Community discussions

Search found 36 matches

by mhviper
Tue Oct 16, 2018 3:38 pm
Forum: Forwarding Protocols
Topic: Setting up own BGP Communities
Replies: 4
Views: 637

Re: Setting up own BGP Communities

Create an route filter on your customer bgp sessions and check for your blackhole community. If the community is set append the upstream blackhole communities.
by mhviper
Tue Aug 07, 2018 4:33 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1101

Re: 100% CPU CCR1072 due DDoS - How to improve?

Hm. Had a look in the wiki and found these two important things for your case: fast-forward (yes | no; Default: yes) Special and faster case of Fast Path [b]which works only on bridges with 2 interfaces[/b] (enabled by default only for new bridges). [https://wiki.mikrotik.com/wiki/Manual:Interface/B...
by mhviper
Tue Aug 07, 2018 4:20 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1101

Re: 100% CPU CCR1072 due DDoS - How to improve?

I am a fan of "keep it simple, stupid" and adding a bridge for no real reason might come back and bite you.
by mhviper
Tue Aug 07, 2018 4:09 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1101

Re: 100% CPU CCR1072 due DDoS - How to improve?

I've edited my reply before you posted it so maybe reread it ;).

Edit:
Why do you add all your upstream ports to a bridge?
The only reason that comes to my mind is if you want to extend the uplinks in the future through a bond...
by mhviper
Tue Aug 07, 2018 3:46 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1101

Re: 100% CPU CCR1072 due DDoS - How to improve?

You have rebooted your router since the ddos (last up for interfaces looks like)? From a first view these interfaces have no fastpath packets on tranceive: 0-Switch, 1-GT, 2-Adamo, 3-DECIX, 4-Telxius, DE-Voxility, bcn1-Adamo, fr1-cloud. I am not sure how to interpret this as the hardware interfaces ...
by mhviper
Tue Aug 07, 2018 2:58 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1101

Re: 100% CPU CCR1072 due DDoS - How to improve?

Check if fast-path is enabled and used on all interfaces. Can you show output of "/interface print stats-detail" to see if you have packets that are not using fast-path? Do you monitor PPS/RAM Usage in your cacti/mrtg/zabbix/whatever configuration? If not you should consider to add that to close you...
by mhviper
Tue Aug 07, 2018 1:26 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1101

Re: 100% CPU CCR1072 due DDoS - How to improve?

8909 pps are a joke and nothing your ccr should worry about.

Do you have generic firewall rules?
What else is running on your mikrotik (protocols)
by mhviper
Wed Aug 01, 2018 10:33 am
Forum: RouterOS v6 RC and v7 BETA
Topic: BGP multithreaded
Replies: 15
Views: 4008

Re: BGP multithreaded

Forwarding and routing is good and fast as long as you keep all traffic in fastpath. It is a router not a firewall. True, but it is still good practice to do anti-spoofing filtering on a border router I also feel happier blocking traffic to the control plane with filters on the 'input' chain - you ...
by mhviper
Tue Mar 20, 2018 1:18 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New router OS
Replies: 46
Views: 11464

Re: New router OS

hasn't support for TILE been dropped in recent Linux Kernel versions?
Will Mikrotik still stay with TILE or will you change architecture in future releases?
by mhviper
Tue Oct 17, 2017 12:09 pm
Forum: Forwarding Protocols
Topic: BGP Dual-homing using 2 x CCR1016-12G or just one CLOUD CORE CCR1036-12G-4S-EM. What would you do?
Replies: 5
Views: 741

Re: BGP Dual-homing using 2 x CCR1016-12G or just one CLOUD CORE CCR1036-12G-4S-EM. What would you do?

We are using several CCR for years in multi provider BGP setup and believe me you don't want to depend on a single ccr for your whole uplink.
by mhviper
Tue Oct 17, 2017 12:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature Request] sFlow
Replies: 11
Views: 2420

Re: [Feature Request] sFlow

+1 for sflow.
by mhviper
Thu Aug 31, 2017 11:10 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 61
Views: 9425

Re: CCR1036 Power Supply

What will you offer to people having 1036 with the old design suffering on this problems?
by mhviper
Tue May 16, 2017 11:35 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 61
Views: 9425

Re: CCR1036 Power Supply

We also had 3 failed CCR PSU within the last 12 months. All Units are located in a datacenter with controlled temperature without overheating. We replaced the PSU with spare parts and never notified MT about it as the CCR were out of support. The third PSU died last friday and it seems like it kille...
by mhviper
Mon Apr 17, 2017 11:11 pm
Forum: Forwarding Protocols
Topic: VRRP ipv6 vlan/crossover
Replies: 14
Views: 1078

Re: VRRP ipv6 vlan/crossover

Our Customers run dedicated systems behind our mikrotiks therefore might need vrrp on their own.

We will test if we can simply add the gateway ips with scripts that gets triggert by vrrp as "on-master" and "on-backup" provides the necessary hooks.
by mhviper
Wed Apr 12, 2017 10:04 am
Forum: Forwarding Protocols
Topic: VRRP ipv6 vlan/crossover
Replies: 14
Views: 1078

Re: VRRP ipv6 vlan/crossover

The idea with the bridge sounds weird, have you ever seen that live?

Ok but filtering ND and vrrp on the customer ports denies my customers the change to run vrrp on their own.
by mhviper
Tue Apr 11, 2017 10:18 pm
Forum: Forwarding Protocols
Topic: VRRP ipv6 vlan/crossover
Replies: 14
Views: 1078

Re: VRRP ipv6 vlan/crossover

Hi, thanks for your answer. It's my intension to run the vrrp Multicast Traffic on ether1 (direct Connection between router1 and router2) and get the virtual Gateway address assigned on toCore in order to avoid that the vrrp Traffic gets exposed to the whole lan. When I assign the :2 and :3 to the "...
by mhviper
Tue Apr 11, 2017 8:06 pm
Forum: Forwarding Protocols
Topic: VRRP ipv6 vlan/crossover
Replies: 14
Views: 1078

Re: VRRP ipv6 vlan/crossover

Hi,

thanks for your reply. No filters are applied for icmpv6 or vrrp. Vrrp itself is working as intended, both routers see each other and vrrp master changes as soon as priority is changed.
by mhviper
Tue Apr 11, 2017 4:30 pm
Forum: Forwarding Protocols
Topic: VRRP ipv6 vlan/crossover
Replies: 14
Views: 1078

VRRP ipv6 vlan/crossover

Hello, as vrrp version 3 dropped the AH feature I am thinking about doing vrrp traffic on an crossover link or management vlan. My config is the following: router1: /interface vrrp add interface=ether1 name=default_ipv6 v3-protocol=ipv6 version=3 vrid=102 priority=90 /ipv6 address add address=2001:x...
by mhviper
Thu Mar 23, 2017 6:03 pm
Forum: RouterBOARD hardware
Topic: different CCR Versions, fans behave different
Replies: 7
Views: 1202

Re: different CCR Versions, fans behave different

It's a bit sad that a support member showed up and completely ignores the original question.

A simple "Yes, this is intended and your fans are fine" or an "no this is not intended, there is something wrong with your CCR" would cost 20 seconds and should be really easy for mikrotik employees?!
by mhviper
Tue Mar 21, 2017 4:18 pm
Forum: RouterBOARD hardware
Topic: different CCR Versions, fans behave different
Replies: 7
Views: 1202

Re: different CCR Versions, fans behave different

Thanks Janisk for clearing this up, both ccr are indeed the rackmount version. Can you give some information about my "problem"?
by mhviper
Tue Mar 21, 2017 3:48 pm
Forum: RouterBOARD hardware
Topic: different CCR Versions, fans behave different
Replies: 7
Views: 1202

Re: different CCR Versions, fans behave different

Hi Chris, thanks for your reply. I believe the fan details are for the chassis fans and both routers have 2 of them as you can see here http://www.technotrade.com.ua/userfiles/images/mikrotik_ccr1036_review/mikrotiq.jpg . The CCR1036-12G-4S shows decent RPM (around 3000RPM) for both fans (fan1-speed...
by mhviper
Tue Mar 21, 2017 12:22 pm
Forum: RouterBOARD hardware
Topic: different CCR Versions, fans behave different
Replies: 7
Views: 1202

Re: different CCR Versions, fans behave different

Oh one more thing: CCR1036-8G-2S+: (system health print): fan-mode: auto use-fan: main active-fan: main use-fan2: main active-fan2: main cpu-overtemp-check: yes cpu-overtemp-threshold: 100C cpu-overtemp-startup-delay: 1m voltage: 24.1V current: 1597mA temperature: 40C cpu-temperature: 55C power-cons...
by mhviper
Tue Mar 21, 2017 12:16 pm
Forum: RouterBOARD hardware
Topic: different CCR Versions, fans behave different
Replies: 7
Views: 1202

different CCR Versions, fans behave different

Hi, we have an CCR1036-12G-4S which is shutting down fans to 0RPM and spins them up after some seconds. The configuration is: /system health set cpu-overtemp-check=yes cpu-overtemp-startup-delay=1m cpu-overtemp-threshold=100C fan-mode=auto use-fan=main An other CCR1036-8G-2S+ is keeping the fans run...
by mhviper
Tue Dec 20, 2016 11:47 am
Forum: Announcements
Topic: MikroTik News December 2016 (Issue #74)
Replies: 94
Views: 21488

Re: MikroTik News December 2016 (Issue #74)

that leaves a bad feeling about the update ability of crs hardware.
Do I need to fear being ignored by mikrotik with problems / feature requests if not running the latest sw hardware?
by mhviper
Tue Dec 20, 2016 10:23 am
Forum: Announcements
Topic: MikroTik News December 2016 (Issue #74)
Replies: 94
Views: 21488

Re: MikroTik News December 2016 (Issue #74)

great news about the CRS317-1G-16S+RM.
Does that mean that there will be a new swOS release and swOS is not dead as it seems till now?
by mhviper
Thu Apr 07, 2016 3:35 pm
Forum: Forwarding Protocols
Topic: [BGP] Time till new route is used
Replies: 3
Views: 770

Re: [BGP] Time till new route is used

Hello, faster cpu is not an option as both routers are CCR1036-8G-2S+ which are at 0.00 CPU Load ;). its a bit weired as the first router is nearly 10 seconds faster than the second one. Even when I inject the route on both routers at the same time the second one needs 10-20 seconds longer until the...
by mhviper
Thu Apr 07, 2016 2:47 pm
Forum: Forwarding Protocols
Topic: [BGP] Time till new route is used
Replies: 3
Views: 770

[BGP] Time till new route is used

Hello, I have 2 BGP Speaking CCR which also speaks IBGP to each other. Now I inject a route on one CCR setting a new next-hop for a specific route. This works and both CCR receives this new route and I can see that the new route is the active one on both routers. So far so good but its looks like th...
by mhviper
Tue Mar 10, 2015 12:15 am
Forum: Forwarding Protocols
Topic: routing mark IBGP
Replies: 6
Views: 1316

Re: routing mark IBGP

Hello, sorry for my bad explanation. Basically i wanted to be able to change the next-hop / gateway for a specific prefix via IBGP. The problem was, that the next-hop should not be the IBGP peer that announces the route/prefix but should be selected by the BGP community that is announced with the pr...
by mhviper
Mon Mar 09, 2015 6:11 pm
Forum: Forwarding Protocols
Topic: routing mark IBGP
Replies: 6
Views: 1316

routing mark IBGP

Hello, i have two mikrotik routers, each connected to another BGP peer, receiving a full table each and doing BGP to the other router. on each router i have two static routes to enforce next hop depending on the routing-mark: 0 A S ;;; redirect to kpn dst-address=0.0.0.0/0 gateway=xxxxx gateway-stat...
by mhviper
Thu Feb 26, 2015 4:31 pm
Forum: Forwarding Protocols
Topic: Traffic Flow ( netflow) Autonomous system information
Replies: 44
Views: 11981

Re: Traffic Flow ( netflow) Autonomous system information

*bump because it's important*
by mhviper
Mon Jan 12, 2015 10:18 am
Forum: Forwarding Protocols
Topic: BGP MED / Path Selection
Replies: 4
Views: 1205

Re: BGP MED / Path Selection

Hello,

thanks for your reply and your suggestions. It's a bit sad that this does not work on routeOS as this is working on all other routers I know.
I will try your suggestions.

Regards,
Michael
by mhviper
Fri Jan 09, 2015 12:36 am
Forum: Forwarding Protocols
Topic: BGP MED / Path Selection
Replies: 4
Views: 1205

BGP MED / Path Selection

Hello, in this thread http://forum.mikrotik.com/viewtopic.php?f=14&t=70658 a mikrotik employee writes that MED is only taken into account when the neighboring AS in AS_PATH is equal. Is there any other solution to prefer a bgp route if weight local_pref and AS_PATH length is equal? AFAIK is cisco, b...
by mhviper
Thu Jan 08, 2015 3:08 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: export ASN in Netflow
Replies: 5
Views: 1685

Feature Request: export ASN in Netflow

Hello,

in carriergrade routers it is quite common to export the source / destination ASN when exporting netflows, this feature is really missing in Routeros :-(.

Regards,
Michael
by mhviper
Mon Feb 10, 2014 10:15 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1010889

Re: CLOUD CORE ROUTER

I had it for the second time in 2 months that the ccr stops to advertise IPv6 prefixes with bgp. The only thing that helps is to stop all IPv6 addresses and enable them again, is this a known bug?

running V6.7 with 2 IPv4 and 2 IPv6 peers (full table).
by mhviper
Thu Dec 05, 2013 6:54 pm
Forum: Forwarding Protocols
Topic: Traffic Flow ( netflow) Autonomous system information
Replies: 44
Views: 11981

Re: Traffic Flow ( netflow) Autonomous system information

bump this. It's an essential feature for everyone how is really working with ccr.
by mhviper
Wed Sep 25, 2013 5:01 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1010889

Re: CLOUD CORE ROUTER

We are able to push around line rate (1gbit) through a ccr currently without any problems, don't know why he can't reach such result.