MikroTik

doneware

So I guess CPU will quite likely remain bottleneck for wireless on mikrotik devices unless somebody modifies drivers to spread the load between all CPU cores (which is likely a hard thing due to timing issues or else all drivers would be doing it already). well, ok. but i still can't see how some w...

doneware

max speed topped around 580ish Mbps. switched over to the 2x2 radio to see whether it will be better. as previously, bridge is in fast-path mode. config is dumb as it can be. still performing around 560Mbps. the client was the same, an iMac with 3x3 ac broadcom wifi. don't get me wrong, it is nice,...

doneware

tested iperf3 throughput wifiwave2 on an audience configured as a simple AP, from blank config - using the 4x4 radio. the other end was an iMac with 3x3 BCM94331CD. max speed topped around 580ish Mbps. this seemed to be strange, so i checked stats. found out that core2 is getting all the fun as show...

doneware

Documentation of the REST API https://help.mikrotik.com/docs/display/ROS/REST+API

Normis, will it pe possible somehow to decouple REST from www-ssl in the future?
i definitely don't want to expose the web ui to everyone. and maybe a way to change the base URI for the REST API.

doneware

with REST API finally here a lot of possibilities are open at once. thank you!
(let me try one more thing)

doneware

Note:Second hand Norton core 517 is just 17.595 dollar in china. These wireless card build with four 24dBm PA chips and four DIPLEXERs

link please...

doneware

Or I should find an U.FL male to RP-SMA adapter? it's definitely not mmcx. just tested the same connectors on a hAP ac with an u.FL to RPSMA pigtail, seems to fits perfectly, see attached photos. the actual connectors on the boards are pretty different though. i added two close up photos from both,...

doneware

The Block Diagram for this device says the switch chip is QCA8327.

thx for the correction. i thought the box has the same 4019 SoC, turned out the ac2 has 4018. my bad.

doneware

Does anyone know what kind of switch chip is used in hAP ac³? it has the same IPQ4019 SoC as the hAP2 - judging from the datasheet. since it has a 5port switch embedded, this leaves not much option open :-) https://www.codico.com/fxdata/codico/prod/temedia/newsimages_image/dakota.jpg the most notab...

doneware

man, the world is small.

doneware

Does anyone know of a case manufacturer that can supply generic unbranded cases for MikroTik routerboards? Particularly rackmount cases. i can help. we already manufactured with our partner almost 1000 1U units for boards (450G/850G/M11/M33) with front accessible 230V power feed and serial console ...

doneware

And if vpn1.remotewinbox.com:12345 is simple port forwarding through tunnel, which looks like it, if you can connect to it using standard WinBox, there's no reason why they would need extra user on your router and know its password. nope, you are totally right. there's 0 need for any local user to ...

doneware

also found this in the new help pages.
https://help.mikrotik.com/docs/display/ ... rialHeader

doneware

The likely reason is a defective LTE modem (board) or PCIe ports on the board, or maybe all of them. most likely it's the modem. i also encountered one (inside a LTAP mini) which was working fine (indoors) but stopped, and on the next reboot the LTE interface was gone. if i do an usb power reset to...

doneware

I see that in addition you have a USB as serial port. Yesterday I tried to use Woobm-USB on this board without success, ok, this is strange. the WooBM is essentially an ESP8266 glued to a PL2303 usb to serial bridge. and the USB3 you saw on the console output i posted was exactly a 'regular' prolif...

doneware

i found it. see attached drawing for further reference. pin numbering starts from the bottom left (the board's silkscreen clearly shows 1 and 2) PIN12 rx PIN13 tx PIN14 gnd the signal is TTL level. works fine with a $1 USB to serial bridge from eBay (PL2303, CH340/341, FT2102, and their clones) 1968...

doneware

Hi, i've been trying to figure out where i could find the 2nd serial port on this device. serial0 is obviously the console with the DB9 port. but the device lists also a serial1 port, but i can't find the headers on the board. anyone had any luck with this? thx image-1.png edit: usb3 is an USB-to-se...

doneware

ok, let's go step by step. 1. the MAC address on the LTE interface is a bit misleading. never the less, you can't do bonding there. 2. ECMP (equal cost multipath) can work with multiple independent operators, you just need to persuade routerOS 6.x to take the multiple available paths into considerat...

doneware

Why I can't add LTE interfaces there? bonding is for ethernet interfaces, and happens at OSI Layer 2. as you might have seen, it's about sending frames in various fashion across multiple interfaces, like round robin or using some sort of hashing algorithm. with LTE - which might look as a 'regular'...

doneware

At the same time, I do not know (obviously, I am not a specialist) if it's normal to see this behavior. Maybe someone with power knowledge can say yes or no. just telling my personal experiences. we use -48VDC (36-72V) DC-DC converters with Mikrotik devices in telco environment. in this case, the i...

doneware

mikrotik explicitly refers to -48VDC (telecom power) support if it is there:

https://mikrotik.com/product/pw48v_12v85w
https://mikrotik.com/product/hot_swap__ ... or_ccr1072
https://mikrotik.com/product/rb1100ahx4

doneware

the 4 arm cores do a really good job in this device. we ran some performance tests on it - routing ipv4 and ipv6, bridging, l2tp - it performed very well. i'd take this over the ccr1016-12s. also remember that the kernel in pre 7.x routerOS is still 32bit and a native 64bit kernel will surely have p...

doneware

and this time it worked.

good to hear everything worked out finally

doneware

ROS it's good but Mikrotik should really consider dropping their actual driver in favor of ath10k in SOHO products, e.g. an indoor AP will never require to run PTP protocols like NV2 or nstreme instead they need better 802.11ac support. well, in theory it is possible to have 2 wireless packages. on...

doneware

ip dhcp-client never gets an address on the bridge or ether1 interface. I added a static IP and route and still no access. I can only get to it via the IP>Neighbor from the slave unit with telnet or mac-telnet. ok. small details add a great deal of information. i have to emphasise: don't (actually ...

doneware

The IP used to be assigned to the bridge and I could not manage so I moved to ether1. I have moved it back to the bridge interface and still same issue. Any other Ideas? there is no default route configured in one of the configs - which makes sense as you have a dhcp-client active on bridge. but th...

doneware

Match User mikrotik-upload AuthenticationMethods password been dealing with this lately and it does work with pub key authentication - which is superior to password. esp that password auth is disabled by default in openssh. you can easily add private keys to the respective account in routeros, and ...

doneware

the issue is related to the config. you assigned address to ether1. /ip address add address=192.168.2.16/24 interface=ether1 network=192.168.2.0 but the same interface is also a bridge port: /interface bridge port add bridge=bridge comment=defconf hw=no interface=ether1 add bridge=bridge comment=def...

doneware

Then I drag and dropped the Router OS npk, and all the extra npk's into the root directory of the RouterBoard FTP server. Then I powercycled it. i'm a bit unsure about this. regardless what is in the files section, power cycle will not install anything. when you 'reboot' the device, it will first c...

doneware

these IPsec test results throughput are for encryption or for decryption? the performance numbers you get based on direction shouldn't be different. if acceleration is available for encryption it is also there for decryption. as it is usually with encryption, the actual bps performance depends on m...

doneware

wow, pretty cool, thanks for sharing! we don't have b28 home (only a handful of counties have it in europe) yet.
extra points for the nondestructive mod

doneware

If only there was IPv6 fastpath.... well since there were no rules in firewall, it had the lightest load possible - basically packet forwarding along connected routes. in terms of PPS it is pretty much understandable you will always get subpar results compared to IPv4. the header size is twice big,...

doneware

Probably you have to generate far more sessions in order to see the other cores working. we did some throughput tests with the CCR2004 - running 6.48b12. it actually performed quite well, we were able to reach peak ipv4 routing throughput of 32Gbps with just 8 streams. as for ipv6, the picture is a...

doneware

How do you find it, wanna see by my eyes.

npk-tools, and some traditional unix utils: find, strings, sort, grep.

doneware

I extrapolated these codes out: ccr2004-2g-2xc-2s+/r2-60 4 Core, 2x 1G, 2x 10G/25G SFP28, 2x 10G SFP+, 2.4Ghz WiFi, 802.11ay 60Ghz It all seems possible, but not completely logical. imagine a device - the ccr2004-2g-xxx - which is compact. as compact as a powerbox, maybe thicker. has decent fiberop...

doneware

well, with pre-v7 implementation in routerOS you pretty much depended on the MPLS package to use VRFs, regardless whether there was actual labelling configured. even in those typical vrf lite scenarios.

doneware

crs3xx - added initial Bridge Port Extender support (CLI only); *) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only); is this 802.1BR? if so, how long until we get also support for this in CCRs? i'd love to see ports from port ...

doneware

The ipv6 of ros is really too bad, even the basic use cannot be guaranteed, everything needs official attention and repair. i'd say there's a lot more to improve, but it is still superior to many other available implementations out there. and i love the flexibility it offers to me. i spent 20+ yrs ...

doneware

in reality this isn't a workaround, more like an addition. i collected packet captures from different devices, and they all respect the DHCPv6 lease time in their RA. so this two changes shall be combined. ok, there should maybe be 3 changes, as the DHCP-PD server in routeros also doesn't care abou...

doneware

The minimum can be set to 10 minutes, the time is too long, everything is meaningless, do not know if it will work. yes, it still sucks. moreover those ND prefix entries are dynamic. there's another workaround i proposed to support: once an interface is getting renumbered (read: it looses a certain...

doneware

When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart. well, to me it seems to be an issue, as dynamic ND prefix entries have their valid-lifetime independently from the dhcpv6 PD lease the system used to generat...

doneware

When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart. When can it be fixed, this problem has been for many years. hi. it depends on the value of ra-prefix-lifetime. it's 30mins or so. SLAAC is stateless - hence ...

doneware

log - made startup script failures log as critical errors;

god bless you!!!!!!

doneware

LTAP is a great choice for lora as it already has cellular connectivity. can you check whether the it shows up as an usb device? it should be something similar (lora8 card in RBM11G) [admin@loragw] > /system resource usb print detail 0 device="1-0" vendor="Linux 3.3.5 xhci-hcd" n...

doneware

10G/40G: SOHO/SMB 25G/100G: datacenter sort of. 40G was _the_ datacenter thing for quite a while, but almost entirely for switching / spine+leaf. there was for example no 'real' cisco router with 40G interfaces - they had 10GE or 100GE. the thing with 40G is that the form factor is really not effic...

doneware

.

their shop says that it's on stock, and they have 20 units. and not a single word on routerboard.com.
meanwhile in Europe -_-

doneware

can anyone help before I send these back...I am very disappointed but like to assume that I am the one that is missing something here...because otherwise these units are just "bricks" and are going back. you don't need (actually you can't) set what bands shall be supported. you may contro...

doneware

/system routerboard usb set type=mini-PCIe

in cases like this just look up the block diagram. it will show whether there's a possibility to switch between ports/slots/interfaces.

doneware

I think the shields are worth it. They helped with a bit of isolation between stations, kept clients more locked on to their respective AP's. They also allowed us to add some up or down tilt to focus in towards lower or higher areas. Mounting is just better with them. i have a network with ~300 wAP...

doneware

how does it work?

see here:

https://help.mikrotik.com/docs/display/ ... g+Profiles
(old page) https://wiki.mikrotik.com/wiki/Manual:I ... g_Profiles

there's also a MUM presentation about hs2.0
https://mum.mikrotik.com/presentations/ ... 849522.pdf

doneware

I'm wondering whether i am the only one who wants to use HS2.0 enabled CAPSMAN. i chewed myself through the CLI and the docs, and found no possible way to refer any previously configured interworking profile from the capsman manager. IW profiles can be applied per SSID, so logically those should be ...

doneware

RB260GS ? there was a predecessor to RB260GS, the very first SwOS device called RB250GS it was the cheapest mikrotik device with GE ports back then. i had one for 5+ years in operation. https://mikrotik.com/product/RB250GS but - funny enough - the current RB260GS more (+1 SFP) for the same price :-)

doneware

M.2 with the 2242 form factor seem to allways use B+M key. those are M.2 Legacy SATA disks, incapable for PCIe operation. since the SoC on this routerboard doesn't have no SATA controller, those can't be used. even if the physical form factor exposes pins to a certain functionality (the B-key also ...

doneware

just popped up on the radar.

RBD53GR-5HacD2HnD-US&R11e-LTE6 - with integrated LTE6 as well & a massive heatsink.

https://fccid.io/TV7RDB53-5ACD2ND/Exter ... 680941.pdf
https://fccid.io/TV7RDB53-5ACD2ND/Inter ... 680946.pdf

doneware

*) wireless - improved system stability on hAP ac^2;

i'm wondering whether these enhancements also apply to the 'sister-devices' like cAP-ac.

doneware

hAP ac2 (and all new IPQ401x based gear) happily can do up to 1Gbps. i test this regularly with the on-board speedtest (tool speedtest) command. I can only get 600mbps+- without firewall, with firewall it maxed at 350mbps, what did you do with hAP ac2 to get it run at 1gbps in ipv6? Can share to us...

doneware

there's a factory bootloader on the flash, that cannot be upgraded. if anything goes south with the user-upgradable one it still should be get to netinstall. i saw symptoms similar to what you describe with a wAP-R, but it turned out the RAM chip is somewhat loose. once I pressed and held it against...

doneware

I think you are on the right track here, and this could be a device in a square plastic enclosure that has connectors and a mounting bracket on the bottom to act as a Terragraph node. I have no real idea, but it makes sense and the speculation is fun :D i built a fairly big network out of rev.5 ter...

doneware

ccr2004-1g-12s+2xs ccr2016-1g-12xs-2xq ccr2004-2g-2xc-2s+ ccr2004-2g-2xc-2s+/r2 ccr2004-2g-2xc-2s+/r2-60 All referenced in a kernel object file in v7.0b5... well, they are also to be found in 6.47b35 (checked the arm build) along with this baby: CRS319-1G-16P-2S+ and this is not the already known n...

doneware

I extrapolated these codes out: ccr2004-1g-12s+2xs 4 Core, 1x 1G, 12x 10G SFP+, 2x 25G SFP28 ccr2016-1g-12xs-2xq 4 Core, 1x 1G, 12x 25G SFP+, 2x 100G QSFP28 ccr2004-2g-2xc-2s+ 4 Core, 2x 1G, 2x 10G/25G SFP28, 2x 10G SFP+ ccr2004-2g-2xc-2s+/r2 4 Core, 2x 1G, 2x 10G/25G SFP28, 2x 10G SFP+, 2.4Ghz WiF...

doneware

I am curious... given the nearly nonexistent support of file contents availability in the command language, how do you detect a configuration change? parsing the syslog that arrives on the remote server helps a lot. added/removed/changed messages indicate something has happened. i also like to trig...

doneware

But you don't need to set advertise=yes in bridge1?? Customer device's will not have IPv6 address. Thanks

advertise=yes is the default if the interface has a GUA (statically or dynamically) assigned. but to stay on the safe side you can always specify this exclusively.

doneware

Could anyone point to a comparable unit to the ER12 in regards to performance?

i'd go for the RB4011 w/o wifi (RB4011iGS+RM). this has superior performance, similar form factor.
i love it and use it even in ipv6-only environment with ospfv3 and bgp.
and it is very affordable.

doneware

but client needs original password.

hence there's no cure for every issue. again, the lame uniform symmetric encoding on the client can be seemingly effective against idiots, proving this is a bit better than nothing.
on the server, where the impact is more significant, we need hashes.

doneware

wait for someone who will write independent decryptor, and when (not if) it happens, the encryption will be useless. i agree. the best solution for local ppp / hotspot accounts would be to use password hashes instead of cleartext passwords. but this is a huge change, albeit not as difficult as the ...

doneware

But try the same as user who's group doesn't have sensitive policy and you won't see password: /ppp secret add local-address=192.168.99.1 name=tester password=***** remote-address=192.168.99.10 So it would be the same with certificates and others. And then there's not much difference if you have pe...

doneware

I think private keys should never be exportable, neither cert or ssh. not quite sure how much secure is the same private key or cert if it's stored on a random server or your laptop. and as you know, certificates and ssh hostkeys can be exported with a specific routerOS command and stored on the fl...

doneware

Can you tell us what you have in mind? we have these 2 half-solutions for saving the configuration, but together they don't add up to a solid one. backup cannot be transferred among different device families, and it is not editable. more or less that's just a file archive of the ROS internal filesy...

doneware

sorry, i did not find any better place to put this. technically it is not a bug report, it is a request for enhancement.
is it just me, or there's someone else out there who'd like to see improvements to the output of the "export" command?

doneware

cut the traces! LOL! on the other hand, you can pretty much install 2 el-cheapo USB-to-Serial modules (like the TTL level Prolific PL2303HX based ones, cost around $1 delivered from eBay) facing back-to-back, with only the rx/tx/gnd lines connected respectively. btw, the same usb to serial chip is u...

doneware

any hw news ?

https://mum.mikrotik.com//presentations ... 441331.pdf

slides are available, no new product spotted.

doneware

sure. in general IPv6 address auto configuration can work w/o any extra things - so you don't necessarily need DHCP, like with IPv4, for hosts SLAAC can do everything. how you hand out IPv6 addresses, or better said: prefixes - depends on your setup. in your example, i'd use DHCPv6 prefix delegation...

doneware

Quick Set's problem is that it's dangerous. One wrong click and config is ruined. And I don't know if it's still the case, but originally some changes were applied even before clicking OK, that was really bad. you can't make everyone happy. i'm totally with you on QuickSet. that's the easiest way o...

doneware

Guys, please stop it. There is no Mikrotik without a Winbox. Web interface, though comparable in funcitonality, is still not there. Kill Winbox and I am done with MT. don't want to turn the thread into a flame war. i agree, a lot of people need GUI, a lot of people love the look&feel of winbox,...

doneware

Now this would be a nice CPU for RB5011 or Super-hAP. Too bad it will probably take years for Mikrotik to have such product and by then, 802.11ax will be already old and replaced by something even better... just stating this quietly - you cannot compare Mikrotik to netgear/tplink/asus/you-name-it. ...

doneware

I wonder if Qualcomm requires patent licensing for router SOCs in a similar way it does for cellphone chips

i guess so. and they are also quite strange with their documentation: those things are extremely hard to get ahold of.

doneware

Being tied to Windows and specific client versions is just troublesome. and yet we still have netinstall as a windows only tool. luckily i hardly ever need to use this, but i once considered to reverse engineer it and try to build it with some scripting tools and open source sw so it can be used wi...

doneware

No need to change winbox default port when using winbox internally -- risk is only from compromised workstations as noted below. and that risk is huge. people tend to forget, that there is no such thing as "safe network" anymore. in contrary, the network is a constant battlefield, and you...

doneware

Would need a CSS610-8P-2S+ now ).

me too. now i try to solve the port density challenges with daisychained PBPs.

doneware

Could you give some more info about the exploitability of this? "Simply disabling Winbox mitigates all of these attacks." - i couldn't agree more with this approach. i understand that winbox was a key for many happy current RouterOS users to get acquainted with networking, as for many the...

doneware

Still did not get the point. What is the advantage to: https://mikrotik.com/product/RBmAP2nD it can provide PoE from the USB power input, if i understood correctly. so you can just connect it to an AP, and it can power the AP - for a limited time though. "MQS can be powered from a power bank o...

doneware

Releasing fully featured x64 ROS would be a good start. there's some x64 support in the current x86 version. packages.png resource.png i use this to run various freebsd/linux VMs on the KVM part of routeros. it's a quite old box: [bat@cloudtik] > /sys resource pci print # DEVICE VENDOR NAME IRQ 0 f...

doneware

Sure it is cheap when you need only plain VLAN switching. modern switch chips used by Mikrotik, like the Marvell Prestera series can do much more in hw assisted manner: https://www.marvell.com/switching/assets/Prestera_98DX3336_pb.pdf just take 802.1BR port extender: pair this with a router and you...

doneware

traffic generator essentially a packet generator that runs on the CPU. CRS305 is _mainly_ a switch. so it can deliver non blocking switching performance, but the CPU is far from that. check out the block diagram: https://i.mt.lv/cdn/rb_files/CRS305-1G-4Splus-181016084346.png what you see here is the...

doneware

With CRS326-24S+2Q+RM there is a Switch with 40G Port. I guess next RoutingHW will have 40G too. So there will be new faster combinations. i on the other hand would cherish solutions with NBase-T (like the sole crs with nXG ports) so it supports 2.5GbE and 5GbE on a single port rather than using LA...

doneware

It's not hardware nat. Hardware NAT implemented completely in hardware, work on wire speed, and do not use CPU. following your logic, CCRs don't have encryption in HW either, right? btw, can you please point out any _non_cpu_hardware_element_ in the CCR series routers? network operations "done...

doneware

Personally I think a RB4011 or a RB1100AHx4 with a SIM slot and either a M.2 with USB support or a mPCIe would be nice to have for situations where you want to back up a single WAN and no other options are available other than cellular or you want to send SMS easily from the Dude edition. you can e...

doneware

I am very surprised that Mikrotik does not use hardware NAT'ing. A10, one of the real high performance CGN manufacturers doesn't necessarily use hw NAT either. we have some boxes from them, they handle several 10s of gbps with sw only nat on dual xeon CPUs (their hw appliance). believe or not, NAT ...

doneware

We use it only for "the dude" monitoring and 3 ppptp servers for managment.

i know it will not improve the performance, but you should really move away from pptp, esp if it is used for sensitive stuff, like management.

doneware

make sure there's nothing attached to the serial console if the device has one. this was a very hard issue to track down: we had devices with long serial cables connected to the router and the other end of the cable (~10m long) wasn't connected to anything. it picked up some EM noise and constantly ...

doneware

/system routerboard usb set type=mini-PCIe so this tells me there are 2 usb ports, one is hardwired to the 1st mpcie slot, while the other is switchable between the 2nd mpcie slot and the type-a external port. :-( i was totally hoping for 3 independent ports so i can use this box as a mobile connec...

doneware

But one should never do a network wide upgrade: it should be staged - at least to minimize the convergence time of routes and everything else. I don't want to imagine 10k routers rebooting a few minutes apart one from another. ok, further info about the upgrade process - something that was ingeniou...

doneware

I don't think it would be that big of a problem. If your network has thousands of routers the bandwidth must be equally big. it is a bit tricky to serve this amount of data quickly. esp. upgrading large number of CPEs managed by some tr-069 based system can be a bottleneck. sw delivery with torrent...

doneware

torrent is used in the Terragraph ecosystem for node software distribution. just saying. in this interpretation to me it perfectly makes sense to download stuff only to ramdisk. please, think in scale: upgrading 10s or 100s of 1000s CPEs can run into serious bottleneck. but i do support the exile of...

doneware

Ok so it is something like the mini-PCI modules used for LTE (and, mainly in the past, also for WiFi)?

i doubt. Mikrotik calls their modules as R11e-xxxx.

doneware

well...the second pci slot is populated with gps as i see... no. as with the ltap mini, the gps is on-board and not socketed. the 2nd mpcie slot is still free. that’s why i suggested back in april that the m33 or ltap (biggie) is the ideal platform for distant deployments. but if you already have I...

doneware

Or just add an USB 3.0 HUB chip... would probably cost $2 instead of $1... And back to the RB 450Gx4, it doesn't even have mPCIe slot, so no excuses here in case of the 450Gx4 it was a crucial goal to keep the same form factor as the 850Gx2 and 450/450G. alao it is rated for harsh temperatures so y...

doneware

The 'ad' in the name may refer to the "real 802.11ad", not the proprietary protocol stuff like the current 60GHz product line. all the 60GHz units made by MikroTik have the 'ad' letters in their product code RBwAPG-60ad-SA (wAP 60Gx3 AP) RBwAPG-60ad (wAP 60G) RBSXTsq-60ad (SXTsq Lite60) R...

doneware

Yes, M could be for Mesh possibly. Could it be for Terragraph? terragraph depends on the QCA64xx baseband from qualcomm and most features it is essentially part of the .11ay standard. the current terragraph has modified MAC&PHY layers, frame structure, basically everything - so it is absolutely...

doneware

Well, it appears that MikroTik is moving from the small-ISP-backbone world to the home consumer world i might rephrase this a bit: extending instead of moving. but that's just my feeling. It would seem natural to have protocols like BGP, OSPF and MPLS disabled by defauit on such devices, to reduce ...

doneware

Put SMB, Torrent, and other things that have no place in ISP infrastructure into another package. with the SMB thing i am totally OK. with the torrent - do we know the purpose of the torrent client here? i saw a couple of devices which included torrent functionality for sw distribution - and i mean...

doneware

I'm trying to configure OSPF for IPv6 to test recursive routing in v7 to route ipv6 you should use OSPFv3. as far as i see, you have set this under /routing ospf instance using the new 'version' attribute [admin@hgw] /routing/ospf/instance> print Flags: D - dynamic, X - disabled, I - inactive 0 ver...

doneware

It's like putting a switch in between a switch learns mac-adresses ... a switch ages mac-adresses !? a switch with 2 ports doesn't need to learn no MAC addresses and henceforth not responsible for any aging procedures. it neither runs no loop prevention algorythm. whatever is received from port A w...

doneware

L7 application identification with the growing number of <you-name-it>-over-HTTPS applications around, if your app can be identified in the transmission path, then encryption is not working quite right. the network isn't there to solve all the possible issues what in general sw devs are too lazy to...

doneware

There will be interference problems sooner or later, especially if these radios will continue to be used for P2MP covering wide sectors. Phased antenna can do wonders, but it does have some limitations at suppressing interference... and GPS sync doesn't help if it's not your radios that are causing...

doneware

On one pole u cant use same channels...antennas can see each other..the direction of the antenna doesnt matter. sorry, but i see otherwise and i have quite some proof for it. we run a 60GHz single frequency mesh network in Márkó, Hungary (using just a single 2GHz channel, channel #2). we have 4 rad...

doneware

re-checked it with 6.45 on MIPS - works as well. [admin@hgw] > /sys reso usb print detail 0 device="1-0" vendor="Linux 3.3.5 ehci_hcd" name="RB400 EHCI" serial-number="rb400_usb" vendor-id="0x1d6b" device-id="0x0002" speed="480" p...

doneware

I already read CCR support won’t take years and there is no ETA, but... is it expected to be released in this year or not? if you check out the video that was posted previously (from april 2019) - the multi core BGP test was run on a CCR1016. ( https://www.youtube.com/watch?v=NbfKplzda7I ) as far a...

doneware

C0CAF0AA-D612-42C9-A768-E4E43B3473CA-3191-0000028F5EFFE2C2.jpeg just tried with this chinese arduino nano knockoff which has a WCH340G usb serial adapter, and it works fine. i agree, the device naming is somewhat medeival: [admin@hgw] > /system/resource/usb/print Columns: DEVice, VENDOR, NAME, SPEE...

doneware

I want to use CH340 usb-to-serial adapter. but Mikrotik not support yet.

i saw ch341 kernel module in the newly released routeros7.0 beta1.
tomorrow i will hook on a ch34x based USB to serial to the upgraded router and report back my findings.

doneware

@Normis,
do i correctly assume that from v7 on IPv6 will be part of the 'system' package and will be enabled by default?

[please say yes]

doneware

which program did you use to unzip?

judging the previous images to me it seems it was 7z(ip). at least this was the icon i saw on the posted png.

7zip.png

doneware

just upgraded a wAP60G to see if there's anything new on the wigig part. found nothing spectacular so far, but noticed that there's already a settable 'region' parameter: [admin@2also] /interface/w60g> set 0 region= asia australia canada china eu japan no-region-set usa [admin@2also] /interface/w60g...

doneware

BGP/MPLS are disabled intentionally, as this is a home router test. some traces are visible though :-) - i love the extra insights, like /routing/forwarding-path/print and /routing/route/print. i assume, the debug.* attributes will not be around in the official releases. is there any source that de...

doneware

I lost BGP, but I gained /routing/pimsm and /routing/fantasy, is this the real life, or is this "/routing/fantasy"? mpls is also gone. but looking at /system/packages, i'd say this is really just a preview/snapshot, as all packages are gone. [admin@MikroTik] /system/ntp/server> /sys packa...

doneware

still no ipv6 support for L2TP and SSTP client/server, but hey, hello MACSec!!! macsec.png and vrf has been moved from 'ip route vrf' to 'ip vrf'. but export verbose dies on it :-( ipvrf.png on the other hand, environment(?) vars are now possible in DHCP client option values? dhcp-opt-dyn-vars.png f...

doneware

Added ext4 support ?

[admin@MikroTik] > sys reso print 
                   uptime: 2m16s
                  version: 7.0beta1 (development)
               build-time: Sep/05/2019 15:08:48

[admin@MikroTik] /disk> format-drive file-system=
ext3  fat32

i guess not.

doneware

+1! do you have a release date yet?

i just talked to the local distributor in hungary, they already received the price list that includes lora stuff:

R11e-LoRa8
wAP2ND+R11e-LoRa8
and an ~1m long tuned omni antenna for lora

this tells me that availability is pretty much imminent

doneware

having 1GHz channel width reduces the available bandwidth greatly. and it is also not compliant to the original WiGiG standard. so it is a vendor lock for sure. there's a reason why 60GHz gear is so low-power: with this amount of wireless spectrum available in a single channel you don't need no comp...

doneware

the stuff they do is huawei proprietary. it is dome with modified GRE tunnels, and there's a device called HAAP that is merging the two halves together. in most cases the traffic uses the LTE link as the idea of this hybrid access came from the fixed access folks who wanted to work around shitty cop...

doneware

hi, if your repeater connects to a non-mikrotik AP - so you cannot use 'proper' bridge mode on wifi, but only the pseudo-bridge ones - you can run into problems. ipv6 "L3->L2 address mapping" relies on multicast, unlike ipv4 where ARP uses 'just' broadcast. if wireless frames have enough m...

doneware

try to use channel 5 (freq 66.96) as this is the closest to the e-band supported by RouterOS - if you are allowed to use it. most countries in eu only allow the lower 4 channels. here the attenuation of O2 will be less noticeable in this frequency range and you can get longer links up. and get a sol...

doneware

plz clarify: wireless wire or wireless wire dish?

doneware

so far only ap-sta and bridge-sta links are supported. once the first terragraph phy compatible units come out - you will have support for arbitrary ap-ap links and therefore a true mess will be possible. until then you need to manually configure your devices as ap or station, and sometimes place mo...

doneware

Thanks for the reply. Any plans/timeline to officially update ROS to support non-mikrotik devices? https://blog.mikrotik.com/announcements/mikrotik-accelerates-the-adoption-of-60-ghz-technologies-with-terragraph.html but this might not address your issue as vanilla WiGig is not compatible with Terr...

doneware

I am afraid this is a misconception. If you use BCP in PPP connections, it doesn't switch the tunnel over from L3 mode to L2 one. It creates an L2 tunnel in addition to the basic L3 one, which is totally independent from it. So the IP address indicated in secret or profile is assigned to the L3 int...

doneware

the problem is with the ppp profile definition: /ppp profile add bridge=hangmaffia_vpn_bridge comment=SITE-TO-SITE-Layer2-VPN local-address=10.11.0.1 name=hangmaffia_vpn if you do BCP, you may not have _any_ IP address configured on any PPP interfaces. so if you want to have IP addresses, just stick...

doneware

strange, mine did work well, albeit it was an upgrade from 44.3 to 45.1 also included flash usage to see how much free space you usually ought to have with a clean setup. this one has almost literally no config in it: /interface bridge add name=bridge1 protocol-mode=none /interface ethernet set [ fi...

doneware

when speaking of native winbox for unices, i might opt for native netinstall instead of winbox.
it mustn't even be GUI based, in fact i'd prefer a scriptable version

doneware

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted: https://wiki.mikrotik.com/wiki/RouterBOOT_changelog now since 6.3-something the routerboot numbering is according to routerOS releases, its version keep on increasing, and we (or I) don't know what has been changed, e...

doneware

CEPT has opened from 57 to 71 GHz

sadly CEPT =/= local regulator

doneware

but ipv6 fastrack is a must.

btw, instead of ds-lite i'd have a nat64 gw

and xlat464 & dns64 resolver in the clients.

doneware

hAP ac2 (and all new IPQ401x based gear) happily can do up to 1Gbps.
i test this regularly with the on-board speedtest (tool speedtest) command.

doneware

soon a new boy will join the party:

https://fccid.io/TV7R11ELT6L

this is the modem we'll have in the LTE version of audience. this is LTE Cat 6, so will support carrier aggregation.

doneware

The well-know NAT64 prefix is only a choice. I typically suggest to our customers, to use their own prefixes, and use several in different NAT64 servers, for some HA. this is a 'me too' moment. although the 'anycast' NAT64 seems to be more or less ok, it gives you less control. with actual unicast ...

doneware

for me DNS64/NAT64 works as expected. with modern devices, that support DS. Apple, Android, freeware unices, and even Windows 7+. that is enough for most folks. but the old or tiny (literally all the uController based stuff) still relies on IPv4. so XLAT464 implementation would be a must in the CPEs...

doneware

I undressed it and saw it from the inside Everything is fine and there is no break inside solder joints beneath BGA chips can easily break due to shock. i have a wAP-LTE, that was pushed off the table by the customer. now it cannot boot unless i press and hold the soldered RAM onto the board. then ...

doneware

I created an environment in routerOS, that enables IoT-like (i.e. the server doesn't talk to the router, but the router talks to the server) operation. it works in a reasonable way, but i'd think i'd be better of with a proper MQTT client implementation in the device, that enables subscribing and po...

doneware

it's not necessarily a lie.
you need a certain hw revision of your hap lites/map lites/whatevers with microUSB on them.

the best way to check this out is to upgrade them to 6.44.x+ and if you have an /interface pwr-line entry after the upgrade, you have a compatible one.

doneware

I want to create a function on my dude server, the function should be able to retrieve the string value of the user from the l2tp interface. I don't know if this is possible, can someone please help? i am not 100% sure how you'd do it on the dude, but i can give you the commands inside routeros for...

doneware

tx-packet-error-rate: 12% this error rate is way too high. also notice that the AP side uses lower modulation scheme (7 vs 8). most probably you get quite some noise there. i don't know your setup, but it you line up your relays back-to-back, and use the same frequency on both of them, you might ge...

doneware

Why to print this info now? Maybe in the future we 'll have another tx-mode

https://blog.mikrotik.com/announcements ... graph.html

doneware

All Mikrotik 60G hardware is so far compatible, so you can mix LHGs and WAPs as you like. But don't expect it to work with other vendors, even if it uses common 802.11ad platform. Everyone is playing on it's own playground, there is no intercompatibility due to customized protocols and different ve...

doneware

Does it out POE power on both ports? that'll be my question too. it would be so nice to have poe out on both ports, so you could just have the indoor CPE connected by a single ethernet and hide the wall wart. also, it would bring more straightforward troubleshooting: - if power is connected, both d...

doneware

Hello. There are new r2 versions LHG60 on the market. the image of "old design" is actually a bit different for the LHG60. the LEDs are on the side populated, and there's no DC barrel jack on the PCB. see images from an actual LHG60 i took apart. with regards to the internals (the block d...

doneware

there’s a way to enable support for more ram. i have an installation with 24GB RAM, and ROS sees it all. there was a 6.3x version rc that enabled switching on 64bit support, and afterwards all subsequent upgrades retained this setting. i am however sure that this is not supported at all. it does run...

doneware

Wap has 3 Antenna Elements but uses only one Channel, the maximum is 8 Clients not 24. All distances over 150m with WAP to WAP. Or WAP to sXT needs 5 GHz Backup, with LHG with more then 500m, but they need it too. So why in the hell they don’t make it useable? For my business it is impossible to of...

doneware

they are digging their own grave!

sub 6GHz is not always necessary. we have a reasonably big - 145 links in one of the networks - 60GHz routed mesh (with a different equipment) without any 5GHz backup links, without any problems.

doneware

This thing looks great from the inside. I'm just guessing, but the photos i was able to take in Vienna tell some story. now here's my theory: It is very likely this box is built around QCA6335 baseband, which has support 8 (!) phased array antennas. if you look closely, you can see the unpopulated p...

doneware

Can be integrated in any RouterBOARD product with mPCIe slot that has USB support. For example LTAP mini, M11, M33 and others. Requires LoRa package installation. to me, the M33 and LTAP (not mini) integration makes the most sense, because i can add LTE uplink (but might be that 2G is more than eno...

doneware

- new, improved SXT LTE kit with two Ethernet ports Same price but ....inferior....:( Yes, hope MT stops recycling those old modems, and give us some LTE product with LTE 6+ category maybe this will make your day https://fccid.io/TV711ELTE6 no visible specs so far, but the 6 at the end looks promis...

doneware

Just spotted on fcc.io a new model: RBLtAP-2HnD

this must be the long awaited LTAP, the big brother of LTAP mini - wondering what it packs for CPU... i'd love to see an arm or mmips based one. reason: hw crypto.

doneware

Whats about smaller Channels?

you can be OK with this channel mapping. you can have the 100Mbps clients run the same high MCS, and ultimately serve more safely and do buffering on the FE part. i'm more interested in TDD - cause this is the key to boost client numbers.

doneware

channel capacity is so much higher than what we can use currently. let's be easy with that. if you can't have more than MCS9 (SC), then 1Gbps is just ok. .11ad doesn't have channel bonding, so in general you couldn't use the available extra juice anyway. .11ad has at least channel bonding, they sai...

doneware

chipset limit is 8 there was a press announcement from Qualcomm and Mikrotik back in october around the 17th or so, emphasising Qualcomm's upcoming QCA64x8 and QCA64x1 chipsets, promising .11ay. https://www.qualcomm.com/news/releases/2018/10/16/qualcomm-dramatically-extends-wi-fi-experiences-5g-era...

doneware

the 4011 doesn’t have 2 sfp+ ports, but you can squeeze out way more than 1gbps. and it has no fans. there is one thing i don’t quite understand: 10Gbps internet connnectivity for home? this is quite an overkill square! but let’s assume you need this bw, but why’d you place the router into your livi...

doneware

the EU doesn’t certify anything. the just pass the laws, and the technology working groups create documents describing the requirements the device mst comply. testing is usually done by the vendor or an independent lab. then you put together the documentation with the results. but each country in th...

doneware

in general you don't have specificly LAN or WAN ports in routeros. those are just ports, and they act as you configure them. you can have all ports as wan if you wish so. with regards if throughput: you can get 1Gbps pppoe+routing+nat with hex, hex-s, hap ac, hap ac2, 4011 and anything of the ccr se...

doneware

Ok, so I managed to get the SFP to work. Turns out, you need to force it to 1000M by turning off auto negotiation. Furthermore, you need to power down the CRS, plug in the SFP, and then power up the CRS. It might take a few power down/up cycles, but eventually, the CRS will bring the SFP up and it ...

doneware

If so, it it possible to remove the supplied 1.5dBi antennas and upgrade them to something more substantial? i added external LTE antennas a while ago to one. there is a good pdf describing the process with some internal pictures on mikrotik's hw section https://i.mt.lv/cdn/rb_files/Ltap_guide-1807...

doneware

subscriber-number: +CME ERROR: 100

btw, this translates to:

CME ERROR: 100 Unknown error

source: CME ERROR (GSM Equipment Related errors) - https://www.micromedia-int.com/en/gsm-2 ... ted-errors

doneware

/interface lte info 0 once the look for the uicc device info: RouterBOARD wAP R-2nD, 6.42.9 (long-term) as per experience, uicc is only available in 6.43+ Need to get a phone number if you're looking for MSISDN (i.e. the number you dial), as far as i know you can't. you can query the IMSI, which co...

doneware

and usually the same filtering applies as with IPv4 on the MNO side: you can not reach the endpoint over ipv6 if the device just connects to the internet via the mobile operators. they just allow sessions that have been initiated by the mobile end device. so in general it’s not just the NAT that sto...

doneware

and finaly you can get ipv6 address for this device? yes, your MNO must support dual stack or ipv6only access, and the sim card (i.e. your mobile subscription) must be also ipv6/DS enabled on a particular APN you want to connect to. you should know that most (if not every) operator just provide a /...

doneware

yes,
i have both devices (ltap mini, wap lte kit) in operation running 6.43 with dual stack on lte interface.

doneware

consider the following code: admin@mfx-XXXXXXXXXXX] /system gps> :global ttt [/interface bridge host print detail as-value where bridge=bridge1 ] it produces this variable data: [admin@mfx-XXXXXXXXXXX] /system gps> :put $ttt .id=*23;age=00:00:54;bridge=bridge1;comment=;interface=*7;mac-address=00:00...

doneware

those cards are essentially USB devices. your wi-fi is a PCIe device.

check under /system routerboard usb what is set as type. it shall be mini-PCIe

[admin@router] /system routerboard usb> set type=
USB-type-A mini-PCIe

this is just a wild guess, i faced similar issue with a basebox

doneware

i don't understand the outrage about the switch chip functional. with the recent (6.41) bridge changes you can easily do whatever you require on these "more router-ish" devices. stuff will be done in hw, whenever it is possible, and here we have a quite beefy CPU to deal with. yes, it woul...

doneware

I'm desperately looking for one with WiFi in Europe

this is a non-wifi unit. i was also told that wireless ones are almost impossible to come by for now.

doneware

sorry for the delay, i have a bunch of other things to focus on. but here's something many were curious about. yes, it does work with DAC cables.

dac4011.png

doneware

just tested a 4011 - i paired it up with a CCR1009-8G-1S-1S+ using GE only. with regards to its single-core CPU performance, i'd say it is at par with the 1.2GHz tilera core, or i might say it is superior just a tiny little bit. i tested it for a project where we use a cr*pload of tunnel/encapsulati...

doneware

I do not see any security problem with this

ok, what abouth the command

/user set admin password=dragon

or doing the same for your bgp passwords, ipsec secrets, etc

doneware

but yeah, at lest the object name in question could be included in the message.
i asked the same with system history

doneware

sadly logging a complete command could ezpose sensitive information to
- all cli/winboz users
- anyone who has access to the syslog server
- anyone who can intervept the traffic between the router and the syslog server, as syslog communication is not encrypted

doneware

Without an example we can not comment why you are not being able to import .rsc file. in case of big export files you can run into situations, when the next command is just not accepted. like you add an object as nameA, then try to set something on the same object by its name, and CLI responds as &...

doneware

Why can't device-specific stuff like MAC-addresses simply be removed from the backup files? i'd like to have something like '/sys backup load name="filename.backup" password="dragon" keep-mac-addresses=yes or an ability to auto-run commands upon successful restore (like a cli co...

doneware

yes, 1 file slot per router and it is free for all the platforms that can use IP Cloud will there maybe an API we could use to interact with the backup file? my aim is to have a "remote controlled" set of CPEs... i make changes to the "cloud-twin" and it is (pulled) "replic...

doneware

Just ran into this issue today.

opened a support request for it earlier today:

Ticket#2018090722004616

doneware

rfc 6286 - AS-wide Unique BGP Identifier for BGP-4 support for routerOS BGP. it relaxes some strict definitions: routerid can be now an arbitrary 32 bit unsigned integer, while the older definition restricts it to "valid unicast address". this breaks BGP compatibility with mikrotik devices...

doneware

you can use these: https://www.ebay.com/itm/222636570847 it uses prolific PL2303 usb to serial chip, which is supported by RouterOS. then you just use routeros' built in rfc2217 serial over tcp feature described here: https://wiki.mikrotik.com/wiki/Serial_Port_Usage#Accessing_a_serial_device_as_if_i...

doneware

I don't understand this step about 4011, since fccid made it public - many resourses already made review, publish photos and some tech specs, based on photo and fccid leaks. It's not secret anymore. Mikrotik requested specific parts (schematics, operation description, block diagram) to remain confi...

doneware

4x4 5GHz + 2x2 2Ghz

doneware

no need to wait much

https://fccid.io/TV74011GS-5HQ2HD/Exter ... os-3948604

https://fccid.io/TV74011GS-5HQ2HD/User- ... 948609.pdf

96B069CE-DDE8-4B12-9BF9-10E0CDF544A1.jpeg

doneware

You could use Splunk/syslog for some of these. Then you could make a graphical dashboard showing you when link goes up/down. If Syslog server is on Lan side, you get bot up and down message. If Syslog are on the Wan side and you monitoring Wan side, it will only show when it goes up. i don't want t...

doneware

viewtopic.php?f=1&t=135702

doneware

mikrotik its aware of CDWM importance CWDM-MIKROTIK.jpg well, you can also use OADMs, and just a single optical cable, so you can drop/add wavelengths on each pop. that is the fiber topology will be just a line or a ring, but you can have each node (or more) connected as star or dual-star logical t...

doneware

The FS.com 1310's are listed as working on the wiki page, so I can't see why the CWDM versions of those wouldn't also work. there would have been issues prior 6.31 to be honest. normal (gray) SFPs have different unit code than C/DWDM ones. so mikrotik devices couldn't even detect them. https://www....

doneware

the internal ip starts with 100.x.x.x . The external usualy are 78.x.x.x or 5.x.x.x you should create a ppp profile unique for this service, and use its "on-up" attribute to trigger your script. and the script should be something like this: :local pppoe "<insert the name of your pppo...

doneware

True, but it is still good practice to do anti-spoofing filtering on a border router in terms of bogons, you can just blackhole them automatically via BGP. and it shall not affect fastpath. http://www.team-cymru.com/bgp-examples.html#mikrotik-trad http://www.team-cymru.com/bgp-examples.html#mikroti...

doneware

We have updated the manual with some more letters -<n>G+ number of 2.5G Ethernet ports -<n>P+ number of 2.5G Ethernet ports with PoE-out -<n>C+ number of combo 10G Ethernet/SFP+ ports -<n>S+ number of 10G SFP+ ports -<n>XG number of 5G/10G Ethernet ports -<n>XP number of 5G/10G Ethernet ports with ...

doneware

BGP IPv6 With 2 Mikrotiks unusable, eventually it just sends the link local address instead of the actual address for next hop.
OPSFv3 Broken with similar issues.

can you please share some specifics? i have working ipv6 AFI BGPs in multivendor environment with mikrotik [almost] w/o any issues.

doneware

YMMV, but we usually prefer per packet load-sharing it varies. Per packet load sharing will restrict your RTT to the worst value among your available paths/links, that severly limits tcp performance in an unpredictable way. instead, per destination/flow sharing will limit the throughput of your flo...

doneware

if MLPPP is so minor then cisco and juniper should abandoned that function.

trust me, there’s no mlppp support on ios-xr and it’s not even planned. indeed it would be nice to have it

doneware

Little bit better but the issue still present

can you show some results? i was experiencing performance varying between 250-430Mbps using SXTsq ACs with early 6.43rc builds even under excellent conditions.

doneware

i have DWDM ER SFP+ working in there, but it also works with DWDM ZR optics: [me@myswitch] /interface ethernet> monitor 16 once name: sfp-sfpplus16 status: link-ok auto-negotiation: done rate: 10Gbps full-duplex: yes tx-flow-control: no rx-flow-control: no advertising: link-partner-advertising: sfp-...

doneware

i have it running with eoipv6 on large scale with 10s of tunnes.
both ends use FQDN to resolve the other party's address.

keep in mind though, that EoIP is session-less/stateless, and cannot traverse NAT w/o specific rules (requires 1:1 mapping), unlike L2TP over UDP. or SSTP.

doneware

what is the type of the tunnel? but anyway, you can use keepalives to make sure, the tunnel is actually transmitting traffic, and it will then go "down" if it doesn't. like keepalive=10s,4 - that means keepalive message is sent every 10seconds, and after 4 consecutive misses the tunnel is ...

doneware

MRZ. Yes... it's a string. And the line is not processing it. It's value is supposed to be placed inline where V1 is and it is not processed as such. So what is supposed to be there to make that work? now i see what you're getting to. try this way [me@router] > :global V1 [parse ":if (($timete...

doneware

My question is: How to send output from a script to syslog? Example: I would like a script to show the dynamic nat and send that to my external syslog server. /ip firewall nat print dynamic try this: :log info message=[/ip firewall nat print dynamic as-value ] it will log the rules line-by-line in ...

doneware

don't know the exact dimensions., i just had one in my hands in berlin MUM. it is at least as deep as the ccr1072 and very heavy. heavier than the 1072. i wasn't able to find a photo of it, just one of its non-poe counterpart, just to get an impression - it is maybe additional 10-12cm longer. as i r...

Search found 587 matches