MikroTik

DanielJB

Chaps, When packets get a priority between 1 and 7, which maps to a WMM traffic class (eg with [1]), I can't get transmit more than 20-25Mbits/s UDP [2,3] shared to all clients. If I set the priority to 0 (or disable the rule), I get 440Mbits/s. I see the same to a range of 11ac clients, 5m from AP....

DanielJB

I find '/tool sniffer quick interface=ether1 port=!80,!443' doesn't exclude both port 80 and 443. Does anyone know the correct approach?

DanielJB

By default, RouterOS pings all idle wireless clients every 60s. With many associated clients over a larger area (therefore low bitrates) with 1-2 active at any given time, network efficiency is reduced and client battery life is reduced. Disabling keepalive-frames causes issues wherein clients are l...

DanielJB

Keep in mind that the 5GHz radio will go into radar-detection mode for ~60s once RouterOS is booted.

There is very likely some first-boot scripts that run that add to this, including SSH key generation; this was deferred until first SSH connection in later RouterOS versions.

DanielJB

1. where there is spectral congestion (eg 2.4GHz networks), I suggest using hw-protection-mode=cts-to-self and hw-protection-threshold=200 (to keep overhead low on TCP ack packets) 2. hw-protection-mode=rts-cts has higher overhead but may give better client->AP throughput if the AP transmit power is...

DanielJB

Owing to the lack of RouterOS band steering, I have consistently found the optimal solution is for the 2.4GHz radio to have SSID eg "Mikrotik" and the 5GHz radio to have SSIDs eg "Mikrotik" and "Mikrotik 5G", catering both for people who want simplicity and those who want 5GHz only. Making this defa...

DanielJB

there is a reason why RouterOS on x86 supports only 2GB - the speed of memory addressing. With high/low setups you would lose 5 to 10% of performance. The cost of PAE is way lower on modern x86 processors, since they have such large TLBs (as are optimised for much larger datasets with 4KB pages), a...

DanielJB

I have a project to create a free hotspot for approximately 1500 simultaneous users and would like to create it using Mikrotik but, can't find 2.4Gghz external AP to deploy using CapsMan. I don't want to use another vendor. The idea is to use about 10-20 ap (meshed) and use radius server with maybe...

DanielJB

One of the first steps I take when deploying Mikrotik kit, is generating a local certificate, signing it locally and enabling HTTPS with it, disabling HTTP. This gives the same level of protection that SSH affords. True, but that protection is absolutely zero. It only protects you against people sn...

DanielJB

One of the first steps I take when deploying Mikrotik kit, is generating a local certificate, signing it locally and enabling HTTPS with it, disabling HTTP. This gives the same level of protection that SSH affords. It would be a step forward if this was done at first boot. Clearly the chain of trust...

DanielJB

Anyone have any experience in isolating multiple APs in the same broadcast domain? Eg say you have two APs on an switch without port isolation capability, which also connects to the router I guess one could use bridge filtering in the forward chain with a MAC address whitelist, but this is difficult...

DanielJB

Does anyone know how to modify rules eg in /ip firewall filter: chain=forward action=accept connection-state=new dst-address=10.1.1.62 protocol=tcp port=500 src-mac-address=aa:bb:cc:dd:ee:ff to: chain=forward action=accept connection-state=new dst-address=10.1.1.62 protocol=tcp src-mac-address=aa:bb...

DanielJB

Chaps,

Does anyone else get whacky wireless link last up/down time with 6.38.1?

Last Link Down Time Dec/25/2035 21:34:28
Last Link Up Time Dec/25/2035 21:34:32

'/system clock print' shows the right date and time.

DanielJB

local-proxy-arp was added in RouterOS 6.38

DanielJB

I was trying to achieve the same. Packets coming in on a bridge port are prevented going out on the same port. On linux (which RouterOS is based upon), bridges support 'hairpin' mode [1] (don't confuse with hairpin NAT), which would allow filtering between devices on the same AP/interface, but Route...

DanielJB

I would say it's worthwhile trying to: - disable STP on all bridges (and hardware switch chip STP if enabled on certain models) - increase DHCP lease time to eg 4h - ensure group-key-update is eg 1h - disable keepalive-frames It's just a pity we can't adjust beacon frequency and DTIM: http://forum.m...

DanielJB

In Unix systems SSH sessions, I use Ctrl-W all the time to delete the last word; it is really practical, but not implemented in RouterOS.

Can Mikrotik implement this simple enhancement for RouterOS? It does save time in the CLI.

DanielJB

In noisy network environments with many clients, I generally enable RTS/CTS protection for packets larger than 500 bytes [1], and find it very beneficial. I believe because other stations and APs on other SSIDs sharing the same channel also wait. The probability of collision is smaller with smaller ...

DanielJB

I think it is reasonable to be able to tune the wireless beacon interval and DTIM.

I my case, a 200ms beacon interval and DTIM count of 1 would be more optimal than the defaults.

Anyone else missing this feature with other basic APs feature?

DanielJB

Dear Mikrotik specialists, Since Mikrotik routers are based on GNU/Linux, I would like to invite any specialists using Mikrotik or in related network or routing fields to join the next FOSSASIA Open Tech Summit which will take place at the Science Centre Singapore, from March 17 to March 19, 2017. T...

DanielJB

I get this output from netinstall: recv bytes: 300 opcode: 1 htype: 1 hlen: 6 hops: 0 xid: 6b6e15f0 secs: 40 unused: 0 ciaddr: 0.0.0.0 yiaddr: 0.0.0.0 siaddr: 0.0.0.0 giaddr: 0.0.0.0 chaddr: 4c:5e:c:96:23:c6: sname: (64) file: (128) cookie: 63538263 35 01 03 3d 07 01 4c 5e 0c 96 23 c6 ...

DanielJB

I've been consistently unable to netinstall a CRS125 with 6.35.4 or 6.36rc28. I see the DHCP packets from the CRS arrive on the only network interface, but even after all the usual tricks (disable firewall, IP address assignment etc), netinstall doesn't reply. I have tried on two Windows 10 systems,...

DanielJB

I am also waiting for IKEv2 support from MikroTik, but caught between deploying EdgeRouters with IKEv2 or L2TP+IPSec on Mikrotik.

DanielJB

While checking why USB disk performance on RouterOS 6.34.4 is so bad, I found ext3 format is default, and the partition is bady misaligned, so causes write amplification: # fdisk -l /dev/sdb Disk /dev/sda: 14.9 GiB, 16013942784 bytes, 31277232 sectors Units: sectors of 1 * 512 = 512 bytes Sector siz...

DanielJB

It seems likely AES-NI instruction support will be available when Mikrotik do a 64-bit x86 build. AES-NI aside, we'd see a 15% performance increase (due to correspondingly higher IPC), which is important on low-end Atom boxes.

DanielJB

Using another USB to Ethernet adapter with the Realtek RTL8153 chip (Dell "USB-C to Ethernet adapter"), I see wire-speed in both directions.

This correlates that the issue is a phy setup/programming issue.

DanielJB

I have been experiencing the same issue on the excellent hAP ac and have found: - the low bandwith (17-57Mb/s) varies with temperature - it occurs with certain ethernet phys and not others - when it occurs, I see receive issues, suggesting the root cause is the transmit from the QCA8337 switch chip ...

DanielJB

MAC-based-VLAN (/interface ethernet switch mac-based-vlan) works great on my CRS125.

Where packets don't match an FDB entry, is it possible to assign a default VLAN?

Thanks!
Daniel

DanielJB

Hi guys, Since the new RB953GS-5HnT is a single-chip QCA9558 solution, it supports 3-chain 802.11n at 5GHz: http://routerboard.com/RB953GS-5HnT In many access points, the QCA9880 chip is paired with this to give 3-chain 5GHz 11ac, and clearly when Mikrotik supports it on a mini-PCIe card, we can upg...

DanielJB

Been waiting to purchase this rackmount variant also and was told by support "in May"; seems a near-perfect product once L3 switching is available in RouterOS 6.14/15 or 7...

DanielJB

I'm looking at getting a CRS226-24G-2S+RM for layer 3 switching between VLANs. Will L3 switching work if: 1. some connections are NAT'd out of one port (used for an external internet connection)? 2. there are firewall rules allowing only certain protocols and ports between VLANs? Also: 3. how would ...

DanielJB

Indeed. With a significant number of competing TCP flows, Zheng and Kinicki demonstrate a 15% improvement in goodput (ie useful TCP segments, flow efficiency) through an ECN-capable router, page 15: http://web.cs.wpi.edu/~rek/ISCC02talk.ppt Anyway, let me know if anything more is needed to submit th...

DanielJB

We need a way to enable TCP Explicit Congestion Notification on RouterOS, so when eg TCP tunnels are established, we will get the increase in efficiency and reduction in packet loss. The current linux default is to accept ECN, but not request it when initiating connections. Thus, we need a config op...

DanielJB

+1 I suspect that OpenVPN LZO compression isn't offered the due to the compression time for the MIPS processors in the most of the MikroTik routers. I'd expect ~50Mbits/s max, as we see around 200Mbit/s on an ARM Cortex-A9: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b0...

DanielJB

Normis, Chupaka,

RouterOS 6.7 uses ext3 on internal stores; this is known to have poor lookup scaling as many files are present in directories, and thus may be a significant factor in the RouterOS proxy webcache slowdown observed.

What is the rationale on not using ext4?

DanielJB

I see an interesting slowdown in webcache speed as it fills up eg to 1GB from 8GB, as tested with RouterOS v6.6 on a RB951G with a 'fast' USB3 stick (obviously operating at USB2 speed; it can maintain 75MB/s read and 18MB/s write). The slowdown manifests as large latency spikes of 1000-4000ms, which...

DanielJB

When running a caching webproxy on the excellent RB951G [1] with RouterOS 6.2, when the cache starts filling up (eg 1GB of data), I see a significant rate of 'connection reset by peer' messages in browsing sessions, around 5-10% of the time. This affects HTTP GETs, but worse HTTP POST, so form infor...

DanielJB

Hardware packet queues can introduce significant latency below Mikrotik's QoS queuing; this is particularly problematic for wireless interfaces where eg >1000ms delays can be introduced on congested networks. Linux exposes an ioctl (SIOCSIFTXQLEN) to control queue length or eg via: ifconfig eth0 txq...

DanielJB

At present, there is no way to specify the type of flow hashing used in Stochastic Fair Queuing. The flow hash is constructed from source-IP + port and dest-IP + port, with round-robin dequeuing. This gives per-flow (eg TCP session) fairness, so one host with 20 TCP connections can starve the other ...

Search found 39 matches

WMM giving terrible throughput

How to exclude two ports in /toool sniffer?

Tuneable wireless keep-alive interval

Re: hAP AC2 Wrong Setup Instructions

Re: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi

Re: Dual band AP for home use, SSID same or different?

Re: X86_64 ROS - 64bit Mikrotik

Re: Type of equipments (AP) needed for hotspot over 1000 users?

Re: Securing your device is important

Re: Securing your device is important

Inter-AP isolation [expert question]

Removing port number from CLI rule

v6.38.1: Last Link Up/Down Time 2035

Re: split-horizon & local-proxy-arp

Re: Filtering traffic between wireless clients

Re: Wifi keeps mobile device awake? [keepalive packets]

^W CLI support

Optimal RTS/CTS protection threshold (~500?)

Wireless beacon interval and DTIM missing

Invitation to FOSSASIA Open Tech Summit 2017, Mar 17 - 19

Re: netInstall on CRS125 failure

netInstall on CRS125 failure

Re: Feature Req: IKEv2 server and client

[6.34.4] USB disk poor performance (and solution)

Re: Feature request: AES-NI instruction set for x86 RouterOS

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

CRS125 MAC-based-VLAN default VLAN

RB953GS-5HnT announcement and 11ac

Re: Release date for CRS-226-24G-2S+RM?

CRS layer-3 switching questions

Re: Enable TCP ECN for bandwidth efficiency

Enable TCP ECN for bandwidth efficiency

Re: Feature request: OpenVPN compression LZO and UDP

proxy webcache slowdown and ext3

webcache performance degradation

6.1/6.2 webproxy 'connection reset'

Request: Interface hardware queue length

per-flow SFQ causes DoS