Community discussions

Search found 107 matches

by jmginer
Tue Jul 02, 2019 4:23 pm
Forum: General
Topic: Packet sniffer size limit
Replies: 2
Views: 291

Re: Packet sniffer size limit

So, KiloBytes... will be good if you can fix in Winbox to change

kb -> KiB
by jmginer
Tue Jul 02, 2019 3:59 pm
Forum: General
Topic: Packet sniffer size limit
Replies: 2
Views: 291

Packet sniffer size limit

Hello,

in winbox > tool > sniffer

says:

Memory Limit = kb (kilobits)
File size = kb (kilobits)

But in the documentation is: KiB, wich is KiloBytes

Whats is the correct one, kilobits or KiloBytes ?

Thanks!
by jmginer
Fri Jun 14, 2019 4:23 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [FEATURE REQUEST] route filter address-list
Replies: 0
Views: 268

[FEATURE REQUEST] route filter address-list

Hi,

it's hard to create a filter for every new prefix we add to our BGP. It would be much more efficient to be able to manage an address-list or prefix-list.

Thanks!
by jmginer
Wed Jun 05, 2019 11:06 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 647

Re: Switch VLANs Very High CPU [SOLVED]

No PM on this forum. So kindly pass the offered gift to a charity of your choice, thank you.


done!

Image
by jmginer
Wed Jun 05, 2019 6:08 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 647

Re: Switch VLANs Very High CPU [SOLVED]

Got it! :) I've created the isolated ports and a unique bridge. I've connected my upstreams (3 x FULL BGP) and all the traffic is working fine. The bridge is returning "HW Offload" active on all ports. And the CPU on the CRS is less 1-5% every time. Many thanks! @mkx Please, send me a PM with your P...
by jmginer
Tue Jun 04, 2019 9:30 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 647

Re: Switch VLANs Very High CPU [SOLVED]

You're right, fixed, thanks! :)

Now I have my transit upstreams connected directly to the CHR. Tomorrow I will try with one of them to pass it through the switch.
I suppose I can create a new bridge? Or do I have to use a single bridge to take advantage of HW acceleration?
by jmginer
Tue Jun 04, 2019 1:56 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 647

Re: Switch VLANs Very High CPU [SOLVED]

I think I've solved, at least is working and only using 2% CPU... /interface bridge add name=BR1 protocol-mode=none vlan-filtering=yes /interface bridge port add bridge=BR1 interface=sfp-sfpplus1-DECIX-IN add bridge=BR1 interface=sfp-sfpplus2-DECIX-OUT /interface bridge vlan add bridge=BR1 tagged=sf...
by jmginer
Fri May 31, 2019 1:05 pm
Forum: General
Topic: Switch VLANs Very High CPU [SOLVED]
Replies: 9
Views: 647

Switch VLANs Very High CPU [SOLVED]

Hi, I have a CHR x86 for routing and peering at DECIX Madrid. Additionally DECIX provides me with the same cable peering in Lisbon through a VLAN. The DECIX cable, I have it connected to an intermediate CRS switch. What I do is connect the CRS cable to the CHR with 2 VLANs, one for Lisbon (vlan11) a...
by jmginer
Thu May 02, 2019 12:29 pm
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 3
Views: 741

Re: [Feature request] Terminal peer colum

Please, implemt it...
by jmginer
Wed May 01, 2019 9:16 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 508

Re: Create BGP communities [SOLVED]

Thanks @joegoldman @sri2007, I think I got it: add action=discard bgp-communities=myAS:1000 chain=DECIX-OUT prefix-length=0-128 comment="Dont advertise to DECIX" With this filter rule, when my downstream advertise me a prfix with the comm myAS:1000 my router don't re-advertise to DECIX. I've placed ...
by jmginer
Wed May 01, 2019 12:41 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 508

Create BGP communities [SOLVED]

Hello,

I offer IP Transit over BGP and would like to create communities for my customers and for them to choose which of my upstreams to advertise their prefixes.

Is this possible with Mikrotik?

Thank you!
by jmginer
Sat Jan 26, 2019 1:25 am
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 3
Views: 741

Re: [Feature request] Terminal peer colum

Hello?!
by jmginer
Tue Nov 06, 2018 8:40 pm
Forum: General
Topic: Boot time CRS 226 vs 326
Replies: 0
Views: 257

Boot time CRS 226 vs 326

Hello, the old CRS 226, takes 1 minute to boot, and the new 326 takes 2 minutes.

why the new version takes more time to boot? is normal?

Thanks!
by jmginer
Mon Nov 05, 2018 1:12 pm
Forum: Virtualization
Topic: CHR neighbour discovery problem
Replies: 13
Views: 4679

Re: CHR neighbour discovery problem

My CHR also takes around 1 minute to become discovered by Winbox.
by jmginer
Mon Nov 05, 2018 10:30 am
Forum: General
Topic: Firmware upgrade?
Replies: 3
Views: 372

Firmware upgrade?

Hello!

When we do a software update, the system marks the firmware as outdated. Is it always necessary to do a double reboot? or is it possible to update the software and firmware in the same reboot?

Thank you!
by jmginer
Mon Oct 29, 2018 1:15 pm
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 3
Views: 741

Re: [Feature request] Terminal peer colum

up! up!
by jmginer
Mon Oct 29, 2018 10:46 am
Forum: Forwarding Protocols
Topic: BGP as Transit/IP Provider
Replies: 4
Views: 3256

Re: BGP as Transit/IP Provider

setup appropriate filters to make sure the the customer route is not advertised to your upstream peers when the customer connection to you is down. Hello, I'm having a problem with this, because I'm advertising to my upstreams a prefix that my client is not advertising to me. I think I'm advertisin...
by jmginer
Mon Sep 24, 2018 4:44 pm
Forum: Forwarding Protocols
Topic: Full BGP tables with two upstream ISPs using CHR - Performance question
Replies: 11
Views: 4749

Re: Full BGP tables with two upstream ISPs using CHR - Performance question

btw, you can check this link for a most specific analysis too: https://mum.mikrotik.com/presentations/EU18/presentation_5188_1524562405.pdf Hello!, thanks to share this!!! In your tests with Proxmox, you have only generated less than 80,000 PPS, however with ESXi and Hyper-V you have exceeded +500,...
by jmginer
Mon Sep 24, 2018 12:30 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: X86_64 ROS - 64bit Mikrotik
Replies: 79
Views: 28318

Re: X86_64 ROS - 64bit Mikrotik

+1 for native implementation to allow +2GB RAM in x86
by jmginer
Mon Sep 24, 2018 9:34 am
Forum: Forwarding Protocols
Topic: BGP as Transit/IP Provider
Replies: 4
Views: 3256

Re: BGP as Transit/IP Provider

setup appropriate filters to make sure the the customer route is not advertised to your upstream peers when the customer connection to you is down. Hello, I'm having a problem with this, because I'm advertising to my upstreams a prefix that my client is not advertising to me. I think I'm advertisin...
by jmginer
Sun Sep 23, 2018 2:57 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: export ASN in Netflow
Replies: 5
Views: 1703

Re: Feature Request: export ASN in Netflow

Please, add AS numbers in traffic flow!!!
by jmginer
Sat Sep 01, 2018 12:50 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature request] IPv6 Mangle action route-dst
Replies: 1
Views: 476

[Feature request] IPv6 Mangle action route-dst

Hello, please add the "action route-dst" in IPv6 mangle.

Currently is only available in IPv4.

Thanks.
by jmginer
Wed Aug 22, 2018 11:39 am
Forum: RouterOS v7
Topic: Feature Request: BGP Multicore
Replies: 6
Views: 2773

Re: Feature Request: BGP Multicore

+100000000
by jmginer
Wed Aug 08, 2018 10:04 am
Forum: RouterOS v6 RC and v7 BETA
Topic: ROS 7 Beta
Replies: 42
Views: 11688

Re: ROS 7 Beta

I don't understand the constant need for v7? What are you trying to achieve now and can't that you know v7 can do?
BGP, filters and routing management using multicore
by jmginer
Tue Aug 07, 2018 4:28 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1136

Re: 100% CPU CCR1072 due DDoS - How to improve?

Thanks! According to the considerations explained in the wiki, fastpath should work, since the conditions are met https://wiki.mikrotik.com/wiki/Manual:Fast_Path#Bridge_handler , but I don't see any option to force an activation. It would be good if a representative of Mikrotik could confirm it, and...
by jmginer
Tue Aug 07, 2018 4:15 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1136

Re: 100% CPU CCR1072 due DDoS - How to improve?

Why do you add all your upstream ports to a bridge? I don't see the point for that... The main reason is that if I change upstream in the future, and connect it to a port that was already used, I'll create a new bridge. This way I can monitor the new bridge and the old upstream traffic does not app...
by jmginer
Tue Aug 07, 2018 4:07 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1136

Re: 100% CPU CCR1072 due DDoS - How to improve?

- 0-Switch: Bridge BondSwitchDistribute - 1-GTT: Bridge sfp-sfpplus1-GTT - 2-Adamo: Bridge sfp-sfpplus2-Adamo - 3-DECIX: Bridge sfp-sfpplus3-DECIX - 4-Telxius: Bridge sfp-sfpplus4-Telxius - BondSwitchDistribute : Bonding sfp-sfpplus5-Bond1 + sfp-sfpplus5-Bond2 - DE-Voxility: GRE - bcn1-Adamo: GRE - ...
by jmginer
Tue Aug 07, 2018 3:27 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1136

Re: 100% CPU CCR1072 due DDoS - How to improve?

Can you show output of "/interface print stats-detail" to see if you have packets that are not using fast-path? Thanks, here: Flags: D - dynamic, X - disabled, R - running, S - slave 0 RS name="ether1-RescuePC" last-link-down-time=aug/06/2018 22:23:37 last-link-up-time=aug/06/2018 22:23:41 link-dow...
by jmginer
Tue Aug 07, 2018 2:41 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1136

Re: 100% CPU CCR1072 due DDoS - How to improve?

I can see from the answers that you guis don't know how fastnetmon's header logs work, that's why I've decided to remove this information so that there's no confusion and put the raw logs of the attack in their place. It is important to see the hour, second and milliseconds of the attack, to underst...
by jmginer
Tue Aug 07, 2018 1:45 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1136

Re: 100% CPU CCR1072 due DDoS - How to improve?

The problem seems to be the flows, not the PPS. I have a few rules to allow and deny some address-lists. It should not affect the CPU. You should know that the volume shown in the log is not real, it only reflects the first instant when the attack is detected by fastnetmon and obviously no more info...
by jmginer
Tue Aug 07, 2018 1:03 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1136

Re: 100% CPU CCR1072 due DDoS - How to improve?

close port 80 from outside use.


This is not a solution to CPU consumption.

Also, if it's a web server you can't do this, it's a useless solution because the attacker can choose any port.
by jmginer
Tue Aug 07, 2018 12:33 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1136

100% CPU CCR1072 due DDoS - How to improve?

Hello, yestreday we received a DDoS attack that caused a 100% CPU usage (it's a CCR 1072) and our system was unable to do a blackhole because the router was inaccesible also via API. We have the IP connection tracking disabled on the firewall. There is some extra option that we can do to prevent a f...
by jmginer
Wed Aug 01, 2018 6:01 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 719

Re: MED When same AS_PATH

Reeeeeally stupid question, but worth asking: is the nexthop reachable on both routes? (target scope within scope?)
Yes, note that the route destination of the image of the firt post in not the same as the second. Are different prefixes ;)
by jmginer
Wed Aug 01, 2018 4:43 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 719

Re: MED When same AS_PATH

mmm, the problem now is that setting a WEIGHT value, the AS_PATH has not priority. https://ginernet.cdnbox.net/images/added/1533130811.png There is possible to give the lower AS_PATH most priority that the WEIGHT value? What I want is to use one transit only in case of the same AS_PATH (hops). but i...
by jmginer
Wed Aug 01, 2018 4:35 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 719

Re: MED When same AS_PATH

Ok, I think the correct way is using the WEIGHT instead MED.

High weight to prefer a route.
by jmginer
Wed Aug 01, 2018 4:10 pm
Forum: Forwarding Protocols
Topic: MED When same AS_PATH
Replies: 7
Views: 719

MED When same AS_PATH

Hello! for the same route destination we have the same AS_PATH (2 hops). So, we're setting a lower MED value to prefer the left transit instead the right one. But, seems is not taking affect as the router is prefering the right route that we set with higher MED. There is not any differente setting a...
by jmginer
Mon Jun 11, 2018 1:51 pm
Forum: General
Topic: CRS 31x and 32x, no space left to upgrade [SOLVED]
Replies: 1
Views: 287

CRS 31x and 32x, no space left to upgrade [SOLVED]

Hello,

we just bought some 317 and 328 CRS switches, and we see that they only have 16 MB of storage, wich 13 MB are used, so remain only 3 MB free.

We see that this is not enough to update the switch software.

How do we do it?
by jmginer
Thu May 31, 2018 9:14 am
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 12255

Re: FastNetMon Integration with MikroTik (DDoS detection software)

Hi all, we're providing BGP DDoS protection, fully automated mitigation service for Mikrotik networks. Detection and mitigation in less than 5 seconds. More info: https://ginernet.com/en/services/antiddos/bgp/ Hi, I see you're using FastNetMon as the detection mechanism in your service (saw the vid...
by jmginer
Wed May 30, 2018 1:18 pm
Forum: General
Topic: [Feature request] Terminal peer colum
Replies: 3
Views: 741

[Feature request] Terminal peer colum

Hello, when this command
routing bgp advertisements print
.

The peer column is too thin, only shows 5 characters, this produce that every peer name is cutted.

Please, increase it.

Thanks.
by jmginer
Sat Mar 31, 2018 9:44 pm
Forum: General
Topic: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load
Replies: 2
Views: 496

Re: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load

Never had before any issue with the current release, but yes, roll-back to bug-fix only version.-
by jmginer
Sat Mar 31, 2018 8:26 am
Forum: General
Topic: CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load
Replies: 2
Views: 496

CCR1072 - CPU issue since last sofware + firmware updae - Can not connect via SSH, API and terminal not load

Hello, I have a CCR 1072 since the last update: 6.41.3 the router crashes 2 or 3 times per week. I know, because we have a script that connects via API and stop working. at this time, we try to connect via SSH and also dont work. Winbox work Ok, but when we launch the terminal, also dont load, after...
by jmginer
Tue Mar 20, 2018 9:47 am
Forum: Forwarding Protocols
Topic: BGP traffic out peer priority
Replies: 6
Views: 1669

Re: BGP traffic out peer priority

your inbound policy affects how you reach external peers. Also note you only really have control over your inbound policy So, there is any option to reach a external peer using the same upstream that they are using to reach me. I have 2 upstreams: Adamo + Telefonica If RETN is reaching me using Tel...
by jmginer
Tue Feb 20, 2018 7:03 pm
Forum: Forwarding Protocols
Topic: routing filter set-bgp-communities ASN 32bit bug/error
Replies: 3
Views: 688

routing filter set-bgp-communities ASN 32bit bug/error

Hello,

on the DE-CIX, the way to dont export a advertisemend to one peer is doing a setting BGP communitie.

But I get error when I try to add a ASN 32bit on the set-bgp-communities parameter.

Is not detected as a ASN.
by jmginer
Fri Dec 29, 2017 6:23 pm
Forum: Forwarding Protocols
Topic: BGP traffic out peer priority
Replies: 6
Views: 1669

BGP traffic out peer priority

Hello! we have 2 upstreams: Adamo + Telefonica RETN has direct transit with both in our routing tables, we see RETN routes with 2 hops for both (Adamo and Telefonica) In the RETN looking glass, they are sending us the traffic via Telefonica. But our Mikrotik is responding using Adamo. Why we dont re...
by jmginer
Wed Dec 13, 2017 10:36 am
Forum: Forwarding Protocols
Topic: How to advertise the default route? [SOLVED]
Replies: 3
Views: 444

Re: How to advertise the default route? [SOLVED]

Thanks @Anumrak

works if I set with prefix-length=0
/routing filter
add action=accept chain=Peer-OUT prefix=0.0.0.0/0 prefix-length=0
add action=discard chain=Peer-OUT
by jmginer
Tue Dec 12, 2017 8:02 pm
Forum: Forwarding Protocols
Topic: How to advertise the default route? [SOLVED]
Replies: 3
Views: 444

How to advertise the default route? [SOLVED]

Hello, we want send default route to a particular peer. In BGP peer, we have tried to set default-originate=always or default-originate=if-installed without success. The only workaround that we have found is to create a out filter with discard action /routing filter add action=discard chain=peer-out...
by jmginer
Mon Nov 06, 2017 4:42 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 565
Views: 137300

Re: RouterOS v7.0 beta1 - when?

That is a lot of route filters for such a small number of peers !
One peer is IX point, with a lot of members.

+300 filters based on different members of the IX and for different /24 subnets.
+500 filters setting a BGP-Local-Pref based on the BGP-AS-Path.
by jmginer
Sun Nov 05, 2017 1:36 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 565
Views: 137300

Re: RouterOS v7.0 beta1 - when?

We bought a year ago a CCR1072,
We are using with 4 peers providing us full routing and with more than 800 filters.
After a reboot, it takes more than 2 hours to apply all routes and filters and it's only using 2% of CPU.
Resume: Sh it product.
by jmginer
Thu Sep 21, 2017 7:34 pm
Forum: General
Topic: Sniffer server howto ?
Replies: 1
Views: 452

Sniffer server howto ?

Hello, anybody can explain me a litle bit how to configure a sniffer capture server? any guide?

Thanks a lot!