that means keepalive message is sent every 10seconds, and after 4 consecutive misses the tunnel is declared t...

doneware

MRZ. Yes... it's a string. And the line is not processing it. It's value is supposed to be placed inline where V1 is and it is not processed as such. So what is supposed to be there to make that work? now i see what you're getting to. try this way [me@router] > :global V1 [parse ":if (($timetest>09...

doneware

My question is: How to send output from a script to syslog? Example: I would like a script to show the dynamic nat and send that to my external syslog server. /ip firewall nat print dynamic try this: :log info message=[/ip firewall nat print dynamic as-value ] it will log the rules line-by-line in ...

doneware

don't know the exact dimensions., i just had one in my hands in berlin MUM. it is at least as deep as the ccr1072 and very heavy. heavier than the 1072. i wasn't able to find a photo of it, just one of its non-poe counterpart, just to get an impression - it is maybe additional 10-12cm longer. as i r...

doneware

It is defined in my script.

can you post your script?

doneware

If you take a look at Google's IPv6 data , you will realize that IPv6 adoption in Latvia is negligible. Guess that's one of the reasons for its current state in RouterOS. last time i talked to Mikrotik employees, they said that they have almost no presence in the government network of Latvia. i was...

doneware

I have a global variable that is a function. I need to pull the function into my script. ($timetest>09:00:00)and($timetest<17:00:00) global variables are not accessible inside the scripts you run by scheduler, unless you explicitly declare them as ":global VariableName;" somewhere in the topmost se...

doneware

If you need cisco/juniper like bgp peer logging you might find this script handy. tested on routeros 6.42.5, but in general shall work in all v6 releases. it will generate logs with severity=info if the peer state advances from disabled towards enstablished, and it will log "errors" as it decreases,...

doneware

you should start your script the following way: {:global CYMRUSTATE; if .... } you always need to declare that a variable is global in the script, even if it exists. otherwise you can't reference it. your code defined CYMRUSTATE in an IF condition. so whenever the condition was fulfilled, you had th...

doneware

please give us the possibility to redirect verbose script execution output to file. maybe it would be also ok if you could have the same functionality what you get using auto_xxxx.rsc and auto_xxxx.out can't we just have this for ordinary scripts? i don't even mind having this as extra statement, in...

doneware

It will not be configurable from RouterOS Hi Mrz, is there any logical explanation to that? in the future we might show configuration applied by netinstall there, but at the moment it will always show factory default configuration. look, if you are into some advanced router configuration in some au...

doneware

can we get read/write access to this thing from routeros?

right now it is not even read-only, since if i update it, it still shows the "default routeros" script.

doneware

JSON encoder
regexp (PCRE) string manipulation

doneware

if i may insert something related about time formatting: [me@router] /system resource> :put [/system resource get uptime ] 1d08:45:37 whereas with the same router [me@router] /system resource> /system resource print uptime: 1d8h45m43s version: 6.42.5 (stable) ok, no big deal, i can parse it both way...

doneware

What's wrong with Wine?

well, windows. bloated, insecure, PITA when it comes to remote access, no proper scripting (i know there's powershell) stupid gui apps with no means of automation.

doneware

There is definitive a need for 5GHz Backup. The weather is getting more problematic these days. We had 2 hard rains the last 10 days which even brought our 18GHz licensed links over it's limits (>30db attenuation) which have a big margin calculated. But backups have to take over very fast as the ra...

doneware

can we have the ipv6 package _enabled_ by default? even if i netinstall the bundle i have to enable it manually. to be honest, using link local addresses and ssh i can do a pretty scalable initial installation rig that doesn't require me running windows (to be able to flashfig). windows is the only ...

doneware

Have you tried flashfig? how about making "default-configuration" flashfig-able? this is my biggest painpoint. it doesn't matter what you have in your devices (i agree, flashfig is easier & faster than manually doing the stuff - but as far as i know it is limited to 4k config size), but if someone ...

doneware

does anyone have any plausible explanation why i'm limited to pick tunnel-id out of 12bits (0-4095) with EoIPv6, whereas EoIP offers me 16bits (0-65535)?

doneware

wave 2 work in the new RouterOS update?

IPQ4018/4019 in the new arm devices (sxtsq, hap ac2, disc lite 5ac) is wave2.
support for 160MHz channel and 80+80mhz is there.

doneware

since 6.39rc33 we have the possibility to run scripts upon DHCP client acquires/releases an address, and certain local variables get populated with actual values. it would be nice to have all received options inserted into individual variables, like $option43 or as an associative array, where the ar...

doneware

there we are: 6.43rc40

Other changes in this release:

!) cloud - added support for licensed CHR instances (including trial);

doneware

The ability to manually specify the Link-local address can make other things easy than just a consistent default GW on all network access segments. well, you can still specify addresses if you want, as you're not limited to have just one or two addresses on the link. but ipv6 is about autoconfigura...

doneware

This is the most frustrating side effect of not being able to manually configure link local addresses, preventing us from deploying IPv6 to a site entirely. nope. in this case - for example GRE - routeros just takes the remote IP address in hexadecimal format, and generates link local addresses by ...

doneware

Iperf is not implemented.

It would be nice to have an iperf3 compatible bandwidth test tool and the ability to specify the port number for it.

there i fixed it

doneware

As the script parameter can be set some variable containing the id of the row in the log. what if it would contain the whole log message in a variable (e.g. $logmessage) and also some others, like - $logseverity: debug..crit - $logtopic: array of all corresponding topics/subsystems i suppose timest...

doneware

if it is about "default router" on servers, you can just use the subnet router anycast address. e.g. xxxx::0

doneware

all we have right now in the number of successful responses received w/o any indication. [me@router] > :put [ping 8.8.8.8 count=3] SEQ HOST SIZE TTL TIME STATUS 0 8.8.8.8 56 57 9ms 1 8.8.8.8 56 57 10ms 2 8.8.8.8 56 57 8ms sent=3 received=3 packet-loss=0% min-rtt=8ms avg-rtt=9ms max-rtt=10ms 3 can we...

doneware

like /ping and /tool fetch etc to monitor. This allows you to set thresholds and also solves the problem you have with netwatch. /ping is also a nice stuff to have, but currently it is lacking some serious functionality. it should be able to return at least the same output when run "as-value" as no...

doneware

Not only is it limited by the recent changes to scripting policy, but also it has always had the problem that a single missed ping indicates a "down" condition. (there is no way to specify a number of missed pings) this is the reason why i asked for this as well: and maybe to add some grace cycles,...

doneware

it is cool to have scripting hooks in netwatch, like up-/down-script. it would be however much more pleasant to have some variables exposed to the scripts, like host since (this time the timestamp of the last change, not the one that has fired the script) routing-mark (which then implies the usage o...

doneware

Will we get IPv6 Support? old cloud was v4 only, w/o any theoretic chance for ipv6 support. cy-bear:~ bat$ host cloud.mikrotik.com cloud.mikrotik.com has address 81.198.87.240 but RCs use cloud2... cy-bear:~ bat$ host cloud2.mikrotik.com cloud2.mikrotik.com has address 159.148.147.201 cloud2.mikrot...

doneware

How do I configure the SFPONU device? Is there a way to update ONU parameters there?

you don't. it is configured through the OLT and the GPON management system. only the ethernet side is configurable in routerOS, just as with other ethernet type interfaces.

doneware

can we have at least the summary of the sent/received ping probes returned as values? all we have right now in the number of successful responses received. [me@router] > put [ping 8.8.8.8 count=3] SEQ HOST SIZE TTL TIME STATUS 0 8.8.8.8 56 57 9ms 1 8.8.8.8 56 57 10ms 2 8.8.8.8 56 57 8ms sent=3 recei...

doneware

At nomikrotik devices it works normally.

be my guest
https://www.cisco.com/c/en/us/support/d ... ut-dr.html

doneware

i doubt flow control will fix that. this issue is known as interface oversubscription or speed conversion drop. you fill the outgoing interface’s buffers with bursty traffic. happens if you have 10g ingress and 1g egress connection, or if multiple GE ports receive traffic that must leave on a single...

doneware

can you show your rack mount adapter?
the indicators are very interesting.

yes, currently i'm travelling but on the weekend i'll take some pictures.

doneware

Is this expected behavior?

yes, and it is documented here:
https://wiki.mikrotik.com/wiki/Manual:D ... igurations

doneware

provided the boards hardware is capable of that https://www.mediatek.com/products/homeNetworking/mt7621n-a the sheet for the SoC doesn't say it has SATA controller - and for msata (regardless whether mpcie or m.2 for factor) ssds this is a must. pcie ssds can be supported if the mmips train has nvm...

doneware

the device identifies itself as Atheros-8327. [admin@tgcpe2] /interface ethernet switch> print detail Flags: I - invalid 0 name="switch1" type=Atheros-8327 mirror-source=none mirror-target=none the QFE8075/2 is just a PHY and it is not part of the SOC. the block diagram you pasted from the qualcomm ...

doneware

So i think, woobm waits for Mikrotik's serial prompting on serial (USB) line and only thinks, its connected, if proper prompt received. Is this true? well, no. i just plugged it into my MBA, started screen with 115200 baud rate on the newly discovered USB tty, and was able to connect via TCP/23 and...

doneware

woobm is basically a prolific PL2303 usb to TTL serial adaptor glued to an ESP8266 + some local flash.
as far as i know, ssh is not supported at all - which is kind of disappointing.
let me check it what does it do when i plug it into an usb charger

doneware

So according to your sheet the RB450Gx4 should have the possibillity for dualband wifi?
Wonder why mikrotik did'nt put it in.

i guess space constraints. the extra power input jack, the serial console, poe-out, all take up valuable space. and to have wifi you would need some extra circuitry

doneware

get a router plus a switch well, I found myself a switch: http://us.dlink.com/products/business-solutions/dms-1100-10tp/ Access-Points-700x320.png well, I found myself a switch: How can I connect it to hEX now? hEX does not have a SFP+ port . hEX uses yes. but hex-s now does have one albeit sfp onl...

doneware

Thanks dude , really didn't know about the USB Serial Adaptor/Console thing.Can it also be used to debug or change router bootup or does it only function after ROS has booted up ? as far as i know it only works if the router has booted up. routeros detects it as serial interface. routerboot is sadl...

doneware

get a router plus a switch just imagine a small form factor CCR sitting next to a small form factor CRS. like the CCR1009 + a CRS2xx, just to get the feeling. but on the CRS we'd need a bit more ports than 8. mounted side by side to only take up a single RU, and a back-to-back connector on the back...

doneware

There perhaps any chance we can get USB console ports on these cheaper devices in the future ? I'd prefer a "real" console but space on the actual board must be a real isssue. you can use WOOBM for temporary console access, or just any random USB to serial adaptor (using PL2303 or FT232) and router...

doneware

just to know the difference between IPQ4018 (hap ac2) and IPQ4019 (this baby and wap60G)

doneware

Newer, faster, cheaper, but same size.

can we assume that Mikrotik will ditch the PPC platform altogether?
the RB1100 series is already arm. now the RBx50 as well. the last survivor seems to be the RB800.

doneware

Newer, faster, cheaper, but same size. indeed it's cheaper than the 850Gx2, but compared to the hAP ac2 - which is almost the same - it's more expensive ($99 vs $69) i know it packs faster 1GB RAM instead of 256MB, and has a _lot_ bigger flash and an uSD card slot. and finally af/at poe and poe OUT...

doneware

How about RM(rackmount) version of Hex? You could use a tray and put a few of those little rascals side by side. ;-) we built a rack-mount kit that accommodates 2 of them and has lights-out to make the link/activity indicators visible even if the devices are tightly stacked on top of each other.

doneware

yes, this is the intended way with all mikrotik platforms. that support both POE-in and DC power in. even the smallest ones. it will prefer the one with higher voltage. so whenever the preferred one's voltage drops to zero, it will use the other one w/o any hassle. there is however a different metho...

doneware

In the bridge settings, where the EoIP tunnel was added, I successfully blocked DHCPv4 (drop udp on 67-68), but I can not understand how to block the IPv6. what do you want to pass through the tunnel? probably it is easier to block stuff using ethertype filtering. [admin@tgcpe2] /interface bridge f...

doneware

only the internal USB headers work: [admin@MikroTik] > /sys resource usb print # DEVICE VENDOR NAME SPEED 0 1-0 Linux 3.3.5-smp ehci_hcd EHCI Host Controller 480 1 2-0 Linux 3.3.5-smp ehci_hcd EHCI Host Controller 480 2 1-1 480 3 2-1 480 4 1-1.3 Generic USB EDC 480 [admin@MikroTik] > /disk print # N...

doneware

OK, finally managed to boot it from SATA. The process was the following: 1. Created a VM in virtualbox with just a CD as mass storage device 2. added the sata drive to it via an USB-to-SATA adapter as USB mass storage device under settings / ports / usb 3. booted the ISO image downloaded from mikrot...

doneware

the same happens with routeros installed on a USB stick

doneware

did anyone had any success to boot this board with routerOS from an SD card? netinstall cannot produce a bootable SD. if i do the x86 iso boot installation in a VM, and installed RouterOS to the SD card there. it started booting in the APU but hangs soon PCEngines apu3 coreboot build 20170302 2032 M...

doneware

both cap ac and hap ac2 are wave2 based. qualcomm ipq4018, look’em up it's automatically add wave2 support to RouterOS i guess not. but it already has support for some features, like 160MHz channel bandwidth. something, you did not had before with pre wave2 hw. yes, we can debate about how a 160MHz...

doneware

Only the 802.11ad will exceed the limit in practice, but even that is not always a bad thing. It is good to allow some room for the error correction etc. i have some radios with modified 802.11ad that claim to be able to deliver ~2.3Gbps - indeed it might be only the radio bandwidth. and most peopl...

doneware

Maybe because of none Wave 2 Mikrotik products is currently exist, lol.

both cap ac and hap ac2 are wave2 based. qualcomm ipq4018, look’em up

doneware

LTE pci-e modem the wwan modems are usb ones, even though they come in mpcie form factor. indeed i like the idea to have an unpopulated mpcie slot with both pcie and usb pins connected. btw, this could be the nextgen rb2011-rm. otoh adding 8 ports and a mpcie slot would result double sized pcb - so...

doneware

They will only need to develop against one switch vendors ABI, and get better purchasing power if they are buying SoC and switch ASIC from the same vendor. i concur. mikrotik has quite a colorful hw architecture right now, and extending it with others will just create more tasks for the dev team. i...

doneware

sorry for the obvious dumb question.
did you make sure you inserted the sim card properly? it seem to fit either way, but only works in one of the four possible positions.
yes, it happened to me as well.

doneware

the marvell phys in the crs3xx series support up to 175m as i recon I read you only today, two days after. Good, ok. Did you hear or read it? I read specs, but I can't find it. https://www.marvell.com/docs/phys-transceivers/assets/marvell-phys-transceivers-alaska-v-88e1680-product-brief-2014-07.pdf...

doneware

if i`m not create rules in mangle - internet not work correctly :( ok, maybe your PPPoE client is configured with the wrong MTU. if you use an ethernet port with MTU set to 1500, your PPPoE client shall have 1492 byte MTU. (PPPoE + PPP header together are 8 bytes) /interface PPPoE-client set 0 mtu=...

doneware

the marvell phys in the crs3xx series support up to 175m as i recon

doneware

the most el-cheapo single port FE usb dongles out there on ebay just work fine.
they are kind of limited however on throughput.

doneware

you can use a script based workaround, like i did. run this every minute from scheduler. it is quite lame, works only with a single local user and a single RADIUS server. whenever it detects outgoing requests with timeouts/bad replies, it will enable the specified local user. if it responds again, i...

doneware

my take on remote accessible device management - and some may be behind a "one-way" access medium, like NAT or 3G/4G, where you can't just connect to the device from the outside - is to have a VPS running routeros. and there's no ports exposed there, but only IPSec. so the managed devices shall conn...

doneware

another interesting stuff i found while dumping traffic on a router with winbox disabled in ip services but mac-winbox enabled under /tools mac-server mac-winbox on internal interfaces. As it was told, this stuff runs between unicast MAC addresses, but using 0.0.0.0 and 255.255.255.255 IP addresses ...

doneware

stumbled upon a strange stuff after upgrade. [me@hgw2] > /log print follow-only 21:20:46 ssh,error Corrupt host's key, regenerating it! Reboot required! it happens when i'm trying to access the router from my freebsd box debug1: Local version string SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 debug1: Remot...

doneware

But the intruder can also sit inside your network. What if the intruder connects in with the MAC address/Neighbors service? There is no filtering possible on that. yes. one can disable the mac-winbox functionality. but the attack surface is a lot broader on the internet. i just pointed out that rem...

doneware

Just to bust some myths, i re-did the connection to a device that doesn't have no firewall input filter protection for the winbox port, but only the "allowed-address" type filterint in /ip service . some claim, that it is possible to extract information from the device this way. it seems, it isn't. ...

doneware

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router; Shifting of the blame onto users... what else are we supposed to use for remote management? true indeed, but you shall not use winbox anyway. stuff that just downloads dlls from a remote devie (it used to for quite ...

doneware

two groups? like two independent L2 domains?
use bridge VLANs.

doneware

never the less, all the DX series SOCs do support vxLAN in hardware, something that is not exposed to RouterOS yet.
this might be a pretty good replacement for EoMPLS/VPLS in many cases, however.
so let's hope Mikrotik gives us vxLAN soon.

doneware

Do we know if there will be MPLS hardware forwarding on the new switches? mikrotik is heavily investing into Marvell's PRESTERA DX series SOCs. the crs326, the crs328 from the existing range use the 98DX3236A1, the beefier crs317 based on 98DX8216B0. the just announced 20SFP version of crs328 has t...

doneware

ok, i admit, i did not read all the docs. but still it is kind of annoying/disappointing. i had a "bit" complex L2 setup with pre 6.41 configuration solely utilising switch chip features on crs1xx/2xx devices. now the time has come to upgrade some of them to the new style config, which I did. the cr...

doneware

SSTP normally works on every network. While it is a bad VPN in general i'm glad someone pointed this out. it's the TCP over TCP effect, that can cause issues over congested links. don't know it is covered anywhere in the MT docs, however. The next thing they implement is deep packet inspection and ...

doneware

try to force 1G connection at interface.

disabling autonego (i reckon it's needed to manually set the speed) is not really a good idea.

doneware

also note, due to mikrotik's implementation, variable value sizes can be up to 4096 bytes.
this ultimately limits the file size you create this way.

doneware

And I want receive ping result with percent and time sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms How can i do this? packet loss/success percent is easy to pull off: :local totalsent 10 :local success [/ping count=$totalsent x.x.x.x ] :put ($success * 100 / $totalsent) due t...

doneware

so 10G interfaces

as i remember Janis' ending lines to the device itself, he was mentioning 2.5G/5G/10G there as the new way Mikrotik is following - maybe was just a freudian slip - this was the base of my speculation.

doneware

http://wiki.mikrotik.com/wiki/Manual:Product_Naming

can we assume the combination XG will mean multi-gigabit?
like in CRS312-4C+8XG

doneware

LtAp is indeed a good solution

as Mikrotik guys confirmed it on site in Berlin, the device uses the same LTE modem as the wAP LTE kit and the GPS is on the board, not on the modem.

doneware

image https://wikidevi.com/wiki/File:MikroTik_hAP_ac2a.jpg https://wikidevi.com/wiki/File:MikroTik_hAP_ac2.jpg Is this design a major cause of poor cooling? :D i don't think that moving the heatsink to the other side would make things different. the CPU would be cooled more efficiently, i suppose. ...

Search found 505 matches