Create an route filter on your customer bgp sessions and check for your blackhole community. If the community is set append the upstream blackhole communities.
Hm. Had a look in the wiki and found these two important things for your case: fast-forward (yes | no; Default: yes) Special and faster case of Fast Path [b]which works only on bridges with 2 interfaces[/b] (enabled by default only for new bridges). [https://wiki.mikrotik.com/wiki/Manual:Interface/B...
I've edited my reply before you posted it so maybe reread it .
Edit:
Why do you add all your upstream ports to a bridge?
The only reason that comes to my mind is if you want to extend the uplinks in the future through a bond...
You have rebooted your router since the ddos (last up for interfaces looks like)? From a first view these interfaces have no fastpath packets on tranceive: 0-Switch, 1-GT, 2-Adamo, 3-DECIX, 4-Telxius, DE-Voxility, bcn1-Adamo, fr1-cloud. I am not sure how to interpret this as the hardware interfaces ...
Check if fast-path is enabled and used on all interfaces. Can you show output of "/interface print stats-detail" to see if you have packets that are not using fast-path? Do you monitor PPS/RAM Usage in your cacti/mrtg/zabbix/whatever configuration? If not you should consider to add that to...
Forwarding and routing is good and fast as long as you keep all traffic in fastpath. It is a router not a firewall. True, but it is still good practice to do anti-spoofing filtering on a border router I also feel happier blocking traffic to the control plane with filters on the 'input' chain - you ...
hasn't support for TILE been dropped in recent Linux Kernel versions?
Will Mikrotik still stay with TILE or will you change architecture in future releases?
We also had 3 failed CCR PSU within the last 12 months. All Units are located in a datacenter with controlled temperature without overheating. We replaced the PSU with spare parts and never notified MT about it as the CCR were out of support. The third PSU died last friday and it seems like it kille...
Hi, thanks for your answer. It's my intension to run the vrrp Multicast Traffic on ether1 (direct Connection between router1 and router2) and get the virtual Gateway address assigned on toCore in order to avoid that the vrrp Traffic gets exposed to the whole lan. When I assign the :2 and :3 to the &...
thanks for your reply. No filters are applied for icmpv6 or vrrp. Vrrp itself is working as intended, both routers see each other and vrrp master changes as soon as priority is changed.
Hello, as vrrp version 3 dropped the AH feature I am thinking about doing vrrp traffic on an crossover link or management vlan. My config is the following: router1: /interface vrrp add interface=ether1 name=default_ipv6 v3-protocol=ipv6 version=3 vrid=102 priority=90 /ipv6 address add address=2001:x...
It's a bit sad that a support member showed up and completely ignores the original question. A simple "Yes, this is intended and your fans are fine" or an "no this is not intended, there is something wrong with your CCR" would cost 20 seconds and should be really easy for mikroti...
Hi Chris, thanks for your reply. I believe the fan details are for the chassis fans and both routers have 2 of them as you can see here http://www.technotrade.com.ua/userfiles/images/mikrotik_ccr1036_review/mikrotiq.jpg . The CCR1036-12G-4S shows decent RPM (around 3000RPM) for both fans (fan1-speed...
Oh one more thing: CCR1036-8G-2S+: (system health print): fan-mode: auto use-fan: main active-fan: main use-fan2: main active-fan2: main cpu-overtemp-check: yes cpu-overtemp-threshold: 100C cpu-overtemp-startup-delay: 1m voltage: 24.1V current: 1597mA temperature: 40C cpu-temperature: 55C power-cons...
Hi, we have an CCR1036-12G-4S which is shutting down fans to 0RPM and spins them up after some seconds. The configuration is: /system health set cpu-overtemp-check=yes cpu-overtemp-startup-delay=1m cpu-overtemp-threshold=100C fan-mode=auto use-fan=main An other CCR1036-8G-2S+ is keeping the fans run...
that leaves a bad feeling about the update ability of crs hardware.
Do I need to fear being ignored by mikrotik with problems / feature requests if not running the latest sw hardware?
Hello, faster cpu is not an option as both routers are CCR1036-8G-2S+ which are at 0.00 CPU Load ;). its a bit weired as the first router is nearly 10 seconds faster than the second one. Even when I inject the route on both routers at the same time the second one needs 10-20 seconds longer until the...
Hello, I have 2 BGP Speaking CCR which also speaks IBGP to each other. Now I inject a route on one CCR setting a new next-hop for a specific route. This works and both CCR receives this new route and I can see that the new route is the active one on both routers. So far so good but its looks like th...
Hello, sorry for my bad explanation. Basically i wanted to be able to change the next-hop / gateway for a specific prefix via IBGP. The problem was, that the next-hop should not be the IBGP peer that announces the route/prefix but should be selected by the BGP community that is announced with the pr...
Hello, i have two mikrotik routers, each connected to another BGP peer, receiving a full table each and doing BGP to the other router. on each router i have two static routes to enforce next hop depending on the routing-mark: 0 A S ;;; redirect to kpn dst-address=0.0.0.0/0 gateway=xxxxx gateway-stat...
thanks for your reply and your suggestions. It's a bit sad that this does not work on routeOS as this is working on all other routers I know.
I will try your suggestions.
Hello, in this thread http://forum.mikrotik.com/viewtopic.php?f=14&t=70658 a mikrotik employee writes that MED is only taken into account when the neighboring AS in AS_PATH is equal. Is there any other solution to prefer a bgp route if weight local_pref and AS_PATH length is equal? AFAIK is cisc...
in carriergrade routers it is quite common to export the source / destination ASN when exporting netflows, this feature is really missing in Routeros .
I had it for the second time in 2 months that the ccr stops to advertise IPv6 prefixes with bgp. The only thing that helps is to stop all IPv6 addresses and enable them again, is this a known bug?
running V6.7 with 2 IPv4 and 2 IPv6 peers (full table).