Community discussions

Search found 248 matches

by paulct
Tue Aug 14, 2018 10:53 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 837
Views: 144217

Re: Feature requests

Until there is version 7, or whatever it is called. Can we get a BGP peer priority? e.g say if you need to upgrade ROS, swap out a CCR, or reboot - each BGP is assigned a priority and receives/sends routes according to that policy in order? e.g: Peer 1 - default route (priority 1) IX route server - ...
by paulct
Tue Aug 14, 2018 10:46 am
Forum: RouterOS v6 RC and v7 BETA
Topic: ROS 7 Beta
Replies: 41
Views: 6796

Re: ROS 7 Beta

This is pure speculation based on what Mikrotik have done in the past, but my bet is on a split release. RouterOS v7 will be a continuation of RouterOS v6 with a bumped 3.xx Kernel, e.g. 3.7 and support for all current architectures. It will have the new routing engine, but will rely on the same fo...
by paulct
Fri Aug 10, 2018 6:00 pm
Forum: Forwarding Protocols
Topic: BGP Failover issues
Replies: 6
Views: 274

Re: BGP Failover issues

What is the issue?
by paulct
Fri Aug 03, 2018 11:54 am
Forum: General
Topic: How to separate the national and international bandwidth?
Replies: 3
Views: 181

Re: How to separate the national and international bandwidth?

just use BGP, receive the local/national routes - and then just a default route out for all others, i.e international. If they do BGP for customers....
by paulct
Thu Aug 02, 2018 12:35 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 497
Views: 66103

Re: v6.43rc [release candidate] is released!

*) bridge - added per-port based "tag-stacking" feature

Can this also be explained. Similar to selective q-in-q?
by paulct
Tue Jul 31, 2018 5:38 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: ROS 7 Beta
Replies: 41
Views: 6796

Re: ROS 7 Beta

Pretty simple. Mikrotik just needs to stop the speculation. "Yes we are actively working on v7, a RC should be available Q4 in 2018." "The main objectives - new routing engine, new linux kernal etc... future enhancements to be added in further RC versions." "It has been delayed due to X and Y and we...
by paulct
Wed Jul 25, 2018 9:39 am
Forum: RouterOS v6 RC and v7 BETA
Topic: ROS 7 Beta
Replies: 41
Views: 6796

Re: ROS 7 Beta

I do not think that Cisco and Juniper are too strong for Mikrotik. I think Mikrotik have been having an identity crisis, and have lost focus on what made them successful in the first place. Routing... This is where the crux lies. I for one would pay more for a better product, Mikrotik does not alwa...
by paulct
Mon Jun 11, 2018 12:43 pm
Forum: General
Topic: QinQ VLAN's Help needed [SOLVED]
Replies: 44
Views: 1290

Re: QinQ VLAN's Help needed [SOLVED]

which is not ideal in all cases, unless ALL your switches can do this. e.g Switch A (some other brand or such - managed switch but no q-in-q) - one uplink to switch B (mikrotik) - and then to switch C (Mikrotik) - handover point. So on switch B you wont be able to say c-tag 10-30 goes to s-tag 100 ...
by paulct
Mon Jun 11, 2018 11:00 am
Forum: General
Topic: QinQ VLAN's Help needed [SOLVED]
Replies: 44
Views: 1290

Re: QinQ VLAN's Help needed [SOLVED]

But my suggestion uses two different ports, on one of them only the c-vlans 10,20,30 are permitted by the vlan-filtering rule, and on the other one only the c-vlans 11,21,31. Ok which is not ideal in all cases, unless ALL your switches can do this. e.g Switch A (some other brand or such - managed s...
by paulct
Mon Jun 11, 2018 10:33 am
Forum: General
Topic: QinQ VLAN's Help needed [SOLVED]
Replies: 44
Views: 1290

Re: QinQ VLAN's Help needed [SOLVED]

This can be obtained using vlan-filtering on the bridge hosting the c-vlans and two s-vlan interfaces: /interface vlan add interface=ether4 name=s-vlan-100 use-service-tag=yes vlan-id=100 add interface=ether4 name=s-vlan-101 use-service-tag=yes vlan-id=101 /interface bridge add name=bridge-x vlan-f...
by paulct
Mon Jun 11, 2018 10:04 am
Forum: General
Topic: QinQ VLAN's Help needed [SOLVED]
Replies: 44
Views: 1290

Re: QinQ VLAN's Help needed [SOLVED]

I am treading in waters I have not done before and it is a semi live network, so I need to get my ducks in a row, below is what I need: Cust 1 ---- C-Vlan 10 ----- \ Cust 2 ---- C-Vlan 20 -------\--- CCR1036 -- S-Vlan 50 ---- Co Loc for ISP's / Cust 3 ---- C-Vlan 30 ---- / Customers coming in on th...
by paulct
Wed Apr 25, 2018 1:16 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 95329

Re: Advisory: Vulnerability exploiting the Winbox port

Hence why each router also has a unique admin password, so if the tunnel/radius had to break we can still get into the router/switch. ... but that still leaves you vulnerable to the current problem. only your port filtering saved you, not your advanced password management! Yes and no, having a uniq...
by paulct
Wed Apr 25, 2018 11:39 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 95329

Re: Advisory: Vulnerability exploiting the Winbox port

There has to be a trade-off between a secure access and the risk of unreachable devices when something breaks. With such config the device will be inaccessible when the connection to radius cannot be set up. We use radius for customers, but to use it for management of the device would be too much o...
by paulct
Wed Apr 25, 2018 10:51 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 95329

Re: Advisory: Vulnerability exploiting the Winbox port

From our network each and every router/switch has a unique randomly generated password. Each router/switch connects via an openvpn tunnel to our radius server for login details, i.e each engineer gets their own user/password to login for accountability. Also on our edge we block port 8291, 22, 23 et...
by paulct
Mon Apr 09, 2018 5:41 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 24
Views: 5140

Re: MUM Europe 2018 - New hardware incoming

Great, however not sure why the included QSFP in these models. Compared with other vendors usually 4 x SFP+ is enough. The only usually include QSFP if the ports are all 10Ge or SFP+. Not complaining as such, but a little strange. QSFP+ could be used for future features, like stacking. True (which ...
by paulct
Mon Apr 09, 2018 11:22 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 24
Views: 5140

Re: MUM Europe 2018 - New hardware incoming

CRS354-48G-4S+2Q+ • 48x Gigabit ports • 4x SFP+ for 10Gbit connections • 2x QSFP ports for 40Gbit connections CRS354-48P-4S+2Q+ • 48x Gigabit ports with PoE out • 4x SFP+ for 10Gbit connections • 2x QSFP+ ports for 40Gbit connections Great, however not sure why the included QSFP in these models. Co...
by paulct
Thu Apr 05, 2018 10:13 am
Forum: General
Topic: MUM berlin
Replies: 28
Views: 1774

Re: MUM berlin

by paulct
Thu Apr 05, 2018 9:38 am
Forum: General
Topic: MUM berlin
Replies: 28
Views: 1774

MUM berlin

Hi

Is there going to be a live stream? I presume it would be under their youtube page?
by paulct
Mon Mar 05, 2018 10:51 am
Forum: General
Topic: 100G port for CCR1072 router
Replies: 4
Views: 539

Re: 100G port for CCR1072 router

I would hope for 40G ports, at least one. Reason being is that: 1) Switches with 40Gb ports are much cheaper (especially 2nd hand) 2) Optics are MUCH cheaper for 40Gb especially on longer links I have no problem if there are SFP28 ports for 25/50/100 (for future capacity) - but I think SFP+ and 40Gb...
by paulct
Fri Feb 02, 2018 8:46 am
Forum: Beginner Basics
Topic: Bandwidth Manage [SOLVED]
Replies: 1
Views: 177

Re: Bandwidth Manage [SOLVED]

There is nothing you can really do, 6Mbps between 200 people is crazy. Maybe find out if there are any other fibre / wireless providers in the area that can get you more bandwidth.
by paulct
Fri Jan 26, 2018 9:42 am
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 75
Views: 9030

Re: ARM based new goodies on the horizon

It feels more like a replacement/upgrade on the hap ac lite.
by paulct
Thu Jan 25, 2018 8:54 am
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 75
Views: 9030

Re: ARM based new goodies on the horizon

TILE-Mx100 CPU looks like the logical successor the the current Tile-Gx? => http://www.ezchip.com/files/drim__EZchip_LinleyDataCenterConference_Feb2015_7671.pdf EZchip was bought out by Mellanox, I am not sure if they are developing the Tilera platform anymore. What we need to high clock speed, a r...
by paulct
Wed Jan 24, 2018 2:47 pm
Forum: Beginner Basics
Topic: CRS-317 as a Service Router.
Replies: 6
Views: 332

Re: CRS-317 as a Service Router.

Client router - switch (CRS) - router (CCR)
by paulct
Mon Jan 22, 2018 3:46 pm
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 75
Views: 9030

Re: ARM based new goodies on the horizon

Except what nz_monkey wrote ... we are implementing much faster BGP in v7. Not multi-threaded, because of reasons that were outlined, but much faster. So is that confirmation that you are actively working on v7 and it is not just a pipe dream? I presume it would be needed if the next generation of ...
by paulct
Tue Jan 16, 2018 9:32 am
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 75
Views: 9030

Re: ARM based new goodies on the horizon

Looks good, although it is a pity there seems to be no SFP port.
Dual core arm looks good, WIFI looks good, but would be nice if external antennas could be added.
by paulct
Fri Dec 01, 2017 5:41 pm
Forum: RouterBOARD hardware
Topic: Less than 2000 Mbps on 10GB link
Replies: 14
Views: 1722

Re: Less than 2000 Mbps on 10GB link

Testing over 1Gbps is hard - mainly due to the fact that most network cards are 1Gbps. To properly test you will need to powerful PC's on both sides of the link with 10Gbps network tests. Then run IPerf3 with multiple streams. One PC is the server, so you would just run e.g iperf3 -s And on the othe...
by paulct
Fri Dec 01, 2017 10:47 am
Forum: General
Topic: Bonding interface
Replies: 7
Views: 339

Re: Bonding interface

Hi Paulct, I test 802.3ad before but cant get success betwen CCR1072 and CCR1036. Can you share your settings I want to re try 802.3ad again. Thanks. Sure, simple config. I am only posting the config from the one router, as the other is exactly the same. The obliviously a /30 on the bonding interfa...
by paulct
Fri Dec 01, 2017 10:44 am
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 23834

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

Hi. Sory bad english. This day install wap60 link 1.1 km. Distance. Wap60 mount 45 cm parabolic dish antenna. My signal min. 75 maks. 85 but not connected. Status connect and notconnect connect and notconnect. What problem. ? Wap60 software distance limitation or ack timing problem ? The WAP60 is m...
by paulct
Thu Nov 30, 2017 8:19 am
Forum: General
Topic: Bonding interface
Replies: 7
Views: 339

Re: Bonding interface

Just letting everyone know, switching to 802.3ad i.e lacp, solved our issue. We are now getting full speeds to overseas on higher latency paths.
Super happy. And ps - this is between a ccr1016 and a ccr1072 - so Mikrotik to Mikrotik using layer2 + 3 hashing.
by paulct
Wed Nov 29, 2017 8:41 am
Forum: General
Topic: Bonding interface
Replies: 7
Views: 339

Re: Bonding interface

It is very strange, only affecting some forms of traffic. I can only presume due to packets coming over different interfaces and being renumbered or such causing delays and TCP re-transmissions. Which would affect higher latency traffic i.e international. Local traffic there is no issue, probably du...
by paulct
Wed Nov 29, 2017 8:40 am
Forum: Wireless Networking
Topic: MikroTik hAP AC Lite losing 2.4GHz network
Replies: 2
Views: 284

Re: MikroTik hAP AC Lite losing 2.4GHz network

You seem to have a ACL configured? Access control list..... Try disable that and see if the issue persists.
by paulct
Wed Nov 29, 2017 8:37 am
Forum: General
Topic: Bonding interface
Replies: 7
Views: 339

Re: Bonding interface

It is very strange, only affecting some forms of traffic. I can only presume due to packets coming over different interfaces and being renumbered or such causing delays and TCP re-transmissions. Which would affect higher latency traffic i.e international. Local traffic there is no issue, probably du...
by paulct
Tue Nov 28, 2017 5:13 pm
Forum: General
Topic: Bonding interface
Replies: 7
Views: 339

Bonding interface

Hi We run an ISP, we have a core router with two 1 gig connections passing through to an edge router. From a ccr1036 to a ccr1072. We are using balance-rr for bonding - to get "2gbps" throughput. Strange issue that was brought up by a client getting slow speeds to their sharepoint server overseas, t...
by paulct
Mon Nov 20, 2017 11:18 am
Forum: General
Topic: Mikrotik Switches Vs Cisco Switches
Replies: 20
Views: 2462

Re: Mikrotik Switches Vs Cisco Switches

One of my big problems with Mikrotik switches is their power. I would prefer to pay another couple hundred dollars to have dual power supplies that are removable. More of the sites we bring online have dual power feeds and/or do maintenance on one of the feeds monthly. We cannot use Mikrotik in thes...
by paulct
Mon Nov 13, 2017 9:56 am
Forum: Wireless Networking
Topic: building a 1 Gbps wireless link for 2 Kms.
Replies: 10
Views: 862

Re: building a 1 Gbps wireless link for 2 Kms.

Impossible, unless there is 0 noise and you can bond multiple netmetal 5's. Rather look at 80Ghz for 1gbps + at that distance, or if your country allows it 24Ghz.
by paulct
Tue Oct 31, 2017 3:35 pm
Forum: Beginner Basics
Topic: GPON between two MikroTik's
Replies: 7
Views: 743

Re: GPON between two MikroTik's

It is silly, why would you want to do this? Just use normal SFP's and single mode fibre.
by paulct
Tue Oct 31, 2017 8:36 am
Forum: General
Topic: Unknown traffic in mikrotik's PPPoE interface
Replies: 2
Views: 232

Re: Unknown traffic in mikrotik's PPPoE interface

Have you torched the interface? You sure you do not have an open dns relay?
by paulct
Tue Oct 31, 2017 8:32 am
Forum: Wireless Networking
Topic: Why is MikroTik's new product—S+RJ10 10GBASE-T module so cheap?
Replies: 8
Views: 1591

Re: Why is MikroTik's new product—S+RJ10 10GBASE-T module so cheap?

Stop questioning ;)

I suppose you can only buy and try it out. The other Mikrotik SFP's work great, though we buy all our SFP's from FS as it is much cheaper in bulk than our local suppliers.
by paulct
Tue Oct 31, 2017 8:31 am
Forum: RouterBOARD hardware
Topic: Ccr with 4sfp+
Replies: 4
Views: 414

Re: Ccr with 4sfp+

that is USD 3K device ... too expensive ... I am looking for cheaper one around 1k++ USD and just 4 x SFP+ is enough ... Otherwise I am thiking to use 2x10G setup bonding and create 2 vlans 1 for BGP facing and 1 for Server facing What do you think? Are you doing BGP etc? If so 3k is cheap as chips...
by paulct
Tue Oct 24, 2017 10:32 am
Forum: Wireless Networking
Topic: When coming AC Wave2 chip?
Replies: 41
Views: 5109

Re: When coming AC Wave2 chip?

TBH a lot of products are due a SOC upgrade, CRS1xx, RB2011, hAP AC Lite, hAP AC, cAP, wAP AC.. I agree, Mikrotik need to focus on the antennas to improve RX performance on their AP's. When we test wAP AC vs Cambium e400, the Cambium has much better RF performance due to the better antenna design. ...
by paulct
Fri Oct 20, 2017 10:03 am
Forum: Wireless Networking
Topic: When coming AC Wave2 chip?
Replies: 41
Views: 5109

Re: When coming AC Wave2 chip?

Will be nice to see this in the hap ac lite and hap ac. There is also a gap for a model between those.
by paulct
Mon Oct 16, 2017 9:34 am
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 91684

Re: RouterOS NOT affected by WPA2 vulnerabilities

Well done on the quick response.
by paulct
Fri Oct 13, 2017 3:54 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 140
Views: 14957

Re: Which types of ports would you like to see for a high speed router

Bump, @Mikrotik can you give any details of what is potentially being planned? Are you going to be moving of the Tilera platform? Marvell? Broadcom? 2018 launch? Faster Mhz CPU's?
by paulct
Thu Oct 12, 2017 3:31 pm
Forum: Wireless Networking
Topic: 36 km Gigabit link
Replies: 17
Views: 1318

Re: 36 km Gigabit link

No it is not possible. Unless you are in the middle of nowhere and have 0 noise, you could possibly bond some AC links and get more than a few hundred Mbps.
by paulct
Fri Oct 06, 2017 2:37 pm
Forum: Forwarding Protocols
Topic: BGP routes
Replies: 2
Views: 429

Re: BGP routes

Is it possible that the closer IX is filtering the longer prefix / aggregating it into their table? Does your network advertise the more specific prefix into the nearby IX? If so, the nearby IX might actually be preferring your network to reach the sub-prefix and thus would not be advertising it to...
by paulct
Thu Oct 05, 2017 12:20 pm
Forum: Forwarding Protocols
Topic: BGP routes
Replies: 2
Views: 429

BGP routes

We run eBGP to various IX's locally and internationally. We have got to a point where we need to start using BGP communities. Question: ISP A advertises x.x.x.x/20 at a local exchange and advertises the same /20 as well as a more specific x.x.x.x/22 at an overseas IX. How would one engineer this rou...
by paulct
Thu Sep 14, 2017 10:50 am
Forum: General
Topic: Backup mikrotik configurations
Replies: 10
Views: 1072

Re: Backup mikrotik configurations

Have a look at https://unimus.net/
No thanks. Only interested in local solutions.
Unimus is not a cloud software, you run it locally on your servers.
Unless you stick it in the cloud ;) But yes, @op - best solution for an automated backup and change management.
by paulct
Mon Sep 11, 2017 2:54 pm
Forum: General
Topic: Backup mikrotik configurations
Replies: 10
Views: 1072

Re: Backup mikrotik configurations

Have a look at https://unimus.net/
by paulct
Thu Sep 07, 2017 10:58 am
Forum: General
Topic: Hotspot Attack ( high CPU use )
Replies: 9
Views: 1342

Re: Hotspot Attack ( high CPU use )

Why are you running a hotspot on a switch? The switch should have limited firewall rules. All the natting and hotspot functionality should be on a router.