I love the new features. Netinstalled routeros 7.1beta3 to an Audience LTE6 and I haven't had any downtime with it acting as a Wave2 WPA2/3 AP with CAKE traffic shaping :) With Wave2, I find one processor core saturates at ~300Mb/s over WiFi: /tool/profile Columns: NAME, USAGE NAME USAGE ethernet 0....
Fantastic work Mikrotik! CAKE and Wave2 are both a big deal; I am very excited. Looking forward to Mikrotik adding testcases to your automated testing, so your users can detect only more complex cases. The resulting user feedback would then help Mikrotik progress their automated regression testing a...
When packets get a priority between 1 and 7, which maps to a WMM traffic class (eg with [1]), I can't get transmit more than 20-25Mbits/s UDP [2,3] shared to all clients. If I set the priority to 0 (or disable the rule), I get 440Mbits/s. ... The WMM enabled/disabled setting on the wlan interface d...
I have seen this for the first time in a couple of months with an RB4011-WiFi. Taking and decoding a supout, the kernel logs show: 2019.06.11-07:16:38.42@3: ath_beacon_tasklet: busy, reset 2019.06.11-07:16:38.42@3: ath_reset 2019.06.11-07:16:38.42@3: qca9984_tx_disable: timeout 2019.06.11-07:16:39.7...
I received my RB4011 last friday. Very happy with the design of the device. I use it as a replacement for my RB2011 which has been running perfectly for about 5 years. I backupped the running config of the RB2011, and selectively imported this script to the RB4011. Everything seemed to be running f...
The 40-60% processor load in your wAP ac is an average. Due to latency at various internal points (wireless microprocessor, kernel scheduler, hardware interrupts), the wAP ac processor is a limiting factor here. As the MIPSBE SoC is older and cost-optimised, some of the internal datapaths may be a b...
This is behaviour on the shared media, however we need to understand if it is expected behaviour or not. You need to capture a trace using '/interface wireless sniffer', using another radio of the same generation configured on the same frequency and channel width, and interpret the trace according t...
I am seeing the same issue with cAP ac2 and hAP ac2, and have an open support case with Mikrotik for ~10 months. We see SSID beacon frames (among other management frames) aren't transmitted for up to 10 seconds - this evidently occurs due to a compatibility issue with certain 5GHz clients (smartphon...
For more security, automatically logging out after the SSH session was idle eg for 10 minutes would be great! I see that feature on some systems but frankly I just find it irritating (session has been logged out when you come back to it after studying how to solve some issue), and frankly I don't s...
This has been impacting me for some time too. I found a way to reproduce it from Linux: $ while :; do ssh admin@demo.mt.lv /ip firewall filter print | wc -l; done 220 220 220 220 220 220 93 220 220 The block buffering in non-interactive mode exposes a bug which isn't seen in interactive SSH sessions...
Thanks lipo. Can you check on RouterOS 6.44.1? It may be that Mikrotik removed the updated WiFi driver as on 6.44.1, I still see: /interface wireless registration-table print stats 0 interface=wlan1 mac-address=B0:23:43:F0:CA:09 ap=no wds=no bridge=no rx-rate="526.5Mbps-80MHz/2S" tx-rate=&...
Does anyone else with a RB4011 WiFi variant on RouterOS 6.44 find stats shows only strength from only 3 out of 4 chains for the 5GHz radio, ie no signal-strength-ch3, despite rx-chains and tx-chains being set to 0,1,2,3? /interface wireless registration-table print stats 0 ... signal-strength-ch0=-7...
Chaps, When packets get a priority between 1 and 7, which maps to a WMM traffic class (eg with [1]), I can't get transmit more than 20-25Mbits/s UDP [2,3] shared to all clients. If I set the priority to 0 (or disable the rule), I get 440Mbits/s. I see the same to a range of 11ac clients, 5m from AP....
By default, RouterOS pings all idle wireless clients every 60s. With many associated clients over a larger area (therefore low bitrates) with 1-2 active at any given time, network efficiency is reduced and client battery life is reduced. Disabling keepalive-frames causes issues wherein clients are l...
Keep in mind that the 5GHz radio will go into radar-detection mode for ~60s once RouterOS is booted.
There is very likely some first-boot scripts that run that add to this, including SSH key generation; this was deferred until first SSH connection in later RouterOS versions.
1. where there is spectral congestion (eg 2.4GHz networks), I suggest using hw-protection-mode=cts-to-self and hw-protection-threshold=200 (to keep overhead low on TCP ack packets) 2. hw-protection-mode=rts-cts has higher overhead but may give better client->AP throughput if the AP transmit power is...
Owing to the lack of RouterOS band steering, I have consistently found the optimal solution is for the 2.4GHz radio to have SSID eg "Mikrotik" and the 5GHz radio to have SSIDs eg "Mikrotik" and "Mikrotik 5G", catering both for people who want simplicity and those who wa...
there is a reason why RouterOS on x86 supports only 2GB - the speed of memory addressing. With high/low setups you would lose 5 to 10% of performance. The cost of PAE is way lower on modern x86 processors, since they have such large TLBs (as are optimised for much larger datasets with 4KB pages), a...
I have a project to create a free hotspot for approximately 1500 simultaneous users and would like to create it using Mikrotik but, can't find 2.4Gghz external AP to deploy using CapsMan. I don't want to use another vendor. The idea is to use about 10-20 ap (meshed) and use radius server with maybe...
One of the first steps I take when deploying Mikrotik kit, is generating a local certificate, signing it locally and enabling HTTPS with it, disabling HTTP. This gives the same level of protection that SSH affords. True, but that protection is absolutely zero. It only protects you against people sn...
One of the first steps I take when deploying Mikrotik kit, is generating a local certificate, signing it locally and enabling HTTPS with it, disabling HTTP. This gives the same level of protection that SSH affords. It would be a step forward if this was done at first boot. Clearly the chain of trust...
Anyone have any experience in isolating multiple APs in the same broadcast domain? Eg say you have two APs on an switch without port isolation capability, which also connects to the router I guess one could use bridge filtering in the forward chain with a MAC address whitelist, but this is difficult...
I was trying to achieve the same. Packets coming in on a bridge port are prevented going out on the same port. On linux (which RouterOS is based upon), bridges support 'hairpin' mode [1] (don't confuse with hairpin NAT), which would allow filtering between devices on the same AP/interface, but Route...
I would say it's worthwhile trying to: - disable STP on all bridges (and hardware switch chip STP if enabled on certain models) - increase DHCP lease time to eg 4h - ensure group-key-update is eg 1h - disable keepalive-frames It's just a pity we can't adjust beacon frequency and DTIM: http://forum.m...
In noisy network environments with many clients, I generally enable RTS/CTS protection for packets larger than 500 bytes [1], and find it very beneficial. I believe because other stations and APs on other SSIDs sharing the same channel also wait. The probability of collision is smaller with smaller ...
Dear Mikrotik specialists, Since Mikrotik routers are based on GNU/Linux, I would like to invite any specialists using Mikrotik or in related network or routing fields to join the next FOSSASIA Open Tech Summit which will take place at the Science Centre Singapore, from March 17 to March 19, 2017. T...
I've been consistently unable to netinstall a CRS125 with 6.35.4 or 6.36rc28. I see the DHCP packets from the CRS arrive on the only network interface, but even after all the usual tricks (disable firewall, IP address assignment etc), netinstall doesn't reply. I have tried on two Windows 10 systems,...
While checking why USB disk performance on RouterOS 6.34.4 is so bad, I found ext3 format is default, and the partition is bady misaligned, so causes write amplification: # fdisk -l /dev/sdb Disk /dev/sda: 14.9 GiB, 16013942784 bytes, 31277232 sectors Units: sectors of 1 * 512 = 512 bytes Sector siz...
It seems likely AES-NI instruction support will be available when Mikrotik do a 64-bit x86 build. AES-NI aside, we'd see a 15% performance increase (due to correspondingly higher IPC), which is important on low-end Atom boxes.
I have been experiencing the same issue on the excellent hAP ac and have found: - the low bandwith (17-57Mb/s) varies with temperature - it occurs with certain ethernet phys and not others - when it occurs, I see receive issues, suggesting the root cause is the transmit from the QCA8337 switch chip ...
Hi guys, Since the new RB953GS-5HnT is a single-chip QCA9558 solution, it supports 3-chain 802.11n at 5GHz: http://routerboard.com/RB953GS-5HnT In many access points, the QCA9880 chip is paired with this to give 3-chain 5GHz 11ac, and clearly when Mikrotik supports it on a mini-PCIe card, we can upg...
Been waiting to purchase this rackmount variant also and was told by support "in May"; seems a near-perfect product once L3 switching is available in RouterOS 6.14/15 or 7...
I'm looking at getting a CRS226-24G-2S+RM for layer 3 switching between VLANs. Will L3 switching work if: 1. some connections are NAT'd out of one port (used for an external internet connection)? 2. there are firewall rules allowing only certain protocols and ports between VLANs? Also: 3. how would ...
Indeed. With a significant number of competing TCP flows, Zheng and Kinicki demonstrate a 15% improvement in goodput (ie useful TCP segments, flow efficiency) through an ECN-capable router, page 15: http://web.cs.wpi.edu/~rek/ISCC02talk.ppt Anyway, let me know if anything more is needed to submit th...
We need a way to enable TCP Explicit Congestion Notification on RouterOS, so when eg TCP tunnels are established, we will get the increase in efficiency and reduction in packet loss. The current linux default is to accept ECN, but not request it when initiating connections. Thus, we need a config op...
+1 I suspect that OpenVPN LZO compression isn't offered the due to the compression time for the MIPS processors in the most of the MikroTik routers. I'd expect ~50Mbits/s max, as we see around 200Mbit/s on an ARM Cortex-A9: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b0...
RouterOS 6.7 uses ext3 on internal stores; this is known to have poor lookup scaling as many files are present in directories, and thus may be a significant factor in the RouterOS proxy webcache slowdown observed.
I see an interesting slowdown in webcache speed as it fills up eg to 1GB from 8GB, as tested with RouterOS v6.6 on a RB951G with a 'fast' USB3 stick (obviously operating at USB2 speed; it can maintain 75MB/s read and 18MB/s write). The slowdown manifests as large latency spikes of 1000-4000ms, which...
When running a caching webproxy on the excellent RB951G [1] with RouterOS 6.2, when the cache starts filling up (eg 1GB of data), I see a significant rate of 'connection reset by peer' messages in browsing sessions, around 5-10% of the time. This affects HTTP GETs, but worse HTTP POST, so form infor...
Hardware packet queues can introduce significant latency below Mikrotik's QoS queuing; this is particularly problematic for wireless interfaces where eg >1000ms delays can be introduced on congested networks. Linux exposes an ioctl (SIOCSIFTXQLEN) to control queue length or eg via: ifconfig eth0 txq...
At present, there is no way to specify the type of flow hashing used in Stochastic Fair Queuing. The flow hash is constructed from source-IP + port and dest-IP + port, with round-robin dequeuing. This gives per-flow (eg TCP session) fairness, so one host with 20 TCP connections can starve the other ...