Community discussions

Search found 102 matches

by raz
Fri Jul 17, 2015 12:31 pm
Forum: Forwarding Protocols
Topic: BGP Multihomed
Replies: 1
Views: 636

BGP Multihomed

Hi, since MT released the CCR-1072 with 8x SFP+ Ports, what would the best practice for this kind of network setup? 4 different Datacenters, connected by a ring network. 4 mt ccr 1072 routers 6 upstreams (10 GBits each), (2x DC1, 2x DC2, 1x DC3, 1x DC4) to different networks with bgp are there some ...
by raz
Fri Jul 25, 2014 1:38 pm
Forum: Forwarding Protocols
Topic: BGP Router for Hosting Company
Replies: 12
Views: 5071

Re: BGP Router for Hosting Company

If your Edgerouter will hit by TCP SYN Flood, you can dig a hole und put it in. UBNT never responded to my Tickets in this Case. So im sold my Testunit.
by raz
Tue Jul 22, 2014 2:42 pm
Forum: Forwarding Protocols
Topic: BGP Router for Hosting Company
Replies: 12
Views: 5071

Re: BGP Router for Hosting Company

Hey randvegeta,

i would recommend to you CCR1016 or better, it does what you need.

Read here more:

http://wiki.mikrotik.com/wiki/Manual:Routing/BGP

http://robert.penz.name/779/howto-setup ... k-routers/

Easy.
by raz
Tue Jul 15, 2014 2:11 pm
Forum: Beginner Basics
Topic: Firewall
Replies: 1
Views: 529

Re: Firewall

Thats easy, just use the L7 Filtering and put in "torrent", and as Protocol UDP dst-port 53 action drop
by raz
Thu Jul 10, 2014 4:04 pm
Forum: General
Topic: Layer 7
Replies: 3
Views: 750

Re: Layer 7

Normally the Traffic between Apple Store and the End User Device is handled over https.
by raz
Wed Mar 12, 2014 8:17 am
Forum: General
Topic: Newsletter 55 - new products!
Replies: 32
Views: 10385

Re: Newsletter 55 - new products!

What about the new Routing Engine?
by raz
Mon Mar 03, 2014 11:08 pm
Forum: General
Topic: CCR CPU %100 (managment) when a port reaches 1000mbit traf
Replies: 17
Views: 2602

Re: CCR CPU %100 (managment) when a port reaches 1000mbit tr

Maybe SNMP? Try to disable it... Try too disable the LCD Display. If it dont work, reboot Router with slower CPU Speed.
by raz
Fri Jan 31, 2014 10:46 am
Forum: Beginner Basics
Topic: Policy Based Routing Question
Replies: 1
Views: 468

Re: Policy Based Routing Question

Found it, there was an dst-nat rule for webproxy, so it redirected and ignored it.
by raz
Fri Jan 31, 2014 8:38 am
Forum: Beginner Basics
Topic: Policy Based Routing Question
Replies: 1
Views: 468

Policy Based Routing Question

Hey we got a 2nd ISP Connection. ISP1: 3 MBit/sec with static IPs ISP2: 100 MBit/sec with dynamic IPs and "HomeBox" as Router. It makes src-nat. so im gonna try Policy Based Routing now: /ip firewall mangle add action=mark-routing chain=prerouting dst-port=80,8080 new-routing-mark=\ isp2_route passt...
by raz
Thu Jan 23, 2014 9:15 pm
Forum: General
Topic: Some Experiences with VRRP
Replies: 5
Views: 1792

Re: Some Experiences with VRRP

Thanks for sharing, if im built it and tested it, im come back with my Review, but it would take some weeks / months.
by raz
Tue Jan 21, 2014 4:57 pm
Forum: General
Topic: Some Experiences with VRRP
Replies: 5
Views: 1792

Re: Some Experiences with VRRP

Thanks for your Report! Im planning to use 2x CCR 1036 SFP+ and dont waste my Money :) Sounds great! If im using 2x CCR for it: Uplink_01 @ 10 GBit SFP+ ---- CCR_01 > | | 10 GBit Link | ---- Core Switch (HA Setup) Uplink_02 @ 10 GBit SFP+ ---- CCR_02 > | What happens if 15 GBit Bandwith are incoming...
by raz
Mon Jan 20, 2014 8:57 am
Forum: General
Topic: IPV6 is it usable
Replies: 7
Views: 1840

Re: IPV6 is it usable

tried to setup ipv6 with a bgpv4 session, but didnt worked.
support@mikrotik.com could not help?
Maybe in some Weeks, have to read completly in and try again. After it wont work, ill ask MT
by raz
Fri Jan 17, 2014 1:35 pm
Forum: General
Topic: IPV6 is it usable
Replies: 7
Views: 1840

Re: IPV6 is it usable

tried to setup ipv6 with a bgpv4 session, but didnt worked.
by raz
Tue Jan 14, 2014 9:50 pm
Forum: General
Topic: Block UDP traffic
Replies: 7
Views: 6129

Re: Block UDP traffic

Forgot the Chain, depends on how you're using your MT Device. chain=forward does what you need. Depends on what kind of DDoS you're receiving, your Question sounds like UDP Port 53 ;) chain=forward dst-port=53 protocol=udp action=drop in-interface=etherx Should to the Job, if you have the /ip servic...
by raz
Tue Jan 14, 2014 8:11 am
Forum: General
Topic: Block UDP traffic
Replies: 7
Views: 6129

Re: Block UDP traffic

/ip firewall filter add src-address=!192.168.1.0/24  protocol=udp action=drop
by raz
Mon Jan 13, 2014 11:10 am
Forum: RouterBOARD hardware
Topic: BGP full route
Replies: 10
Views: 2963

Re: BGP full route

Nothing against them, but their Performance is worst, even more worst as Mikrotik. And the Support never replied me after i wrote a complete Ticket with Pictures and lot of Informations. Good that i got my Money back for this crap. Are we talking about the new Edgerouter models here? Yep , i can pm...
by raz
Thu Jan 09, 2014 2:10 pm
Forum: RouterBOARD hardware
Topic: BGP full route
Replies: 10
Views: 2963

Re: BGP full route

If you're interested in Vyatta you may want to check out the new Ubiquiti EdgeMAX Edgerouter and Edgerouter Pro models which are running an extended version of Vyatta 6.3. We just preordered two today after I've been playing around with an Edgerouter LITE for a while. The preinstalled 2 GB RAM can ...
by raz
Thu Dec 26, 2013 10:29 pm
Forum: General
Topic: Some Experiences with VRRP
Replies: 5
Views: 1792

Some Experiences with VRRP

Hey MT Users,

had someone a VRRP Setup in use? Is it working or are there some Bugs and its not stable?
What kind of Hardware you used?

Thanks
by raz
Sun Dec 22, 2013 11:17 pm
Forum: Scripting
Topic: IP automatically to /route filter
Replies: 0
Views: 608

IP automatically to /route filter

Hello MT, im a bit confused about it, we have following Scenario: Client = 10.0.0.10/32 Router = 10.0.0.1/24 Upstream = 10.20.10.10/29 Attacker = 5'000+ IP's The Router runs BGP. How would it be possible to execute following Action if Client gets more as 50'000 Packets per Second? /routing filter ch...
by raz
Mon Dec 09, 2013 3:48 pm
Forum: General
Topic: [OT] Looking for IP4 Space
Replies: 0
Views: 384

[OT] Looking for IP4 Space

hi, first, sorry for my OffTopic. Im looking for some /24 - /22 IP4 RIPE Space to buy or lease that i can advertise on my MikroTiK Router. Im not an RIPE Member but, im working together with someone he is, but their ran out of IP4 Space. Netspace will not be used for Spam or some other Bad things. I...
by raz
Sat Dec 07, 2013 10:07 pm
Forum: General
Topic: CCR1036-8G-2S+ - CPU Load problem
Replies: 5
Views: 1537

Re: CCR1036-8G-2S+ - CPU Load problem

idk^^ but SNMP on RouterOS is Pain in the Ass.
by raz
Fri Dec 06, 2013 1:43 pm
Forum: General
Topic: CCR1036-8G-2S+ - CPU Load problem
Replies: 5
Views: 1537

Re: CCR1036-8G-2S+ - CPU Load problem

Try to disable SNMP
by raz
Thu Dec 05, 2013 4:41 pm
Forum: General
Topic: Poor TCP Performance through CCR
Replies: 5
Views: 1805

Re: Poor TCP Performance through CCR

Yes, but the other end was a Brocade Core Swtich, rightly configured because some other Devices like HP Switches had no trouble.

Btw, its sill open. For Production we switched to Juniper Core
by raz
Mon Dec 02, 2013 4:13 pm
Forum: RouterBOARD hardware
Topic: CCR/CRS for BGP 4Gb/s
Replies: 3
Views: 1720

Re: CCR/CRS for BGP 4Gb/s

Hey David, im using MT since nearly 1 Year in Production Enviroment, started with an RB Series and switched Q2 to CCR Series. My CCR run always stable, twice Problems i had the last 12 Month. Have around 470k Prefixes with BGP, and it works perfect. 1) Problem with high value concurrent TCP Requests...
by raz
Mon Dec 02, 2013 10:56 am
Forum: RouterBOARD hardware
Topic: CCR/CRS for BGP 4Gb/s
Replies: 3
Views: 1720

Re: CCR/CRS for BGP 4Gb/s

The CCR1036 will handle this Bandwith without Problems.
by raz
Thu Nov 28, 2013 12:38 pm
Forum: Beginner Basics
Topic: VPN solution from mikrotik
Replies: 12
Views: 4393

Re: VPN solution from mikrotik

You can do this with OpenVPN Server / Client on MikroTiK, until some Protocols are disabled it seems that L2TP dont work for you.
by raz
Wed Nov 13, 2013 11:15 am
Forum: General
Topic: Poor TCP Performance through CCR
Replies: 5
Views: 1805

Re: Poor TCP Performance through CCR

Im sending it again out. Tested it with multiple Ways: 1) BTest, UDP = Fullspeed, TCP only in one Direction Fullspeed. 2) Wget through the Router, same Result. > root@none:~# wget http://10.0.0.2/myIso.iso > --2013-09-22 19:40:46-- http://10.0.0.2/myIso.iso > Verbindungsaufbau zu 10.0.0.2:80... verb...
by raz
Mon Nov 11, 2013 12:00 pm
Forum: General
Topic: Poor TCP Performance through CCR
Replies: 5
Views: 1805

Poor TCP Performance through CCR

Hi, im using since 6 Month the CCR1016 (v6.6 now), just BGP and routing some /22 Prefixes over VLAN to Internet. No other config. If im gonna test the TCP Performance it's just 3 - 6 MBit(!) But there are 1 GBit (per Direction) available. Working as Excepted: (Networks are just sample, im using publ...
by raz
Thu Oct 24, 2013 4:40 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Normis,

what about my Ticket with TCP issues? #2013092666000332
and why im not getting any Answer from MikroTiK??????
by raz
Tue Oct 15, 2013 9:10 am
Forum: General
Topic: Mikrotik and cisco SG300-10 not running on 1Gbps
Replies: 15
Views: 4205

Re: Mikrotik and cisco SG300-10 not running on 1Gbps

Im on a CCR.
by raz
Mon Oct 14, 2013 7:11 pm
Forum: General
Topic: Mikrotik and cisco SG300-10 not running on 1Gbps
Replies: 15
Views: 4205

Re: Mikrotik and cisco SG300-10 not running on 1Gbps

I confirm this Bug, but here is the other End a Juniper Router, a small MX80. Ticket has been opened on 17th August(!) and i dont got until now a Response, just "update to 6.3/4/5 and send us support.rif". This issue with Auto-Negotiation i sent out on 8th Octobre, still no Updates. :-( After i repo...
by raz
Sun Oct 13, 2013 10:31 pm
Forum: General
Topic: Downgrade?
Replies: 4
Views: 1184

Re: Downgrade?

No, but for kind of fail save backup config to local pc.
by raz
Wed Oct 09, 2013 8:15 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Kernel Failure (IBM and HP Servers Too)
Replies: 5
Views: 2038

Re: CCR1036 Kernel Failure (IBM and HP Servers Too)

Anyone have any suggestion?
What kind of Config you're using? I have too a CCR and it never got frozen.
by raz
Fri Oct 04, 2013 9:53 pm
Forum: General
Topic: CCR NAT max 2Mbit/s slow - download buggy - (INVALID)
Replies: 6
Views: 1306

Re: CCR NAT max 2Mbit/s slow - download buggy - (INVALID)

Confirmed not yet, i have to report more Details, then they can start work. I do this in the next Days.
Im sure it's a Bug with AutoNego, useful is if here are more Users they have the same Problem, then
no one can say "Its your $ISP/$CABLE/$CONFIG".
by raz
Thu Oct 03, 2013 9:17 pm
Forum: General
Topic: CCR NAT max 2Mbit/s slow - download buggy - (INVALID)
Replies: 6
Views: 1306

Re: CCR NAT max 2Mbit/s slow - download buggy, upload OK

Try to do following: Set the Auto Negotiation to 100M HalfDuplex and try again, i have the same Problem here and it only works
with these Settings.
by raz
Wed Sep 25, 2013 9:26 pm
Forum: Forwarding Protocols
Topic: BGP Full Routes - CCR1036-12G-4S - CPU Question
Replies: 4
Views: 3091

Re: BGP Full Routes - CCR1036-12G-4S - CPU Question

Hi Gilbert,

yep, its currently normal that BGP only use 1 Core.
Looks same like here.
by raz
Wed Sep 25, 2013 12:35 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

so pretty much the only way to get good speeds for TCP is to go 100m half? ouch.

please confirm.
Please test it, if its the same Result like my Setup, we found a critical Bug, and we should report it to MikroTiK.
After i saw a lot of this Threads, its not a new Bug.
by raz
Sun Sep 22, 2013 8:44 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Guys, after i played around with Downgrade to 6.1 and some queues, i found a way to fix it... Interface ethernet full duplex = no and speed to 100Mbps. Its unbeliveable! With Fullduplex = NO and 100 Mbps! root@none:~# wget http://10.0.0.2/XenCenter.iso --2013-09-22 19:39:32-- http://10.0.0.2/XenCent...
by raz
Fri Sep 20, 2013 9:54 am
Forum: General
Topic: MUM Live video from St. Louis starting now!
Replies: 52
Views: 17940

Re: MUM Live video from St. Louis starting now!

when you will show us the new Routing Engine?
by raz
Wed Sep 18, 2013 11:08 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Aren't you maxing out 1 core of the CCR when running a TCP test? Nope, there is no huge load, not more as 4-6% per Core. BGP uses btw always 100%, but this is just Wayne, because RouterOS did it since im started using BGP... Edit: See Uploaded File, im trying to Move a File through FTP (TCP Port 21)
by raz
Wed Sep 18, 2013 8:19 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Ofcourse i tested FROM Servers behind the CCR to me, and 3-4 MBit/s are not OK.
Im own a 100 MBit Home ADSL, and there is no Reason why i only get 3-4 MBit TCP but
nearby 1 GBit UDP (Even i connect in DC directly).
by raz
Wed Sep 18, 2013 7:51 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Mhm im getting since 8 Days about my Ticket with slow TCP Performance: 2013081766000271, on my Question Sent 24 Hours ago, there was also no answer. what is your tcp performance problem? I am having a problem; when I run a single connection tcp bandwidth test out the wan/fiber port I get 5M downloa...
by raz
Tue Sep 17, 2013 10:46 pm
Forum: General
Topic: NSA and routeros
Replies: 27
Views: 6285

Re: NSA and routeros

in coming days there is MUM going to happen in USA, you can ask this question there. LOL. As End User you cant Trust any Manufactor of Network Stuff or something else, look at the HP Storage "Support" User. And the next Fact is, if you're getting a Letter of an Secret Court, you're not allowed to t...
by raz
Tue Sep 17, 2013 12:35 pm
Forum: General
Topic: NSA and routeros
Replies: 27
Views: 6285

Re: NSA and routeros

Maybe not NSA but what about FSB ;-)

Maybe the Tilera CPU has some Backdoors? No one knows. Your Bandwith gets also mirrored on the IX Points, dont worry.
by raz
Tue Aug 27, 2013 4:48 pm
Forum: Beginner Basics
Topic: Facebook https block help
Replies: 8
Views: 3456

Re: Facebook https block help

Better you check this out: http://bgp.he.net/AS32934#_prefixes
by raz
Tue Aug 27, 2013 10:47 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Mhm im getting since 8 Days about my Ticket with slow TCP Performance: 2013081766000271, on my Question Sent 24 Hours ago, there was also no answer.
by raz
Thu Aug 22, 2013 5:50 pm
Forum: Forwarding Protocols
Topic: Very strange issue with BGP and performance
Replies: 10
Views: 2105

Re: Very strange issue with BGP and performance

Are you using Version 6.2 ?

Try to compare the Speed with UDP, ive got also Trouble with BGP and TCP.
by raz
Tue Aug 20, 2013 9:52 am
Forum: Forwarding Protocols
Topic: CCR BGP Full Route Problem
Replies: 7
Views: 2840

Re: CCR BGP Full Route Problem

Your Prefixes are visible to the Internet: http://bgp.he.net/AS16887#_prefixes What says /ip address print? Yours have to look like this, if you're going to use a /24 /ip address add address=199.193.216.1/21 interface=ether1 network=199.193.216.0 ... And Transfernet(!) add address=22.22.220.90/30 in...
by raz
Mon Aug 19, 2013 1:05 pm
Forum: RouterBOARD hardware
Topic: Cloud Router Switch
Replies: 2
Views: 1406

Re: Cloud Router Switch

Wait until the MUM in September, they introduce a new Routing Engine (v7) and the CRS... Hopefully they release the CRS asap with an 48 GbE Edition, this would be awesome.
by raz
Mon Aug 19, 2013 1:02 pm
Forum: Forwarding Protocols
Topic: CCR BGP Full Route Problem
Replies: 7
Views: 2840

Re: CCR BGP Full Route Problem

Show us your IP Prefixes and setup some out Filters...
by raz
Sat Aug 17, 2013 5:07 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Press … and select the MAC Address directly, then connect.
by raz
Sat Aug 17, 2013 5:06 pm
Forum: General
Topic: German Mikrotik Wiki
Replies: 8
Views: 6283

Re: German Mikrotik Wiki

… Soviel erstmal zu mir. Beste Grüße, Alex Hi Alex, bin auch aktiv mit (i)BGP und betreibe ein kleines Netzwerk mit einem MikroTiK Router, bei Firmen setze ich die mittlerweile auch sehr gerne als Router und Firewall mit ein. Wenn du dich erstmal eingearbeitet hast, rockt RoS bis zu einer gewissen ...
by raz
Sat Aug 17, 2013 4:53 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 90272

Re: v6.2 released

Packet sniffer does not seem to work in 6.2. (No packets results show)
6.1 works fine.
(RB433AH)
cant confirm that, tested on ccr1016 and rb1100.
by raz
Sat Aug 17, 2013 4:51 pm
Forum: General
Topic: Excuse me, why not make a list of ports?
Replies: 5
Views: 1295

Re: Excuse me, why not make a list of ports?

you can define ports on a rule like this:

1-100,25,28,22,300-2000
by raz
Mon Aug 12, 2013 5:12 pm
Forum: Forwarding Protocols
Topic: DDOS BGP protection [automate communitys?]
Replies: 13
Views: 4951

Re: DDOS BGP protection [automate communitys?]

before you advertise this IP to your Blackhole Communities, you have to find out what kind of DDoS hitting you.
Maybe Queues would here be useful in combination of scripting.
by raz
Fri Aug 09, 2013 6:06 pm
Forum: RouterBOARD hardware
Topic: New Hardware! - EU MUM 2013
Replies: 54
Views: 20200

Re: New Hardware! - EU MUM 2013

in dat pdf is a text it says, "up to 64 cpu cores". i want a ccr with 16 gb ram and 2 - 4x 64 cpu. go mikrotik. go! then i can say good bye cisco and bye bye juniper. I can't believe you'd really need that - and without 10GB-Ports. I reckon that more optimizations in RouterOS would do the trick. Bu...
by raz
Thu Aug 08, 2013 9:58 pm
Forum: RouterBOARD hardware
Topic: New Hardware! - EU MUM 2013
Replies: 54
Views: 20200

Re: New Hardware! - EU MUM 2013

in dat pdf is a text it says, "up to 64 cpu cores". i want a ccr with 16 gb ram and 2 - 4x 64 cpu. go mikrotik. go! then i can say good bye cisco and bye bye juniper.
by raz
Thu Aug 08, 2013 10:11 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Thank you for your reply, when will the first implementations? Read in a another Topic, about the MUM with v7 in Sep... It was mentioned in several topics already. Yes, you will get slow route updates. Yes, route print will be slow. No, it does not affect overall forwarding performance. Yes, we are...
by raz
Thu Aug 08, 2013 10:08 am
Forum: General
Topic: v6.2 released
Replies: 247
Views: 90272

Re: v6.2 released

So, we have a CCR with RC13 still, as it's generally stable for us. However, lost the queues in winbox recently. Needs a reboot. Would you lot recommend updating it to 6.2? We have: 40 odd filters and 40 odd nats 15 queues That's all we use it for, but it is a production router. Here a RB1100 with ...
by raz
Tue Aug 06, 2013 11:33 am
Forum: RouterBOARD hardware
Topic: CRS Switch - How's it coming?
Replies: 21
Views: 8204

Re: CRS Switch - How's it coming?

i hope soon.

+1
by raz
Wed Jul 31, 2013 11:58 pm
Forum: RouterBOARD hardware
Topic: Where to buy CRS
Replies: 2
Views: 741

Re: Where to buy CRS

Is the CRS maybe this Year buyable? :-)
by raz
Tue Jul 30, 2013 11:04 pm
Forum: RouterBOARD hardware
Topic: Where to buy CRS
Replies: 2
Views: 741

Where to buy CRS

Hi,

where i can buy some piece Cloud Router Switch? In the MUM announcemend was the Date on June, but we have in 2 Days August,
and i cant find any Distributor they sell the new Products including the CCR with SFP+.
by raz
Mon Jul 29, 2013 5:26 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

This was the Solution :-) Thanks Tim.
by raz
Sat Jul 27, 2013 12:44 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

you see this only in the route with pref source.
by raz
Sat Jul 27, 2013 12:37 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

yes, its assigned on the router via ip addresses, the 122 works as gateway address
by raz
Sat Jul 27, 2013 12:26 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

Yes, but the 99.99.99.120/29 has the Gateway at Mikrotik Router on 99.99.99.122 and on the Router of the ISP on 99.99.99.121.
by raz
Sat Jul 27, 2013 12:17 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

[admin@MikroTik] > /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 10.20.50.1/24 10.20.50.0 ether1 1 172.16.10.1/24 172.16.10.0 ether2 2 99.99.99.120/29 99.99.99.120 ether7
by raz
Sat Jul 27, 2013 12:05 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

Yes the 99.99.99.122 i can ping, in addresses i added with gateway 122. Look at the routes, it routes to 121.

Im sure the Problem is there in assignment 123 to the interface 7, because dnat settings looks good.
by raz
Sat Jul 27, 2013 11:28 am
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

No, i assigned 99.99.99.120/29 to ether7 (uplink to Router of the ISP), because the ISP uses for his Router 99.99.99.121 as Gateway, so im using 99.99.99.122 for interface 1 and SNAT.

DNAT have to work with 99.99.99.123, but here's the Problem.

and 99.99.99.123 isnt pingable.
by raz
Fri Jul 26, 2013 6:42 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

Oh, with Port i mean Interface, we call it here in Germany mainly Port. Interface 1: Internal Network, 10.20.50.0/24 Interface 2: DMZ (With the DNAT Problem) Interface 7: Uplink to the Router of our ISP, the Router has 99.99.99.121 as IP. The Internet Connection works with SNAT and im using here the...
by raz
Fri Jul 26, 2013 5:48 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

nope, i cleared all up :-)
by raz
Fri Jul 26, 2013 5:41 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Re: Problem due Port Forward

Hi Tim,

the 99.99.99.122 is a IP they get SNAT, and for surfing.

the 99.99.99.123 is at the Router on a seperate Port, for DMZ, and the IP are from an /29 IP Block.

99.99.99.121 is in this case my Gateway, because the ISP dont give out ppoe Settings.
by raz
Fri Jul 26, 2013 5:25 pm
Forum: General
Topic: Problem due Port Forward
Replies: 20
Views: 2331

Problem due Port Forward

Hi, im trying to forward a Port 80, i got from my ISP a /29 Net. I can reach the Router of my ISP via 99.99.99.121 (example IP) [admin@MikroTik] > /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachabl...
by raz
Fri Jul 19, 2013 3:04 pm
Forum: Beginner Basics
Topic: Problem with SNAT
Replies: 1
Views: 462

Re: Problem with SNAT

The Solution was:
/ip route add gateway=1.1.1.121
by raz
Fri Jul 19, 2013 9:23 am
Forum: Beginner Basics
Topic: Problem with SNAT
Replies: 1
Views: 462

Problem with SNAT

Hi there, i have 3 Ports: Port 1: Internal Network Port 2: DMZ Port 3: Exteral my Config looks like this: /ip address add address=10.10.0.1/24 comment=internalinterface=ether1 network=10.10.0.0 add address=172.16.1.1/24 comment=DMZ interface=ether2 network=172.16.1.0 add address=1.1.1.121/29 comment...
by raz
Tue Jul 02, 2013 1:59 pm
Forum: Beginner Basics
Topic: 2 ISP, 2 networks, full failover
Replies: 6
Views: 1338

Re: 2 ISP, 2 networks, full failover

Network1 ---- L2+ switch ---- RB2011UAS ---- ISP 1 + ISP 2
L2 do only switching.

RB2011UAS = http://mum.mikrotik.com/presentations/PL12/pina.pdf
by raz
Fri Jun 21, 2013 12:28 am
Forum: Scripting
Topic: Looking Glass
Replies: 8
Views: 3048

Re: Looking Glass

Thanks Tom, its useful. :-)
by raz
Fri Jun 07, 2013 8:50 pm
Forum: RouterBOARD hardware
Topic: New Hardware! - EU MUM 2013
Replies: 54
Views: 20200

Re: New Hardware! - EU MUM 2013

and what about Cloud Router Switch ???
by raz
Wed May 22, 2013 2:01 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Why 16 GB RAM?
by raz
Wed May 01, 2013 9:36 pm
Forum: General
Topic: v6rc14 released
Replies: 125
Views: 30835

Re: v6rc14 released

THere still NO OPTIMIZATION on 36 cores and you wont 2 CPU or 72 cores?

any ddos on TCP attack about 400mbit killing CCR in two seconds.. and for me I need to buy some another firewall.. becouse ccr are useless
Moar pps is what i need, and yes i would pay for that 2-3k $.
by raz
Tue Apr 30, 2013 5:37 pm
Forum: General
Topic: v6rc14 released
Replies: 125
Views: 30835

Re: v6rc14 released

Im running rc14 since few Days, MT made here a good Job.

Thanks also for fixing this traffic-flow Deadlock.

btw: Is there a Model planned with Dual CPU? or 72 Core tilegx?
by raz
Thu Apr 25, 2013 1:47 pm
Forum: RouterBOARD hardware
Topic: CCR or RB1100 ?
Replies: 2
Views: 1479

Re: CCR or RB1100 ?

Your RB1100 AH is to small for this, im sure your CPU is always around 80-90%, with only static Routing. With Fullfeed you cant handle it.

Im using the smaller CCR without any Problems and can handle fullfeed BGP including Bandwith up to 600-700 MBit/s @ CPU on 20%.
by raz
Fri Apr 19, 2013 12:41 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Sorry for asking a lot, but any News at Ticket#2013041366000268 ?
by raz
Wed Apr 17, 2013 1:30 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

We are working on the issue.
Great to hear, dont got a Feedback :-) if you need more Infos send me a Mail.
by raz
Mon Apr 15, 2013 11:47 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Hi,

how long it takes to get an Reply of: [Ticket#2013041366000268] ? :-)
btw

hping3 --rand-source –S –L 0 –M 0 –p 179 MIKROTIK IP --flood will kill the CCR <3 Seconds. ONLY Basic Setup, no Conntrack ONLY ip firewal drop TCP to Port 179 @ IP.
by raz
Sat Apr 13, 2013 4:35 pm
Forum: General
Topic: Dealing with massive DDoS
Replies: 5
Views: 5187

Re: Dealing with massive DDoS

i sent you a Mail :-)
by raz
Sat Apr 06, 2013 7:09 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

Hi,

i have the same Problem with freezing CCR, i think its because it rans out of Memory. I have to reboot every 7 Days :/
Im running only BGP, some small Rules, thats all.
by raz
Mon Apr 01, 2013 3:01 pm
Forum: General
Topic: Dealing with massive DDoS
Replies: 5
Views: 5187

Re: Dealing with massive DDoS

The Connlimit will not help, it seems that is there a Problem with spoofed Source IPs, yes there a lot of DC's they allow this... The Problem is here SYN, called from the Scriptkiddies "Super Syn"... Here is an Example, what they are using: iph->ihl = 5; iph->version = 4; iph->tos = 0; iph->tot_len ...
by raz
Fri Mar 29, 2013 9:58 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

My CCR is since few Days in production enviroment, im using it as core Router with BGP Fullfeed including Firewalling, like Drop SYN Floods. Great, the 16 Cores can filter out around 350k pps (!!!) with Conntrack before it goes down. A wonderful extension would be the possibility to Filter Packets b...
by raz
Fri Mar 29, 2013 9:52 pm
Forum: RouterBOARD hardware
Topic: New Hardware! - EU MUM 2013
Replies: 54
Views: 20200

Re: New Hardware! - EU MUM 2013

What about Prices of the SFP+ Router? Why only 32 Cores and not the 72 Core Tilera?
by raz
Mon Mar 18, 2013 3:32 pm
Forum: RouterBOARD hardware
Topic: New Hardware! - EU MUM 2013
Replies: 54
Views: 20200

Re: New Hardware! - EU MUM 2013

oh yeah 10 GbE SFP+ :D
by raz
Mon Mar 04, 2013 10:36 pm
Forum: General
Topic: Problems by blocking TCP Packets
Replies: 0
Views: 279

Problems by blocking TCP Packets

Hi, i try to block following Packets on my Router: tshark tcp port 80 0.787910 151.46.220.237 -> [b]{ MY IP } [/b] TCP 37424 > http [SYN] Seq=0 Win=512 Len=0 0.787913 151.46.220.244 -> [b]{ MY IP } [/b] TCP 36658 > http [SYN] Seq=0 Win=512 Len=0 0.787915 151.46.220.245 -> [b]{ MY IP } [/b] TCP 19989...
by raz
Sun Mar 03, 2013 11:00 pm
Forum: General
Topic: Syn flood protection
Replies: 3
Views: 2143

Re: Syn flood protection

Try to analyze the TCP Packets, and search a scheme. Seems that the Packets are with len 0 or 1, then you can easy drop this. On my 1100 AH with 1,5 GB RAM i can block in this case 100k pps. But then is CPU @ 95%
by raz
Wed Feb 27, 2013 2:55 pm
Forum: Forwarding Protocols
Topic: CCR - BGP performance
Replies: 45
Views: 20238

Re: CCR - BGP performance

Hi Mat,

thanks for your Answer! If im buy the Mikrotik i will start with 16 GB RAM, to be safe. And RAM is currently cheap.

With the Prefixes, im sure Mikrotik make here in future a Update to optimize this Feature, maybe we should send an Feature Request to their Support?

Regards,

– raz
by raz
Wed Feb 27, 2013 2:50 pm
Forum: General
Topic: IDS snort
Replies: 8
Views: 6287

Re: IDS snort

+1 !
by raz
Tue Feb 26, 2013 3:51 pm
Forum: Forwarding Protocols
Topic: CCR - BGP performance
Replies: 45
Views: 20238

Re: CCR - BGP performance

Hi Mat,

thanks for sharing!

Your BGP Sessions are up with Fulltables? I plan to use Mikrotik in my Edge with 3x Uplinks, but i miss 10 GbE Support over SFP+.
by raz
Sun Feb 24, 2013 12:18 am
Forum: RouterBOARD hardware
Topic: Routerboard Hardware wish list
Replies: 61
Views: 13075

Re: Routerboard Hardware wish list

We would like to see a CCR with 24 copper GigE and 4 SFP+ with two hot-plug PSUs (DC and AC option).
This would be a real enterprise/ISP device.

- Mat
+1
by raz
Wed Feb 20, 2013 12:11 am
Forum: RouterBOARD hardware
Topic: CCR - Secondary PSU
Replies: 58
Views: 21593

Re: CCR - Secondary PSU

+1, good idea!
by raz
Sat Feb 09, 2013 1:44 pm
Forum: RouterBOARD hardware
Topic: SFP LX
Replies: 2
Views: 739

Re: SFP LX

thanks mate
by raz
Wed Feb 06, 2013 5:52 pm
Forum: Forwarding Protocols
Topic: Questions abourt Routing
Replies: 0
Views: 534

Questions abourt Routing

Hi, i have some Questions about Routing with Mikrotik: -> Can the CCR1036-12G-4S handle up to 3 FullTable BGP Session? -> Are there any Documentations or best Practises about VRRP? -> Why i cant buy CCR1036-12G-4S directly in Germany? On our Distributors is it always out of Stock but i need 2 of the...
by raz
Wed Feb 06, 2013 5:47 pm
Forum: RouterBOARD hardware
Topic: SFP LX
Replies: 2
Views: 739

SFP LX

Hi,

are there any recommendations about a SFP LX for a CCR1036-12G-4S?

Thanks
by raz
Sat Dec 29, 2012 4:42 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017254

Re: CLOUD CORE ROUTER

I need more Power, please add in future a SFP+ Support for 10 GbE this would be awesome!!!

btw nice job with current progress :)