MikroTik

FutileNetworks

+1 Wireguard

MikroTik, we've replaced all our site-to-site IPSEC vpns with wireguard, in most cases 3-4x performance increase and approaching gigabit speeds, each time we bring up a new wireguard vpn that is one less sale of a ccr1009, rb4011 or hEX.

FutileNetworks

Hi,

I'd also like to know, has anyone success with 20km 40km or 80km 3rd party SFP+ CWDM optics in CCR series routers for example the CCR1072-1G-8S+ ?

Is there any reason these would not work ie power delivery issues?

Thanks!

FutileNetworks

Does this help you? http://wiki.mikrotik.com/wiki/Manual:VPLS_Control_Word

FutileNetworks

It would be more useful for us and probably others to know the PPS capabilities of these units, for example what PPS can be achieved via routed ports at 64/128/256/512 byte frame sizes, single 10GbE port to 10GbE port, with 5/10/20 firewall filter rules and also with bonded aggregated links, 20GbE t...

FutileNetworks

This is an edge router running ebgp, ibgp, ospf, ospfv3 in production, average traffic is quite low but has bursts of up to gigabit. Here's a screen grab of the counters and BGP, one of the remote BGP peers has 291 days uptime, I think this shows that the CCR platform is pretty solid, this router ha...

FutileNetworks

Thought I would share this for you all, from one of our CCR's..

1year_ccr.jpg

FutileNetworks

The approach I've taken for RTBH and DDOS detecting on our edge routers is to use firewall filter rules to jump incoming small packet UDP and TCP to a detection chain rule, this accepts traffic under a certain threshold per destination IP, it's up to you what pps you consider a DDOS, any traffic exc...

FutileNetworks

Until Mikrotik improve the routing core and optimise the packet flow on the CCR to balance across all CPU cores I won't be using any of the CCR range for deployments above 1 Gigabit per port. The 72 core CCR which I believe is 10 GbE only looks great on paper but will be pointless unless released wi...

FutileNetworks

Hi, Couple of things to consider, if you attempt to limit TCP SYN packets then there is no guarantee valid packets belonging to real clients won't be dropped anyway causing denial of service. In my opinion limiting SYN traffic is counterproductive. Building firewall filter rules and possibly traffic...

FutileNetworks

Can we have some details of the hardware issue, does it affect every CCR1009? How do we identify which 1009's are going to fail?

Does the current routeros + firmware solve the problem? Our 8G-1S-1S+ is running 6.19 with 3.18 fw.

Thanks.

FutileNetworks

I'm not sure why but the CCR routers seem hopelessly inadequate dealing with DDoS, MikroTik's performance figures boast 15 mpps but under DDoS they will fall over with only 200 or so kpps. I've tested the 1036-12G-4S using the hping3 tool and been able to lock up the router with less than 100 mbit o...

FutileNetworks

Had this happen to a CCR 1009 of mine yesterday also on 6.18, upgraded to 6.19 so we'll see what happens.

FutileNetworks

I'm writing a script that adds a route for each entry in an address-list, but I keep getting an error when more than 1 entry exists. Example: :foreach i in=[/ip firewall address-list get [find list=blocked] address] do={ :log info ($i) } I get: invalid internal item number If there's 1 address in th...

FutileNetworks

It was back in 2010 when janisk dismissed LLDP, now with a much more grown up line of their CCR routers that are going into networks next to the likes of Juniper and others with LLDP support, it seems silly to ignore your users requests for useful features especially as MikroTik are pushing into big...

FutileNetworks

We switched from cisco to ccr for our border edge BGP router, CCR1036-12g-4s with 6 BGP peers, ipv4 and ipv6, about 500 mbps traffic, never really goes above 10% except when taking in full routing tables, we turn off connection tracking on ours as well. [admin@CCR1036] > /system resource print uptim...

FutileNetworks

We use RTBH via private ASN BGP to our providers blackhole server which also propagates further upstream to their transits. The way we do this is to have a routeros x86 box in our providers colo which peers with their blackhole server, we then run BGP over l2tp tunnels from our edge and our core rou...

FutileNetworks

Both instances have the same AS, BGP routes are only redistributed to another AS. Your eBGP instance should be AS 64600.

FutileNetworks

You need to set the MRRU value.

http://wiki.mikrotik.com/wiki/Manual:ML ... iple_links

FutileNetworks

Yes it's possible. I can't give you the exact configs just some hints... set the openvpn server to TCP and disable comp-lzo.

FutileNetworks

i will do the bandwith test and try to lower the tx power of the access point ...but something i want to understand...why do you think that the -55 signal is ideal ...do you mean that the -3 signal is bad :? :? You are overloading the receiver sensitivity, turn down the power on both radios as alre...

FutileNetworks

Hello Guys I need help. I'm using Routerboard 1100AHx2 in Head office and connecting with IPsec tunnel to our 21 branches. Our branches have Routerboard450G. So i have to control our internet using and must deny some pages like youtube , facebook and other. Now i'm using Webproxy but that's not goo...

FutileNetworks

Hello Guys I need help. I'm using Routerboard 1100AHx2 in Head office and connecting with IPsec tunnel to our 21 branches. Our branches have Routerboard450G. So i have to control our internet using and must deny some pages like youtube , facebook and other. Now i'm using Webproxy but that's not goo...

FutileNetworks

Use 'routing-mark' when adding new route as described here: http://wiki.mikrotik.com/wiki/Manual:IP/Route#General_properties HTH, Now I' using that, but I want to create new routing tablet, no mark. Anyone know how? It will create a policy route table, add a routing mark to your route and then add ...

FutileNetworks

@FutileNetworks CCR performs worse than RouterBoard 2011 (v5.24) So what is the question now and why? You were answering your own question! v5.20 -v5.24 is marked as stable!!!! v6 is marked as a release candidate (RC) I fully understand what RC means and I'm reporting the bugs I find so they can be...

FutileNetworks

I tried yesterday's build of rc12 on our CCR1036 last night, everything PPP related fell over, PPPoE, PPtP and l2tp tunnels all interfaces vanished and all connections were lost. Back on rc11 now. I am looking forward to PPPoE optimizations, we have 4 vdsl pppoe links (70mb/20mb) and use mlppp to bo...

FutileNetworks

Use a null route on border routers rather than a firewall rule: /ip route add distance=1 dst-address=N.N.N.N/32 type=blackhole Contact your transit provider and see if they have a BGP blackhole (null route) community, you can then advertise the /32 customer IP with that community and that should sto...

FutileNetworks

Before I purchased our CCR1036 I knew very well that these were not for production environments and that the software was not release quality yet, having said that I too would like to see UDP in ovpn and more stability under heavy load on the CCR, this is by far the most powerful router MikroTik ha...

FutileNetworks

Not happy - I purchased over 50 MT routers in the last 24 months and have been very happy. I sent a guy from the office to MUM in New Orleans and he was wowed by the new Cloud Core Routers. I purchased two of them for a large scale VPN solution and also 60 MT750GL routers. The CC-1036 came with RC6...

FutileNetworks

Same on my 2011, link is ok but no further status information, I guess 2011 hardware does not support it.

FutileNetworks

Under PPPoE Client, when bonding multilink pppoe links status only reports 1 Active link instead of the correct number. Also [Ticket#2013012466000127] still unresolved, BGP session hangs in 'open sent' over multilinked pppoe link (2 or more) but works OK (Established BGP session) on single pppoe lin...

FutileNetworks

Turns out these modules work fine, the problem was auto negotiation on the CCR defaults to off and needed to be turned on (thanks Chaos @ linitx).

FutileNetworks

As subject, purchased 2 SFP modules from mikrotik distributor, neither work in 2011UAS-RM using 5.23 and 6.0rc9, but they are detected in our CCR1036-12G-4S, from the CCR: [admin@MikroTik] > /interface ethernet monitor sfp3 name: sfp3 status: link-ok auto-negotiation: disabled rate: 1Gbps full-duple...

FutileNetworks

20:39:03 route,bgp,error tcp-md5-key currently cannot be enabled on CCR devices Why wasn't this mentioned in the Changelog? When will it be fixed and when it is please include it in the Changelog!! My router is pretty much useless without this. edit: found post where it will be fixed in rc9, thanks.

FutileNetworks

Can only assume someone from MikroTik will read this so have another bug for you...

pppoe dropped, trying to reconnect...

20:01:54 pppoe,ppp,error could not add ipv6 address: already have address with such network (6)

Cleared dynamic ipv6 IP and ipv4 IP and it connected.

FutileNetworks

Small bug, using multiple pppoe links for bonding/mlppp, pppoe interface status only shows 1 active connection but in reality 3 links are connected with multilink ppp.

I also have Ticket#2013012466000127 open, BGP stuck in 'open sent' when bonding more than 1 pppoe link.

FutileNetworks

Hi all, I have a strange issue with the CCR1036-12G-4S CloudCore .... It just randomly restarts .... 9 times today. RouterOS v6.0rc7 And the logs does not say anything ... Any ideas how to debug that issue ? Can it be related to the traffic because there was no traffic Saturday and Sunday and it wa...

Search found 36 matches

Re: [Feature request] Wireguard

Re: SFP+ for CWDM

Re: Forcing VPLS to fragment on egress

Re: Real CCR1072 experience?

Re: 1 year uptime on CCR1036-12G-4S

1 year uptime on CCR1036-12G-4S

Re: DDOS detection script?

Re: CCR DDOS CPU Load

Re: CCR DDOS CPU Load

Re: Traffic generator killed ccr1009 ?

Re: CCR1036-8G-2S+EM taken down by 200kpps DDoS

Re: Loss of BGP function after 3-4 weeks

help with address-list script please

Re: LLDP

Re: BGP Router for Hosting Company

Re: Send RTBH from RouterOS

Re: BGP routes not propagated between iBGP and eBGP [SOLVED]

Re: PPPoE multilink

Re: opvpn client (mikrotik) of a Linux deban openvpn server

Re: the signal is -3 but ccq = not good !!!!!!!!!!!

Re: How to control internet with Layer7 protocol

Re: How to control internet with Layer7 protocol

Re: Create new routing table

Re: Disappointment with CCR-1036

Re: Disappointment with CCR-1036

Re: Network Under Attack. (DDoS)

Re: RouterOS v6rc10 pre-released

Re: RouterOS v6rc10 pre-released

Re: Need info Mikrotik RB2011 + SFP TLSM321A/B?

Re: v6.0rc9 released

Re: sfp module not detected on RB2011UAS-RM

sfp module not detected on RB2011UAS-RM

Re: v6 rc8 released

Re: latest rc8 (01-Feb-2013) build problem

latest rc8 (01-Feb-2013) build problem

Re: CLOUD CORE ROUTER