Community discussions

Search found 258 matches

by AlexS
Mon Aug 19, 2019 2:29 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 27
Views: 7185

Re: Log all console commands [SOLVED]

Hi

Has this been done / implemented
by AlexS
Sun Mar 31, 2019 9:49 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40112

Re: UKNOF 43 CVE

My opinion is clear: IPv6 is a required service, disabling it is akin to shutting off power. But this is where you are getting me wrong: I'm not shutting IPv6 off on our network. We have been providing IPv6 to endusers since 2008. And even longer on the infrastructure. I'm turning it off on everyth...
by AlexS
Thu Oct 18, 2018 3:29 am
Forum: Forwarding Protocols
Topic: Graceful restart
Replies: 2
Views: 709

Re: Graceful restart

Hi

No answer to this ?

A
by AlexS
Tue Oct 02, 2018 8:37 am
Forum: Forwarding Protocols
Topic: Graceful restart
Replies: 2
Views: 709

Graceful restart

Hi Wondering if routeros has graceful restart option for OSPF and BGP. I am looking at connecting Active Passive Pa cluster to some CCR's. they suggest for a faster fail over to tick off Graceful restart for OSPF and BGP. Currently my setup is OSPF and BGP with BFD. I have to remove the BFD. but my ...
by AlexS
Sat Aug 18, 2018 7:02 am
Forum: General
Topic: Traffic shapping Question
Replies: 1
Views: 490

Re: Traffic shapping Question

Just to expand to this been doing some reading up. I want to use marks. so in the mangle table I am looking at doing something like prerouting add chain=qos-prer src-address=a.b.c.d/32 action=mark-connection connection-state=new new-connection-mark=rlc_prod add chain=qos-prer dst-address=a.b.c.d/32 ...
by AlexS
Sat Aug 18, 2018 1:44 am
Forum: General
Topic: Traffic shapping Question
Replies: 1
Views: 490

Traffic shapping Question

Hi If I have add chain=forward comment="Allow Established connections" connection-state=established,related action=fasttrack-connection disabled=no add chain=forward comment="Allow Established connections" connection-state=established,related as my first lines in forward, how does this affect my abi...
by AlexS
Sun Jul 15, 2018 10:34 am
Forum: General
Topic: CCR1072 check powersupply
Replies: 0
Views: 258

CCR1072 check powersupply

Hi

How can I check the health of power supplies on a CCR0172 I tried system health but nothing there.
by AlexS
Sun Apr 01, 2018 8:18 am
Forum: General
Topic: Best practise
Replies: 1
Views: 336

Best practise

Hi I have a few CCR that I use as BGP peering points. Which means I have asym routing. With that in mind tcp session time out. Currently set at 1d, I am thinking i should lower this as I might get packets from the stream showing up across multiple CCR's. I have rules in place to handle tcp non Syn p...
by AlexS
Sun Apr 01, 2018 8:14 am
Forum: General
Topic: New router OS
Replies: 46
Views: 12276

Re: New router OS

RouterOS does not use any TILE code from the Linux kernel. This news has no effect on RouterOS. So now that tile is removed from the linux kernel, where does that leave the CCR. Also V7. I was / have been waiting 4+ years for better single stream tcp performance on these 10G routers. I can still (w...
by AlexS
Fri Mar 30, 2018 6:08 am
Forum: Scripting
Topic: bgp or interface up down script
Replies: 0
Views: 387

bgp or interface up down script

Hi I have 4 routers I use to connect to ISP and my main firewall behind them Current the fw uses a VIP(VRRP) address to use as dgw. I would like to change the vrrp priority based on if I have my internet BGP peer up. so if 1 of the 4 routers has dropped its BGP peer with the ISP , I would like to se...
by AlexS
Thu May 18, 2017 1:42 am
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 1317

Re: BGP Converge time

Is that a function of different code base or because the VM's have higher frequency ?

I am guessing its still single core, but you get a better performing cpu in the VM

I got my convergence time down to ~ 1sec, by cutting my prefixes down to < 3k... around 30K is goes back to about 2-3 minutes.
by AlexS
Thu May 04, 2017 4:23 am
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 1317

Re: BGP Converge time

To add to that, currently we take full BGP feeds on all ISP connections.

It's been suggested that if we take a smaller feed, convergence will be much smaller.
by AlexS
Thu May 04, 2017 4:11 am
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 1317

BGP Converge time

Hi Say I have 4 x ccr1036 router A, B, C, D. Each router has a ISP BGP connection and each routers has a connection to VLAN Internet. eBGP to ISP and iBGP over Internet. On the internet vlan I have a fw it routers via DGW. the DGW is handled by the routers using a VRRP on the Internet vlan. lets say...
by AlexS
Mon Apr 24, 2017 6:18 am
Forum: Scripting
Topic: Suggested events to trigger script
Replies: 1
Views: 595

Suggested events to trigger script

Hi

would like to see some event handles to trigger when an interface goes up or down. Similar to the VRRP on master on backup handles

Alex
by AlexS
Thu Mar 23, 2017 4:20 am
Forum: General
Topic: MicroSd Cards
Replies: 4
Views: 2472

Re: MicroSd Cards

Actually I have a question, once the SD card has been inserted and partitioned do you have any problem using the card such as the CCR not recognizing it after (cold)reboot or anything?, I want to move my user-manager database to the card but I don't want to be surprised by any unexpected access pro...
by AlexS
Wed Mar 22, 2017 12:30 am
Forum: General
Topic: MicroSd Cards
Replies: 4
Views: 2472

MicroSd Cards

Hi

started to use micro SD cards in my CCR (1036+1072).

To my surprise I find I have to reboot the device when i insert the SD card and also when I re partition it.

Have i missed something as this seems very stupid ....
by AlexS
Wed Mar 01, 2017 6:00 am
Forum: General
Topic: V7 ....
Replies: 23
Views: 6113

Re: V7 ....

I didn't check, i was running iperf. server A -> server B direct 9.8Gb/s server A -> ccr (LACP + vlans, in one vlan out another vlan) -> server B, approxy 0.98Gb/s If i ran multiple streams I could push up to 9.6-9.8Gb/s Well, it might be a good idea to check. Don't run TCP, use UDP. Force it to us...
by AlexS
Wed Mar 01, 2017 4:45 am
Forum: General
Topic: V7 ....
Replies: 23
Views: 6113

Re: V7 ....

I have followed this up a few time with tech support. and it has been a while, but 1 TCP stream is cpu bound, just like single core BGP ...( that also is coming in V7 ... multi core bgp). I can put over 1G bu pushing multiple streams ... Hmm, so ok. If for example you start to push over that, what ...
by AlexS
Wed Mar 01, 2017 2:41 am
Forum: General
Topic: V7 ....
Replies: 23
Views: 6113

Re: V7 ....

I bought the orig ccr1036 when it came out, to be disappointing with the performance. the issue single threaded forwarding .. limit single tcp streams to 1G... on a 10G routers thats annoying. Fix ... V7. I was under the impression that if a flow exceeds the ability of one CPU core to process, that...
by AlexS
Wed Mar 01, 2017 2:10 am
Forum: General
Topic: VRF and icmp generated locally not following VRF
Replies: 0
Views: 235

VRF and icmp generated locally not following VRF

Hi I have v6.37.1 I have setup a ccr1036 & ccr1072 with multiple VRFs Management - vlan 8 Internet - vlan 6 Vendor - vlan 7 and my default route table is basically 192.168.1.0/24 via eth1 src 192.168.1.1 dgw via 192.168.1.2 I have added interface internet to vrf Internet using /ip route vrf I have f...
by AlexS
Wed Mar 01, 2017 2:02 am
Forum: General
Topic: V7 ....
Replies: 23
Views: 6113

Re: V7 ....

Doesn't matter to me. I pulled out all my mikrotik stuff except in some "cheap" areas of my networks. Too little development was happening on features that really matter. Too much development on bullshit creature features. It's like they don't care to fix all the big problems that would take a lot ...
by AlexS
Tue Feb 14, 2017 12:43 am
Forum: General
Topic: V7 ....
Replies: 23
Views: 6113

V7 ....

Hi

I have a been a fan of routeros/mikrotik, but I am becoming rather disillusioned, V7 has been coming for ages, 3+ years now. I am running into small issues that are getting fixed until V7.

I'm becoming rather frustrated.

A
by AlexS
Tue Feb 07, 2017 5:51 am
Forum: Forwarding Protocols
Topic: Multi ip address on interface confuses bgp
Replies: 1
Views: 462

Multi ip address on interface confuses bgp

Hi Interface Internet ip address on interface 10.10.10.67/24 20.20.20.67/24 bgp peer remote address 10.10.10.68, update-source=Internet whilst doing a tcp dump on 10.10.10.68, I could see BGP packets coming from 10.10.10.67 and from 20.20.20.67 it seemed to alternate and it stopped the BGP peer conn...
by AlexS
Sat Jan 28, 2017 9:11 am
Forum: General
Topic: NTP client with VRF
Replies: 2
Views: 613

Re: NTP client with VRF

Is that the same with DNS ?
by AlexS
Fri Jan 27, 2017 7:01 am
Forum: General
Topic: NTP client with VRF
Replies: 2
Views: 613

NTP client with VRF

Hi I am trying to setup a CCR1072 with multiple VRF. My plan was to not use the default table but place everything in their own VRF. For example Internet Management Internal But I am trying to setup my NTP client and I can only provide ntp server addresses and no vrf or source address. Is there some...
by AlexS
Tue May 17, 2016 7:51 am
Forum: General
Topic: queue simple question
Replies: 1
Views: 346

Re: queue simple question

tried to make it a bit more simple /queue simple> export /queue simple add comment="guest to local network is max" dst=10.0.0.0/8 name=guestLocal target=10.0.0.0/8 add comment="guest to internet" max-limit=10M/10M name=guestInternet target=10.172.202.0/24 The Internet one is working fine the local l...
by AlexS
Tue May 17, 2016 4:48 am
Forum: General
Topic: queue simple question
Replies: 1
Views: 346

queue simple question

/queue simple remove [ find where ! dynamic ] add comment="ratelimit for yboGuest network and only for marked packets" max-limit=10M/10M name=guestToInternet packet-marks=guestInternet target=10.172.202.0/24 # only here until mangle is used any where else # then shoudl go into fw.rsc /ip firewall ma...
by AlexS
Fri May 06, 2016 7:05 am
Forum: Forwarding Protocols
Topic: Multicast routing
Replies: 1
Views: 900

Multicast routing

Hi Trying to work out an issue with multicast routing. Trying to connect to 2 sources 233.71.185.130 233.71.185.146 /routing pim> export # may/06/2016 13:56:54 by RouterOS 6.33.3 # /routing pim interface add igmp-version=IGMPv3 interface=MCasx add igmp-version=IGMPv3 interface=Management /routing pi...
by AlexS
Wed Mar 30, 2016 6:00 am
Forum: General
Topic: CCR-1036 only get 500mbps through put
Replies: 10
Views: 1906

Re: CCR-1036 only get 500mbps through put

Hmm thats pretty low. Again, is it? Could be well within the indicated performance envelope, but without knowing the specifics, who knows... There is a known limit of 1Gb/s on a single tcp stream. I am certain that somebody from Mikrotik has denied this but I can't find the thread right now. http:/...
by AlexS
Wed Mar 30, 2016 5:58 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

VMWare tools are for Windows and such operating systems. RouterOS will not have it. All the needed network and storage drivers are already there, VMtools will not be there Hello Normis, I understand that Mikrotik does not contain the complete VMware Tools, but should have implemented Linux drivers ...
by AlexS
Sat Jan 30, 2016 12:53 pm
Forum: General
Topic: Suggestion for ROS
Replies: 1
Views: 401

Suggestion for ROS

Hi I use a cisco feature that syslogs all tcp (and udp) session. So once a session finishes it prints out a log entry. time src ip port dst ip port amount of data and reason for ending .. Would be nice if ROS could do the same thing. I was thinking of using ip filter to log syn and fin packets I cou...
by AlexS
Sat Jan 30, 2016 12:48 pm
Forum: General
Topic: CCR-1036 only get 500mbps through put
Replies: 10
Views: 1906

Re: CCR-1036 only get 500mbps through put

Hmm thats pretty low. I have on 7 of these. connected via 10G sfp.. There is a known limit of 1Gb/s on a single tcp stream. Ran into another limit ~4Gb/s of udp traffic. seems like LACP doesn't allow fast path for traffic flow. I like these routers, but I have been find quite a few limitations on th...
by AlexS
Thu Jan 28, 2016 12:41 am
Forum: General
Topic: CCR-1036-8G-2S+EM capacity questions
Replies: 5
Views: 918

Re: CCR-1036-8G-2S+EM capacity questions

Also have huge performance issues with these things. Really disappointed by them and most certainly won't purchase them again. Whilst the brochures, test data, "lab" tests, etc all look real pretty on paper, out there in the field with real live internet traffic, performance is FAR from what they (...
by AlexS
Thu Jan 28, 2016 12:41 am
Forum: General
Topic: CCR-1036-8G-2S+EM Performance issues
Replies: 1
Views: 471

Re: CCR-1036-8G-2S+EM Performance issues

Seems like a LACP thing and fast path not working with LACP..


sigh another thing to wait for in V7
by AlexS
Sun Jan 24, 2016 7:56 am
Forum: General
Topic: CCR-1036-8G-2S+EM Performance issues
Replies: 1
Views: 471

CCR-1036-8G-2S+EM Performance issues

Hi I find my self doing some more network performance testing I have 7 of these CCRs My test setup is 2 x CCR - with lots of VLANS. Most are setup as VRRP DGW. Connected to Dell Stacked 10G switch and Arista 10G switch with MLAG setup. I have a ESXi host connected with vSwitch0 which has 2 x 10G nic...
by AlexS
Sun Jan 24, 2016 7:47 am
Forum: General
Topic: CCR-1036-8G-2S+EM capacity questions
Replies: 5
Views: 918

Re: CCR-1036-8G-2S+EM capacity questions

I got 7 of these little beasts.

* Can't route any single TCP faster than 1G, even through the 10G SFP port
* Can't seem to handle more than 5G of UDP traffic without all the CPU's going 100%

For the price i like my CCR's but I keep finding these limitations.

A
by AlexS
Thu Jan 21, 2016 12:47 am
Forum: General
Topic: Routing on the same interface
Replies: 4
Views: 714

Re: Routing on the same interface

Okay user error.

the ccr had a address of .193 and I had the server user .2 so couldn't route. on the reverse path it I presume eventually sent out a redirect.. not sure why ..

any way solved my problem (of my own making by the looks of things :) )
by AlexS
Wed Jan 20, 2016 9:59 pm
Forum: General
Topic: Routing on the same interface
Replies: 4
Views: 714

Re: Routing on the same interface

Because both networks are in the same the same network segment, redirect telling the sending host to send packets to 10.x directly. Try moving the 10.x ip to a loopback interface (i.e. no longer in the same L2 broadcast domain) Just because they are in the same broadcast domain, doesn't mean they c...
by AlexS
Wed Jan 20, 2016 12:30 pm
Forum: General
Topic: Routing on the same interface
Replies: 4
Views: 714

Routing on the same interface

Hi I have a CCR, but i don't think its a problem with it. But lacp, vlans off there. I have 1 vlan 213 I have attached to ip networks there 10.172.213.193/24 192.168.213.2/24 I have a vm with nic in the vlan with ip 192.168.213.52 and I am trying to ping 10.172.213.51 routing is via 192.168.213.2 bu...
by AlexS
Sat Jan 09, 2016 11:30 pm
Forum: Scripting
Topic: help with scripting
Replies: 2
Views: 1039

help with scripting

Hi Might not actually be the right place but I keep a rsc file for 2 CCR's that have the same firewall rules simple like /ip firewall filter remove [ find ] # ##### # YB IN # ##### add action=jump chain=YBIN comment="Check YB SRC" jump-target=YBSRC add chain=YBIN comment="Allow SSH" dst-port=22 prot...
by AlexS
Sat Jan 09, 2016 11:27 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

Any one been able to get more than 2Gb/s on CHR on VMWare with vmxnet3 drivers for 1 tcp stream ?
by AlexS
Tue Dec 29, 2015 2:11 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

Been doing some simple testing VMWare esxi 5.5 using iperf 2 Centos 6.6 vm. iperf -c <serverip> -i 10 -w 128M -t 300 iperf -s -i 10 -w 128M [ 4] 40.0-50.0 sec 11.6 GBytes 9.99 Gbits/sec [ 4] 50.0-60.0 sec 11.7 GBytes 10.0 Gbits/sec [ 4] 60.0-70.0 sec 11.4 GBytes 9.79 Gbits/sec [ 4] 70.0-80.0 sec 11....
by AlexS
Tue Dec 29, 2015 12:49 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

Hi

How can I set / show the RX/TX ethernet buffer size. for a VMWare VM I would like to set the buffer size for the vmxnet3 nic.

I have had a look at /interface ethernet

is it currently set to max 4096 ?
by AlexS
Wed Dec 23, 2015 2:19 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

I have downloaded the vmdk - vmware disk. I have created a new VM. other - linux 64 add in 1 nic vmxnet3 I go to add the downloaded disk - have to edit the vm as I can't add during creation and i see the disk is an ide not scsi is that right ? Quick fiddle with the vmdk change ide to lsilogic Also I...
by AlexS
Wed Dec 23, 2015 1:55 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

Cool Cool Cool.

Is there any path for upgrading the ROS licences into CHR licenses ?
by AlexS
Tue Dec 22, 2015 9:45 am
Forum: General
Topic: CCR1036 and mirror ports
Replies: 3
Views: 2643

CCR1036 and mirror ports

Hi

Do I have any of this functionality under http://wiki.mikrotik.com/wiki/Manual:Sw ... _Mirroring

I am trying to setup a span port ... mirror all packets and send them to another interface.
by AlexS
Wed Nov 18, 2015 4:40 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

you have to run interface in promiscuous mode if you want to run VRRP on the interfaces.
But that causes its own problems.

Its possible to run with out promisc mode but must use different macs
by AlexS
Thu Nov 12, 2015 10:53 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

Hi

Will CHR fix the issue of VRRP not working in VMWare, unless you turn on promisc mode for that interface ?
by AlexS
Mon Oct 26, 2015 12:19 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

Can you comment on a timeframe for availability? not a release date, more like "planned in Q1 2016"... for planning. I really want to get rid of a certain virtual VPN endpoint ;) Yes this, hanging out on pricing... I have a project on hold to replace my current ROS VM's with either handmade or othe...
by AlexS
Sun Sep 06, 2015 1:33 pm
Forum: General
Topic: SNMP
Replies: 2
Views: 598

Re: SNMP

The MIB is posted on the wiki. http://wiki.mikrotik.com/wiki/Manual:SNMP#Management_information_base_.28MIB.29 From the MIB file: iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrHealth.mtxrHlTemperature.0 (OID 1.3.6.1.4.1.14988.1.1.3.8.0) - 350.0.000000 ...
by AlexS
Sun Sep 06, 2015 12:39 pm
Forum: General
Topic: SNMP
Replies: 2
Views: 598

SNMP

Hi

Does any one know the MIBS for the /system health attributes, particularly the temp and cpu temp

a
by AlexS
Sun Sep 06, 2015 11:33 am
Forum: General
Topic: Air flow direction on CCR's
Replies: 1
Views: 456

Air flow direction on CCR's

Hi

Is there an option to do back to front ?

either at purchase time or in the config

Alex
by AlexS
Tue Aug 25, 2015 1:38 am
Forum: General
Topic: vmxnet3 and 6.31
Replies: 2
Views: 787

Re: vmxnet3 and 6.31

:( any idea of yhe pricing for chr and the time line.
by AlexS
Mon Aug 24, 2015 9:33 am
Forum: General
Topic: 10Gb VMXNET3 driver support request
Replies: 14
Views: 5272

Re: 10Gb VMXNET3 driver support request

I saw this a bit late. I have tried to install vmxnet3 nic and well it doesn't show up in the interface interface. I need to move to vmxnet3 as the input buffer for the e1000 is to small, I have a very bursty multicast service that drops packets on the E1000. Had to move to a hand built linux box wi...
by AlexS
Mon Aug 24, 2015 9:24 am
Forum: General
Topic: vmxnet3 and 6.31
Replies: 2
Views: 787

vmxnet3 and 6.31

Hi I see in the change log there is support for VMWare vmxnet3 nic. Has any one got this to work. I shutdown and added a vxmnet3 to one of my ROS vm's but its not showing up in the /interfaces interface. Also I saw there was a x64 build, any one tried that and how would you upgrade a vm that was x86...
by AlexS
Mon Aug 24, 2015 8:47 am
Forum: Announcements
Topic: 6.31 released
Replies: 227
Views: 47657

Re: 6.31 released

What's new in 6.31 (2015-Aug-14 15:42): *) chr - added support for VMware SCSI virtual disks *) chr - added support for VMware vmxnet3 network card Thank you, does that include the open vmware tools as well ???? Just did an upgrade from 29.1 and found my ssh host keys had changed on the box bug or ...
by AlexS
Tue Jun 30, 2015 12:31 am
Forum: General
Topic: Lost packets
Replies: 4
Views: 661

Re: Lost packets

You can create a new queue by duplicating the "ethernet-default" and naming it as you wish. Increase the size from 50 to 100 for example and assign the created queue to the interface and see if this will help or not. Yep I get that, but is it a software queue and does it help with the hardware queu...
by AlexS
Mon Jun 29, 2015 3:05 pm
Forum: General
Topic: Queue types for CCR1036
Replies: 0
Views: 539

Queue types for CCR1036

Hi I was looking at the queue types I have setup for my CC1036 http://wiki.mikrotik.com/wiki/Manual:Queue#Queue_Types /queue> interface print # INTERFACE QUEUE DEFAULT-QUEUE 0 sfp-plus1 only-hardware-queue only-hardware-queue 1 sfp-plus2 only-hardware-queue only-hardware-queue 2 ether1 only-hardware...
by AlexS
Mon Jun 29, 2015 2:57 pm
Forum: General
Topic: Lost packets
Replies: 4
Views: 661

Re: Lost packets

Probably those packets are dropped by any queue you might have in. If you don't have any queue then they are dropped by the default queue of the interface. Increasing the size of the queue might help, though it will increase the latency. so i go to /queue I notice they are ethernet-default queue wh...
by AlexS
Mon Jun 29, 2015 12:41 pm
Forum: General
Topic: Lost packets
Replies: 4
Views: 661

Lost packets

Hi I have ROS in a VM on esxi. I have a multicast feed from a vendor. the MC feed is very bursty. 99% of the time quiet. 1 heartbeat msg per sec. I can only get 1G interface on the VM, as ROS doesn't have the vmnex drivers :( The msg have seq numbers so I know when I have missed some. I am finding t...
by AlexS
Tue Jun 23, 2015 3:00 am
Forum: General
Topic: Watchdog timer not working
Replies: 0
Views: 607

Watchdog timer not working

Hi I had one of my ccr’s dye last night, just locked up /system watchdog> print watch-address: none watchdog-timer: yes no-ping-delay: 5m automatic-supout: yes auto-send-supout: no why didn’t this kick in ? I’m not watching an address but I do have the timer on ? should have I expected this to have ...
by AlexS
Tue May 26, 2015 4:24 am
Forum: General
Topic: PIM Multicast issue
Replies: 0
Views: 296

PIM Multicast issue

Hi I am having issue between ROS and cisco (asa5520) basically for some reason PIM join is not forming a SG join Notice I get a for SG join for this MC group (*,233.71.185.130) SM Up: 00:05:30 RP: 203.0.119.247 JP: Join(00:00:21) RPF: premium,10.43.200.6 Flags: LH ybman19 00:05:30 fwd Join(00:03:26)...
by AlexS
Wed May 06, 2015 7:47 am
Forum: General
Topic: Leap Second insertion
Replies: 7
Views: 1552

Leap Second insertion

Hi

Is there any issue with ROS and the upcoming leap second insertion ?

Alex
by AlexS
Wed May 06, 2015 7:45 am
Forum: RouterBOARD hardware
Topic: all CCR crashed
Replies: 40
Views: 8077

Re: all CCR crashed

Any news on this ?
by AlexS
Thu Apr 30, 2015 11:19 pm
Forum: Beginner Basics
Topic: SSH attack
Replies: 7
Views: 4561

Re: SSH attack

personally I would use the firewall to limit access to the ssh port from known good locations. All you need it 4-5 rsync's and scps and ssh's to put yourself on the blacked list. If you limit to known good internal ip address, and your on the internet, use a VPN to get inside and then connect outsid...
by AlexS
Tue Apr 14, 2015 9:55 am
Forum: General
Topic: [Solved] OpenVPN Speed.
Replies: 6
Views: 1477

Re: OpenVPN Speed.

add me to the list
by AlexS
Tue Apr 14, 2015 9:51 am
Forum: RouterBOARD hardware
Topic: Wishlist Item: SFP Switches
Replies: 6
Views: 1078

Re: Wishlist Item: SFP Switches

+1 on this
by AlexS
Tue Mar 10, 2015 6:40 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

So I have made the changes to all the test rtrs so they point to the providers RP for the MC group I am after. Now I have registered and I can see MC udp packets come to me on my vendors interface, but they are not being sent to the cisco firewall /ip route> /ip route print where 233.71.185.130 in d...
by AlexS
Tue Mar 10, 2015 6:21 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

So progressed a bit further. I now have a join coming from source through 2 ros servers to a cisco ASA and now onto the first hop router. This is where the issue is 15:15:20 pim,debug RX PIM_JOIN_PRUNE from 10.43.200.1 to 224.0.0.13: (*,G) Join/Prune entry for group 233.71.185.130 RP address does no...
by AlexS
Mon Mar 09, 2015 2:30 am
Forum: RouterBOARD hardware
Topic: CCR-1072 release date?
Replies: 71
Views: 13895

Re: CCR-1072 release date?

Any news on the multi threaded tcp forwarding.

Is it still going to be single cpu and bound to 1Gb
by AlexS
Sat Mar 07, 2015 10:42 pm
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

The priority 100 part on the outside interface might be the problem. next-hop router should probably be highest priority on that segment. Also - forcing join on outside interface is not a real solution. (pretty sure you know that, though) Is there an output rule on the inside interface that could b...
by AlexS
Sat Mar 07, 2015 6:59 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Okay getting into cisco territory. ! this is the outside interface GigabitEthernet0/2.11 pim dr-priority 100 igmp join-group 233.71.185.130 !! Added this to force the IGMP interface GigabitEthernet0/3.19 pim dr-priority 100 IP PIM Multicast Topology Table Entry state: (*/S,G)[RPT/SPT] Protocol Uptim...
by AlexS
Sat Mar 07, 2015 6:34 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Go the access list
added the rp-address already

But on the first hop router I dont see the join .. going to try and add a static igmp command
by AlexS
Sat Mar 07, 2015 6:04 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Okay next step of testing. I have 233.71.185.130 available via the first hop router I have a client on ybostaffsup registering 233.71.185.130 on the interface with the DR router [admin@ybortr2] /routing pim> igmp-group print detail where group =233.71.185.130 Flags: v1 - IGMPv1, v2 - IGMPv2, v3 - IG...
by AlexS
Sat Mar 07, 2015 4:32 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Oh, vrrp on non-wan link and no-vrrp on wan link.
by AlexS
Sat Mar 07, 2015 2:11 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

the path from the inside via the asa to first hop is not natted. so no issue there I believe !
by AlexS
Sat Mar 07, 2015 1:50 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

cool, you have been a help so far.

I will do some testing and packet dumping :)
by AlexS
Sat Mar 07, 2015 12:16 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

But I don't want first hop to be the global DR. I don't mind it being the DR for all the MC groups it deals with because if I bring on any more MC sources, they might not be attached to first hop. Now how to do that, do I set frist hop dr as a static or do I setup rp-candidates ? (and what about BSR...
by AlexS
Fri Mar 06, 2015 11:25 pm
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

I have drawn a diagram of my larger problem http://imgbin.org/images/thumbs/ext22705.png My external MC source is connected to my frist hop ros box (VM) and when I attache a test client on the back vlan "test MC" it recieves info. on the cisco i have pim, igmp on for outside and inside and I setup a...
by AlexS
Fri Mar 06, 2015 11:02 pm
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Glad you got it working. ybortr2 should definitely not be DR. It's a dead-end street. DR is for multicasting like "default gateway" is for unicast routing. You wouldn't make ybotr2 be the default gw, right? I'm not sure why you would have wanted it to be DR, but that's what experimentation is for, ...
by AlexS
Fri Mar 06, 2015 1:30 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Just for any one else that gets to this.

I have solved my problem

I remove the static RP entries and added in a rp-candidate on the ybostaff interface on ybortr1. then ybortr2 picked it up
by AlexS
Fri Mar 06, 2015 1:09 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Tried an ascii diagram. Expand my testing. So source is on vlan ybotv Client is on vlan ybostaff ybortr1 has leg in ybotv and ybostaff ybortr2 has leg in ybostaff only       +--------+                               |SRC     |                               +---+----+                                  ...
by AlexS
Thu Mar 05, 2015 1:19 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Can you post the cisco relevant configs as well. I would be interested. You right about the filtering. its in the forward table. So how can I stop certain interfaces from getting it if I want to ? There is some mention of a multicast chain, but no real examples. and why did you pick on the routeros ...
by AlexS
Thu Mar 05, 2015 12:27 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Seems like time is my friend. I actually have 2 routers on the ybostaffsupp vlan and the other one was the DR and it didn't have a RP pointing to ybortr1. once I set dr-priority on ybortr1 it started to work. I was planning on setting 1 RP with all the info, because I have an ASA 5520 and it doesn't...
by AlexS
Wed Mar 04, 2015 6:35 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Hi Decided to start from scratch I have 1 router ybortr1 vlan ybotv vlan ybostaffsup I have a multicast sender on ybotv . 10.172.201.100 I have a mulitcast recieved on ybostaffsup 10.172.208.101 Not sure why its coming up as excluded here ? [admin@ybortr1] /routing pim> igmp-group print detail where...
by AlexS
Mon Mar 02, 2015 2:15 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

So I think I have that (the last bit). But what I am seeing is my client -> mtr works okay I can check join request but I don't see the request being sent to the next mtr. I have tried setting RP for all the mtr to point to the ASA but I don't see anything their either. I do have both igmp and pim s...
by AlexS
Thu Feb 26, 2015 1:24 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Re: Multicast routing issue

Yes I think your right about 224/8 - its meant to be 224/4 ! So it was seeing it as the DR router, but the ASA wasn't picking up the join request. Going to remove the asa and put some more CCR's see if I can get it to work. as for the MC routing. I actually had a linux box on the dmz vlan . so that ...
by AlexS
Wed Feb 25, 2015 7:42 am
Forum: Forwarding Protocols
Topic: Multicast routing issue
Replies: 34
Views: 5788

Multicast routing issue

Hi I am trying to setup multi cast routing on my network. What i have is bdr01 - ros 6.26 eth0 - dmz eth1 - wan port to provider I have RP setup with info from my providor I have a ASA5520 eth0 - dmz eth1 - intMAN.. on the intMAN vlan I have 4 ccr1036 say intRtr1 I have eth0 intMAN eth1 test I have ...
by AlexS
Sun Feb 22, 2015 8:37 am
Forum: General
Topic: BGP Multicore Load Balancing
Replies: 6
Views: 3397

Re: BGP Multicore Load Balancing

Woohoo
by AlexS
Wed Feb 18, 2015 9:57 pm
Forum: Forwarding Protocols
Topic: BFD + OSPF + CCR1036 Issue
Replies: 24
Views: 5635

Re: BFD + OSPF + CCR1036 Issue

Hi

Spoke to soon, patched the rest of my ccr's and tried to bring together 4 devices, falls over around 60-70 seconds
by AlexS
Wed Feb 18, 2015 8:01 am
Forum: Beginner Basics
Topic: Easy Cmd line question
Replies: 3
Views: 720

Easy Cmd line question

Hi

can't seem to find it in the doco. but say do

/ip firewall filter
print

how can I print just line 5 with stats so

print stats where <item 5>
and to expand on that how can I print just 1 attribute for the above example say just bytes attribute ?
by AlexS
Wed Feb 18, 2015 7:54 am
Forum: General
Topic: Route Selection
Replies: 4
Views: 815

Re: Route Selection

Thanks
by AlexS
Fri Feb 06, 2015 10:43 pm
Forum: Forwarding Protocols
Topic: BFD + OSPF + CCR1036 Issue
Replies: 24
Views: 5635

Re: BFD + OSPF + CCR1036 Issue

So I have upgraded to 6.26 and firmware upgrade to 3.22

and now it seems to be stable !!!
I have a OSPF BFD link up for 5min... way longer than what I was able to get before
by AlexS
Fri Feb 06, 2015 9:14 pm
Forum: Forwarding Protocols
Topic: BFD + OSPF + CCR1036 Issue
Replies: 24
Views: 5635

Re: BFD + OSPF + CCR1036 Issue

My initial test was a 20Gb/s LACP Hash 2-3 with vlans.
Then i moved to 1Gb/s copper cross over cable

Good news I suppose that other poeple have the issue.

I'm on 6.22. was going to try an upgrade this weekend ... so I can send in a support rif
by AlexS
Fri Feb 06, 2015 3:46 am
Forum: Forwarding Protocols
Topic: BFD + OSPF + CCR1036 Issue
Replies: 24
Views: 5635

BFD + OSPF + CCR1036 Issue

Hi I have a few CCR1036-8G-2S+, (6.22) I tried turning on BFD with OSPF. My first hurdle was BFD doesn't work by itself ! I then associated it with a OSPF interface, which had 4 nodes on it. Turned it on all 4 nodes.. worked for a while then up / down flapping ... I ran some tests sending flood ping...
by AlexS
Thu Feb 05, 2015 10:21 pm
Forum: General
Topic: Problematic BFD on 6.0
Replies: 7
Views: 2798

Re: Problematic BFD on 6.0

was there any solution to this.

I am trying to enable BFD + OSPF and its failing.

I am using a lacp underneath if thats an issues.
by AlexS
Wed Feb 04, 2015 6:59 am
Forum: General
Topic: Route Selection
Replies: 4
Views: 815

Re: Route Selection

ECMP is what I have, the routes come from OSPF

Thanks for the info. I was tracking down an asymmetrical routing issue
by AlexS
Tue Feb 03, 2015 6:01 am
Forum: General
Topic: Route Selection
Replies: 4
Views: 815

Route Selection

Hi I have a ROS that connected to 4 routers that advertise dgw via OSPF, my route table looks something like[admin@ybortr1] > /ip route pr # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADo 0.0.0.0/0 10.31.17.3 110 10.31.18.3 10.31.18.2 10.31.17.2 Which gateway is ROS going to use ?? is it round robin or...
by AlexS
Mon Feb 02, 2015 12:20 pm
Forum: General
Topic: Turn off keep alive on gre tunnel
Replies: 1
Views: 424

Re: Turn off keep alive on gre tunnel

Typical ...

after posting this I realised unset <> keepalive !!!

added in case any one else searches for it
by AlexS
Mon Feb 02, 2015 12:19 pm
Forum: General
Topic: Turn off keep alive on gre tunnel
Replies: 1
Views: 424

Turn off keep alive on gre tunnel

Hi I am trying to setup a gre tunnel, problem is it doesn't seem to be working. I think what the problem is, is I have keep alive turned on, I can see icmp to the tunnel remote address, but they don't have icmp turn on .. So even though I can see GRE packets coming from them, I don't see the interfa...
by AlexS
Fri Jan 30, 2015 1:01 am
Forum: General
Topic: BGP Multicore Load Balancing
Replies: 6
Views: 3397

Re: BGP Multicore Load Balancing

To add to this, when is more of the CCR1036 stuff moving to multicore. My TCP streams are still limited to 1G

A
by AlexS
Tue Jan 06, 2015 6:35 am
Forum: General
Topic: Help with multicast routing
Replies: 0
Views: 329

Help with multicast routing

/routing pim interface add dr-priority=200 interface=Pr add alternative-subnets=203.6.253.208/28 dr-priority=200 igmp-version=IGMPv3 interface=Pr-mc /routing pim rp add address=203.0.119.247 comment="233.71.185.128/28 and 233.71.185.144/28" group=233.71.185.0/24 I have a test linux box setup on the ...
by AlexS
Thu Dec 04, 2014 5:21 am
Forum: General
Topic: CCR experience?
Replies: 34
Views: 9754

Re: CCR experience?

Have to admin i have been getting strange ICMP's on my ccr1036. my monitoring machine zabbix pings through these to different devices.

I can see 10ms latency .... using fping send 2 avg result (thats not good).

I am pretty sure it was a bit more stable at 6.19 running 6.22
by AlexS
Thu Dec 04, 2014 5:19 am
Forum: General
Topic: VRRP
Replies: 11
Views: 1910

Re: VRRP

can they ping each other
have you blocked the multicast address that they communicate on ..

maybe do
/inter vrrp export
on both and print here
by AlexS
Tue Dec 02, 2014 6:22 am
Forum: RouterBOARD hardware
Topic: CCR-1072 release date?
Replies: 71
Views: 13895

Re: CCR-1072 release date?

Only if it can do > 1Gbps tcp stream
by AlexS
Fri Nov 28, 2014 5:03 am
Forum: General
Topic: NAT TO MULTIPLES LANS WITH SAME SUBNET
Replies: 1
Views: 488

Re: NAT TO MULTIPLES LANS WITH SAME SUBNET

Um, I would deal with the clash in ip address ranges first.

But what you need to do is look at marking packet from interfaces and routing rules per interface (VRF in routeros talk i think).

nat and route based upon mark and interface based upon

Its a very big pain ..
by AlexS
Wed Oct 08, 2014 2:26 am
Forum: Forwarding Protocols
Topic: multihoming and source address of outgoing icmp messages...
Replies: 20
Views: 7015

Re: multihoming and source address of outgoing icmp messages

Old thread, same problem, no solution ? I was going to try changing the default route src address in the routing table, I presume being a linux kernal that might do it ! Seems to work my pings from that machne weren't working now they are. I will presume the icmp unreachable etc will be formed the s...
by AlexS
Wed Oct 08, 2014 2:03 am
Forum: General
Topic: Firewall question
Replies: 1
Views: 476

Re: Firewall question

Think i answered my own question

invalid checks the connection table...
by AlexS
Tue Oct 07, 2014 6:59 am
Forum: General
Topic: Firewall question
Replies: 1
Views: 476

Firewall question

HI I have 2 ROS VM's connecting work to the internet. I have some asym traffic flows, the internet being the internet. I want to filter out invalid packets, but I don't want to stop TCP packets that are not part of a know connection.. so the tcp session might start coming in on 1 interface of ROS A ...
by AlexS
Wed Sep 17, 2014 8:09 am
Forum: Forwarding Protocols
Topic: BGP Route Reflectors, how to properly configure??
Replies: 19
Views: 10655

Re: BGP Route Reflectors, how to properly configure??

Silly question why not use ospf for internal routing ?
by AlexS
Wed Sep 17, 2014 8:04 am
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 55
Views: 18919

Re: MIkrotik BGP Monitoring

Bringing up an old thread.

Does any one know if this has been implemented ?
by AlexS
Mon Sep 15, 2014 4:11 am
Forum: General
Topic: v6.19 released
Replies: 256
Views: 93511

Re: v6.19 released

If this will be the case for all firmwares going forward, I will take my switch off my network and set it on fire... I am a linux user and having to install wine to run another buggy ass application... Hell no!... You can keep the spoon. :evil: :evil: :evil: I'm presuming you can still ssh to the b...
by AlexS
Tue Sep 09, 2014 2:33 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 93511

Re: v6.19 released

Netflow is patchy reboot -> works reboot -> doesn't work But I have a supposition it has some thing to do with my a sync routing, its not starting records unless it seems a syn packet ... i think ! What netflow version do you use? V9 is supposed to report flow stats on a per-connection basis. So do...
by AlexS
Mon Sep 01, 2014 6:18 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208035

Re: Feature requests

That isn't graceful restart. Graceful restart means "hold your routes until I come back, wait up to x seconds for me to finish my operation then update routes after we reestablish adjacency". The change you requested is best handled with bfd. I would have to disagree. By using BFD (i looked at it, ...
by AlexS
Mon Sep 01, 2014 12:21 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208035

Re: Feature requests

Sorry miss understanding

I mean shutdown of the router not ospf/bgp processes
by AlexS
Sat Aug 30, 2014 4:49 pm
Forum: General
Topic: Memory leak
Replies: 6
Views: 1382

Re: Memory leak

I was seeing the same on 6.15
6.18 seemed to be a bit better.

on x64 in vm's 1G memory and 2 full bgp tables. over a week it would use up 800mb

lot better now on 6.18, slow increase
by AlexS
Sat Aug 30, 2014 4:48 pm
Forum: General
Topic: traffic flow not being send
Replies: 2
Views: 615

Re: traffic flow not being send

first of, set up 6.19

also, what version of netflow you are using?
was it fixed in 6.19 (i do have it installed) but I am dubious it was fixed in 6.19 ...

V9 to a linux nefsen box.
by AlexS
Sat Aug 30, 2014 9:57 am
Forum: General
Topic: v6.19 released
Replies: 256
Views: 93511

Re: v6.19 released

Netflow is patchy reboot -> works reboot -> doesn't work its a bit hit and miss weather it works, stoping and starting it doesnt seem to help either .. rather weird But I have a supposition it has some thing to do with my a sync routing, its not starting records unless it seems a syn packet ... i th...
by AlexS
Sat Aug 30, 2014 9:54 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208035

Re: Feature requests

I would like a graceful BGP and OSPF shutdown

when I reboot my router it doesn't bring down the OSPF and BGP connections and I have to wait for its peers to realize its dead

That can take a while.

and you can't just stop the BGP / OSPF instances as they will not restart on reboot !
by AlexS
Thu Aug 28, 2014 3:06 am
Forum: General
Topic: traffic flow not being send
Replies: 2
Views: 615

traffic flow not being send

I have a 6.18 CCR, thats not sending any netwflow info

I have tried disabling and re enabling

But zero records are being sent. I can monitor and see records are being recorded on board. but nothing sent :(
by AlexS
Tue Aug 26, 2014 3:57 am
Forum: General
Topic: user permissions
Replies: 0
Views: 385

user permissions

Hi

I want to allow a small set of users to login (via ssh) and disable / enable BGP peers and nothing else.

Can I limit users to just that, or do I have to write scripts and limit users to just running those scripts ?

Alex
by AlexS
Mon Aug 18, 2014 10:27 am
Forum: Virtualization
Topic: 10G support on VMware?
Replies: 9
Views: 3945

Re: 10G support on VMware?

There have been other threads on this, but just uncase this one turns out differently

+1 for vmnext3 support.
and vmtools support as well

I have paid for all of my vm's :)
by AlexS
Thu Aug 07, 2014 2:59 am
Forum: General
Topic: SNMP, Source IP, OSPF / Multihomed
Replies: 3
Views: 1532

Re: SNMP, Source IP, OSPF / Multihomed

There is one key fact they don't tell you. I had asymetrical routing to my routers and snmp failed ! the outbound packet goes out the interface it came in on. it doesn't follow the routing table, if was to solve some other problem I am not sure what but.. I suggest (to support) that they need to com...
by AlexS
Thu Aug 07, 2014 2:56 am
Forum: General
Topic: v6.18
Replies: 109
Views: 29761

Re: v6.18

Would be nice if it stored the dns name and resolved each time ntp client was restarted .. "/system ntp client set server-dns-names=" works exactly as you want. to switch to DNS resolution you need to do that: /system ntp client set primary-ntp=0.0.0.0 set secondary-ntp=0.0.0.0 set server-dns-names...
by AlexS
Wed Aug 06, 2014 7:23 am
Forum: General
Topic: v6.18
Replies: 109
Views: 29761

Re: v6.18

<snip> So it is the equivalent of doing: /system ntp client set enabled=yes primary-ntp=[:resolve pool.ntp.org]; It recognizes that it was given a FQDN instead of an ip and resolves it on the spot, then stores the ip. Would be nice if it stored the dns name and resolved each time ntp client was res...
by AlexS
Wed Aug 06, 2014 7:16 am
Forum: General
Topic: Memory Usage
Replies: 0
Views: 489

Memory Usage

Hi I have 6.12 x64 (VM) 1G of memory 4 CPU 3 BGP Peers - full tables with filtering (5K, 12K, 14K prefixes) My free ram has been slowly increasing (same on both of my BGP peers), my other VM's are fairly stable. Zabbix has flagged a warning as there is only 20% of free memory left Is this normal, wa...
by AlexS
Wed Jul 30, 2014 4:43 am
Forum: General
Topic: CCR1036-8G-2S+ routing performance
Replies: 2
Views: 869

Re: CCR1036-8G-2S+ routing performance

Yep thats my problem.

I rather annoyed that wasn't put in the advertisement. 28Gb/s routing it what has advertised.

I like them, and they are great for what they do, but this limitation is not good,
by AlexS
Tue Jul 29, 2014 8:52 am
Forum: General
Topic: CCR1036-8G-2S+ routing performance
Replies: 2
Views: 869

CCR1036-8G-2S+ routing performance

Hi I was wondering if any one else is running into the 1Gb/s limit on a single tcp stream. Last time I investigated it was because of the cpu / tcp stream limit ... I believe. Any one know if this is going to be lifted in future software releases or is this going to be a hardware limit. NOTE - i hav...
by AlexS
Thu Jul 24, 2014 10:19 am
Forum: Forwarding Protocols
Topic: BGP Router for Hosting Company
Replies: 12
Views: 5046

Re: BGP Router for Hosting Company

Hi I have 6 x CCR1036-8G-2S+ I run them at 3 site, in vrrp mode.. But no BGP, only OSPF.. like them except I had reproblems pushing a single tcp stream past 1G, some limit in the cpu / nic setup. I could easily push 9.8Gb's on UDP. I have 4 x routeros x86, running as VM's, 2 with BGP taking full fee...
by AlexS
Sun Jul 20, 2014 1:13 pm
Forum: General
Topic: Hairpin NAT - Problem configuring
Replies: 2
Views: 1314

Re: Hairpin NAT - Problem configuring

If its on the same vlan, you need to do a src nat as well, other wise the dst server replies directly to the original server and thus the packet doesn't get un natted !
by AlexS
Sun Jul 20, 2014 2:18 am
Forum: General
Topic: v6.16/v6.17
Replies: 187
Views: 46630

Re: v6.16/v6.17

I upgraded one of my core routers (x86 type) to 6.17 yesterday and this morning I had no routes to anything plugged into that router. Evidently OSPF was not redistributing static & connected. Once I rebooted it was working. However I did revert back to 6.15 as that I have had no issues with that ve...
by AlexS
Tue Jul 15, 2014 12:03 am
Forum: General
Topic: Reverse Proxy 1 Public ip and 3 internal webservers.
Replies: 4
Views: 2044

Re: Reverse Proxy 1 Public ip and 3 internal webservers.

I don't think the routers have load balancing.

I do this by installing pacemaker on the 3 linux boxes...
by AlexS
Sun Jun 29, 2014 1:56 pm
Forum: General
Topic: LACP Question...
Replies: 15
Views: 10599

Re: LACP Question...

I had issue with my ccr and lacp, upgraded to the latest version of firmware and all was okay!
by AlexS
Sun Jun 29, 2014 1:13 pm
Forum: Beginner Basics
Topic: RouterOS as core network router blocking AD authentication?
Replies: 7
Views: 1622

Re: RouterOS as core network router blocking AD authenticati

Hi

Have you just added a new network to your windows domain, have you set it up as part of a site.

You might be running foul of windows thinking the new ip network is actually public network and not allowing full SMB access.
by AlexS
Fri Jun 27, 2014 3:22 pm
Forum: General
Topic: iBGP through IGP
Replies: 19
Views: 4206

Re: iBGP through IGP

Why complicate things with tunnels? Using BGP and routing filters to propagate the intended routes to intended peers works just fine. That is really a matter of opinion I must state firstly I am not sure of the relationship of the 2 companies, maybe they way each others traffic to propogate into ea...
by AlexS
Fri Jun 27, 2014 8:31 am
Forum: General
Topic: iBGP through IGP
Replies: 19
Views: 4206

Re: iBGP through IGP

Q why not create a tunnel from customer to your dnz area so that they are next to your ebgp routers....


Why polute your ibgp with their bgp prefixs.

Note not sure what your business is and you might want their traffic in your core. .
by AlexS
Fri Jun 20, 2014 8:22 am
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 21
Views: 9460

Re: WE NEED EIGRP

Plus I believe Cisco didn't open source all of EIGRP. Some of the nice features of EIGRP are not in....
by AlexS
Mon Jun 09, 2014 4:55 pm
Forum: General
Topic: How block OS Windows
Replies: 39
Views: 7736

Re: How block OS Windows

Wow.. Can I suggest if its work and you want to block internet access, why not use a GPO in windows. I presume all windows boxes are part of a domain. Manage them from there. All other methods are subjective, there will be ways around them. if you can't for domain member ship... well thats another p...
by AlexS
Mon Jun 09, 2014 10:03 am
Forum: Scripting
Topic: Internet Connectivity Monitor Script requierd [SOLVED]
Replies: 28
Views: 7416

Re: Internet Connectivity Monitor Script requierd

Have to agree with boen_robot
by AlexS
Mon Jun 09, 2014 9:55 am
Forum: Beginner Basics
Topic: Script and Syslog on Tx/Rx.
Replies: 8
Views: 1361

Re: Script and Syslog on Tx/Rx.

start a screen session on a linux box and then ssh to your routeros, setup a
/tool sniffer quick interface=<interface> and then save it to disk

leave it running


But the firewall rules should have given you enough info. src ip dst ip, mac address ports
by AlexS
Sun Jun 08, 2014 6:15 am
Forum: General
Topic: Partitioning a CCR
Replies: 19
Views: 3361

Re: Partitioning a CCR

tried this on my test box's

very very simple

upgrade firmware to 3.13 rebooted
repartitioned to 4
reboot .. came up with current working config (nice work)
copied the current active partition to the other 4

very very simple, all done over the wire
by AlexS
Sat Jun 07, 2014 2:33 pm
Forum: Forwarding Protocols
Topic: ccr-1036, NAT translations bug ?
Replies: 7
Views: 1794

Re: ccr-1036, NAT translations bug ?

Not sure about this add address=10.10.12.0-10.10.14.255 list=dev you can can do this add address=10.10.12.0/24 list=dev add address=10.10.13.0/24 list=dev add address=10.10.14.0/24 list=dev But thats not the problem in your example Something similar is working for me What i would do connect twice to...
by AlexS
Wed Jun 04, 2014 2:32 am
Forum: General
Topic: Partitioning a CCR
Replies: 19
Views: 3361

Re: Partitioning a CCR

I use it myself - I have 3 partitions: 1) LIVE - Stable ROS 2) BACKUP - Stable ROS - I backup config from LIVE before making major changes, if those changes fail miserably I boot into this partition as pure kind of restore point. Safe Mode does a similar thing but I like to have this handy as well ...
by AlexS
Tue Jun 03, 2014 11:57 pm
Forum: General
Topic: Partitioning a CCR
Replies: 19
Views: 3361

Re: Partitioning a CCR

great

I will still try it in the lab first though :)

Thanks
by AlexS
Tue Jun 03, 2014 8:33 am
Forum: General
Topic: Partitioning a CCR
Replies: 19
Views: 3361

Re: Partitioning a CCR

It will boot into the first available partition, which is set to active by default. If you want to boot into another partition, Like rextended mentioned, you have to set it to active and reboot. Hi Sorry i am not being clear. It says when you repartition you loose all data. I am wondering whats lef...
by AlexS
Tue Jun 03, 2014 7:10 am
Forum: General
Topic: Partitioning a CCR
Replies: 19
Views: 3361

Re: Partitioning a CCR

when reboot you have one "just installed" partition and one empty called part0 and part1


yeah but what does it boot into ... some default routeros ??
by AlexS
Mon Jun 02, 2014 6:33 am
Forum: General
Topic: Most effective defense against DNS flood,advice,experiences
Replies: 14
Views: 2831

Re: Most effective defense against DNS flood,advice,experien

The hint is good, because the most used rule must be first, really I never see one TCP DNS request form 2007 to now... ahahaha!!!!! :shock: http://i57.tinypic.com/25zgzs1.jpg Yes... really DNS by TCP is used only when UDP fail... Um, for any answer that is larger than 1 udp packet, typically used f...
by AlexS
Mon Jun 02, 2014 6:26 am
Forum: Forwarding Protocols
Topic: ccr-1036, NAT translations bug ?
Replies: 7
Views: 1794

Re: ccr-1036, NAT translations bug ?

can i suggest
export not to use print but export

also export out the address lists as well
by AlexS
Mon Jun 02, 2014 6:22 am
Forum: General
Topic: Partitioning a CCR
Replies: 19
Views: 3361

Re: Partitioning a CCR

so what does it boot into ?? will i need a console
by AlexS
Mon Jun 02, 2014 3:15 am
Forum: General
Topic: Partitioning a CCR
Replies: 19
Views: 3361

Partitioning a CCR

Hi

found this
http://wiki.mikrotik.com/wiki/Manual:Partitions

Sounds like a best practices.

Now what happens to my installed CCR when i repartition will I wipe my working config or will it preserve it ?

THanks
by AlexS
Wed May 28, 2014 11:28 am
Forum: General
Topic: Netflow with 6.13 on CCR is broken
Replies: 4
Views: 1151

Re: Netflow with 6.13 on CCR is broken

My 2c I have 6 CCR1036-8G-2S+ I was running them all on 6.12 and had netflow to nefsen on a linux box. when i went to 6.13 I saw a massive reduction on what was being captured. Im using version9 seems like it captures the big streams not the small ones, when I monitor it looks like it is capturing t...
by AlexS
Wed May 28, 2014 11:24 am
Forum: General
Topic: LAN Link Aggregation + Load Balancing
Replies: 5
Views: 14386

Re: LAN Link Aggregation + Load Balancing

check out http://wiki.mikrotik.com/wiki/Manual:Interface/Bonding#Bonding_modes transmit-hash-policy (layer-2 | layer-2-and-3 | layer-3-and-4; Default: layer-2) layer-3-and-4 - is probably what you are looking for but not all switches handle it. and not all OS handle it so are you thinking server A -...
by AlexS
Wed May 28, 2014 11:16 am
Forum: General
Topic: Simultaneously Route and Bridge
Replies: 2
Views: 559

Re: Simultaneously Route and Bridge

is this one way communication ? You could look at a proxy to do this. I remember seeing one written for games that were lan only, some wrote a proxy to take udp broadcast and router and re broadcast..


your solution
sounds okay at first glance.

Sounds like a silly setup, but ... such is life
by AlexS
Mon May 19, 2014 2:07 pm
Forum: General
Topic: Multi Subnet Network Help
Replies: 5
Views: 629

Re: Multi Subnet Network Help

Nice diagram.

don't over lap networks.


stick with what you had move from the /22 to /24
use the routeros as the default gateway and it will route all the packets to the right place

but it looks like you might have to change your ip address on your wireless as it over laps the other network
by AlexS
Mon May 19, 2014 2:02 pm
Forum: General
Topic: Help Need: Dual route to gateway
Replies: 7
Views: 1439

Re: Help Need: Dual route to gateway

I will have a go. not sure I understand the pic. but you want some addresses to go via a proxy ... normal or transparent. and you want some users to go direct. I presume you are deciding user by ip address ? Normal is easy they set their proxy or use wpad or automatic... transparent should be easy a...
by AlexS
Sat May 17, 2014 9:22 am
Forum: Forwarding Protocols
Topic: BGP Multihoming & Load Balancing
Replies: 14
Views: 4013

Re: BGP Multihoming & Load Balancing

So ... and I am no BGP expert . wouldn't you put all 4 /24's into one AS, peer that with both ISP's. then AS stuff so you get the path selection that you want. So 1.0.1.0/24 ... for preference on isp1, then AS pre append 2 for ISP2 1.0.2.0/24 ... for preference on isp1, then AS pre append 2 for ISP2...
by AlexS
Sat May 17, 2014 9:17 am
Forum: RouterBOARD hardware
Topic: CRS fiber?
Replies: 9
Views: 2678

Re: CRS fiber?

Stackable switches would be nice, but with 10GB uplink port, and even 40GB becoming much more affordable, it's almost pointless. Today, a typical Top-of-Rack switch has up to 24x 1GB ports and 2-4x 10GB ports. This works if you're daisy-chaining one rack to the next...to the next...etc., but only i...
by AlexS
Sat May 17, 2014 9:15 am
Forum: Forwarding Protocols
Topic: OSPF Redundancy and Summarization
Replies: 58
Views: 10005

Re: OSPF Redundancy and Summarization

Hmm, i fi read right and understood correctly I would break up any wan link as area 0, so ptp and eoip. a new area for each office. this is how I have mine setup, 1 office and 2 dc. but I have a broadcast domain shared by all sites. I also use summarisable addressing so say for office 1 I might allo...
by AlexS
Wed May 14, 2014 7:03 am
Forum: Forwarding Protocols
Topic: OSPF Errors
Replies: 9
Views: 1911

Re: OSPF Errors

What you are listing are OPSF processes not instances...slighly different animal

can you give an example of an instance on cisco.

my understanding is that a different OSPF process on a cisco is like a different instance on routeros.
by AlexS
Tue May 13, 2014 4:42 pm
Forum: Forwarding Protocols
Topic: OSPF Errors
Replies: 9
Views: 1911

Re: OSPF Errors

I think so

I have my internal as router ospf 1
And my external as router ospf 2

Didn't think that info got out of the asa though
by AlexS
Tue May 13, 2014 6:46 am
Forum: Forwarding Protocols
Topic: BGP Filters
Replies: 2
Views: 1240

Re: BGP Filters

I have small bgp filters, but I utilise jump's mainly for common stuff. filtering out prefixs that i shouldn't be getter. instead of duplicating it between each of the chains I have one common one.

I use a different chain for each bgp peer
by AlexS
Tue May 13, 2014 5:25 am
Forum: General
Topic: Feature request for v7.x
Replies: 269
Views: 63659

Re: Feature request for v7.x

2) Offer support contracts for premium, PRIORITY support, but don't require them of anybody or make having one mandatory to access software updates you are entitled to/licensed for (minor point-upgrades). If MikroTik offered this, believe it or not, we would be first in line to buy! I have no probl...
by AlexS
Tue May 13, 2014 5:16 am
Forum: General
Topic: Feature request: Stateful HA with Conntrackd
Replies: 30
Views: 7200

Re: Feature request: Stateful HA with Conntrackd

yes please
by AlexS
Tue May 13, 2014 12:16 am
Forum: Forwarding Protocols
Topic: OSPF Errors
Replies: 9
Views: 1911

Re: OSPF Errors

Just FYI...Cisco ASAs now support BGP with the latest 9.2 code http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/release/notes/asarn92.html yes BUT The ASA 5510, ASA 5520, ASA 5540, ASA 5550, and ASA 5580 are not supported in this release or later. ASA Version 9.1 was the final release for th...
by AlexS
Mon May 12, 2014 1:32 pm
Forum: General
Topic: ssh to routeros from routeros
Replies: 3
Views: 560

Re: ssh to routeros from routeros

If there is correct TCP/IP connectivity, check ssh server settings with
ip service print
Look for ssh and allowed ip ranges...

oh silly me ! i have ip address ranges in play !!!
by AlexS
Mon May 12, 2014 1:27 pm
Forum: Forwarding Protocols
Topic: OSPF Errors
Replies: 9
Views: 1911

Re: OSPF Errors

its strange I have

1 x cisco ASA
4 x ccr1036
3 x routerosVm

on the inside all talking OSPF no issue

on the outside I have
2 RouterOS
1 Cisco ASA ( same as the above , different ospf process).
by AlexS
Mon May 12, 2014 8:18 am
Forum: Forwarding Protocols
Topic: OSPF Errors
Replies: 9
Views: 1911

OSPF Errors

Hi My setup 2 x routeros 64 (vm) connected to Cisco ASA5520 ospf 1 on the asa connects to the 2 routeros vms I use md5 authentication all works fine I added another router ospf process, number 2 to the asa and on another interface on that vlan I have 2 more routeros I have BGP setup on these routers...
by AlexS
Fri May 09, 2014 6:59 am
Forum: General
Topic: ssh to routeros from routeros
Replies: 3
Views: 560

ssh to routeros from routeros

Hi

i have been deploying ccr1036's in pairs and I use a cross over cable to link the 2, but I can't ssh from 1 ccr1036 to the other.

I have tried
/system ssh user=admin <ip address of the other unit>

but it comes straight back

How can I get around this ?

A
by AlexS
Thu May 08, 2014 2:00 pm
Forum: General
Topic: v6.12 released
Replies: 237
Views: 57457

Re: v6.12 released

Strange bug on CCR1036-12G-4S with ROS 6.12: After 8 new vlan added, some vlan disappeared after a short time. IPv4 addresses and other features on these vlan show as "unknown" interface. I try to add them again but getting error "this interface already exist". Anyone else got similar problems? tha...
by AlexS
Thu May 08, 2014 1:49 am
Forum: RouterBOARD hardware
Topic: Request for real Cloud Core Router HW (10Gbps)
Replies: 18
Views: 8060

Re: Request for real Cloud Core Router HW (10Gbps)

Old switch ASICS only knew how to process VLAN tags, MAC Addresses, and maybe DSCP/TOS. Modern switch ASICS know how to process data at L4. This encompasses routing. Mikrotiks are awesome.. Ive used them for years in the case we DONT need 960gbit of throughput with a $20k price tag.. But seriously....
by AlexS
Thu May 08, 2014 12:08 am
Forum: Forwarding Protocols
Topic: BFD & OSPF
Replies: 2
Views: 1342

Re: BFD & OSPF

BFD and OSPF go well together...OSPF converges rather quickly by itself and BFD can shave the convergence down even further. What are your convergence requirements? as quick as possible I have a OSPF network, dual ccr1036 at 3 sites. so no vrrp on the MAN network. when i take down 1 ccr0136 at a si...
by AlexS
Thu May 08, 2014 12:05 am
Forum: General
Topic: v6.12 released
Replies: 237
Views: 57457

Re: v6.12 released

Did an upgrade of 2 ccr1036 to 6.12 from 6.10 went well, i had held of because of other reports. All seems well. I have lost my netflow info... strange still works on my x86 VM's not on my on ccr.... Have you tried going into netflow and disabling the netflow then click ok. Then go back in and turn...
by AlexS
Wed May 07, 2014 2:27 am
Forum: General
Topic: v6.12 released
Replies: 237
Views: 57457

Re: v6.12 released

Did an upgrade of 2 ccr1036 to 6.12 from 6.10

went well, i had held of because of other reports.

All seems well.

I have lost my netflow info... strange still works on my x86 VM's not on my on ccr....
by AlexS
Tue May 06, 2014 11:38 pm
Forum: Forwarding Protocols
Topic: BFD & OSPF
Replies: 2
Views: 1342

BFD & OSPF

Hi

How many people use the 2 together ?

Alex
by AlexS
Tue May 06, 2014 2:45 pm
Forum: General
Topic: Frustration with CCR1036-8G-2S+
Replies: 3
Views: 931

Re: Frustration with CCR1036-8G-2S+

what version are you running. I was running 6.10 I just upgraded to 6.12.... and tried the same things and it didn't crash ... I had held of on 6.12 because of all the bad things I have heard, but seems to be okay for me .. So fingers crossed, i will run this on my test pair for a week and then push...
by AlexS
Tue May 06, 2014 11:47 am
Forum: Virtualization
Topic: ccr1036
Replies: 5
Views: 2980

Re: ccr1036

No, not yet.
is that an informed not yet, ie its on the roadmap or a guess ..
by AlexS
Tue May 06, 2014 11:36 am
Forum: RouterBOARD hardware
Topic: CCR1036 - Routing Tables
Replies: 7
Views: 1661

Re: CCR1036 - Routing Tables

Yes I like rsc.

You haven't had any issues with 6.12 ?

I have been holding off because of poeple having issue with 6.12. endless rebooting
by AlexS
Tue May 06, 2014 3:22 am
Forum: General
Topic: Frustration with CCR1036-8G-2S+
Replies: 3
Views: 931

Frustration with CCR1036-8G-2S+

Hi I bought 4 of these and I am now just find them to be stinking piles of poo, thats my current thought. I bought 2 for testing. Connected them to 2 10G switches with the 2 x sfp+ ports, setup LACP and configured vlans off there, then I created vrrp's to sit in each vlan. Did some testing, mainly a...
by AlexS
Mon May 05, 2014 12:57 pm
Forum: RouterBOARD hardware
Topic: CCR1036 - Routing Tables
Replies: 7
Views: 1661

Re: CCR1036 - Routing Tables

what release are you running
by AlexS
Sun May 04, 2014 11:38 am
Forum: General
Topic: Kernel crash ccr1036 6.10
Replies: 0
Views: 914

Kernel crash ccr1036 6.10

Hi just rebooted my ccr1036 3 times! with 6.10 I was at /ip neighbor discovery and I had 1 disabled vlan when i tried to turn off autodiscovery on one of the other interface, it hung/crashed / rebooted 18:33:47 system,error,critical System rebooted because of kernel failure 18:33:47 system,error,cri...
by AlexS
Sun May 04, 2014 11:11 am
Forum: General
Topic: VRRP and firewall rules?
Replies: 3
Views: 3390

Re: VRRP and firewall rules?

Sorry to bring up an old thread but the wiki


http://wiki.mikrotik.com/wiki/Manual:Interface/VRRP

say 224.0.0.12 not 224.0.0.18
by AlexS
Sun May 04, 2014 2:24 am
Forum: Virtualization
Topic: ccr1036
Replies: 5
Views: 2980

ccr1036

can I use meta router on one of these new ccr's?
by AlexS
Mon Apr 28, 2014 11:12 am
Forum: General
Topic: crs266
Replies: 2
Views: 520

Re: crs266

You realize PVST+ is proprietary to Cisco...right?

Lucky i said MSTP
http://en.wikipedia.org/wiki/Spanning_Tree_Protocol
Multiple Spanning Tree Protocol

I believe its compatible with STP, but give you blocking on the vlan level and not the port.
by AlexS
Sun Apr 27, 2014 12:09 pm
Forum: General
Topic: crs266
Replies: 2
Views: 520

crs266

Wondering if these new beasts are going to expand on stp
Currently my mix of cisco and dell switches talk MSTP, last read of the routeros command it only handles STP..

Per Vlan STP is a great improvement
by AlexS
Thu Apr 24, 2014 6:24 am
Forum: RouterBOARD hardware
Topic: Request for real Cloud Core Router HW (10Gbps)
Replies: 18
Views: 8060

Re: Request for real Cloud Core Router HW (10Gbps)

presently each Tile core can be saturated by 1Gb, right ? so multiply it to 10 and number of desired ports and you will get expected horsepower and price of required Tilera chip(they had Any kind of them, from 4-core to hungreds :P). MikroTik developers announced that they soon - will able to sprea...
by AlexS
Thu Apr 24, 2014 6:21 am
Forum: RouterBOARD hardware
Topic: CCR Feedback
Replies: 4
Views: 1031

Re: CCR Feedback

The 72 core CCR set to be released this year will have built in dual PSU.

any links to info on this ?
by AlexS
Thu Apr 24, 2014 3:34 am
Forum: RouterBOARD hardware
Topic: CCR Feedback
Replies: 4
Views: 1031

CCR Feedback

Hi So the CCR1036-8G-2S+EM is great but no dual power supplies :( the CCR1016-12S-1S+ is great but only 1 SFP+ :( Guys not sure if you realise how much you are missing the enterprise market. I have 2 CCR1036-8G-2S+EM for testing in a dual setup nice boxs but...... no dual power supply not good Might...
by AlexS
Sun Apr 20, 2014 7:29 am
Forum: General
Topic: SSH blacklisting improvment posible?
Replies: 11
Views: 1690

Re: SSH blacklisting improvment posible?

Lighten up. Security by obscurity its not security. The issue i have found with dynamic blacklist for ssh ports is your ip can end up on the list as well even if for a limited time. if you were to do many ssh's within your time frame Does slow down password hack attempts. Best to also only use root ...
by AlexS
Sat Apr 19, 2014 1:55 am
Forum: General
Topic: CCR1036 License issue
Replies: 4
Views: 1659

Re: CCR1036 License issue

I would also try 6.10.. its a lot more stable for me
by AlexS
Sat Apr 19, 2014 1:53 am
Forum: General
Topic: CCR1036 performance questions
Replies: 2
Views: 683

Re: CCR1036 performance questions

No one has any performance statistics they are willing to share? I have a CCR1036-8G-2S+ LACP the sfp+ to a stack 10G switch. 2 x 10Gb links I have run some testing VM to VM (both on same ESX host via router and on seperate ESX hosts) My general conclusion is I was unable to push a single TCP strea...
by AlexS
Sat Apr 19, 2014 1:49 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015679

Re: CLOUD CORE ROUTER

6.12 any one had any good experiences with this

I got 2 CCR1036-8G-2S+ might give it a try, but it seems like it still has issues
by AlexS
Sat Apr 12, 2014 5:02 am
Forum: Virtualization
Topic: VMWare ESXi + RouterOS VMs or RouterOS + KVM VMs
Replies: 6
Views: 5000

Re: VMWare ESXi + RouterOS VMs or RouterOS + KVM VMs

But :)

if they are in ESX then can be vmotioned and auto restarted .....
by AlexS
Sat Apr 12, 2014 4:51 am
Forum: General
Topic: Established & Related connections ?
Replies: 1
Views: 10911

Re: Established & Related connections ?

Hi Not sure if there is a problem, if the fw enginee is based on linux ( and I think it is) then rules are evaluated from top to bottom, the first to lines make evaluation a lot quicker some people create allow/permit lines that stipulate only the start of new connections and not the packets that ar...
by AlexS
Tue Apr 08, 2014 9:13 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015679

Re: CLOUD CORE ROUTER

running 2 x CCR1036-8G-2S+

running 6.10, don't think i am game to run 6.11 seems like there are still some issues with ccr and 6.11 :(
by AlexS
Tue Apr 08, 2014 8:59 am
Forum: RouterBOARD hardware
Topic: LACP with vSphere 5.5, CCR1016-12G and Synology Rackstation
Replies: 1
Views: 1020

Re: LACP with vSphere 5.5, CCR1016-12G and Synology Rackstat

Hi! Did a bit of searching in the forum before posting to make sure I didn't post anything that was already answered. Has anyone successfully done 802.3ad with vSphere (ESXi) and Synology? My vSphere 5.5 server has two LAN ports and the Synology has the same. Currently I only use 1 port for my upli...
by AlexS
Tue Apr 08, 2014 8:56 am
Forum: General
Topic: v6.11 released
Replies: 260
Views: 80012

Re: v6.11 released

What's the latest stable version for CCR? I need to move from 6.3 (pretty stable). It looks like 6.7 is the next stop? I am running 6.10 on CCR1036-8G-2S+ I had to move to 6.10 to lacp working. Apart from not being able to push > 1Gb/s tcp sessions through the box, everything else seems to be worki...
by AlexS
Wed Apr 02, 2014 3:11 am
Forum: RouterBOARD hardware
Topic: CCR1016 and CCR1036 dual PSU
Replies: 3
Views: 1160

Re: CCR1016 and CCR1036 dual PSU

I remember reading there were some new products with dual power supplies, any news on these ?
by AlexS
Sun Mar 09, 2014 10:45 pm
Forum: General
Topic: CC1036 Performance issues
Replies: 10
Views: 2714

Re: CC1036 Performance issues

Agreed, but I have Vm -> switch -> CCR they are in the same rack. If I remove the CCR and use routing in the dell switches and choice a destination VM that is 15Km away I can still get 9.xGb/s with a single TCP stream. I need/want high through put on single streams. to me it seems like tcp is gettin...
by AlexS
Wed Mar 05, 2014 10:17 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015679

Re: CLOUD CORE ROUTER

any reason 6.7 and not 6.9 ?

I am having performance issues with 6.10...
by AlexS
Tue Mar 04, 2014 10:18 pm
Forum: General
Topic: CC1036 Performance issues
Replies: 10
Views: 2714

Re: CC1036 Performance issues

Bump Pretty sad, I was ready to buy 4 more of these, but so far nothing back from support, nothing in the forums. The box's look like they could be quiet good, but it seems like they just can't perform. I am guessing for now its a software problem as I am push 8Gbs+ udp packets through them, just no...
by AlexS
Mon Mar 03, 2014 8:46 pm
Forum: General
Topic: Four 10Gb NICs KVM and RouterOS
Replies: 3
Views: 1779

Re: Four 10Gb NICs KVM and RouterOS

Yeah I wouldn't hold your breath on that.

Go with route ros on bare metal why.

I tried routeros under vmware. It maxed out at 1gbs throughput.

Not sure what ros KVM support is like....
by AlexS
Mon Mar 03, 2014 8:41 pm
Forum: General
Topic: CCR CPU %100 (managment) when a port reaches 1000mbit traf
Replies: 17
Views: 2550

Re: CCR CPU %100 (managment) when a port reaches 1000mbit tr

I'm having issues pushing more that 1Gbs through my 10Gbs SFP on these boxes... Strangely I can push 10G of UDP traffic...
by AlexS
Sun Mar 02, 2014 2:11 am
Forum: General
Topic: CC1036 Performance issues
Replies: 10
Views: 2714

Re: CC1036 Performance issues

Interesting when i remove the cc1036 and use the l3 routing of dell 8024f I get up around 9Gb/s
same iperf test...

if I vlan direct between the boxes I get around 9Gb/s
by AlexS
Sat Mar 01, 2014 9:49 pm
Forum: General
Topic: CC1036 Performance issues
Replies: 10
Views: 2714

Re: CC1036 Performance issues

Bump

No one else having this problem
by AlexS
Sat Mar 01, 2014 9:45 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ issue bonding SFP+ ports
Replies: 10
Views: 3607

Re: CCR1036-8G-2S+ issue bonding SFP+ ports

Have you done any performance testing... I haven't been able to push a single stream of TCP faster that 1Gb...
by AlexS
Thu Feb 27, 2014 2:55 am
Forum: General
Topic: CC1036 Performance issues
Replies: 10
Views: 2714

Re: CC1036 Performance issues

[root@ybonas ~]# iperf -c 10.172.208.100 -t 60 ------------------------------------------------------------ Client connecting to 10.172.208.100, TCP port 5001 TCP window size: 3.00 MByte (default) ------------------------------------------------------------ [ 3] local 10.172.203.34 port 56453 connec...
by AlexS
Thu Feb 27, 2014 2:03 am
Forum: General
Topic: CC1036 Performance issues
Replies: 10
Views: 2714

CC1036 Performance issues

Hi I am starting a new thread from http://forum.mikrotik.com/viewtopic.php?f=2&t=81936 as the OP seems to have solved their problem. I am having some issue pushing 1 TCP stream pas 1Gb/s through these devices. env 2 x 8024F 10G switches stacked 2 x cc1036 cross connect to 2 10G ports / device. This ...
by AlexS
Wed Feb 26, 2014 2:28 pm
Forum: General
Topic: CCR 1036. High load loses packets. Big problem.
Replies: 25
Views: 8905

Re: CCR 1036. High load loses packets. Big problem.

Hmm I dont have any hotspots nor any queues
by AlexS
Wed Feb 26, 2014 9:51 am
Forum: General
Topic: CCR 1036. High load loses packets. Big problem.
Replies: 25
Views: 8905

Re: CCR 1036. High load loses packets. Big problem.

btest is unreliable. Get two good PC's and test THROUGH the CCR using the tool called iperf.
If you look 2 posts up you will see that's what I have done similar results
by AlexS
Wed Feb 26, 2014 2:24 am
Forum: General
Topic: CCR 1036. High load loses packets. Big problem.
Replies: 25
Views: 8905

Re: CCR 1036. High load loses packets. Big problem.

This is pretty sad... so this is a cross connect between 2 CCR1036 nothing inbetween ether1 to ether1 .... [admin@ybortr2] /tool> bandwidth-test 192.168.0.1 protocol=tcp status: running duration: 1m10s rx-current: 51.8Mbps rx-10-second-average: 49.5Mbps rx-total-average: 61.1Mbps random-data: no dir...
by AlexS
Sun Feb 23, 2014 12:09 pm
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93484

Re: Feature request: OpenVPN compression LZO and UDP

++100000
by AlexS
Sun Feb 23, 2014 9:12 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015679

Re: CLOUD CORE ROUTER

Any chance to get NTP server on CCR 1036the dual sfp+ one
by AlexS
Sun Feb 23, 2014 1:56 am
Forum: General
Topic: Trunk port on a CCR1036 router
Replies: 11
Views: 6243

Re: Trunk port on a CCR1036 router

I think you want your l2 MTU to be bigger than your l3
by AlexS
Sat Feb 22, 2014 11:07 pm
Forum: General
Topic: CCR 1036. High load loses packets. Big problem.
Replies: 25
Views: 8905

Re: CCR 1036. High load loses packets. Big problem.

hi just to add my quick findings so I have 3 sites all attached by 10G SFP+ (fibre runs) site A test box is centos 6.5 vm vmnext3 -> dell 8024F 10G switch ... doing routing as well -> 10G SFP to Site C -> dell 8132F switch router -> another test box centos 6.5 vm vmnext3 Site O test box centos 6.5 v...
by AlexS
Sat Feb 22, 2014 7:13 am
Forum: General
Topic: CCR 1036. High load loses packets. Big problem.
Replies: 25
Views: 8905

Re: CCR 1036. High load loses packets. Big problem.

Hi

if I read right this is just for UDP packet ?
by AlexS
Sat Feb 22, 2014 2:01 am
Forum: General
Topic: NAT/PAT loopback challenge
Replies: 5
Views: 2746

Re: NAT/PAT loopback challenge

No... No way to keep original ipinfo with nat... May be use a transparent proxy ?
by AlexS
Sat Feb 22, 2014 1:56 am
Forum: Forwarding Protocols
Topic: OSPF "Flapping" Issues
Replies: 14
Views: 8165

Re: OSPF "Flapping" Issues

Bysard - I hear ya' about RIP! Trust me, I'd use it exclusively if I could but I need the instantaneous fail over that OSPF provides. IPAN - In regards to MTU, that makes the most sense and we have already addressed that at a few locations but the problem persists. I'm assuming you are making refer...
by AlexS
Sat Feb 22, 2014 1:45 am
Forum: General
Topic: 2 Gateway How I force Public Range to prefer 1 way via OSPF
Replies: 1
Views: 588

Re: 2 Gateway How I force Public Range to prefer 1 way via O

Can't you increase the cost of an interface
by AlexS
Fri Feb 21, 2014 9:57 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ issue bonding SFP+ ports
Replies: 10
Views: 3607

Re: CCR1036-8G-2S+ issue bonding SFP+ ports

I haven't used ether 2-8... Ether 1 I have cross connected.

Have you done any throughput tests ?
by AlexS
Thu Feb 20, 2014 11:31 am
Forum: General
Topic: handling big firewall rule
Replies: 2
Views: 613

Re: handling big firewall rule

I don't use the GUI.
I liked safe mode but it has a limited buffer


I keep my configs in text files which are stored in svn
by AlexS
Thu Feb 20, 2014 9:05 am
Forum: General
Topic: handling big firewall rule
Replies: 2
Views: 613

handling big firewall rule

Hi I am wondering how people handle big firewall rule sets. I was thinking of actually creating them offline as a script (basically just what you get from export). Edit offline, scp over to the router and then just import ??? or run script My concern is that I am going to lose connection whilst I am...
by AlexS
Thu Feb 20, 2014 1:45 am
Forum: General
Topic: LACP with dell 8024f
Replies: 4
Views: 1638

Re: LACP with dell 8024f

checked it again with 6.10 and all is working well now !

with LACP that is
by AlexS
Thu Feb 20, 2014 1:44 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ issue bonding SFP+ ports
Replies: 10
Views: 3607

Re: CCR1036-8G-2S+ issue bonding SFP+ ports

Fixed

re tried with 6.10 and all's good :)
by AlexS
Wed Feb 19, 2014 10:47 pm
Forum: General
Topic: LACP with dell 8024f
Replies: 4
Views: 1638

Re: LACP with dell 8024f

Q)

I have moved it to balanced and turn the ports on switch to port-channel (not lacp).

Do I need to do that ?

I get the feeling I don't
when i check my /interface print output there are 2 mac's on the SPF+ interfaces, I thought it was meant to write the same on both !
by AlexS
Wed Feb 19, 2014 10:36 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ issue bonding SFP+ ports
Replies: 10
Views: 3607

CCR1036-8G-2S+ issue bonding SFP+ ports

Hi I have 2 of these that I have connected to a stack of 2 x dell 8024f I have 10G connectivity I went to LACP bond the interfaces and it wouldn't work, couldn't get LACP active on the switch so I have fallen back to balanced-tlb. balanced-alb seemed to be failing for half the clients... so this was...
by AlexS
Tue Feb 18, 2014 11:06 am
Forum: General
Topic: LACP with dell 8024f
Replies: 4
Views: 1638

Re: LACP with dell 8024f

no sure what version you run on - just had a bad fall with ccr trying to bond to cisco switch. cisco lacp channel falls over after 30 seconds complaining about miss configuration of ethernet interfaces - not port channels - looks like low level packet scrambling/loop at ethernet interface on CCR. A...
by AlexS
Tue Feb 18, 2014 6:29 am
Forum: General
Topic: LACP with dell 8024f
Replies: 4
Views: 1638

LACP with dell 8024f

Hi got a stacked 8024f and I want to bond via lacp the 2 sfp+ ports from a CCR1036-8G-2S+ to the 8024f. I setup the ports as LACP and setup the routeros as bonded lacp. unfortunately didn't work couldn't activate on the dell's so i switched to manual / static port-channel. I set routeros to roundrob...
by AlexS
Tue Feb 04, 2014 3:14 am
Forum: General
Topic: Issue with 6.7 ospf interface
Replies: 1
Views: 483

Issue with 6.7 ospf interface

hi # INTERFACE COST PRIORITY NETWORK-TYPE AUTHENTICATION AUTHENTICATION-KEY 0 all 10 1 default md5 XXX 1 X YBOPremiumBT 10 1 default none 2 D YBOPremiumBT 10 1 broadcast md5 XXX 3 D RTR 10 1 broadcast md5 XXX 4 DP loopback0 10 1 broadcast md5 XXX I have a add disabled=yes interface=YBOPremiumBT for ...
by AlexS
Thu Jan 30, 2014 10:40 am
Forum: General
Topic: VRRP duplicate packets
Replies: 4
Views: 1079

Re: VRRP duplicate packets

Quick update, seems like there is a know issue with duplicate packets when a VM has multiple promisc mode nic's attached !
by AlexS
Wed Jan 29, 2014 1:08 pm
Forum: General
Topic: VRRP duplicate packets
Replies: 4
Views: 1079

Re: VRRP duplicate packets

Very strange I have 8 nic's 3 all setup the same and some ports are exhibiting this and some are not ...

I can see 2 packets with the same time stamp and same detail hitting the nic...

I am wondering if this is a VMWare issue ...
by AlexS
Wed Jan 29, 2014 4:42 am
Forum: Virtualization
Topic: ESXi 5.5 and Mikrotik support VMXNET3
Replies: 9
Views: 13307

Re: ESXi 5.5 and Mikrotik support VMXNET3

Hi I would like to add to this, not form the bug perspective but from a throughput perspective. I would like to see 10G throughput and currently I am being max out at 1G well bit less. and it seem like its using 1 cpu for routing .... I am getting 10G with VMXnet3 driver under linux. is there a proc...
by AlexS
Tue Jan 28, 2014 9:31 am
Forum: General
Topic: VRRP duplicate packets
Replies: 4
Views: 1079

Re: VRRP duplicate packets

don't think so master 1 RM YBOServers-RTR-VRRP YBOServers-RTR 00:00:5E:00:01:CB 203 105 1s 2 ipv4 1 B YBOServers-RTR-VRRP YBOServers-RTR 00:00:5E:00:01:CB 203 100 1s 2 ipv4
by AlexS
Tue Jan 28, 2014 8:59 am
Forum: General
Topic: VRRP duplicate packets
Replies: 4
Views: 1079

VRRP duplicate packets

Hi I have setup a vrrp setup with 2 routeros VM's problem is I am seeing 2 packets from the any ip address on the network. i do a ping from a network that routers through routeros to a another server (say srv Z) and server Z seems to send back 2 packets ... I get duplicate packet errors on the clien...
by AlexS
Wed Jan 15, 2014 3:43 am
Forum: General
Topic: VRRP questio
Replies: 9
Views: 2544

Re: VRRP questio

I have revisited this. So VRRP on a vm on ESX. I stopped using VRRP, i didn't want to turn on promisc mode for my vswitches and I didn't want to create a seperate port group..... But I have found that VRRP is going to be handy again, so I went looking, also went looking to see how I can do tagging t...
by AlexS
Mon Jan 13, 2014 4:33 am
Forum: General
Topic: Issue with 6.7 (and I think 6.5)
Replies: 0
Views: 347

Issue with 6.7 (and I think 6.5)

I run routerOS in a VM

I have had this happen to me a couple of times.


When I start a session and have /tool sniffer quick running. If my connections dies, I am unable to connect to it again via ssh, I have to get to console and restart the box !

Not good !
by AlexS
Thu Jan 09, 2014 1:24 am
Forum: General
Topic: Feature request -> readonly mode
Replies: 1
Views: 786

Feature request -> readonly mode

Okay maybe its me not knowing what to do, but some time I have 2 screens open 1 to a new routeros install and 1 to an original one. I would like to put the original router into read only mode so I can't make any changes but still look at every things. having a quick look I guess I can create a user ...
by AlexS
Mon Jan 06, 2014 7:17 am
Forum: General
Topic: Package management
Replies: 0
Views: 650

Package management

Hi 2 question, I wanted to use the inbuild update function /system packages update but it seems to want to use a upgrade.mikrotik.com with resolves to quite a few IP addresses, which doesn't really work for as I don't want to open up so many ip address! can I make routeros use a proxy if so how. If ...
by AlexS
Thu Dec 19, 2013 8:30 am
Forum: General
Topic: question about command line
Replies: 1
Views: 525

question about command line

Hi I was trying to find a route in my route table (15K) and found this and was puzzled by it doing this /ip route print detail where 203.82.140.125 in dst-address found me this 49 ADb dst-address=203.82.128.0/19 gateway=175.45.107.73 gateway-status=175.45.107.73 reachable via YBPublicVocus distance=...
by AlexS
Mon Nov 04, 2013 11:25 am
Forum: Forwarding Protocols
Topic: OSPF filtering
Replies: 17
Views: 3019

Re: OSPF filtering

thanks I will have a google !
by AlexS
Mon Nov 04, 2013 3:59 am
Forum: Forwarding Protocols
Topic: OSPF filtering
Replies: 17
Views: 3019

Re: OSPF filtering

I'm not quite sure if my situation is the same as yours , but I hide/deny certain routes from propagating in my network via Route Filters.If you google Route Filters Mikrotik you should find some good examples. http://wiki.mikrotik.com/wiki/Manual:Routing/Routing_filters#Examples http://forum.mikro...
by AlexS
Sun Nov 03, 2013 3:57 am
Forum: Forwarding Protocols
Topic: OSPF filtering
Replies: 17
Views: 3019

OSPF filtering

Hi I am trying to do some ospf filtering of routes when then move from one area to another. my area 0 is my backbone, also my WAN (10.31.19.0/24), I have 2 routerOS (r1 & r2) boxes here at dc2 and at the office I have 2 cisco switches doing ospf/routing (c1 & c2) and at the office I have another 2 r...
by AlexS
Tue Oct 22, 2013 4:58 am
Forum: General
Topic: firewall question filtering SYN packets
Replies: 0
Views: 435

firewall question filtering SYN packets

Hi I was wondering how I can block SYN packets from the forward chain. In linux I can set a mask and check the value of the tcp flaps I tried add action=accept chain=YBFWDIN comment="allow non SYN tcp traffic" tcp-flags=!syn protocol=tcp but I had to add add action=accept chain=YBFWDIN comment="allo...
by AlexS
Fri Oct 18, 2013 4:14 am
Forum: General
Topic: Mikrotik as OpenVPN Client - Routing Problems
Replies: 3
Views: 2812

Re: Mikrotik as OpenVPN Client - Routing Problems

you can tell the openvpn server to send to the client routing instructions So if you don't want split horizon.. .ie all traffic to go over the vpn, you can instruct the client to setup routing that way. I am not sure how that will work with ROuterOS! what it does it add in a routing to get to the VP...
by AlexS
Fri Oct 18, 2013 4:01 am
Forum: General
Topic: VRRP questio
Replies: 9
Views: 2544

Re: VRRP questio

Thanks I am sticking to eBGP for ext OSPF for int saying that, the static route thing is going to be a short problem. But the asymmetrical might not be, coming to terms with it on the firewall, I am dropping the "drop invalid" line and limiting it to dropping SYN packets and allow non SYN tcp... not...
by AlexS
Thu Oct 17, 2013 3:17 am
Forum: General
Topic: VRRP questio
Replies: 9
Views: 2544

Re: VRRP questio

Got another interesting problem from my vrrp setup So i have cisco1 rtr01 vlan13 cs3 cisco2 vlan9 rtr02 vlan13 cs4 cisco1 & 2 connect to vlan9 have a hrsp .1 with .2 and .3 making up the real address rtr1&2 connected to vlan9 have a vrrp .254 and .253 & .252 making up the real address I also have OS...
by AlexS
Wed Oct 16, 2013 8:03 am
Forum: Beginner Basics
Topic: firewall list
Replies: 3
Views: 895

Re: firewall list

Thanks

could you maybe explain. I will try and tell me if I am wrong

remove <arguments>

[] => inline script

find is a script command that finds all the elements in the current path
by AlexS
Wed Oct 16, 2013 7:43 am
Forum: Beginner Basics
Topic: offline configs
Replies: 4
Views: 814

Re: offline configs

Thought I would try this.
but i was using /log print file=save
then tried to scp from admin@<IP>:save .
say file not found.


edit:

automatically adds in .txt !!!
<added for the next person to have the problem ! >
by AlexS
Wed Oct 16, 2013 2:29 am
Forum: General
Topic: Firewall problem....
Replies: 15
Views: 2352

Re: Firewall problem....

can you do a packet dump on the firewall sorry I am a newbie with routeros, this is the way I would do it on a linux box. packet capture on the inside interface make sure they are coming through the firewall. then craft a specific firewall rule place at the top of the forward chain, that just logs. ...
by AlexS
Tue Oct 15, 2013 8:29 am
Forum: General
Topic: Firewall problem....
Replies: 15
Views: 2352

Re: Firewall problem....

Wild guess is it because they are not using the proxy ?
by AlexS
Tue Oct 15, 2013 8:27 am
Forum: General
Topic: Firewall tables
Replies: 0
Views: 544

Firewall tables

Hi [newbie] I have been looking at firewall section, am I am trying to build some chains, basically using my linux skills and translating across. I was wonder if it would not be possible to create directories below / ip firewall filter to each of the chains the default ones and the user created ones...