Community discussions

Search found 29 matches

by CblP
Sat Aug 05, 2017 2:59 am
Forum: Virtualization
Topic: CHR NAT performance on desktop HW?
Replies: 5
Views: 1056

Re: CHR NAT performance on desktop HW?

also, the same dumb bandwidth test to 127.0.0.1 floats around 10Gbps, a nice bump from 3Gbps I saw on Virtualbox. So, roughly, that is like 3+ times better performance.
This actually lines up pretty well with 250-300 mbps of NAT that I had on Virtualbox.
by CblP
Sat Aug 05, 2017 2:55 am
Forum: Virtualization
Topic: CHR NAT performance on desktop HW?
Replies: 5
Views: 1056

Re: CHR NAT performance on desktop HW?

just FYI, I had some free time to install ESXi today. No tinkering just default settings. and.... the same CHR is able to saturate the link doing NAT on the same CPU (G1840). It does 930 up/down with 20-30% CPU load (single CPU given to it). So, in terms of NAT performance, something is different in...
by CblP
Fri Apr 14, 2017 7:46 pm
Forum: General
Topic: 3 Internet Connections work as 1
Replies: 4
Views: 604

Re: 3 Internet Connections work as 1

no. but It is possible to start 3 browsers, test simultaneously and get 50 in each though.
if interested, start here:
https://wiki.mikrotik.com/wiki/Manual:PCC
by CblP
Fri Mar 03, 2017 1:40 pm
Forum: General
Topic: Mikrotik PPTP/Proxy-ARP & DHCP
Replies: 13
Views: 3878

Re: Mikrotik PPTP/Proxy-ARP & DHCP

I've got rid of my tik router since then, and am using a CHR + switch, so, my "bridge" has moved to switch now from mikrotik. Due to this I will not be able to reproduce the exact scenario without putting too much effort, so, my guess is that it was something along this line: /interface bridge filte...
by CblP
Fri Mar 03, 2017 1:18 pm
Forum: Virtualization
Topic: CHR NAT performance on desktop HW?
Replies: 5
Views: 1056

Re: CHR NAT performance on desktop HW?

anybody with similar or (hopefully) different experience with CHR NAT throughput?
by CblP
Wed Mar 01, 2017 12:07 am
Forum: Virtualization
Topic: CHR NAT performance on desktop HW?
Replies: 5
Views: 1056

CHR NAT performance on desktop HW?

I've recently got 1Gbit ethernet uplink, and I only get around 300mbit of NAT through CHR in a virtualbox. Is this expected or something is off here? Does anybody have better experience with ESXi on i3 level CPU? just in case: win7 host, virtio, KVM, intel I350 card. routing speed (no NAT) was aroun...
by CblP
Tue Aug 19, 2014 9:44 pm
Forum: Beginner Basics
Topic: Copy IGMP from one local port to another
Replies: 2
Views: 544

Re: Copy IGMP from one local port to another

use switch rules if your chip supports them. This way you get 0 added cpu load and wire speed.
by CblP
Thu Jul 24, 2014 8:39 am
Forum: General
Topic: EoIP over PPtP tunnel no dhcp ip address receiving
Replies: 8
Views: 2589

Re: EoIP over PPtP tunnel no dhcp ip address receiving

your first stop is packet sniffer. In most cases, it is the last stop too.
might be a similar issue to one described in this topic:
http://forum.mikrotik.com/viewtopic.php?f=2&t=81597
by CblP
Wed Jul 23, 2014 9:06 am
Forum: General
Topic: Help needed on line througput measurement
Replies: 5
Views: 1192

Re: Help needed on line througput measurement

having no experience with ccr, I must say it is definitely not hitting the limit with 9000 packets, as my 2011 handles that at 80% CPU, and CCR should be more powerful I believe. What you are seeing in stats is indeed all traffic including overhead, so, you should see a near 100mb figure there if yo...
by CblP
Wed Jul 23, 2014 8:57 am
Forum: General
Topic: Switch chip - port security
Replies: 11
Views: 6408

Re: Switch chip - port security

not sure if its gonna work as intended, but you could try something like add new-vlan-priority=0 ports=etherX src-mac-address=\ 01:02:03:04:05:06/01:02:03:04:05:06 add new-dst-ports="" ports=etherX src-mac-address=\ 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF where 01:02:03:04:05:06 is the allowed MAC, and ...
by CblP
Wed Jul 23, 2014 8:28 am
Forum: General
Topic: Mikrotik PPTP/Proxy-ARP & DHCP
Replies: 13
Views: 3878

Re: Mikrotik PPTP/Proxy-ARP & DHCP

I don't have the will to test the same setup with tik as DHCP, but my guess is that it doesn't matter because the problem is how tik handles ARP requests. I have 2 tiks, v.6.12 and v.6.15, and the problem only happens on v6.15, so, my guess is that it is a bug introduced recently, which might be fix...
by CblP
Wed Jul 23, 2014 7:04 am
Forum: General
Topic: Mikrotik PPTP/Proxy-ARP & DHCP
Replies: 13
Views: 3878

Re: Mikrotik PPTP/Proxy-ARP & DHCP

The problem are missing route/gateway/nat on one side, but without seeing effective configuration, I can not say any opinion. I'm pretty sure that OPs problem is what I described above, because he has DHCP trouble in 10.x.x.x, he didn't say that he wants 10.x.x.x network to talk to 192.x.x.x networ...
by CblP
Tue Jul 22, 2014 7:00 pm
Forum: General
Topic: Mikrotik PPTP/Proxy-ARP & DHCP
Replies: 13
Views: 3878

Re: Mikrotik PPTP/Proxy-ARP & DHCP

problem is packet 8, which is sent by mikrotik bridge interface (host C) to everything connected to it, including the port where host A connected. DHCP service is running on host B indeed, and it is working fine.
Host C (tik) causes troubles to host A.
by CblP
Tue Jul 22, 2014 3:54 pm
Forum: General
Topic: Help needed on line througput measurement
Replies: 5
Views: 1192

Re: Help needed on line througput measurement

you didn't mention the hardware, but, having a 2011 I am able to get it to show 100mbps usage on ISP port with NAT and pppoe. I guess a massive donwload (ftp/http/bt) from ISP server could show your realistic maximum. is your CPU maxed out when you see the 85% load? does your traffic consist of smal...
by CblP
Tue Jul 22, 2014 1:44 pm
Forum: General
Topic: Mikrotik PPTP/Proxy-ARP & DHCP
Replies: 13
Views: 3878

Re: Mikrotik PPTP/Proxy-ARP & DHCP

take a look at this capture, it explains it all: https://yadi.sk/d/Va7dWJbmX6tzX basically, DHCP works fine, because client gets an offer. In order to make sure that the IP is not taken, the client sends an ARP request for this IP, and expects no answer in normal situation. Mikrotik answers this req...
by CblP
Tue Jul 22, 2014 8:55 am
Forum: General
Topic: Mikrotik PPTP/Proxy-ARP & DHCP
Replies: 13
Views: 3878

Re: Mikrotik PPTP/Proxy-ARP & DHCP

capture the traffic and you will see that DHCP server is actually issuing addresses to clients just fine. The problem is that mikrotik answers to an ARP request from client when it checks if the offered IP is taken. Once you filter these answers, it will be fine. I faced this trouble couple of days ...
by CblP
Mon Jul 07, 2014 8:50 am
Forum: General
Topic: IPTV IGMP - YouView Box (UK)
Replies: 6
Views: 2078

Re: IPTV IGMP - YouView Box (UK)

Could you explain your set up a bit? Post your switch config? Thanks. I have set ether4(stb port) to be a slave of ether5(ISP port). this way STB can talk to iptv service without any configuration from my side, and without any CPU interaction. I also added the following: /interface ethernet switch ...
by CblP
Tue Jul 01, 2014 10:28 pm
Forum: General
Topic: IPTV IGMP - YouView Box (UK)
Replies: 6
Views: 2078

Re: IPTV IGMP - YouView Box (UK)

I didn't bother with IGMP package, just used switch rules to forward anything coming from STB port to ISP port, and to direct returning traffic back into the STB port. pretty easy, reliable, and doesn't eat any CPU resources at all. I would highly recommend using switch rules for this If your tik is...
by CblP
Thu Apr 03, 2014 10:57 pm
Forum: General
Topic: RB2011 + IPTV STB: How to assign separate public IP to STB?
Replies: 9
Views: 2523

Re: RB2011 + IPTV STB: How to assign separate public IP to S

I'm glad I was able to help :)
just a note, the purpose to have the switch rule was to prevent this traffic from going to CPU. I guess you must be seeing it at OS level with torch, so, it takes some resources unless the rule is there.
by CblP
Wed Apr 02, 2014 11:14 pm
Forum: General
Topic: RB2011 + IPTV STB: How to assign separate public IP to STB?
Replies: 9
Views: 2523

Re: RB2011 + IPTV STB: How to assign separate public IP to S

yes stb will talk to ISP, as it used to do when it was connected to a real switch instead of your "virtual switch" in mikrotik. your switch rule should be the opposite I believe, it should be applied on ether1, moving all traffic with port 1234 (media streams) to ether2 without hitting the cpu port....
by CblP
Tue Apr 01, 2014 9:29 pm
Forum: General
Topic: RB2011 + IPTV STB: How to assign separate public IP to STB?
Replies: 9
Views: 2523

Re: RB2011 + IPTV STB: How to assign separate public IP to S

I have a similar setup. I created a "virtual switch" with uplink and stb ports, making the stb able to talk to uplink directly, without mikrotik cpu interaction. (this is done by making stb port a "slave" to uplink port) Then I added the following switch rule: add dst-port=5050 new-dst-ports=stb por...
by CblP
Wed Jan 29, 2014 6:21 pm
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3719

Re: Firewall filter rules and nmap scan results

use the force of the packet sniffer, Luke!
Wireshark is my ultimate #1 tool for digging into any kind of network trouble/question.
by CblP
Wed Jan 08, 2014 11:00 am
Forum: Beginner Basics
Topic: Do I really have to lose a port?
Replies: 9
Views: 2892

Re: Do I really have to lose a port?

I see no reason to think that the port is lost. It is still usable in ROS.
You may get a more detailed anwer/advice if you care to post more details about your task
by CblP
Fri May 03, 2013 11:22 am
Forum: General
Topic: strange problem - packets going out to WAN2 with src of WAN1
Replies: 4
Views: 836

Re: strange problem - packets going out to WAN2 with src of

ok the problem is not happening anymore. I exported the config, reset the router to defaults and re-applied the same config again. After a reboot the problem was gone, and so far I am not able to reproduce it. It appears like reconfig/reboot is the first thing you have to try whenever you have a pro...
by CblP
Fri May 03, 2013 8:51 am
Forum: General
Topic: strange problem - packets going out to WAN2 with src of WAN1
Replies: 4
Views: 836

Re: strange problem - packets going out to WAN2 with src of

let me explain the problem in more details I have a pppoe connection with IP 109.184.244.162 and an l2tp connection with IP 92.242.79.188 default route is pppoe, but I have rules to send traffic to 2 specific networks through l2tp. Mikrotik is doing so, BUT, source of the packet is set to 109.184.24...
by CblP
Fri May 03, 2013 12:02 am
Forum: General
Topic: strange problem - packets going out to WAN2 with src of WAN1
Replies: 4
Views: 836

strange problem - packets going out to WAN2 with src of WAN1

I have two ISPs at home and want everything to go to WAN1 except for a few things. Here is what I have: [admin@MikroTik] > ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 192.168.1.1/24 192.168.1.0 bridge1 1 D 10.107.6.210/22 10.107.4.0 ether5 2 D 92.242....
by CblP
Mon Apr 29, 2013 10:48 pm
Forum: Beginner Basics
Topic: SIP ALG vs SIP Helper
Replies: 20
Views: 47927

Re: SIP ALG vs SIP Helper

helper usually breaks more than it fixes. Menno do you have an example? I have tested this thoroughly some time ago, and found only 1 problem with it, which I will disclose later if it is different from yours :) Just curious to see if I missed something. In general, it works fine for me, no major i...
by CblP
Mon Apr 29, 2013 1:23 pm
Forum: Beginner Basics
Topic: SIP ALG vs SIP Helper
Replies: 20
Views: 47927

Re: SIP ALG vs SIP Helper

I think it catches SIP messages on configured ports and changes local IPs to public mapping in Contact, Via etc. Also it changes the media address in SDP, so, you don't have to worry about STUN etc. However, it doesn't help with incoming media streams, so, you have to fix a port range for RTP on you...
by CblP
Mon Mar 25, 2013 11:26 am
Forum: RouterOS v7
Topic: Minor Tx/Rx counters error (6rc11)
Replies: 1
Views: 1415

Minor Tx/Rx counters error (6rc11)

using rc11 on 2011UAS-2HnD-IN I have ether1 receiving around 80Mbps from both ether6 and pppoe (which runs through ether10), resulting in around 160Mbps incoming on ether1. However, winbox shows it in Tx, not Rx. Bug? It is not a simple Tx/Rx swap mistake I think, as ether6 and pppoe show 80mbps in ...