Community discussions

Search found 96 matches

  • 1
  • 2
by jmginer
Sat Jan 26, 2019 1:25 am
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 2
Views: 596

Re: [Feature request] Terminal peer colum

Hello?!
by jmginer
Tue Nov 06, 2018 8:40 pm
Forum: General
Topic: Boot time CRS 226 vs 326
Replies: 0
Views: 200

Boot time CRS 226 vs 326

Hello, the old CRS 226, takes 1 minute to boot, and the new 326 takes 2 minutes.

why the new version takes more time to boot? is normal?

Thanks!
by jmginer
Mon Nov 05, 2018 1:12 pm
Forum: Virtualization
Topic: CHR neighbour discovery problem
Replies: 13
Views: 4172

Re: CHR neighbour discovery problem

My CHR also takes around 1 minute to become discovered by Winbox.
by jmginer
Mon Nov 05, 2018 10:30 am
Forum: General
Topic: Firmware upgrade?
Replies: 3
Views: 297

Firmware upgrade?

Hello!

When we do a software update, the system marks the firmware as outdated. Is it always necessary to do a double reboot? or is it possible to update the software and firmware in the same reboot?

Thank you!
by jmginer
Mon Oct 29, 2018 1:15 pm
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 2
Views: 596

Re: [Feature request] Terminal peer colum

up! up!
by jmginer
Mon Oct 29, 2018 10:46 am
Forum: Forwarding Protocols
Topic: BGP as Transit/IP Provider
Replies: 4
Views: 3035

Re: BGP as Transit/IP Provider

setup appropriate filters to make sure the the customer route is not advertised to your upstream peers when the customer connection to you is down. Hello, I'm having a problem with this, because I'm advertising to my upstreams a prefix that my client is not advertising to me. I think I'm advertisin...
by jmginer
Mon Sep 24, 2018 4:44 pm
Forum: Forwarding Protocols
Topic: Full BGP tables with two upstream ISPs using CHR - Performance question
Replies: 11
Views: 4188

Re: Full BGP tables with two upstream ISPs using CHR - Performance question

btw, you can check this link for a most specific analysis too: https://mum.mikrotik.com/presentations/EU18/presentation_5188_1524562405.pdf Hello!, thanks to share this!!! In your tests with Proxmox, you have only generated less than 80,000 PPS, however with ESXi and Hyper-V you have exceeded +500,...
by jmginer
Mon Sep 24, 2018 12:30 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: X86_64 ROS - 64bit Mikrotik
Replies: 79
Views: 25410

Re: X86_64 ROS - 64bit Mikrotik

+1 for native implementation to allow +2GB RAM in x86
by jmginer
Mon Sep 24, 2018 9:34 am
Forum: Forwarding Protocols
Topic: BGP as Transit/IP Provider
Replies: 4
Views: 3035

Re: BGP as Transit/IP Provider

setup appropriate filters to make sure the the customer route is not advertised to your upstream peers when the customer connection to you is down. Hello, I'm having a problem with this, because I'm advertising to my upstreams a prefix that my client is not advertising to me. I think I'm advertisin...
by jmginer
Sun Sep 23, 2018 2:57 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: export ASN in Netflow
Replies: 5
Views: 1590

Re: Feature Request: export ASN in Netflow

Please, add AS numbers in traffic flow!!!
by jmginer
Sat Sep 01, 2018 12:50 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature request] IPv6 Mangle action route-dst
Replies: 1
Views: 408

[Feature request] IPv6 Mangle action route-dst

Hello, please add the "action route-dst" in IPv6 mangle.

Currently is only available in IPv4.

Thanks.
by jmginer
Wed Aug 22, 2018 11:39 am
Forum: RouterOS v7
Topic: Feature Request: BGP Multicore
Replies: 6
Views: 2565

Re: Feature Request: BGP Multicore

+100000000
by jmginer
Wed Aug 08, 2018 10:04 am
Forum: RouterOS v6 RC and v7 BETA
Topic: ROS 7 Beta
Replies: 42
Views: 10802

Re: ROS 7 Beta

I don't understand the constant need for v7? What are you trying to achieve now and can't that you know v7 can do?
BGP, filters and routing management using multicore
by jmginer
Tue Aug 07, 2018 4:28 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 948

Re: 100% CPU CCR1072 due DDoS - How to improve?

Thanks! According to the considerations explained in the wiki, fastpath should work, since the conditions are met https://wiki.mikrotik.com/wiki/Manual:Fast_Path#Bridge_handler , but I don't see any option to force an activation. It would be good if a representative of Mikrotik could confirm it, and...
by jmginer
Tue Aug 07, 2018 4:15 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 948

Re: 100% CPU CCR1072 due DDoS - How to improve?

Why do you add all your upstream ports to a bridge? I don't see the point for that... The main reason is that if I change upstream in the future, and connect it to a port that was already used, I'll create a new bridge. This way I can monitor the new bridge and the old upstream traffic does not app...
by jmginer
Tue Aug 07, 2018 4:07 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 948

Re: 100% CPU CCR1072 due DDoS - How to improve?

- 0-Switch: Bridge BondSwitchDistribute - 1-GTT: Bridge sfp-sfpplus1-GTT - 2-Adamo: Bridge sfp-sfpplus2-Adamo - 3-DECIX: Bridge sfp-sfpplus3-DECIX - 4-Telxius: Bridge sfp-sfpplus4-Telxius - BondSwitchDistribute : Bonding sfp-sfpplus5-Bond1 + sfp-sfpplus5-Bond2 - DE-Voxility: GRE - bcn1-Adamo: GRE - ...
by jmginer
Tue Aug 07, 2018 3:27 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 948

Re: 100% CPU CCR1072 due DDoS - How to improve?

Can you show output of "/interface print stats-detail" to see if you have packets that are not using fast-path? Thanks, here: Flags: D - dynamic, X - disabled, R - running, S - slave 0 RS name="ether1-RescuePC" last-link-down-time=aug/06/2018 22:23:37 last-link-up-time=aug/06/2018 22:23:41 link-dow...
by jmginer
Tue Aug 07, 2018 2:41 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 948

Re: 100% CPU CCR1072 due DDoS - How to improve?

I can see from the answers that you guis don't know how fastnetmon's header logs work, that's why I've decided to remove this information so that there's no confusion and put the raw logs of the attack in their place. It is important to see the hour, second and milliseconds of the attack, to underst...
by jmginer
Tue Aug 07, 2018 1:45 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 948

Re: 100% CPU CCR1072 due DDoS - How to improve?

The problem seems to be the flows, not the PPS. I have a few rules to allow and deny some address-lists. It should not affect the CPU. You should know that the volume shown in the log is not real, it only reflects the first instant when the attack is detected by fastnetmon and obviously no more info...
by jmginer
Tue Aug 07, 2018 1:03 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 948

Re: 100% CPU CCR1072 due DDoS - How to improve?

close port 80 from outside use.


This is not a solution to CPU consumption.

Also, if it's a web server you can't do this, it's a useless solution because the attacker can choose any port.
by jmginer
Tue Aug 07, 2018 12:33 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 948

100% CPU CCR1072 due DDoS - How to improve?

Hello, yestreday we received a DDoS attack that caused a 100% CPU usage (it's a CCR 1072) and our system was unable to do a blackhole because the router was inaccesible also via API. We have the IP connection tracking disabled on the firewall. There is some extra option that we can do to prevent a f...
by jmginer
Wed Aug 01, 2018 6:01 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 611

Re: MED When same AS_PATH

Reeeeeally stupid question, but worth asking: is the nexthop reachable on both routes? (target scope within scope?)
Yes, note that the route destination of the image of the firt post in not the same as the second. Are different prefixes ;)
by jmginer
Wed Aug 01, 2018 4:43 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 611

Re: MED When same AS_PATH

mmm, the problem now is that setting a WEIGHT value, the AS_PATH has not priority. https://ginernet.cdnbox.net/images/added/1533130811.png There is possible to give the lower AS_PATH most priority that the WEIGHT value? What I want is to use one transit only in case of the same AS_PATH (hops). but i...
by jmginer
Wed Aug 01, 2018 4:35 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 611

Re: MED When same AS_PATH

Ok, I think the correct way is using the WEIGHT instead MED.

High weight to prefer a route.
by jmginer
Wed Aug 01, 2018 4:10 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 611

MED When same AS_PATH

Hello! for the same route destination we have the same AS_PATH (2 hops). So, we're setting a lower MED value to prefer the left transit instead the right one. But, seems is not taking affect as the router is prefering the right route that we set with higher MED. There is not any differente setting a...
by jmginer
Mon Jun 11, 2018 1:51 pm
Forum: General
Topic: CRS 31x and 32x, no space left to upgrade [SOLVED]
Replies: 1
Views: 228

CRS 31x and 32x, no space left to upgrade [SOLVED]

Hello,

we just bought some 317 and 328 CRS switches, and we see that they only have 16 MB of storage, wich 13 MB are used, so remain only 3 MB free.

We see that this is not enough to update the switch software.

How do we do it?
by jmginer
Thu May 31, 2018 9:14 am
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 10558

Re: FastNetMon Integration with MikroTik (DDoS detection software)

Hi all, we're providing BGP DDoS protection, fully automated mitigation service for Mikrotik networks. Detection and mitigation in less than 5 seconds. More info: https://ginernet.com/en/services/antiddos/bgp/ Hi, I see you're using FastNetMon as the detection mechanism in your service (saw the vid...
by jmginer
Wed May 30, 2018 1:18 pm
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 2
Views: 596

[Feature request] Terminal peer colum

Hello, when this command
routing bgp advertisements print
.

The peer column is too thin, only shows 5 characters, this produce that every peer name is cutted.

Please, increase it.

Thanks.
by jmginer
Sat Mar 31, 2018 9:44 pm
Forum: General
Topic: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load
Replies: 2
Views: 411

Re: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load

Never had before any issue with the current release, but yes, roll-back to bug-fix only version.-
by jmginer
Sat Mar 31, 2018 8:26 am
Forum: General
Topic: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load
Replies: 2
Views: 411

CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load

Hello, I have a CCR 1072 since the last update: 6.41.3 the router crashes 2 or 3 times per week. I know, because we have a script that connects via API and stop working. at this time, we try to connect via SSH and also dont work. Winbox work Ok, but when we launch the terminal, also dont load, after...
by jmginer
Tue Mar 20, 2018 9:47 am
Forum: Forwarding Protocols
Topic: BGP traffic out peer priority
Replies: 6
Views: 1414

Re: BGP traffic out peer priority

your inbound policy affects how you reach external peers. Also note you only really have control over your inbound policy So, there is any option to reach a external peer using the same upstream that they are using to reach me. I have 2 upstreams: Adamo + Telefonica If RETN is reaching me using Tel...
by jmginer
Tue Feb 20, 2018 7:03 pm
Forum: Forwarding Protocols
Topic: routing filter set-bgp-communities ASN 32bit bug/error
Replies: 3
Views: 569

routing filter set-bgp-communities ASN 32bit bug/error

Hello,

on the DE-CIX, the way to dont export a advertisemend to one peer is doing a setting BGP communitie.

But I get error when I try to add a ASN 32bit on the set-bgp-communities parameter.

Is not detected as a ASN.
by jmginer
Fri Dec 29, 2017 6:23 pm
Forum: Forwarding Protocols
Topic: BGP traffic out peer priority
Replies: 6
Views: 1414

BGP traffic out peer priority

Hello! we have 2 upstreams: Adamo + Telefonica RETN has direct transit with both in our routing tables, we see RETN routes with 2 hops for both (Adamo and Telefonica) In the RETN looking glass, they are sending us the traffic via Telefonica. But our Mikrotik is responding using Adamo. Why we dont re...
by jmginer
Wed Dec 13, 2017 10:36 am
Forum: Forwarding Protocols
Topic: How to advertise the default route? [SOLVED]
Replies: 3
Views: 394

Re: How to advertise the default route? [SOLVED]

Thanks @Anumrak

works if I set with prefix-length=0
/routing filter
add action=accept chain=Peer-OUT prefix=0.0.0.0/0 prefix-length=0
add action=discard chain=Peer-OUT
by jmginer
Tue Dec 12, 2017 8:02 pm
Forum: Forwarding Protocols
Topic: How to advertise the default route? [SOLVED]
Replies: 3
Views: 394

How to advertise the default route? [SOLVED]

Hello, we want send default route to a particular peer. In BGP peer, we have tried to set default-originate=always or default-originate=if-installed without success. The only workaround that we have found is to create a out filter with discard action /routing filter add action=discard chain=peer-out...
by jmginer
Mon Nov 06, 2017 4:42 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 471
Views: 110228

Re: RouterOS v7.0 beta1 - when?

That is a lot of route filters for such a small number of peers !
One peer is IX point, with a lot of members.

+300 filters based on different members of the IX and for different /24 subnets.
+500 filters setting a BGP-Local-Pref based on the BGP-AS-Path.
by jmginer
Sun Nov 05, 2017 1:36 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 471
Views: 110228

Re: RouterOS v7.0 beta1 - when?

We bought a year ago a CCR1072,
We are using with 4 peers providing us full routing and with more than 800 filters.
After a reboot, it takes more than 2 hours to apply all routes and filters and it's only using 2% of CPU.
Resume: Sh it product.
by jmginer
Thu Sep 21, 2017 7:34 pm
Forum: General
Topic: Sniffer server howto ?
Replies: 1
Views: 406

Sniffer server howto ?

Hello, anybody can explain me a litle bit how to configure a sniffer capture server? any guide?

Thanks a lot!
by jmginer
Sat Aug 26, 2017 2:00 pm
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 10558

Re: FastNetMon Integration with MikroTik (DDoS detection software)

Hi all, we're providing BGP DDoS protection, fully automated mitigation service for Mikrotik networks.
Detection and mitigation in less than 5 seconds.
More info: https://ginernet.com/en/services/antiddos/bgp/
by jmginer
Mon Aug 14, 2017 9:58 am
Forum: General
Topic: Run [find] via API not run
Replies: 1
Views: 425

Run [find] via API not run

Hello,

we want remove all entries in address-list via API,
this command is working fine via console
/ip firewall address-list remove [find]
but, when we run via API
Return "No such command" error

What is wrong?
by jmginer
Mon Aug 07, 2017 1:42 pm
Forum: General
Topic: How to filter "ip firewall address-list"
Replies: 1
Views: 670

Re: How to filter "ip firewall address-list"

up up! :)
Any idea?
by jmginer
Fri Aug 04, 2017 12:41 pm
Forum: General
Topic: How to filter "ip firewall address-list"
Replies: 1
Views: 670

How to filter "ip firewall address-list"

Hello, I want print all the address-list records if the address is inside a subnet If I enter the exact match, is ok: > ip firewall address-list print where address=46.229.168.10 Flags: X - disabled, D - dynamic # LIST ADDRESS CREATION-TIME TIMEOUT 0 D ;;; test test 46.229.168.10 jul/24/2017 13:06:1...
by jmginer
Sat Jun 03, 2017 5:05 pm
Forum: General
Topic: How to count IPv6 traffic
Replies: 3
Views: 583

Re: How to count IPv6 traffic

up! up! :)
by jmginer
Fri Mar 10, 2017 3:21 pm
Forum: General
Topic: How to count IPv6 traffic
Replies: 3
Views: 583

Re: How to count IPv6 traffic

up! :)
by jmginer
Thu Feb 16, 2017 10:18 pm
Forum: General
Topic: ip route add very slow in CCR 1072, but ok in x86
Replies: 4
Views: 482

Re: ip route add very slow in CCR 1072, but ok in x86

Hello, that is a bug on this CCR or what?
by jmginer
Sat Feb 04, 2017 5:29 pm
Forum: General
Topic: How to count IPv6 traffic
Replies: 3
Views: 583

How to count IPv6 traffic

Hello!

there is any option to know how many traffic is routed in IPv6 ?

Thanks in advance!
by jmginer
Fri Jan 27, 2017 10:22 am
Forum: General
Topic: ip route add very slow in CCR 1072, but ok in x86
Replies: 4
Views: 482

ip route add very slow in CCR 1072, but ok in x86

Hello,

I have a new CCR1072, and I detect that it takes too long to add static routes, around 30-60 seconds for each route!!!

The CPU is 1%

I have other RouterOS running on x86, and everything is ok.

What is wrong?

Thanks!
by jmginer
Tue Jan 24, 2017 4:28 pm
Forum: Forwarding Protocols
Topic: How to see BGP incoming advertisements [SOLVED]
Replies: 1
Views: 820

How to see BGP incoming advertisements [SOLVED]

/routing bgp advertisements
Read only information about outgoing routing information currently advertised.
Hello, how can I see what prefixes a peer is advertising me? (incoming routing)

Thanks
  • 1
  • 2