MikroTik

mhviper

Create an route filter on your customer bgp sessions and check for your blackhole community. If the community is set append the upstream blackhole communities.

mhviper

Hm. Had a look in the wiki and found these two important things for your case: fast-forward (yes | no; Default: yes) Special and faster case of Fast Path [b]which works only on bridges with 2 interfaces[/b] (enabled by default only for new bridges). [https://wiki.mikrotik.com/wiki/Manual:Interface/B...

mhviper

I am a fan of "keep it simple, stupid" and adding a bridge for no real reason might come back and bite you.

mhviper

I've edited my reply before you posted it so maybe reread it

.

Edit:
Why do you add all your upstream ports to a bridge?
The only reason that comes to my mind is if you want to extend the uplinks in the future through a bond...

mhviper

You have rebooted your router since the ddos (last up for interfaces looks like)? From a first view these interfaces have no fastpath packets on tranceive: 0-Switch, 1-GT, 2-Adamo, 3-DECIX, 4-Telxius, DE-Voxility, bcn1-Adamo, fr1-cloud. I am not sure how to interpret this as the hardware interfaces ...

mhviper

Check if fast-path is enabled and used on all interfaces. Can you show output of "/interface print stats-detail" to see if you have packets that are not using fast-path? Do you monitor PPS/RAM Usage in your cacti/mrtg/zabbix/whatever configuration? If not you should consider to add that to...

mhviper

8909 pps are a joke and nothing your ccr should worry about.

Do you have generic firewall rules?
What else is running on your mikrotik (protocols)

mhviper

Forwarding and routing is good and fast as long as you keep all traffic in fastpath. It is a router not a firewall. True, but it is still good practice to do anti-spoofing filtering on a border router I also feel happier blocking traffic to the control plane with filters on the 'input' chain - you ...

mhviper

hasn't support for TILE been dropped in recent Linux Kernel versions?
Will Mikrotik still stay with TILE or will you change architecture in future releases?

mhviper

We are using several CCR for years in multi provider BGP setup and believe me you don't want to depend on a single ccr for your whole uplink.

mhviper

+1 for sflow.

mhviper

What will you offer to people having 1036 with the old design suffering on this problems?

mhviper

We also had 3 failed CCR PSU within the last 12 months. All Units are located in a datacenter with controlled temperature without overheating. We replaced the PSU with spare parts and never notified MT about it as the CCR were out of support. The third PSU died last friday and it seems like it kille...

mhviper

Our Customers run dedicated systems behind our mikrotiks therefore might need vrrp on their own.

We will test if we can simply add the gateway ips with scripts that gets triggert by vrrp as "on-master" and "on-backup" provides the necessary hooks.

mhviper

The idea with the bridge sounds weird, have you ever seen that live?

Ok but filtering ND and vrrp on the customer ports denies my customers the change to run vrrp on their own.

mhviper

Hi, thanks for your answer. It's my intension to run the vrrp Multicast Traffic on ether1 (direct Connection between router1 and router2) and get the virtual Gateway address assigned on toCore in order to avoid that the vrrp Traffic gets exposed to the whole lan. When I assign the :2 and :3 to the &...

mhviper

Hi,

thanks for your reply. No filters are applied for icmpv6 or vrrp. Vrrp itself is working as intended, both routers see each other and vrrp master changes as soon as priority is changed.

mhviper

Hello, as vrrp version 3 dropped the AH feature I am thinking about doing vrrp traffic on an crossover link or management vlan. My config is the following: router1: /interface vrrp add interface=ether1 name=default_ipv6 v3-protocol=ipv6 version=3 vrid=102 priority=90 /ipv6 address add address=2001:x...

mhviper

It's a bit sad that a support member showed up and completely ignores the original question. A simple "Yes, this is intended and your fans are fine" or an "no this is not intended, there is something wrong with your CCR" would cost 20 seconds and should be really easy for mikroti...

mhviper

Thanks Janisk for clearing this up, both ccr are indeed the rackmount version. Can you give some information about my "problem"?

mhviper

Hi Chris, thanks for your reply. I believe the fan details are for the chassis fans and both routers have 2 of them as you can see here http://www.technotrade.com.ua/userfiles/images/mikrotik_ccr1036_review/mikrotiq.jpg . The CCR1036-12G-4S shows decent RPM (around 3000RPM) for both fans (fan1-speed...

mhviper

Oh one more thing: CCR1036-8G-2S+: (system health print): fan-mode: auto use-fan: main active-fan: main use-fan2: main active-fan2: main cpu-overtemp-check: yes cpu-overtemp-threshold: 100C cpu-overtemp-startup-delay: 1m voltage: 24.1V current: 1597mA temperature: 40C cpu-temperature: 55C power-cons...

mhviper

Hi, we have an CCR1036-12G-4S which is shutting down fans to 0RPM and spins them up after some seconds. The configuration is: /system health set cpu-overtemp-check=yes cpu-overtemp-startup-delay=1m cpu-overtemp-threshold=100C fan-mode=auto use-fan=main An other CCR1036-8G-2S+ is keeping the fans run...

mhviper

that leaves a bad feeling about the update ability of crs hardware.
Do I need to fear being ignored by mikrotik with problems / feature requests if not running the latest sw hardware?

mhviper

great news about the CRS317-1G-16S+RM.
Does that mean that there will be a new swOS release and swOS is not dead as it seems till now?

mhviper

Hello, faster cpu is not an option as both routers are CCR1036-8G-2S+ which are at 0.00 CPU Load ;). its a bit weired as the first router is nearly 10 seconds faster than the second one. Even when I inject the route on both routers at the same time the second one needs 10-20 seconds longer until the...

mhviper

Hello, I have 2 BGP Speaking CCR which also speaks IBGP to each other. Now I inject a route on one CCR setting a new next-hop for a specific route. This works and both CCR receives this new route and I can see that the new route is the active one on both routers. So far so good but its looks like th...

mhviper

Hello, sorry for my bad explanation. Basically i wanted to be able to change the next-hop / gateway for a specific prefix via IBGP. The problem was, that the next-hop should not be the IBGP peer that announces the route/prefix but should be selected by the BGP community that is announced with the pr...

mhviper

Hello, i have two mikrotik routers, each connected to another BGP peer, receiving a full table each and doing BGP to the other router. on each router i have two static routes to enforce next hop depending on the routing-mark: 0 A S ;;; redirect to kpn dst-address=0.0.0.0/0 gateway=xxxxx gateway-stat...

mhviper

*bump because it's important*

mhviper

Hello,

thanks for your reply and your suggestions. It's a bit sad that this does not work on routeOS as this is working on all other routers I know.
I will try your suggestions.

Regards,
Michael

mhviper

Hello, in this thread http://forum.mikrotik.com/viewtopic.php?f=14&t=70658 a mikrotik employee writes that MED is only taken into account when the neighboring AS in AS_PATH is equal. Is there any other solution to prefer a bgp route if weight local_pref and AS_PATH length is equal? AFAIK is cisc...

mhviper

Hello,

in carriergrade routers it is quite common to export the source / destination ASN when exporting netflows, this feature is really missing in Routeros

.

Regards,
Michael

mhviper

I had it for the second time in 2 months that the ccr stops to advertise IPv6 prefixes with bgp. The only thing that helps is to stop all IPv6 addresses and enable them again, is this a known bug?

running V6.7 with 2 IPv4 and 2 IPv6 peers (full table).

mhviper

bump this. It's an essential feature for everyone how is really working with ccr.

mhviper

We are able to push around line rate (1gbit) through a ccr currently without any problems, don't know why he can't reach such result.

Search found 36 matches

Re: Setting up own BGP Communities

Re: 100% CPU CCR1072 due DDoS - How to improve?

Re: 100% CPU CCR1072 due DDoS - How to improve?

Re: 100% CPU CCR1072 due DDoS - How to improve?

Re: 100% CPU CCR1072 due DDoS - How to improve?

Re: 100% CPU CCR1072 due DDoS - How to improve?

Re: 100% CPU CCR1072 due DDoS - How to improve?

Re: BGP multithreaded

Re: New router OS

Re: BGP Dual-homing using 2 x CCR1016-12G or just one CLOUD CORE CCR1036-12G-4S-EM. What would you do?

Re: [Feature Request] sFlow

Re: CCR1036 Power Supply

Re: CCR1036 Power Supply

Re: VRRP ipv6 vlan/crossover

Re: VRRP ipv6 vlan/crossover

Re: VRRP ipv6 vlan/crossover

Re: VRRP ipv6 vlan/crossover

VRRP ipv6 vlan/crossover

Re: different CCR Versions, fans behave different

Re: different CCR Versions, fans behave different

Re: different CCR Versions, fans behave different

Re: different CCR Versions, fans behave different

different CCR Versions, fans behave different

Re: MikroTik News December 2016 (Issue #74)

Re: MikroTik News December 2016 (Issue #74)

Re: [BGP] Time till new route is used

[BGP] Time till new route is used

Re: routing mark IBGP

routing mark IBGP

Re: Traffic Flow ( netflow) Autonomous system information

Re: BGP MED / Path Selection

BGP MED / Path Selection

Feature Request: export ASN in Netflow

Re: CLOUD CORE ROUTER

Re: Traffic Flow ( netflow) Autonomous system information

Re: CLOUD CORE ROUTER