Community discussions

Search found 115 matches

by jmginer
Thu Oct 10, 2019 6:09 pm
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 1381

Re: Filters for +500 prefixes

The option to do this is there, you just have to build more than one filter. Thanks a lot, I do it and is working very fine. But, perhaps if instead of adding prefixes as a new filter, they were added in a separate table, it would be more efficient at the CPU consumption level. The same as the fire...
by jmginer
Fri Oct 04, 2019 1:57 pm
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 1381

Re: Filters for +500 prefixes

Similar feature is currently in development. Thanks, something like this is what I expect: /routing filter add action=accept chain=Upstream-OUT prefix-list=MyPrefix /routing filter prefix-list add prefix=1.1.1.0/24 list=MyPrefix add prefix=2.2.2.0/24 list=MyPrefix add prefix=3.3.3.0/24 list=MyPrefi...
by jmginer
Fri Oct 04, 2019 12:49 pm
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 1381

Re: Filters for +500 prefixes

Cisco, Juniper, Huawei, Alcatel, etc... all have the option to create a "prefix-list" for filters. I'm surprised Mikrotik doesn't offer this option...
/routing filter ?

what's your problem?
No option for prefix-list filters
by jmginer
Thu Oct 03, 2019 9:17 pm
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 1381

Re: Filters for +500 prefixes

Cisco, Juniper, Huawei, Alcatel, etc... all have the option to create a "prefix-list" for filters. I'm surprised Mikrotik doesn't offer this option...
by jmginer
Thu Oct 03, 2019 7:05 pm
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 1381

Filters for +500 prefixes

Hello,

we need to advertise +500 prefixes to 4 BGP providers.

That means that we need to create 2000 filters?

There is any option to create a address-list? then we will be able to reduce to only 4 filters.

Thanks!
by jmginer
Thu Sep 26, 2019 2:05 pm
Forum: General
Topic: High-end switches like 48 x 10G and 24 x 40G
Replies: 3
Views: 345

Re: High-end switches like 48 x 10G and 24 x 40G

None of them has 48 sfp+ ports or 24 qsfp
by jmginer
Thu Sep 26, 2019 10:36 am
Forum: General
Topic: High-end switches like 48 x 10G and 24 x 40G
Replies: 3
Views: 345

High-end switches like 48 x 10G and 24 x 40G

Hello, we need switches with high density ports

For distribution: 24 x 40G
For hosting: 48 x 10G sfp+ + 2 x 40G

Thanks!
by jmginer
Fri Sep 06, 2019 6:27 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35879

Re: RouterOS v7.0beta1 (ARM)

Address-lists for route filters available?
by jmginer
Tue Jul 02, 2019 4:23 pm
Forum: General
Topic: Packet sniffer size limit
Replies: 2
Views: 336

Re: Packet sniffer size limit

So, KiloBytes... will be good if you can fix in Winbox to change

kb -> KiB
by jmginer
Tue Jul 02, 2019 3:59 pm
Forum: General
Topic: Packet sniffer size limit
Replies: 2
Views: 336

Packet sniffer size limit

Hello,

in winbox > tool > sniffer

says:

Memory Limit = kb (kilobits)
File size = kb (kilobits)

But in the documentation is: KiB, wich is KiloBytes

Whats is the correct one, kilobits or KiloBytes ?

Thanks!
by jmginer
Fri Jun 14, 2019 4:23 pm
Forum: General
Topic: [FEATURE REQUEST] route filter address-list
Replies: 0
Views: 377

[FEATURE REQUEST] route filter address-list

Hi,

it's hard to create a filter for every new prefix we add to our BGP. It would be much more efficient to be able to manage an address-list or prefix-list.

Thanks!
by jmginer
Wed Jun 05, 2019 11:06 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 764

Re: Switch VLANs Very High CPU [SOLVED]

No PM on this forum. So kindly pass the offered gift to a charity of your choice, thank you.


done!

Image
by jmginer
Wed Jun 05, 2019 6:08 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 764

Re: Switch VLANs Very High CPU [SOLVED]

Got it! :) I've created the isolated ports and a unique bridge. I've connected my upstreams (3 x FULL BGP) and all the traffic is working fine. The bridge is returning "HW Offload" active on all ports. And the CPU on the CRS is less 1-5% every time. Many thanks! @mkx Please, send me a PM with your P...
by jmginer
Tue Jun 04, 2019 9:30 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 764

Re: Switch VLANs Very High CPU [SOLVED]

You're right, fixed, thanks! :)

Now I have my transit upstreams connected directly to the CHR. Tomorrow I will try with one of them to pass it through the switch.
I suppose I can create a new bridge? Or do I have to use a single bridge to take advantage of HW acceleration?
by jmginer
Tue Jun 04, 2019 1:56 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 764

Re: Switch VLANs Very High CPU [SOLVED]

I think I've solved, at least is working and only using 2% CPU... /interface bridge add name=BR1 protocol-mode=none vlan-filtering=yes /interface bridge port add bridge=BR1 interface=sfp-sfpplus1-DECIX-IN add bridge=BR1 interface=sfp-sfpplus2-DECIX-OUT /interface bridge vlan add bridge=BR1 tagged=sf...
by jmginer
Fri May 31, 2019 1:05 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 764

Switch VLANs Very High CPU [SOLVED]

Hi, I have a CHR x86 for routing and peering at DECIX Madrid. Additionally DECIX provides me with the same cable peering in Lisbon through a VLAN. The DECIX cable, I have it connected to an intermediate CRS switch. What I do is connect the CRS cable to the CHR with 2 VLANs, one for Lisbon (vlan11) a...
by jmginer
Thu May 02, 2019 12:29 pm
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 3
Views: 793

Re: [Feature request] Terminal peer colum

Please, implemt it...
by jmginer
Wed May 01, 2019 9:16 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 748

Re: Create BGP communities [SOLVED]

Thanks @joegoldman @sri2007, I think I got it: add action=discard bgp-communities=myAS:1000 chain=DECIX-OUT prefix-length=0-128 comment="Dont advertise to DECIX" With this filter rule, when my downstream advertise me a prfix with the comm myAS:1000 my router don't re-advertise to DECIX. I've placed ...
by jmginer
Wed May 01, 2019 12:41 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 748

Create BGP communities [SOLVED]

Hello,

I offer IP Transit over BGP and would like to create communities for my customers and for them to choose which of my upstreams to advertise their prefixes.

Is this possible with Mikrotik?

Thank you!
by jmginer
Sat Jan 26, 2019 1:25 am
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 3
Views: 793

Re: [Feature request] Terminal peer colum

Hello?!
by jmginer
Tue Nov 06, 2018 8:40 pm
Forum: General
Topic: Boot time CRS 226 vs 326
Replies: 0
Views: 278

Boot time CRS 226 vs 326

Hello, the old CRS 226, takes 1 minute to boot, and the new 326 takes 2 minutes.

why the new version takes more time to boot? is normal?

Thanks!
by jmginer
Mon Nov 05, 2018 1:12 pm
Forum: Virtualization
Topic: CHR neighbour discovery problem
Replies: 13
Views: 4972

Re: CHR neighbour discovery problem

My CHR also takes around 1 minute to become discovered by Winbox.
by jmginer
Mon Nov 05, 2018 10:30 am
Forum: General
Topic: Firmware upgrade?
Replies: 3
Views: 410

Firmware upgrade?

Hello!

When we do a software update, the system marks the firmware as outdated. Is it always necessary to do a double reboot? or is it possible to update the software and firmware in the same reboot?

Thank you!
by jmginer
Mon Oct 29, 2018 1:15 pm
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 3
Views: 793

Re: [Feature request] Terminal peer colum

up! up!
by jmginer
Mon Oct 29, 2018 10:46 am
Forum: Forwarding Protocols
Topic: BGP as Transit/IP Provider
Replies: 4
Views: 3401

Re: BGP as Transit/IP Provider

setup appropriate filters to make sure the the customer route is not advertised to your upstream peers when the customer connection to you is down. Hello, I'm having a problem with this, because I'm advertising to my upstreams a prefix that my client is not advertising to me. I think I'm advertisin...
by jmginer
Mon Sep 24, 2018 4:44 pm
Forum: Forwarding Protocols
Topic: Full BGP tables with two upstream ISPs using CHR - Performance question
Replies: 11
Views: 5032

Re: Full BGP tables with two upstream ISPs using CHR - Performance question

btw, you can check this link for a most specific analysis too: https://mum.mikrotik.com/presentations/EU18/presentation_5188_1524562405.pdf Hello!, thanks to share this!!! In your tests with Proxmox, you have only generated less than 80,000 PPS, however with ESXi and Hyper-V you have exceeded +500,...
by jmginer
Mon Sep 24, 2018 12:30 pm
Forum: General
Topic: X86_64 ROS - 64bit Mikrotik
Replies: 79
Views: 29738

Re: X86_64 ROS - 64bit Mikrotik

+1 for native implementation to allow +2GB RAM in x86
by jmginer
Mon Sep 24, 2018 9:34 am
Forum: Forwarding Protocols
Topic: BGP as Transit/IP Provider
Replies: 4
Views: 3401

Re: BGP as Transit/IP Provider

setup appropriate filters to make sure the the customer route is not advertised to your upstream peers when the customer connection to you is down. Hello, I'm having a problem with this, because I'm advertising to my upstreams a prefix that my client is not advertising to me. I think I'm advertisin...
by jmginer
Sun Sep 23, 2018 2:57 pm
Forum: General
Topic: Feature Request: export ASN in Netflow
Replies: 5
Views: 1764

Re: Feature Request: export ASN in Netflow

Please, add AS numbers in traffic flow!!!
by jmginer
Sat Sep 01, 2018 12:50 pm
Forum: General
Topic: [Feature request] IPv6 Mangle action route-dst
Replies: 1
Views: 517

[Feature request] IPv6 Mangle action route-dst

Hello, please add the "action route-dst" in IPv6 mangle.

Currently is only available in IPv4.

Thanks.
by jmginer
Wed Aug 22, 2018 11:39 am
Forum: General
Topic: Feature Request: BGP Multicore
Replies: 6
Views: 2896

Re: Feature Request: BGP Multicore

+100000000
by jmginer
Wed Aug 08, 2018 10:04 am
Forum: General
Topic: ROS 7 Beta
Replies: 42
Views: 12928

Re: ROS 7 Beta

I don't understand the constant need for v7? What are you trying to achieve now and can't that you know v7 can do?
BGP, filters and routing management using multicore
by jmginer
Tue Aug 07, 2018 4:28 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1226

Re: 100% CPU CCR1072 due DDoS - How to improve?

Thanks! According to the considerations explained in the wiki, fastpath should work, since the conditions are met https://wiki.mikrotik.com/wiki/Manual:Fast_Path#Bridge_handler , but I don't see any option to force an activation. It would be good if a representative of Mikrotik could confirm it, and...
by jmginer
Tue Aug 07, 2018 4:15 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1226

Re: 100% CPU CCR1072 due DDoS - How to improve?

Why do you add all your upstream ports to a bridge? I don't see the point for that... The main reason is that if I change upstream in the future, and connect it to a port that was already used, I'll create a new bridge. This way I can monitor the new bridge and the old upstream traffic does not app...
by jmginer
Tue Aug 07, 2018 4:07 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1226

Re: 100% CPU CCR1072 due DDoS - How to improve?

- 0-Switch: Bridge BondSwitchDistribute - 1-GTT: Bridge sfp-sfpplus1-GTT - 2-Adamo: Bridge sfp-sfpplus2-Adamo - 3-DECIX: Bridge sfp-sfpplus3-DECIX - 4-Telxius: Bridge sfp-sfpplus4-Telxius - BondSwitchDistribute : Bonding sfp-sfpplus5-Bond1 + sfp-sfpplus5-Bond2 - DE-Voxility: GRE - bcn1-Adamo: GRE - ...
by jmginer
Tue Aug 07, 2018 3:27 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1226

Re: 100% CPU CCR1072 due DDoS - How to improve?

Can you show output of "/interface print stats-detail" to see if you have packets that are not using fast-path? Thanks, here: Flags: D - dynamic, X - disabled, R - running, S - slave 0 RS name="ether1-RescuePC" last-link-down-time=aug/06/2018 22:23:37 last-link-up-time=aug/06/2018 22:23:41 link-dow...
by jmginer
Tue Aug 07, 2018 2:41 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1226

Re: 100% CPU CCR1072 due DDoS - How to improve?

I can see from the answers that you guis don't know how fastnetmon's header logs work, that's why I've decided to remove this information so that there's no confusion and put the raw logs of the attack in their place. It is important to see the hour, second and milliseconds of the attack, to underst...
by jmginer
Tue Aug 07, 2018 1:45 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1226

Re: 100% CPU CCR1072 due DDoS - How to improve?

The problem seems to be the flows, not the PPS. I have a few rules to allow and deny some address-lists. It should not affect the CPU. You should know that the volume shown in the log is not real, it only reflects the first instant when the attack is detected by fastnetmon and obviously no more info...
by jmginer
Tue Aug 07, 2018 1:03 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1226

Re: 100% CPU CCR1072 due DDoS - How to improve?

close port 80 from outside use.


This is not a solution to CPU consumption.

Also, if it's a web server you can't do this, it's a useless solution because the attacker can choose any port.
by jmginer
Tue Aug 07, 2018 12:33 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1226

100% CPU CCR1072 due DDoS - How to improve?

Hello, yestreday we received a DDoS attack that caused a 100% CPU usage (it's a CCR 1072) and our system was unable to do a blackhole because the router was inaccesible also via API. We have the IP connection tracking disabled on the firewall. There is some extra option that we can do to prevent a f...
by jmginer
Wed Aug 01, 2018 6:01 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 807

Re: MED When same AS_PATH

Reeeeeally stupid question, but worth asking: is the nexthop reachable on both routes? (target scope within scope?)
Yes, note that the route destination of the image of the firt post in not the same as the second. Are different prefixes ;)
by jmginer
Wed Aug 01, 2018 4:43 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 807

Re: MED When same AS_PATH

mmm, the problem now is that setting a WEIGHT value, the AS_PATH has not priority. https://ginernet.cdnbox.net/images/added/1533130811.png There is possible to give the lower AS_PATH most priority that the WEIGHT value? What I want is to use one transit only in case of the same AS_PATH (hops). but i...
by jmginer
Wed Aug 01, 2018 4:35 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 807

Re: MED When same AS_PATH

Ok, I think the correct way is using the WEIGHT instead MED.

High weight to prefer a route.
by jmginer
Wed Aug 01, 2018 4:10 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 807

MED When same AS_PATH

Hello! for the same route destination we have the same AS_PATH (2 hops). So, we're setting a lower MED value to prefer the left transit instead the right one. But, seems is not taking affect as the router is prefering the right route that we set with higher MED. There is not any differente setting a...
by jmginer
Mon Jun 11, 2018 1:51 pm
Forum: General
Topic: CRS 31x and 32x, no space left to upgrade [SOLVED]
Replies: 1
Views: 319

CRS 31x and 32x, no space left to upgrade [SOLVED]

Hello,

we just bought some 317 and 328 CRS switches, and we see that they only have 16 MB of storage, wich 13 MB are used, so remain only 3 MB free.

We see that this is not enough to update the switch software.

How do we do it?
by jmginer
Thu May 31, 2018 9:14 am
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 12980

Re: FastNetMon Integration with MikroTik (DDoS detection software)

Hi all, we're providing BGP DDoS protection, fully automated mitigation service for Mikrotik networks. Detection and mitigation in less than 5 seconds. More info: https://ginernet.com/en/services/antiddos/bgp/ Hi, I see you're using FastNetMon as the detection mechanism in your service (saw the vid...
by jmginer
Wed May 30, 2018 1:18 pm
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 3
Views: 793

[Feature request] Terminal peer colum

Hello, when this command
routing bgp advertisements print
.

The peer column is too thin, only shows 5 characters, this produce that every peer name is cutted.

Please, increase it.

Thanks.
by jmginer
Sat Mar 31, 2018 9:44 pm
Forum: General
Topic: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load
Replies: 2
Views: 532

Re: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load

Never had before any issue with the current release, but yes, roll-back to bug-fix only version.-
by jmginer
Sat Mar 31, 2018 8:26 am
Forum: General
Topic: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load
Replies: 2
Views: 532

CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load

Hello, I have a CCR 1072 since the last update: 6.41.3 the router crashes 2 or 3 times per week. I know, because we have a script that connects via API and stop working. at this time, we try to connect via SSH and also dont work. Winbox work Ok, but when we launch the terminal, also dont load, after...
by jmginer
Tue Mar 20, 2018 9:47 am
Forum: Forwarding Protocols
Topic: BGP traffic out peer priority
Replies: 6
Views: 1800

Re: BGP traffic out peer priority

your inbound policy affects how you reach external peers. Also note you only really have control over your inbound policy So, there is any option to reach a external peer using the same upstream that they are using to reach me. I have 2 upstreams: Adamo + Telefonica If RETN is reaching me using Tel...
by jmginer
Tue Feb 20, 2018 7:03 pm
Forum: Forwarding Protocols
Topic: routing filter set-bgp-communities ASN 32bit bug/error
Replies: 3
Views: 744

routing filter set-bgp-communities ASN 32bit bug/error

Hello,

on the DE-CIX, the way to dont export a advertisemend to one peer is doing a setting BGP communitie.

But I get error when I try to add a ASN 32bit on the set-bgp-communities parameter.

Is not detected as a ASN.
by jmginer
Fri Dec 29, 2017 6:23 pm
Forum: Forwarding Protocols
Topic: BGP traffic out peer priority
Replies: 6
Views: 1800

BGP traffic out peer priority

Hello! we have 2 upstreams: Adamo + Telefonica RETN has direct transit with both in our routing tables, we see RETN routes with 2 hops for both (Adamo and Telefonica) In the RETN looking glass, they are sending us the traffic via Telefonica. But our Mikrotik is responding using Adamo. Why we dont re...
by jmginer
Wed Dec 13, 2017 10:36 am
Forum: Forwarding Protocols
Topic: How to advertise the default route? [SOLVED]
Replies: 3
Views: 475

Re: How to advertise the default route? [SOLVED]

Thanks @Anumrak

works if I set with prefix-length=0
/routing filter
add action=accept chain=Peer-OUT prefix=0.0.0.0/0 prefix-length=0
add action=discard chain=Peer-OUT
by jmginer
Tue Dec 12, 2017 8:02 pm
Forum: Forwarding Protocols
Topic: How to advertise the default route? [SOLVED]
Replies: 3
Views: 475

How to advertise the default route? [SOLVED]

Hello, we want send default route to a particular peer. In BGP peer, we have tried to set default-originate=always or default-originate=if-installed without success. The only workaround that we have found is to create a out filter with discard action /routing filter add action=discard chain=peer-out...
by jmginer
Mon Nov 06, 2017 4:42 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154890

Re: RouterOS v7.0 beta1 - when?

That is a lot of route filters for such a small number of peers !
One peer is IX point, with a lot of members.

+300 filters based on different members of the IX and for different /24 subnets.
+500 filters setting a BGP-Local-Pref based on the BGP-AS-Path.
by jmginer
Sun Nov 05, 2017 1:36 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154890

Re: RouterOS v7.0 beta1 - when?

We bought a year ago a CCR1072,
We are using with 4 peers providing us full routing and with more than 800 filters.
After a reboot, it takes more than 2 hours to apply all routes and filters and it's only using 2% of CPU.
Resume: Sh it product.
by jmginer
Thu Sep 21, 2017 7:34 pm
Forum: General
Topic: Sniffer server howto ?
Replies: 1
Views: 480

Sniffer server howto ?

Hello, anybody can explain me a litle bit how to configure a sniffer capture server? any guide?

Thanks a lot!
by jmginer
Sat Aug 26, 2017 2:00 pm
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 12980

Re: FastNetMon Integration with MikroTik (DDoS detection software)

Hi all, we're providing BGP DDoS protection, fully automated mitigation service for Mikrotik networks.
Detection and mitigation in less than 5 seconds.
More info: https://ginernet.com/en/services/antiddos/bgp/
by jmginer
Mon Aug 14, 2017 9:58 am
Forum: General
Topic: Run [find] via API not run
Replies: 1
Views: 527

Run [find] via API not run

Hello,

we want remove all entries in address-list via API,
this command is working fine via console
/ip firewall address-list remove [find]
but, when we run via API
Return "No such command" error

What is wrong?
by jmginer
Mon Aug 07, 2017 1:42 pm
Forum: General
Topic: How to filter "ip firewall address-list"
Replies: 1
Views: 746

Re: How to filter "ip firewall address-list"

up up! :)
Any idea?
by jmginer
Fri Aug 04, 2017 12:41 pm
Forum: General
Topic: How to filter "ip firewall address-list"
Replies: 1
Views: 746

How to filter "ip firewall address-list"

Hello, I want print all the address-list records if the address is inside a subnet If I enter the exact match, is ok: > ip firewall address-list print where address=46.229.168.10 Flags: X - disabled, D - dynamic # LIST ADDRESS CREATION-TIME TIMEOUT 0 D ;;; test test 46.229.168.10 jul/24/2017 13:06:1...
by jmginer
Sat Jun 03, 2017 5:05 pm
Forum: General
Topic: How to count IPv6 traffic
Replies: 3
Views: 695

Re: How to count IPv6 traffic

up! up! :)
by jmginer
Fri Mar 10, 2017 3:21 pm
Forum: General
Topic: How to count IPv6 traffic
Replies: 3
Views: 695

Re: How to count IPv6 traffic

up! :)
by jmginer
Thu Feb 16, 2017 10:18 pm
Forum: General
Topic: ip route add very slow in CCR 1072, but ok in x86
Replies: 4
Views: 552

Re: ip route add very slow in CCR 1072, but ok in x86

Hello, that is a bug on this CCR or what?
by jmginer
Sat Feb 04, 2017 5:29 pm
Forum: General
Topic: How to count IPv6 traffic
Replies: 3
Views: 695

How to count IPv6 traffic

Hello!

there is any option to know how many traffic is routed in IPv6 ?

Thanks in advance!
by jmginer
Fri Jan 27, 2017 10:22 am
Forum: General
Topic: ip route add very slow in CCR 1072, but ok in x86
Replies: 4
Views: 552

ip route add very slow in CCR 1072, but ok in x86

Hello,

I have a new CCR1072, and I detect that it takes too long to add static routes, around 30-60 seconds for each route!!!

The CPU is 1%

I have other RouterOS running on x86, and everything is ok.

What is wrong?

Thanks!
by jmginer
Tue Jan 24, 2017 4:28 pm
Forum: Forwarding Protocols
Topic: How to see BGP incoming advertisements [SOLVED]
Replies: 1
Views: 1084

How to see BGP incoming advertisements [SOLVED]

/routing bgp advertisements
Read only information about outgoing routing information currently advertised.
Hello, how can I see what prefixes a peer is advertising me? (incoming routing)

Thanks
by jmginer
Mon Nov 21, 2016 8:24 pm
Forum: Forwarding Protocols
Topic: How to select gateway based on the src-address
Replies: 1
Views: 691

Re: How to select gateway based on the src-address

Found! with a Mangle:
/ip firewall mangle
add action=route chain=prerouting passthrough=yes src-address=x.x.x.0/24 route-dst=y.y.y.y
y.y.y.y is the gateway IP of my provider (their side IP).
by jmginer
Mon Nov 21, 2016 2:06 pm
Forum: Forwarding Protocols
Topic: How to select gateway based on the src-address
Replies: 1
Views: 691

How to select gateway based on the src-address

Hello,

we have 2 upstreams in BGP providing us full-routing.

What we want, is to limit one /24 to only use 1 upstream.

We have done for incoming traffic in BGP filters, advertising the /24 to only 1 upstream.

But for the outgoing traffic we don't know how to do.

It's possible?

Thanks!
by jmginer
Sun Jul 31, 2016 1:54 pm
Forum: General
Topic: Driver 40Gbps Intel XL710 QSFP+
Replies: 1
Views: 1094

Driver 40Gbps Intel XL710 QSFP+

Please, add support for the Intel XL710. It's a QSFP+ network card.
Thanks.
by jmginer
Wed Dec 16, 2015 1:41 am
Forum: General
Topic: IGMP Snooping
Replies: 137
Views: 59885

Re: IGMP Snooping

+1 IGMP Snooping to manage my IPTV stations.
by jmginer
Wed Dec 09, 2015 4:31 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188118

Re: Cloud Hosted Router

I try to install RouterOS in VULTR, they don't allow to upload images and the ISO also not run as the disk is not detected (virtio disk driver).

It's possible to get a ISO with the Virtio disk driver? or how to install in this case?

Image
by jmginer
Sat Dec 05, 2015 12:25 pm
Forum: General
Topic: igmp-proxy no more available?
Replies: 1
Views: 540

igmp-proxy no more available?

http://wiki.mikrotik.com/wiki/Manual:Routing/IGMP-Proxy

> /routing igmp-proxy
bad command name igmp-proxy (line 1 column 10)
by jmginer
Fri Dec 04, 2015 1:01 pm
Forum: Beginner Basics
Topic: Add 5GHz to RB951G
Replies: 7
Views: 5259

Re: Add 5GHz to RB951G

Also interested to have 5GHz wireless in my RB951G-2HnD
Some solution using the USB port?
by jmginer
Thu Nov 12, 2015 10:43 am
Forum: General
Topic: Reject incoming traffic if it's spoofed?
Replies: 1
Views: 454

Reject incoming traffic if it's spoofed?

It's possible?

http://spoofer.caida.org/

Thanks!
by jmginer
Thu Nov 12, 2015 9:07 am
Forum: General
Topic: Feature request: Fastnetmon
Replies: 2
Views: 1650

Re: Feature request: Fastnetmon

up! Please, include in RouterOS!
by jmginer
Sat Oct 31, 2015 10:17 pm
Forum: General
Topic: How to select the gateway showed when you traceroute mi network?
Replies: 0
Views: 269

How to select the gateway showed when you traceroute mi network?

Hello! I'm interested to select what IP to show when someone do a traceroute to some of my IPs. I have a RouterOS install, working since a long time, with feel addresses. When it reboots, the "gateway" showed when I trace some of the IPs routed in this router is a randoom one. What I do to select th...
by jmginer
Fri Sep 25, 2015 11:14 pm
Forum: General
Topic: allow yum on firewall
Replies: 1
Views: 505

Re: allow yum on firewall

fixed adding: add chain=forward action=accept dst-address=x.x.x.x src-port=20-22 protocol=tcp in-interface=eth1 comment="CTID-3320" add chain=forward action=accept dst-address=x.x.x.x src-port=80 protocol=tcp in-interface=eth1 comment="CTID-3320" add chain=forward action=accept dst-address=x.x.x.x s...
by jmginer
Fri Sep 25, 2015 11:00 pm
Forum: General
Topic: allow yum on firewall
Replies: 1
Views: 505

allow yum on firewall

Hello, I have this rules applies, but when the host with IP x.x.x.x try to run a yum update command (is a centos VPS), it gets the showed error. Any idea? Thanks in advance!! /ip firewall filter add chain=forward action=accept src-address=8.8.8.8 in-interface=eth1 comment="CTID-3320" add chain=forwa...
by jmginer
Sun Sep 06, 2015 2:23 pm
Forum: General
Topic: RouterOS x86 only one CPU Core
Replies: 2
Views: 527

Re: RouterOS x86 only one CPU Core

Fixed downgrading to 6.30.4
by jmginer
Sun Sep 06, 2015 2:13 pm
Forum: General
Topic: RouterOS x86 only one CPU Core
Replies: 2
Views: 527

Re: RouterOS x86 only one CPU Core

We are having the same issue, just happening since 6.31.
by jmginer
Mon Aug 31, 2015 11:53 am
Forum: General
Topic: Feature request: Fastnetmon
Replies: 2
Views: 1650

Feature request: Fastnetmon

Fastnetmon integration on Mikrotik https://github.com/pavel-odintsov/fastnetmon FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, netmap, PF_RING, PCAP). What can we do? We can detect hosts in our own network with a large a...
by jmginer
Mon Aug 24, 2015 10:32 am
Forum: General
Topic: ERROR in virtio disk driver in 6.31
Replies: 3
Views: 1734

Re: ERROR in virtio disk driver in 6.31

I'm getting this error on a RunAbove OpenStack service.
They don't provide me any option to upload a img.
I need to run my own ISO.
When they create the VPS, is created with virtio/qcow2 format, I can't edit this.
by jmginer
Sun Aug 23, 2015 9:29 pm
Forum: General
Topic: ERROR in virtio disk driver in 6.31
Replies: 3
Views: 1734

ERROR in virtio disk driver in 6.31

Hello, What's new in 6.31 (2015-Aug-14 15:42): *) chr - added support for virtio disks I tried to install RouterOS 6.31 on a VPS with: - KVM virtualization - Bus: virtio - Type: qcow2 But not run. Not detect the disk. Tested with RC6.32 and same result. https://ginernet.com/images/added/1440354570.p...
by jmginer
Sat Aug 22, 2015 1:34 pm
Forum: General
Topic: CRS and traffic out with two internet connections,
Replies: 1
Views: 287

CRS and traffic out with two internet connections,

Hello, I have two CCR doing BGP, one with Cogent and the other with Level3. The incoming traffic is arriving Ok by the best BGP route, but I don't know how exactly configure the gateway to to out traffic. https://ginernet.com/images/added/1440239689.png Now I have assigned: CCR-Cogent: 10.0.0.1 CCR-...
by jmginer
Fri Aug 14, 2015 4:38 pm
Forum: Forwarding Protocols
Topic: BGP - Advertise a prefix to only one upstream
Replies: 2
Views: 703

BGP - Advertise a prefix to only one upstream

Hello, I have two upstreams that they provide me a BGP session to advertise my prefixes. I have multiple prefixes. I want, advertise some prefixes to one upstream and other prefixes to the other. How to do? For example: Prefix: 1.1.1.0/24 advertise to AS1 Prefix: 2.2.2.0/24 advertise to AS2 Prefix: ...
by jmginer
Sun Jun 14, 2015 1:52 am
Forum: General
Topic: bridge received traffic is null after upgrade 6.29
Replies: 3
Views: 906

bridge received traffic is null after upgrade 6.29

What is happening? is going to be fixed?

Image
by jmginer
Fri Jun 12, 2015 12:03 pm
Forum: Forwarding Protocols
Topic: BGP filter based in address-list?
Replies: 4
Views: 819

Re: BGP filter based in address-list?

I have 2 peers (Peer1 and Peer2) I've do this to force the incoming connection from AS22222 route via the Peer2. /routing filter add action=accept chain=Peer1-IN prefix=0.0.0.0/0 add action=discard chain=Peer1-OUT bgp-as-path=22222 add action=accept chain=Peer1-OUT prefix=1.2.3.0/24 add action=disca...
by jmginer
Fri Jun 12, 2015 12:26 am
Forum: Forwarding Protocols
Topic: BGP filter based in address-list?
Replies: 4
Views: 819

Re: BGP filter based in address-list?

Or filter by AS?
I have a list of all AS numbers of my country.
Can you let me to know a example of a filter?
Thanks!
by jmginer
Thu Jun 11, 2015 7:16 pm
Forum: Forwarding Protocols
Topic: BGP filter based in address-list?
Replies: 4
Views: 819

BGP filter based in address-list?

Hello,

I have a address-list with my country IPs (based on this http://blog.erben.sk/2014/02/06/country-cidr-ip-ranges/)
I have 2 BGP upstreams.
I want use one of the upstreams for users from my country and the other upstream for international visitors.
It's possible?

Thanks!
by jmginer
Sun May 31, 2015 8:13 pm
Forum: General
Topic: PPS limit by dst-address
Replies: 1
Views: 408

PPS limit by dst-address

Hello, I want add to a address list the IP of my customer if it's unders DDoS (for example, 50k PPS). This rule is adding to the address list ALL IPs, not just the IP of my customer, seems is not detecting the PPS limit. Anybody can help me to find what is wrong? Thanks in advance! add action=add-ds...
by jmginer
Thu Apr 16, 2015 5:56 pm
Forum: General
Topic: GRE MTU issue
Replies: 9
Views: 5079

Re: GRE MTU issue

Thanks! I'm checking, going to return MTU to 1476 and remove ICMP block rule from firewall. Why I'm blocking ICMP? Simple reason -> DDoS If someone wants to DDoS me entire network, just need to DDoS the core router. If I block ICMP, is not possible to know the IP of the router, so, more difficult to...
by jmginer
Thu Apr 16, 2015 4:12 pm
Forum: General
Topic: GRE MTU issue
Replies: 9
Views: 5079

Re: GRE MTU issue

With MTU 1500 on the GRE tunnels, the issue that we detect is that wget downloads from servers connected to mad1 or ali1 and with a IP routed via the GRE (a protected IP) never finish... the download start, but not finish. Also, if I change the MTU to 1476 (default), the download is Ok, but I have p...
by jmginer
Fri Mar 13, 2015 7:41 pm
Forum: General
Topic: GRE MTU issue
Replies: 9
Views: 5079

Re: GRE MTU issue

Thanks @ZeroByte for your support!
by jmginer
Fri Mar 13, 2015 6:49 pm
Forum: General
Topic: GRE MTU issue
Replies: 9
Views: 5079

Re: GRE MTU issue

I have this mangle rule on all routers: [login@mad1] > ip firewall mangle print Flags: X - disabled, I - invalid, D - dynamic 0 chain=postrouting action=change-mss new-mss=clamp-to-pmtu passthrough=yes tcp-flags=syn protocol=tcp log=no log-prefix="" [login@mad1] > But the issue is still. I've solved...
by jmginer
Fri Mar 13, 2015 6:00 pm
Forum: General
Topic: GRE MTU issue
Replies: 9
Views: 5079

GRE MTU issue

Hello, I have created some GRE tunnels btw 3 routers: uk1 --> mad1 --> ali1 uk1 GRE: [login@uk1] > interface gre print Flags: X - disabled, R - running 0 R name="mad1" mtu=auto actual-mtu=1476 local-address=IP.uk1 remote-address=IP.mad1 dscp=inherit clamp-tcp-mss=yes dont-fragment=no [login@uk1] > m...
by jmginer
Fri Mar 06, 2015 5:43 pm
Forum: General
Topic: BGP4-MIB for SNMP monitoring
Replies: 2
Views: 1486

BGP4-MIB for SNMP monitoring

We want monitor via SNMP our BGP sessions.
by jmginer
Thu Feb 19, 2015 11:22 am
Forum: General
Topic: Virtio disk driver - FATAL ERROR: no harddrives found
Replies: 2
Views: 2099

Virtio disk driver - FATAL ERROR: no harddrives found

Hello, we are trying to setup RouterOS x86 in a KVM guest based on the disk VirtIO driver.
The disk is not detected.
Please, fix.

Image
by jmginer
Fri Jan 23, 2015 11:08 pm
Forum: General
Topic: in OVH, 2 subnets, 2 interfaces (vrack + pub) and ARP issue.
Replies: 0
Views: 860

in OVH, 2 subnets, 2 interfaces (vrack + pub) and ARP issue.

Hello, this config is in a OVH server running with Proxmox and RouterOS installed as KVM VPS. Proxmox IP: 176.31.229.210 Subnet1: 5.196.187.8/29 <- vRack Subnet2: 176.31.52.128/27 <- FailOver with vMAC (Internally called public) I have installed the RouterOS with 2 interfaces: 1 address= 5.196.187.9...
by jmginer
Tue Sep 16, 2014 5:38 pm
Forum: Forwarding Protocols
Topic: BGP4-MIB
Replies: 17
Views: 7257

Re: BGP4-MIB

+1 vote! Thanks!
by jmginer
Tue Sep 16, 2014 5:37 pm
Forum: General
Topic: Limit incoming UDP bw
Replies: 3
Views: 763

Re: Limit incoming UDP bw

limiting the stream rate before it arrives at you.
But I'm interested to limit per destination, not per source.
Is not possible?
by jmginer
Tue Sep 16, 2014 5:30 pm
Forum: General
Topic: How to hide from traceroute
Replies: 5
Views: 3270

Re: How to hide from traceroute

Many thanks! Yes, now is solved :)
/ip firewall filter add action=drop chain=output protocol=icmp
And also blocking in Linux nodes:
iptables -A OUTPUT -p icmp --icmp-type any -j DROP
Regards!!
by jmginer
Tue Sep 16, 2014 2:25 pm
Forum: General
Topic: How to hide from traceroute
Replies: 5
Views: 3270

Re: How to hide from traceroute

/ip firewall filter add action=drop chain=input protocol=icmp This will make your router not reply to pings either. -Chris Thanks for your response, but don't solve my question, I have this rule active, but when I do a traceroute to some of the VPS servers hosted in a server that are connected to t...
by jmginer
Tue Sep 16, 2014 11:35 am
Forum: General
Topic: How to hide from traceroute
Replies: 5
Views: 3270

How to hide from traceroute

Hello, I want hide from traceroutes the Mikrotik.
How can I do?

Thanks.
by jmginer
Wed Jul 23, 2014 3:04 pm
Forum: General
Topic: Limit incoming UDP bw
Replies: 3
Views: 763

Limit incoming UDP bw

Hello, how to block incoming UDP traffic to limit 10Mbps per destination IP.
Thanks!
by jmginer
Thu Jun 12, 2014 7:58 pm
Forum: RouterBOARD hardware
Topic: CPU core protect during DDoS to do blackhole
Replies: 1
Views: 1098

CPU core protect during DDoS to do blackhole

Hello, If I receive a DDoS, there is any way to limit the CPU usage for the main uplink to don't use more than a 90% of CPU and then be available to login to the router and do the blackhole? My upstream, can provide me a second uplink with other IP, but the main problem, is, if I'm under DDoS and th...
by jmginer
Fri Feb 14, 2014 6:53 pm
Forum: Forwarding Protocols
Topic: BGP4-MIB
Replies: 17
Views: 7257

Re: BGP4-MIB

+1 to implement BGP4-MIB feature to Mikrotik
by jmginer
Wed Jul 24, 2013 6:55 pm
Forum: General
Topic: IPS support on RouterOS?
Replies: 3
Views: 2339

IPS support on RouterOS?

Hi! there are any plan to add IPS support on RouterOS?
Some option to verify if a incoming IP is spoofed or not?
Nice to prevent DDoS!

Thanks!
by jmginer
Thu Dec 13, 2012 3:04 pm
Forum: RouterBOARD hardware
Topic: Cloud Core Router pps limit on each port?
Replies: 4
Views: 2292

Cloud Core Router pps limit on each port?

Hi all! I'm starting a hosting company and I'm looking to add a CCR as a main router in my rack. My question is about DDos attacks. In the specs it says +22 millions of pps. But if all my traffic is doing on only 1 port, also are available the 22 millions of pps to this port? I think the 22 million ...