MikroTik

afink

Hello folks I seem to run into the same issues all over the place. I have a rather big backbone running on Mikrotiks. Most core networks are 100G with CCR2216. One location is running two CCR1072 connected over a submarine cable at 310Mbit to the core with BGP4. On BGP4 we only export a default rout...

afink

of course I reported it already

afink

oh null is not same as "". Thats interesting find. As far as Winbox goes, I just can't run it on modern Macs wit ARM CPUs and it doesn't give me anything the web gui doesn't give me (besides bugs like this one being only in one variant of GUI or CLI every once in a while). You might be abl...

afink

doesnt work in web GUI, doesn't work on CLI.. nobody uses Winbox... (unless some folks who use windows maybe)

afink

the command I posted in the beginning of this thread is exactly this. And the result is "null" (if you choose AES-256-CTR for example so the command executes).

afink

well authentication is set to null. Still same.

afink

can anyone shed light on why I get "failure: AEAD already provides authentication" when I try to create a ipsec profile [admin@Mikrotik] /ip/ipsec/proposal> add name=proposal-test enc-algorithms=aes-128-gcm failure: AEAD already provides authentication seems to be there is absolutely no wa...

afink

i tied that before but couldnt fiure out what was wrong. directory listing shows "forbidden". not helpful neither

afink

doesnt help. I need arm64 and the other packages as well. but thanks for sharing... Ill try again with 7.12 release when mikrotik finally figured out all its (Q)SFP negotiation mysteries.

afink

What's new in 7.12beta7 (2023-Sep-13 09:58): !) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces; *) qsfp - added 50Gbps rate support for QSFP28 interfaces; *) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3); *) qsfp - improv...

afink

eoip and other tunneling protocols would only work if transporting routers along the path fragment packets on the way instead of rejecting and dropping it. on the fly fragmentation is cpu intensive and thus the method of dont fragment packets but inform the sender of a smaller mtu is mostly used (se...

afink

bigger MTUs can also help in having encrypted traffic being transported over longer distances in fewer packets. If you have a endpoint which encrypts and can put multiple packets into a jumboframe, there will be less but bigger packet being sent. Hence the transit network has fewer routing decisions...

afink

except that you expect this on a new installation, not on something which worked before...

afink

Switching off auto negotiation and configuring it for 100G-baseLR4-ER4 brought the interface up.
Interesting...

afink

fec is configured on switch and mikrotik using fec92 / rs . this is mandatory for link to come up in 7.11. Auto negotiation failed otherwise.

afink

they are enabled in my case.

afink

this is the type which does work with 7.11 but not with 7.12beta3 We have multiple instances where this shows up as a problem https://www.fs.com/products/51709.html?attribute=23481&id=431173 The same module also exist with different names. Q28-AO01 Q28-AO02 Q28-AO03 Q28-AO05 etc the difference i...

afink

Warning: Watch out with 7.12beta3 if you have 100G ports on a CCR2216 and you use QSFP28 which are attached to a cable (DAC or AOC or so). We had several links going out of service after upgrading to 7.12beta3. Going back to 7.11 restored the ports. Other nodes who had a optical LR4 transceiver in t...

afink

thsts exactly what I did. ips on vlans on top of bridge. The only thing i dont have is only vlan tags set as i have untagged too and thus ip on the bridge itself too

afink

Clearly there are no issues because you know the relevant area of problem. You should thus be able to solve it yourself............ Well then if you can't figure it out neither, it must be a bug. If such simple switching doesn't work as documented, it doesn't make any sense to use Mikrotik switches...

afink

why the quote marks on bridge vlans.......get rid of them..... thats what Mikrotik does when you type /export. The ports where configured with th web gui. so this is not the problem. The only thing I see different the doc is that they use admit-untagged-only on the bridge port. So it would drop any...

afink

Might want to post your configuration then. here is the relevant config sections: # jun/30/2022 21:59:50 by RouterOS 7.3.1 # software id = 4C9W-ELI7 # # model = CRS312-4C+8XG /interface bridge add admin-mac=DC:2C:6E:90:47:16 auto-mac=no mtu=9200 name=bridge0 /interface bridge port add bridge=bridge...

afink

Depends on the series switch how its configured. CRS1xx,2xx are configured differently from the CRS3xx,5xx. Check out this section of the documentation.

https://help.mikrotik.com/docs/display/ ... +Switching

I only use CRS3xx or CCR series.
Basically RouterOS config

afink

It is my understanding that when I configure an access port of a specific vlan, I do the following create a bridge add port into bridge define PVID in the bridge port to by my access vlan create a vlan inside the bridge and list the port as untagged. This means anything going out on that port on the...

afink

Hello I have the following scenario: CRS312-4C+8XG, RouterOS 7.3.1 Linux host (Debian) connected with 2x 10G with the following config auto ens1f0 iface ens1f0 inet manual auto ens1f1 iface ens1f1 inet manual auto bond0 iface bond0 inet dhcp bond-slaves ens1f1,ens1f0 bond-mode 802.3ad bond-miimon 10...

afink

I think Mikrotik's holiday video has a clue: "Do you want to discuss BGP?" ... "No". Maybe Viktors is the BGP developer? Eva certainly isn't, she works in the logistics department and is not interested in BGP... Guys, face it. BGP and OSPF has changed drastically in RouterOS7. T...

afink

I would like to report an issue with multiprotocol bgp, carrying both ipv4 and ipv6 af routes. Tested this on wireguard interfaces, not sure about regular ethernet. - when the session is ipv4-based: ipv4 routes work fine, and for ipv6 routes mikrotik builds ipv4-mapped ipv6 next-hop based on ipv4 i...

afink

Upgraded my RB4011 from 7.1 to 7.1.1 and it appears to work ok, also IPsec. There is an IPsec issue with statically configured /ip ipsec identity which disappears after reboot, but it turns out that already existed in 7.1 (after re-adding it manually from export made before the upgrade IPsec works ...

afink

Feature request: fetch via specific interface (curl --interface ...)

or fetch from a specific IP. Like a loopback while you use private IP's on the point to point links...

afink

*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces; I have 20 VLANS everywhere... *) l3hw - fixed bonding source MAC address; And most have bonding... *) l3hw - improved system stability when using 7 or more VLAN interfaces; Yes please! *) ospf - fixed distance if "origi...

afink

I have a higher MTU on the SFP, PPPoE won't go further than 1492. Even 1501 byte pings do not pass through. Is this working on your side? larger MTUs in 7.1rc4 work for me. I'm not using PPPoE but bridges & vlans & ipsec tunnels over it. And OSPF also dislikes MTU mismatches. So getting you...

afink

Any specific improvements to MPLS or BGP? Creating BGP4 peers in the web guis now works for the field local-AS. it shows something like 1234/0 the field for remote-AS however is not working. you can enter 1234/1234 but not just 1234. Given nobody has a clue what /... means for an AS number this is ...

afink

Any specific improvements to MPLS or BGP? Creating BGP4 peers in the web guis now works for the field local-AS. it shows something like 1234/0 the field for remote-AS however is not working. you can enter 1234/1234 but not just 1234. Given nobody has a clue what /... means for an AS number this is ...

afink

In the class of backbone BGP routers with full routing table, Mikrotiks are very cheap compared to the big guys (Cisco, Juniper etc). I can don more with my CCR1076 than I can do with my ASR1002F which costed me 20'000$ at the time. Performance of the CCR is bigger and full wirespeed encryption is k...

afink

Keep in mind that there are some SFP+ modules which can run at 1G as well as 10G speeds. So for these you might need to set the port to 1G speed if a the other side there is a 1G only SFP.

afink

The amount of memory required to store BGP routes depends on many factors, such as the router, the number of alternate paths available, route dampening, community, the number of maximum paths configured, BGP attributes, and VPN configurations. Without knowledge of these parameters it is difficult to...

afink

If you have to run BGP, the big question is why and how. BGP is usually needed if you have multiple upstreams. And then the question is how will you separate the traffic between these upstreams. In this case you might need to load full routing tables to get the optimal path between your multiple ups...

afink

I'm not sure on which world you are living in but in the places I am active (Europe & Africa), IPv6 is available everywhere on every backbone. And frankly if you start any ISP business now, you must be lucky if you can even get a /22 IPv4 range. In Europe you can't. IPv4 addresses are traded at ...

afink

Feature Request: I wish Mikrotik would have NAT64. Im building a large wireless ISP for potential millions of users and IPv4 is something we would like to avoid completely and go directly to IPv6 only (there are no addresses available anyway). Doing NAT44 instead means a lot of more work to give out...

afink

OSPFv3 for IPv6 still heavily broken and totally unusable if you have two or more ethernet between two routers. [Ticket#2013121266000031]

afink

MT would need to base a model on the Tilera TILE-Gx72 chip in order to be able to deal with 8 x 10 GbE. That's the most a single Tilera chip can handle right now. But Tilera themselves pack up to 8 x36s into a single unit so theoretically we could see multi chip CCRs. But it would need adequate dem...

afink

have you tested with SFP Rate Select = low?

afink

Hi, I already have an MMDS reception point on the hill (2.5-2.7) the 130 tv stations are treated and passed into a 13Ghz link going to Mbour and Thies. This is up and working and two 500w MMDS TX either side are currently furnishing the two towns with an MBR of +38. Now the challenge is to link Mbo...

afink

I'm personally familiar with that specific site on the hill of Dakar as I have been there and I'm familiar with the MMDS transmission site in Dakar. I've visited both sites a couple of years ago. A link is possible to achieve but would require very solid and big dishes. You're at the edge of what's ...

afink

OSPFv3 doesn't work across GRE6 in my case even after reboot in Release 6.7 and 6.8rc1
They don't see each other broadcast wise somehow.

afink

Is it possible? I noticed ROS doesn't assign link-local addresses to GRE, and it doesn't find point to point or NBMA neighbors with manually configured addresses either (the interfaces appear as Inactive in OSPFv3). I have an IPSec+GRE VPN up and I'd like to forward IPv6 over it with OSPFv3 setting...

afink

As long as you're able to get the basic data into a text file on the PC (via IRRPT, retrieving it using wget, or whatever), you could then use a bash script to modify and output a properly formatted RouterOS script. Thats no problem and it can be executed via ssh remote commands. As for removing en...

afink

I'm tring to automate the updating of filter lists for BGP4 peers. the idea is to use IRRPT (http://sourceforge.net/projects/irrpt/) to daily update BGP4 peering filters based on AS-SET's from the RIPE database. The irrpt tool has automated scripts to update filters for most router vendors but not f...

afink

the current release 6.5 and also 6.6rc1 still have _sever_ bug in ipsec. in our case we try to set up a simple point to point tunnel between two mikrotiks. the profile matches, the policy has the two endpoints of the tunnel as source/destination (the outer IP's) and protocol=47 (which is GRE) define...

afink

I have such a card and it is not (yet) recognized by RouterOS 6.0 on a RB2011.

Search found 50 matches