Community discussions

Search found 257 matches

by AlexS
Sun Mar 31, 2019 9:49 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 37948

Re: UKNOF 43 CVE

My opinion is clear: IPv6 is a required service, disabling it is akin to shutting off power. But this is where you are getting me wrong: I'm not shutting IPv6 off on our network. We have been providing IPv6 to endusers since 2008. And even longer on the infrastructure. I'm turning it off on everyth...
by AlexS
Thu Oct 18, 2018 3:29 am
Forum: Forwarding Protocols
Topic: Graceful restart
Replies: 2
Views: 616

Re: Graceful restart

Hi

No answer to this ?

A
by AlexS
Tue Oct 02, 2018 8:37 am
Forum: Forwarding Protocols
Topic: Graceful restart
Replies: 2
Views: 616

Graceful restart

Hi Wondering if routeros has graceful restart option for OSPF and BGP. I am looking at connecting Active Passive Pa cluster to some CCR's. they suggest for a faster fail over to tick off Graceful restart for OSPF and BGP. Currently my setup is OSPF and BGP with BFD. I have to remove the BFD. but my ...
by AlexS
Sat Aug 18, 2018 7:02 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Traffic shapping Question
Replies: 1
Views: 452

Re: Traffic shapping Question

Just to expand to this been doing some reading up. I want to use marks. so in the mangle table I am looking at doing something like prerouting add chain=qos-prer src-address=a.b.c.d/32 action=mark-connection connection-state=new new-connection-mark=rlc_prod add chain=qos-prer dst-address=a.b.c.d/32 ...
by AlexS
Sat Aug 18, 2018 1:44 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Traffic shapping Question
Replies: 1
Views: 452

Traffic shapping Question

Hi If I have add chain=forward comment="Allow Established connections" connection-state=established,related action=fasttrack-connection disabled=no add chain=forward comment="Allow Established connections" connection-state=established,related as my first lines in forward, how does this affect my abi...
by AlexS
Sun Jul 15, 2018 10:34 am
Forum: General
Topic: CCR1072 check powersupply
Replies: 0
Views: 232

CCR1072 check powersupply

Hi

How can I check the health of power supplies on a CCR0172 I tried system health but nothing there.
by AlexS
Sun Apr 01, 2018 8:18 am
Forum: General
Topic: Best practise
Replies: 1
Views: 305

Best practise

Hi I have a few CCR that I use as BGP peering points. Which means I have asym routing. With that in mind tcp session time out. Currently set at 1d, I am thinking i should lower this as I might get packets from the stream showing up across multiple CCR's. I have rules in place to handle tcp non Syn p...
by AlexS
Sun Apr 01, 2018 8:14 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New router OS
Replies: 46
Views: 11472

Re: New router OS

RouterOS does not use any TILE code from the Linux kernel. This news has no effect on RouterOS. So now that tile is removed from the linux kernel, where does that leave the CCR. Also V7. I was / have been waiting 4+ years for better single stream tcp performance on these 10G routers. I can still (w...
by AlexS
Fri Mar 30, 2018 6:08 am
Forum: Scripting
Topic: bgp or interface up down script
Replies: 0
Views: 346

bgp or interface up down script

Hi I have 4 routers I use to connect to ISP and my main firewall behind them Current the fw uses a VIP(VRRP) address to use as dgw. I would like to change the vrrp priority based on if I have my internet BGP peer up. so if 1 of the 4 routers has dropped its BGP peer with the ISP , I would like to se...
by AlexS
Thu May 18, 2017 1:42 am
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 1210

Re: BGP Converge time

Is that a function of different code base or because the VM's have higher frequency ?

I am guessing its still single core, but you get a better performing cpu in the VM

I got my convergence time down to ~ 1sec, by cutting my prefixes down to < 3k... around 30K is goes back to about 2-3 minutes.
by AlexS
Thu May 04, 2017 4:23 am
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 1210

Re: BGP Converge time

To add to that, currently we take full BGP feeds on all ISP connections.

It's been suggested that if we take a smaller feed, convergence will be much smaller.
by AlexS
Thu May 04, 2017 4:11 am
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 1210

BGP Converge time

Hi Say I have 4 x ccr1036 router A, B, C, D. Each router has a ISP BGP connection and each routers has a connection to VLAN Internet. eBGP to ISP and iBGP over Internet. On the internet vlan I have a fw it routers via DGW. the DGW is handled by the routers using a VRRP on the Internet vlan. lets say...
by AlexS
Mon Apr 24, 2017 6:18 am
Forum: Scripting
Topic: Suggested events to trigger script
Replies: 1
Views: 567

Suggested events to trigger script

Hi

would like to see some event handles to trigger when an interface goes up or down. Similar to the VRRP on master on backup handles

Alex
by AlexS
Thu Mar 23, 2017 4:20 am
Forum: General
Topic: MicroSd Cards
Replies: 4
Views: 2135

Re: MicroSd Cards

Actually I have a question, once the SD card has been inserted and partitioned do you have any problem using the card such as the CCR not recognizing it after (cold)reboot or anything?, I want to move my user-manager database to the card but I don't want to be surprised by any unexpected access pro...
by AlexS
Wed Mar 22, 2017 12:30 am
Forum: General
Topic: MicroSd Cards
Replies: 4
Views: 2135

MicroSd Cards

Hi

started to use micro SD cards in my CCR (1036+1072).

To my surprise I find I have to reboot the device when i insert the SD card and also when I re partition it.

Have i missed something as this seems very stupid ....
by AlexS
Wed Mar 01, 2017 6:00 am
Forum: RouterOS v6 RC and v7 BETA
Topic: V7 ....
Replies: 23
Views: 5860

Re: V7 ....

I didn't check, i was running iperf. server A -> server B direct 9.8Gb/s server A -> ccr (LACP + vlans, in one vlan out another vlan) -> server B, approxy 0.98Gb/s If i ran multiple streams I could push up to 9.6-9.8Gb/s Well, it might be a good idea to check. Don't run TCP, use UDP. Force it to us...
by AlexS
Wed Mar 01, 2017 4:45 am
Forum: RouterOS v6 RC and v7 BETA
Topic: V7 ....
Replies: 23
Views: 5860

Re: V7 ....

I have followed this up a few time with tech support. and it has been a while, but 1 TCP stream is cpu bound, just like single core BGP ...( that also is coming in V7 ... multi core bgp). I can put over 1G bu pushing multiple streams ... Hmm, so ok. If for example you start to push over that, what ...
by AlexS
Wed Mar 01, 2017 2:41 am
Forum: RouterOS v6 RC and v7 BETA
Topic: V7 ....
Replies: 23
Views: 5860

Re: V7 ....

I bought the orig ccr1036 when it came out, to be disappointing with the performance. the issue single threaded forwarding .. limit single tcp streams to 1G... on a 10G routers thats annoying. Fix ... V7. I was under the impression that if a flow exceeds the ability of one CPU core to process, that...
by AlexS
Wed Mar 01, 2017 2:10 am
Forum: General
Topic: VRF and icmp generated locally not following VRF
Replies: 0
Views: 213

VRF and icmp generated locally not following VRF

Hi I have v6.37.1 I have setup a ccr1036 & ccr1072 with multiple VRFs Management - vlan 8 Internet - vlan 6 Vendor - vlan 7 and my default route table is basically 192.168.1.0/24 via eth1 src 192.168.1.1 dgw via 192.168.1.2 I have added interface internet to vrf Internet using /ip route vrf I have f...
by AlexS
Wed Mar 01, 2017 2:02 am
Forum: RouterOS v6 RC and v7 BETA
Topic: V7 ....
Replies: 23
Views: 5860

Re: V7 ....

Doesn't matter to me. I pulled out all my mikrotik stuff except in some "cheap" areas of my networks. Too little development was happening on features that really matter. Too much development on bullshit creature features. It's like they don't care to fix all the big problems that would take a lot ...
by AlexS
Tue Feb 14, 2017 12:43 am
Forum: RouterOS v6 RC and v7 BETA
Topic: V7 ....
Replies: 23
Views: 5860

V7 ....

Hi

I have a been a fan of routeros/mikrotik, but I am becoming rather disillusioned, V7 has been coming for ages, 3+ years now. I am running into small issues that are getting fixed until V7.

I'm becoming rather frustrated.

A
by AlexS
Tue Feb 07, 2017 5:51 am
Forum: Forwarding Protocols
Topic: Multi ip address on interface confuses bgp
Replies: 1
Views: 438

Multi ip address on interface confuses bgp

Hi Interface Internet ip address on interface 10.10.10.67/24 20.20.20.67/24 bgp peer remote address 10.10.10.68, update-source=Internet whilst doing a tcp dump on 10.10.10.68, I could see BGP packets coming from 10.10.10.67 and from 20.20.20.67 it seemed to alternate and it stopped the BGP peer conn...
by AlexS
Sat Jan 28, 2017 9:11 am
Forum: General
Topic: NTP client with VRF
Replies: 2
Views: 569

Re: NTP client with VRF

Is that the same with DNS ?
by AlexS
Fri Jan 27, 2017 7:01 am
Forum: General
Topic: NTP client with VRF
Replies: 2
Views: 569

NTP client with VRF

Hi I am trying to setup a CCR1072 with multiple VRF. My plan was to not use the default table but place everything in their own VRF. For example Internet Management Internal But I am trying to setup my NTP client and I can only provide ntp server addresses and no vrf or source address. Is there some...
by AlexS
Tue May 17, 2016 7:51 am
Forum: General
Topic: queue simple question
Replies: 1
Views: 322

Re: queue simple question

tried to make it a bit more simple /queue simple> export /queue simple add comment="guest to local network is max" dst=10.0.0.0/8 name=guestLocal target=10.0.0.0/8 add comment="guest to internet" max-limit=10M/10M name=guestInternet target=10.172.202.0/24 The Internet one is working fine the local l...
by AlexS
Tue May 17, 2016 4:48 am
Forum: General
Topic: queue simple question
Replies: 1
Views: 322

queue simple question

/queue simple remove [ find where ! dynamic ] add comment="ratelimit for yboGuest network and only for marked packets" max-limit=10M/10M name=guestToInternet packet-marks=guestInternet target=10.172.202.0/24 # only here until mangle is used any where else # then shoudl go into fw.rsc /ip firewall ma...
by AlexS
Fri May 06, 2016 7:05 am
Forum: Forwarding Protocols
Topic: Multicast routing
Replies: 1
Views: 874

Multicast routing

Hi Trying to work out an issue with multicast routing. Trying to connect to 2 sources 233.71.185.130 233.71.185.146 /routing pim> export # may/06/2016 13:56:54 by RouterOS 6.33.3 # /routing pim interface add igmp-version=IGMPv3 interface=MCasx add igmp-version=IGMPv3 interface=Management /routing pi...
by AlexS
Wed Mar 30, 2016 6:00 am
Forum: General
Topic: CCR-1036 only get 500mbps through put
Replies: 10
Views: 1810

Re: CCR-1036 only get 500mbps through put

Hmm thats pretty low. Again, is it? Could be well within the indicated performance envelope, but without knowing the specifics, who knows... There is a known limit of 1Gb/s on a single tcp stream. I am certain that somebody from Mikrotik has denied this but I can't find the thread right now. http:/...
by AlexS
Wed Mar 30, 2016 5:58 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

VMWare tools are for Windows and such operating systems. RouterOS will not have it. All the needed network and storage drivers are already there, VMtools will not be there Hello Normis, I understand that Mikrotik does not contain the complete VMware Tools, but should have implemented Linux drivers ...
by AlexS
Sat Jan 30, 2016 12:53 pm
Forum: General
Topic: Suggestion for ROS
Replies: 1
Views: 377

Suggestion for ROS

Hi I use a cisco feature that syslogs all tcp (and udp) session. So once a session finishes it prints out a log entry. time src ip port dst ip port amount of data and reason for ending .. Would be nice if ROS could do the same thing. I was thinking of using ip filter to log syn and fin packets I cou...
by AlexS
Sat Jan 30, 2016 12:48 pm
Forum: General
Topic: CCR-1036 only get 500mbps through put
Replies: 10
Views: 1810

Re: CCR-1036 only get 500mbps through put

Hmm thats pretty low. I have on 7 of these. connected via 10G sfp.. There is a known limit of 1Gb/s on a single tcp stream. Ran into another limit ~4Gb/s of udp traffic. seems like LACP doesn't allow fast path for traffic flow. I like these routers, but I have been find quite a few limitations on th...
by AlexS
Thu Jan 28, 2016 12:41 am
Forum: General
Topic: CCR-1036-8G-2S+EM capacity questions
Replies: 5
Views: 869

Re: CCR-1036-8G-2S+EM capacity questions

Also have huge performance issues with these things. Really disappointed by them and most certainly won't purchase them again. Whilst the brochures, test data, "lab" tests, etc all look real pretty on paper, out there in the field with real live internet traffic, performance is FAR from what they (...
by AlexS
Thu Jan 28, 2016 12:41 am
Forum: General
Topic: CCR-1036-8G-2S+EM Performance issues
Replies: 1
Views: 450

Re: CCR-1036-8G-2S+EM Performance issues

Seems like a LACP thing and fast path not working with LACP..


sigh another thing to wait for in V7
by AlexS
Sun Jan 24, 2016 7:56 am
Forum: General
Topic: CCR-1036-8G-2S+EM Performance issues
Replies: 1
Views: 450

CCR-1036-8G-2S+EM Performance issues

Hi I find my self doing some more network performance testing I have 7 of these CCRs My test setup is 2 x CCR - with lots of VLANS. Most are setup as VRRP DGW. Connected to Dell Stacked 10G switch and Arista 10G switch with MLAG setup. I have a ESXi host connected with vSwitch0 which has 2 x 10G nic...
by AlexS
Sun Jan 24, 2016 7:47 am
Forum: General
Topic: CCR-1036-8G-2S+EM capacity questions
Replies: 5
Views: 869

Re: CCR-1036-8G-2S+EM capacity questions

I got 7 of these little beasts.

* Can't route any single TCP faster than 1G, even through the 10G SFP port
* Can't seem to handle more than 5G of UDP traffic without all the CPU's going 100%

For the price i like my CCR's but I keep finding these limitations.

A
by AlexS
Thu Jan 21, 2016 12:47 am
Forum: General
Topic: Routing on the same interface
Replies: 4
Views: 671

Re: Routing on the same interface

Okay user error.

the ccr had a address of .193 and I had the server user .2 so couldn't route. on the reverse path it I presume eventually sent out a redirect.. not sure why ..

any way solved my problem (of my own making by the looks of things :) )
by AlexS
Wed Jan 20, 2016 9:59 pm
Forum: General
Topic: Routing on the same interface
Replies: 4
Views: 671

Re: Routing on the same interface

Because both networks are in the same the same network segment, redirect telling the sending host to send packets to 10.x directly. Try moving the 10.x ip to a loopback interface (i.e. no longer in the same L2 broadcast domain) Just because they are in the same broadcast domain, doesn't mean they c...
by AlexS
Wed Jan 20, 2016 12:30 pm
Forum: General
Topic: Routing on the same interface
Replies: 4
Views: 671

Routing on the same interface

Hi I have a CCR, but i don't think its a problem with it. But lacp, vlans off there. I have 1 vlan 213 I have attached to ip networks there 10.172.213.193/24 192.168.213.2/24 I have a vm with nic in the vlan with ip 192.168.213.52 and I am trying to ping 10.172.213.51 routing is via 192.168.213.2 bu...
by AlexS
Sat Jan 09, 2016 11:30 pm
Forum: Scripting
Topic: help with scripting
Replies: 2
Views: 1016

help with scripting

Hi Might not actually be the right place but I keep a rsc file for 2 CCR's that have the same firewall rules simple like /ip firewall filter remove [ find ] # ##### # YB IN # ##### add action=jump chain=YBIN comment="Check YB SRC" jump-target=YBSRC add chain=YBIN comment="Allow SSH" dst-port=22 prot...
by AlexS
Sat Jan 09, 2016 11:27 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

Any one been able to get more than 2Gb/s on CHR on VMWare with vmxnet3 drivers for 1 tcp stream ?
by AlexS
Tue Dec 29, 2015 2:11 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

Been doing some simple testing VMWare esxi 5.5 using iperf 2 Centos 6.6 vm. iperf -c <serverip> -i 10 -w 128M -t 300 iperf -s -i 10 -w 128M [ 4] 40.0-50.0 sec 11.6 GBytes 9.99 Gbits/sec [ 4] 50.0-60.0 sec 11.7 GBytes 10.0 Gbits/sec [ 4] 60.0-70.0 sec 11.4 GBytes 9.79 Gbits/sec [ 4] 70.0-80.0 sec 11....
by AlexS
Tue Dec 29, 2015 12:49 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

Hi

How can I set / show the RX/TX ethernet buffer size. for a VMWare VM I would like to set the buffer size for the vmxnet3 nic.

I have had a look at /interface ethernet

is it currently set to max 4096 ?
by AlexS
Wed Dec 23, 2015 2:19 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

I have downloaded the vmdk - vmware disk. I have created a new VM. other - linux 64 add in 1 nic vmxnet3 I go to add the downloaded disk - have to edit the vm as I can't add during creation and i see the disk is an ide not scsi is that right ? Quick fiddle with the vmdk change ide to lsilogic Also I...
by AlexS
Wed Dec 23, 2015 1:55 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

Cool Cool Cool.

Is there any path for upgrading the ROS licences into CHR licenses ?
by AlexS
Tue Dec 22, 2015 9:45 am
Forum: General
Topic: CCR1036 and mirror ports
Replies: 3
Views: 2484

CCR1036 and mirror ports

Hi

Do I have any of this functionality under http://wiki.mikrotik.com/wiki/Manual:Sw ... _Mirroring

I am trying to setup a span port ... mirror all packets and send them to another interface.
by AlexS
Wed Nov 18, 2015 4:40 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

you have to run interface in promiscuous mode if you want to run VRRP on the interfaces.
But that causes its own problems.

Its possible to run with out promisc mode but must use different macs
by AlexS
Thu Nov 12, 2015 10:53 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

Hi

Will CHR fix the issue of VRRP not working in VMWare, unless you turn on promisc mode for that interface ?
by AlexS
Mon Oct 26, 2015 12:19 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183976

Re: Cloud Hosted Router

Can you comment on a timeframe for availability? not a release date, more like "planned in Q1 2016"... for planning. I really want to get rid of a certain virtual VPN endpoint ;) Yes this, hanging out on pricing... I have a project on hold to replace my current ROS VM's with either handmade or othe...
by AlexS
Sun Sep 06, 2015 1:33 pm
Forum: General
Topic: SNMP
Replies: 2
Views: 564

Re: SNMP

The MIB is posted on the wiki. http://wiki.mikrotik.com/wiki/Manual:SNMP#Management_information_base_.28MIB.29 From the MIB file: iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrHealth.mtxrHlTemperature.0 (OID 1.3.6.1.4.1.14988.1.1.3.8.0) - 350.0.000000 ...
by AlexS
Sun Sep 06, 2015 12:39 pm
Forum: General
Topic: SNMP
Replies: 2
Views: 564

SNMP

Hi

Does any one know the MIBS for the /system health attributes, particularly the temp and cpu temp

a