Community discussions

Search found 676 matches

by Zorro
Mon Mar 13, 2017 3:43 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82247

Re: v6.39rc [release candidate] is released

is any chance for fix for recent linux breach ? eg this one: https://security-tracker.debian.org/tracker/CVE-2017-2636 ... in the Linux kernel through 4.10.1... RouterOS v6 uses v3.3.6 and don't have hdlc ...you are safe. well, since "3.2 and above(up to 4.11?)" listed as "vulnerable" unless "parti...
by Zorro
Mon Mar 13, 2017 11:15 am
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82247

Re: v6.39rc [release candidate] is released

is any chance for fix for recent linux breach ?
eg this one:
https://security-tracker.debian.org/tra ... -2017-2636
by Zorro
Sat Mar 04, 2017 4:14 am
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67366

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

endurance measures on gigabytes writen not hours in my opinion is best to not trust that trascend specs actually its measured in cycles of write for each cell. transcend-wise they had both SLC ("industrial"-labaeled)products and bit more cheap "SuperMLC" which quite meh compared to SLC, yet bit bet...
by Zorro
Sat Mar 04, 2017 4:09 am
Forum: General
Topic: official IPS/IDS in metarouter?
Replies: 3
Views: 1263

Re: official IPS/IDS in metarouter?

Well, IDS goes far further than just HTTP traffic, so it would need to tie in much tighter than just with web-proxy. A bridge of some sort would more than likely be better, just my 2c :) IPS/IDS aren't much same thing. but may/would converge in each others. or even implemented over. eg snort -alike...
by Zorro
Sat Mar 04, 2017 4:05 am
Forum: RouterBOARD hardware
Topic: Suitability: hEX or RB-3011?
Replies: 1
Views: 747

Re: Suitability: hEX or RB-3011?

RB750Gr3 version of hEX bit faster, but RB3011 still had edge here.
by Zorro
Sat Mar 04, 2017 4:02 am
Forum: RouterBOARD hardware
Topic: 1 Gbit/s connection, need router upgrade?
Replies: 21
Views: 4983

Re: 1 Gbit/s connection, need router upgrade?

I'm new to Mikrotik and looking to buy a CCR1016. What do you mean by "Second Generation"? sorry for misleading and bloated post. im mostly mean CCR1009 line changes, in CCR1016 its was more subtle, but Tilera keep improving their chips, eg smaller transistors men more speed and lower heat/power. a...
by Zorro
Sat Mar 04, 2017 3:52 am
Forum: RouterBOARD hardware
Topic: Very low wireless speed on RB941-2nd stock firmware
Replies: 3
Views: 981

Re: Very low wireless speed on RB941-2nd stock firmware

newer kernel(including updated drivers, btw0, toolchain, etc - do make difference, sometimes.
by Zorro
Mon Feb 27, 2017 8:17 am
Forum: General
Topic: NAT64 and DNS64
Replies: 77
Views: 25503

Re: NAT64 and DNS64

v6 should be end to end connection. But if mikrotik released this feature that should be +10.
not really. it "should" not.
and for that reasons both 4-to-6, 4-to-6 and even 6-to-6 NAT exist, just like 4-to-4 before. but implementation yet sporadic and incomplete, yet(to use "straight away/now").
by Zorro
Mon Feb 27, 2017 8:14 am
Forum: General
Topic: TCP window scaling for shaping downloads
Replies: 6
Views: 2816

Re: TCP window scaling for shaping downloads

im afraid thats imply different IMPLEMENTATION of certain things. eg support of things absent in 80% routers firmwares like: ECN/Backward ECN.STCP, DCTCP, WRED/RRED, BLUE(particularly SFB and RSFB), GREEN, PURPLE, TCP Cookie Transactions had to be implemented. eg basic ECN support and AQM protocols ...
by Zorro
Thu Feb 23, 2017 5:55 pm
Forum: RouterBOARD hardware
Topic: CCR1009 local link performance - what sorcery is this???
Replies: 4
Views: 881

Re: CCR1009 local link performance - what sorcery is this???

tile gx is generally tailored for HPC(super-computers, High-grade multi-chip, many-core workstations, etc) and especially in military(radars, sonars, satellite(imagery, radar, whatever) processing) and thus it rely on built-in VLIW co-process/DSP/offloading thing HEAVILIY, completely unused by ROS. ...
by Zorro
Thu Feb 23, 2017 5:47 pm
Forum: RouterBOARD hardware
Topic: RB951G-2HnD / RB450G / RB750Gr3
Replies: 3
Views: 2947

Re: RB951G-2HnD / RB450G / RB750Gr3

among those 951g/951ui for decent wifi(yet w/o high-gain antennas) and 750Gr3 for decent routing performance. 450g/850gx2 is basically ~ worthless for Home usage, but may had use if you run ISP biz or something like that. (i had both antics of, wouldn't call them "terrible", they just "not up to tod...
by Zorro
Sun Feb 19, 2017 8:42 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82247

Re: v6.39rc [release candidate] is released

noticed that last RC's of 639 both upgrade and Boot-Up MUCH faster than before.
not big deal, but not bad thing either.
by Zorro
Sun Feb 19, 2017 8:28 pm
Forum: General
Topic: DDoS force from Mikrotik devices
Replies: 8
Views: 2176

Re: DDoS force from Mikrotik devices

unless you run some services(say DNS or NNTP or anything else) Public interfaces(eg "WAN" ports) its always Neat & Safe to "whitelist access" to them. eg create "adress list" named say "whitelisted to router services access", add DNS servers ip-range to it and then make rule in "input" for them on y...
by Zorro
Sat Feb 11, 2017 1:54 am
Forum: Beginner Basics
Topic: dst NAT ports range offset
Replies: 1
Views: 512

Re: dst NAT ports range offset

yeah, why not? just make dst-nat with portrange rather than one port.
by Zorro
Sat Feb 11, 2017 1:51 am
Forum: General
Topic: DNS static records limit?
Replies: 14
Views: 3509

Re: DNS static records limit?

its more bound/limited by available memory. in result you can load things like p lowe adblock list in say 64Mb RAM devices and add malwaredomain.com atop of that on devices with 128Mb and 256Mb. its will cost Considerable amount of CPU power and time to add and notably decrease boot-up time, which i...
by Zorro
Wed Feb 08, 2017 8:29 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67366

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

the most downside its tend to be sold as "hEX" units, to increase confusion and etc. i wish MirkTik introduce NEW model, named like say "zEH" or "qEH" or "gEX" or whatever different it may be.
by Zorro
Wed Feb 08, 2017 8:27 pm
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD - DC Power
Replies: 7
Views: 1016

Re: RB2011UiAS-2HnD - DC Power

This device already has a power jack. This is a place for another one.
place for battery?
left likely for battery backup unit and right is looking for place to soldering power jack in different variant of PCB(for differen case or order?)
by Zorro
Wed Feb 08, 2017 8:23 pm
Forum: RouterBOARD hardware
Topic: 1 Gbit/s connection, need router upgrade?
Replies: 21
Views: 4983

Re: 1 Gbit/s connection, need router upgrade?

also keep in mind that "second generation" of both CCR1009 and CCR1016 also bring more performance, not just resiliency and security, management improvements. as for ARM platform: since generic/cheap SoC start shifting to A53 cores and perhaps from 2x core to 4x core - it may fit such requirements i...
by Zorro
Wed Feb 01, 2017 11:59 am
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD - DC Power
Replies: 7
Views: 1016

Re: RB2011UiAS-2HnD - DC Power

i guess its made for version for another enclosure(unified PCB save lot of time in production, generally). right was for different power socket/jack. left one i guess for backup battery of some kind. aside generic, obvious uses, both are handy if you build dense, caseless RB setup(common in small-is...
by Zorro
Wed Feb 01, 2017 11:49 am
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 13635

Re: IS-IS

Well... Cisco and Juniper also have OSPF but that didnt stopped them thinking: well IS-IS is... IS-IS after all :) It is thinking of big league players... :) i guess for same reason why CISCO didn't support things like IPIP and other MikroTik -specific things(there was Several and many of them STIL...
by Zorro
Wed Feb 01, 2017 11:39 am
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 417212

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

ROS still not scale well over multi-core and many-core processors. (as does Linux they built ROS around) orginal Tilera "Zero Overhead Linux" tailored by them for platform are built Enteriely differently with lot of stuff "in userspace", which Completely interfere with "minimal footprint/bloating" R...
by Zorro
Wed Feb 01, 2017 11:33 am
Forum: General
Topic: small ISP setup
Replies: 2
Views: 1308

Re: small ISP setup

i guess things like CCR1016 would fit that scenario bit better(not sure if CCR1009 fit "1Gbps" in "real router" configuration, eg with meaningful firewall and config of router itself. recent CCR1009 update also switchless thing, which is another(and serious!)plus for and had "silent option"/model).
by Zorro
Wed Feb 01, 2017 11:19 am
Forum: Announcements
Topic: Winbox 3.10 released!
Replies: 70
Views: 39871

Re: Winbox 3.10 released!

not crashed, yet both on "Stable", eg 1607/RS1 version and "legacy" retail build(august 2016) of Win10.
can't say anything bout "insider preview" branch, yet(not time to test this wave).
by Zorro
Wed Jan 25, 2017 9:24 pm
Forum: RouterBOARD hardware
Topic: VPN performance of different RBs
Replies: 16
Views: 14085

Re: VPN performance of different RBs

SSTP and alikes usage quite generic and common thing.
as for overhead - ANY implementation of - add considerable amount of.
and since ROS didn't support UDP version of OpenVPN nothing to argue about(eg compare with).
by Zorro
Sun Jan 22, 2017 4:50 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82247

Re: v6.39rc [release candidate] is released

It is impossible to support all the legacy stuff all the time - at some time you have to move on. You might be right, but other vendors do support this devices. If they stop the support for 6.36.4 now, it will be old within a year at lest, exactly the timeframe i neew to switch to other hardware. T...
by Zorro
Wed Jan 18, 2017 2:12 am
Forum: RouterBOARD hardware
Topic: New product : HAP Mini (RB931-2ND)
Replies: 15
Views: 7950

Re: New product : HAP Mini (RB931-2ND)

among new one of cuties devices ;) similar devices - released by bunch of major SOHO vendors, btw. so i guess its generic(and yet reasonable)trend. There is a whole world outside the North America and Europe that tries to by everything as cheap as possible! Sure, but is that a market suitable for Mi...
by Zorro
Wed Jan 18, 2017 1:59 am
Forum: Wireless Networking
Topic: rtsp and bridges with multipoint radios
Replies: 1
Views: 612

Re: rtsp and bridges with multipoint radios

even if you dislike(or cannot use) WDS for some reasons you can use MPLS(or VPLS if you need L2 somehow)? adhoc support in ROS isn't bad(in fast its one of best, so far), but still incomplete, but become option for. other popular ideas like sotware bridging over say IPIP or EOIP - kinda heavy for mi...
by Zorro
Wed Jan 18, 2017 1:51 am
Forum: RouterBOARD hardware
Topic: rb951g-2hnd or rb2011uas-2hnd-in
Replies: 7
Views: 5070

Re: rb951g-2hnd or rb2011uas-2hnd-in

more manageable(not just more efficient), adjustable antennas - may make Big difference sometimes. but some prefer 951 line because 'rackmountability from box" or simplicity/compactness. as for "1Gb ports" that are purely Marketing part of, unless you going to use them as "managed switches" with emp...
by Zorro
Wed Jan 18, 2017 1:32 am
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67366

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

Great, thanks for the diagram! Currently it is meant for 100 Mbit/s traffic @1500byte frames. Just layer 2 over layer 3, no firewall. It is meant for getting layer 2 traffic from different old fashioned wifi controller with about 300 clients maximum a central gateway. "no firewall" meant "switch" u...
by Zorro
Wed Jan 18, 2017 1:26 am
Forum: Announcements
Topic: Winbox 3.9 released!
Replies: 35
Views: 15575

Re: Winbox 3.9 released!

both 3.8 and 3.9 do random crashes on win10 x64 home and 100% crash at exiting(instead of correctly closing session). 3.7(and earlier versions) works just fine.
by Zorro
Tue Jan 03, 2017 1:31 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 37124

Re: v6.38 [current] is released!

fantastic news !!
*put teapot on, unpacked pack of (vanilla)cookies and immediately start celebrating THAT !!*
thanks for continued efforts to Improve your products/ROS, MT !!
happy new year, anyone !
by Zorro
Tue Dec 27, 2016 12:17 pm
Forum: Announcements
Topic: MikroTik News December 2016 (Issue #74)
Replies: 94
Views: 22205

Re: MikroTik News December 2016 (Issue #74)

"no switch" CCR1009 sounds cool :=)
similar devices with mediatek SoC would be cool :=) or ARM -based (A35 or A53, preferably. power/silicon-wise. and yet bang/price ratio too).
by Zorro
Sat Dec 17, 2016 5:41 am
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75142

Re: v6.38rc [release candidate] is released

as for TR-069 - we're struggled more than 3 years with some DOCSIS and EPON and VDSL vendors with hardwired TR-69/64 and its a NIGHTMARE !!! its not only partially-implemented, hardwired and extremely insecure(and to some extend cannot be shielded at all, because of implementation. and failure in ap...
by Zorro
Tue Dec 13, 2016 4:17 am
Forum: RouterBOARD hardware
Topic: Ethernet Links on different MTU
Replies: 1
Views: 577

Re: Ethernet Links on different MTU

any PMTU discovery will work. persently ROS support only ICMP-based, among standardised implementations of PMTUD. as for assembly/fragmentation in both directions - any decent router Will do that "by design". but for router to Know which is desired/optimal/supported MTU for that to work properly - i...
by Zorro
Sat Dec 10, 2016 1:13 am
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75142

Re: v6.38rc [release candidate] is released

would also like to have "anti-bruteforce" feats in Wireless package (eg in WPA2/CCM within/inside)with blocking on L1/L2 levels,eg like made PSD for generic traffic on L3.
and then in future - same against bruteforcing to winbox, webfig and telnet, API interfaces.
by Zorro
Sun Nov 27, 2016 4:15 pm
Forum: General
Topic: Feature Request: L2TPv3 Client
Replies: 18
Views: 7432

Re: Feature Request: L2TPv3 Client

It is miraculous how all the dormant forum users just waked up to write something in this topic :) Could you all be so kind and be more precise where and in what configurations are you planing to use it? some providers tend to use "very weird", substandard things in endpoint/last mile. like say one...
by Zorro
Sun Nov 13, 2016 6:53 am
Forum: RouterBOARD hardware
Topic: Antenna camouflage - which paint ?
Replies: 2
Views: 947

Re: Antenna camouflage - which paint ?

check paints specificiations. aside being neutral chemically, environment and weather -resistant(including UV impact, rain, snow, ice, etc), it may be alteast moderately biologically-neutral/safe. also part of specificication about radio transparency - usually not part of "basic" specificiation of p...
by Zorro
Sun Nov 13, 2016 6:48 am
Forum: General
Topic: Decline of Mikrotik?
Replies: 102
Views: 26573

Re: Decline of Mikrotik?

It is more than 2 and a half years since we talk about v7 Longhorn...
hm, nope. ROSv7 become "magical unicorn" for much-much longer time, actually :-)
by Zorro
Wed Nov 09, 2016 1:52 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67366

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

surely HAPr2 and HAP ACr2 will follow soon-ish, i gues ;)
by Zorro
Wed Nov 09, 2016 1:50 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 32950

Re: RB750Gr3 - Report and questions

sfp port ? what for ? SFP+ in 10GBps -capable devices make sense for uplink interfaces, but for generic devices - not really any use for. in such case - simpler to use media converter. unless if you need to use something exotic, like SFP/SFP+ -cased VDSL modem, EPON interface or LTE interface, but ...
by Zorro
Wed Nov 09, 2016 1:39 pm
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75142

Re: v6.38rc [release candidate] is released

*) discovery - added LLDP support;
I thought LLDP was already added?
LLDP itself, yes.
but not in neighboorhood/discovery.
eg, its now implemented ~ completely, basically.
i guess folks that cried about LLDP necessity - become bit happier now(party time, huh ? :).
by Zorro
Sat Oct 29, 2016 5:41 am
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 32950

Re: RB750Gr3 - Report and questions

Hopefully a version out with an SFP port. +1 I feel sorry for Mikrotik, they release a great new product and straight away people are wanting more features ! :) Frankly I find to have 1 SFP port a must these days. I can always add a switch to an ethernet. sfp port ? what for ? SFP+ in 10GBps -capab...
by Zorro
Fri Oct 28, 2016 12:30 am
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67366

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

mediatek also had 4x core variation of this chip. they didn't comment bout how(when, how)it was available and how used, but it do exist.
~ same package, ~same price, just consume 0.6W~0.8W more for 2x more performance or something like that.
by Zorro
Wed Oct 26, 2016 5:42 am
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67366

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

with recent progress in MLC reliability and endurance, is hard to justify SLC costs in most scenarios, MLC gives 2x the capacity of SLC with the same cells that means SLC cost double or gives half the capacity of MLC. Of course SLC have its niche in very i/o intensive workloads, for example caching...
by Zorro
Wed Oct 26, 2016 5:33 am
Forum: Beginner Basics
Topic: Super EASY VPN for macOS
Replies: 11
Views: 9520

Re: Super EASY VPN for macOS

L2Tp mean lot more latency, sadly than PPTP :(
and both L2TP and PPTP not reslly secure(and/or both mschap version popular behind it).
how bout MPLS+IPSec instead ? :)
performance-wise both pptp, l2tp with or without chiper - do hit heavvy :(
by Zorro
Wed Oct 26, 2016 5:27 am
Forum: General
Topic: mikrotik hacked!?
Replies: 14
Views: 3797

Re: mikrotik hacked!?

dns services is weak spot there not ROS or devices. nothing you can't do there. DNS companies would and eventually will(or officials shut them down).
by Zorro
Mon Oct 24, 2016 12:30 pm
Forum: RouterBOARD hardware
Topic: RB 850Gx2 vs RB750Gr3 performance
Replies: 10
Views: 7740

Re: RB 850Gx2 vs RB750Gr3 performance

Well I was referring to CPUs of each architecture that we actually use in our products. 74k and even 1004k was in slightly different league from e550 PPC cores, then. not "classic" cores, but -Aptiv cores and Warror cores would be more interesting PPC alternative in perspective. if Imagination Inc ...
by Zorro
Mon Oct 24, 2016 12:03 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67366

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

i think SLC would be even better in that respect. about ~30x times or so if you care about endurance and partially speed - bit more than density or cost. Agreed, unfortunately they are really expensive. The MLC based Sandisk Endurance and Lexar 633X cards are readily available, widely respected and...
by Zorro
Mon Oct 24, 2016 11:46 am
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67366

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

its cool that it had enough RAM onboard, so while you less constrained with CPU - you may actually had some use for it, then. but maybe im wrong but Mediatek had only drivers for 2.6 linux for it before and moving upstream(in say RouterOS 7 ?)may be problematic if thats not outdated info. limited on...
by Zorro
Mon Oct 24, 2016 11:36 am
Forum: RouterBOARD hardware
Topic: RB 850Gx2 vs RB750Gr3 performance
Replies: 10
Views: 7740

Re: RB 850Gx2 vs RB750Gr3 performance

ROS-wise 1004chip in 750Gr3 sounds more meaningful. and it also cheaper both itself and to implement device atop it :=) more direct comparisons for 850gx2 and 750gr3 would be ERL, ERX from competing company and some of SOHO routers, perhaps. Different architectures. PPC will be faster than mips even...
by Zorro
Mon Oct 24, 2016 11:28 am
Forum: Wireless Networking
Topic: Qualcomm 802.11ad card
Replies: 33
Views: 8745

Re: Qualcomm 802.11ad card

i guess it happen in age of 802.11ax adoption, which among other improvements - converge 60Ghz within it.
past-AX tech will borrow UWB tech from both bands, likely.
by Zorro
Mon Oct 24, 2016 11:22 am
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 144
Views: 38089

Re: v6.37.1 [current] is released!

as for excessive CPU consumption by "management" package/part of ROS - sometimes that impact of bruteforcing attempts into you devices.
by Zorro
Sat Oct 22, 2016 12:47 pm
Forum: General
Topic: [Feature][DNS] Allow 0.0.0.0 as address for DNS records
Replies: 6
Views: 2383

Re: [Feature][DNS] Allow 0.0.0.0 as address for DNS records

apparently in latest versions of Windows OS - using 127/8 will cause delays and some issues for, while 0.0.0.0.
thats blackholing-wise. for other purposes there was other specific in each generation of.
by Zorro
Sat Oct 15, 2016 8:57 pm
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75142

Re: v6.38rc [release candidate] is released

conntrack limit defaults usually not concern even on border devices. exceptions are CCR endpoints in installations/solutions where expected lot of PPS and/or DDoS attemps of many kind. or say rb850gx2, RB1200 users for example or other "border"/edge devices. (rb3011 and below aren't fill that role m...
by Zorro
Tue Oct 04, 2016 1:45 am
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75142

Re: v6.38rc [release candidate] is released

OMG .... *) discovery - added LLDP support; It's time for the party :) yeah, imagine thos people, whining/shouting/complain/asking about LLDP for months here ;) *imagines them all happier now /random picture of celebration. eg disco, drinks, girlfriends, etc/* i guess then RouterOS become closer to...
by Zorro
Wed Sep 28, 2016 8:24 am
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34837

Re: v6.37 [current] is released!

Until than I'll sit on my chair and wait :) while clicking refresh button on mikrotik download page
thats sounds quite good plan/strategy.
why don't you add warm cat/tea and/or wife/family/kids to picture ? :) for example(just kidding :).
by Zorro
Wed Sep 28, 2016 8:20 am
Forum: General
Topic: Ability to set ND and DHCP options with IPv6
Replies: 2
Views: 949

Re: Ability to set ND and DHCP options with IPv6

generally pressing on insisting complete IPv6 implementation(inlcuding consistent set of NDP features, yes)from Microsoft was generally better idea in long-term, than picking random stup-hotfix sub-standard workarounds/overrides. but frankly - there wasn't really ANY platform with COMPLETE, flawless...
by Zorro
Mon Sep 12, 2016 4:58 am
Forum: General
Topic: Feature Request v7 MacSec CCR 72 Core
Replies: 6
Views: 2136

Re: Feature Request v7 MacSec CCR 72 Core

macsec, portsec and other 801.1x-2010 features would be totally cool :)
but as already stated - that imply newer/better Phy/interfaces chips used in devices(and thus poinless for legacy devices without. eg most of RB or CCR -branded) and secondly - it mean Newer linux kernel to support that.
by Zorro
Mon Sep 12, 2016 4:22 am
Forum: Announcements
Topic: v6.36.3 [current] is released!
Replies: 43
Views: 13491

Re: v6.36.3 [current] is released!

netinstall for 636.3 version had "-tile" suffix, which is wrong or mistake i think(misleading , but dunno).
by Zorro
Fri Sep 02, 2016 11:17 am
Forum: RouterBOARD hardware
Topic: RB3011 and mini pci-e?
Replies: 9
Views: 2162

Re: RB3011 and mini pci-e?

hey maybe later version - will be released with ? :) that allow you to put 2x or even 4x TRX in it, considerably boosting radios performance(and/or expand to 60GHz or 450/145/900/50Mhz(27/28 mPCI/mPCIe cards are rare/unique and "pre-order only" in some ODM, sadly :) ISM bands where its apply/allowed...
by Zorro
Fri Sep 02, 2016 11:11 am
Forum: Beginner Basics
Topic: Recommende "IP/IP Settings"
Replies: 6
Views: 2107

Re: Recommende "IP/IP Settings"

kill redirects(very insecured/exploitable), bump icmp rate limitation a bit(to say 50-100-500), disable fast-path if you not use it(if you not ISP - you perhaps not), put RP filtering to "strict"(if you not use gear in corporate setup with (relatively)complex routing of multiple sub-networks, multin...
by Zorro
Fri Sep 02, 2016 11:06 am
Forum: General
Topic: feature request: add Port List to firewall
Replies: 34
Views: 6864

Re: feature request: add Port List to firewall

When you want to abide to what your regulator asks and want to gain performance in your router, you can make a 2-step block: in the forward rule put a match on address list that does a jump to a new chain "blockedproxies" where you put all the addresses with portnumber(s) and a block on each of the...
by Zorro
Fri Sep 02, 2016 10:55 am
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

not sure in which of latest RC's, but port scans detection - working again. (most stealth scans ~ reliably detected now as before).
that good/essential, IMHO.
by Zorro
Wed Aug 31, 2016 2:23 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

also if there wasn't "standart" radar-detection sources-code/algorythm, mandatory/enforced to use - there was some possibility to slightly tune-down radar-detection in ROS to considerably reduce amount of complains/whine about, because erratic behavior, making it kinda unusuable in several cases(wit...
by Zorro
Mon Aug 29, 2016 3:37 pm
Forum: General
Topic: how about IPFS support in ROS ? cjdns atleast ?
Replies: 4
Views: 1303

Re: how about IPFS support in ROS ? cjdns atleast ?

So, it belongs in servers, not on routers.
thats can be applied to 3/4 of ROS features, then.
SMB ? belong to servers ! tftp ? belongs to servers !! packing ? belong to servers ! webcache ? belong to servers ! and etc and etc so on and so on.
by Zorro
Mon Aug 29, 2016 3:34 pm
Forum: Wireless Networking
Topic: Radios for 100Kms range
Replies: 3
Views: 755

Re: Radios for 100Kms range

as for relatively fast-moving UAV, presuming relatively narrow-bean, usual for such links - perhaps there was none, even with motorized tracking of dishes and/or AESA/beamforming TRX. generally any ISM gear, not just WiFI -not really suitable for. you need something both dramatically more wideband a...
by Zorro
Sat Aug 27, 2016 6:01 pm
Forum: General
Topic: how about IPFS support in ROS ? cjdns atleast ?
Replies: 4
Views: 1303

Re: how about IPFS support in ROS ? cjdns atleast ?

A quick look over your links suggests these are end-point tech/protocols. How do they relate to routers? directly. its mesh routing tech, blockchain-style, comverging other tech within from web-severs, file-severs to anything else, imaginable(including presently developed commercial applications(bu...
by Zorro
Sat Aug 27, 2016 5:56 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

can there be some detail "unnecessary CPU usage in simple queues", eg not sources code of course but explanations a bit ? eg that not Break things, that several recent "improvements"/hacks did with netstack in many vendors starting from intel itself? (so in result despite being CPU-savvy queues that...
by Zorro
Sat Aug 27, 2016 5:47 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 207321

Re: Feature requests

I don't know if anyone requested adding  DPI  or User activity monitor but anyway can we have this feature Please. RouterOS is for routing, DPI is part of a UTM or NGFW solution. i would call that bullshit. you can't leave "bare naked" even backbone( even within private, isolated corporate network ...
by Zorro
Wed Aug 24, 2016 12:32 am
Forum: General
Topic: PS4 One Public IP for all?
Replies: 19
Views: 2925

Re: PS4 One Public IP for all?

as long as game didn't support "slightly different" port (in some range) choice(to override manually in config files of it)instead of default - nope, there isn't any. using UPNP only make issues instant, instead of ~ activity-based(even more for static port forwarding).not sure about PMP or PCP(both...
by Zorro
Wed Aug 24, 2016 12:26 am
Forum: General
Topic: how about IPFS support in ROS ? cjdns atleast ?
Replies: 4
Views: 1303

how about IPFS support in ROS ? cjdns atleast ?

i mean this thing https://ipfs.io https://github.com/ipfs/ipfs https://en.wikipedia.org/wiki/InterPlanetary_File_System and despite relatively low CPU performance of modern routers, its kinda temporary issue. how bout atleast cjdns ? https://en.wikipedia.org/wiki/Cjdns https://github.com/cjdelisle/c...
by Zorro
Sun Aug 21, 2016 11:28 pm
Forum: General
Topic: IPv6 and NAT - how I changed my mind
Replies: 19
Views: 8343

Re: IPv6 and NAT - how I changed my mind

since anyone recon that IPv6 aren't solution for and cause other problems, there was emerge of ad-hot adress resolution and routing thus.
things built alike cjdns(but w/o "broken by design" and "partially implemented" stuff like Ipv6 within) keep emerging, but in half dead state, yet, sadly.
by Zorro
Sun Aug 21, 2016 11:23 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

there was presumed some changes in 3.34 bootloader ?
by Zorro
Sun Aug 14, 2016 2:28 pm
Forum: General
Topic: block Windows 10 update-delivery-optimization
Replies: 20
Views: 9067

Re: block Windows 10 update-delivery-optimization

with WIndows Update itself its much simpler: you can use adress-list with ms services and put some bandwidth limitations to counter some secuirty or economical issues/disasters, eventual otherwise.
but with P2P-alike "delivery optimisation" you can't. its almost same about Tor.
by Zorro
Sun Aug 14, 2016 2:25 pm
Forum: General
Topic: Choose router?
Replies: 29
Views: 3365

Re: Choose router?

I use ssd SLC instead of MLC in my x86 server (debian). There is only one problem it does not support the TRIM. http://www.ebay.de/itm/KingSpec-SSD-1-8-Zoll-micro-SATA-64-GB-Solid-State-Drive-Festplatte-SLC-4-Kanal-/311264072852?hash=item4878c8d494:g:qDIAAOSw8d9Uv7Ez most (apacer and transcend aren...
by Zorro
Sun Aug 14, 2016 2:08 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

weird. then its must be something in router config, relate to wi-fi interface, preventing from properly exporting/upgrading it and transitioning to newer version. and thus i presume it may be very interesting to MT to take a look into, considering possible impact on other customers. downgrading boot...
by Zorro
Fri Aug 12, 2016 3:02 am
Forum: Wireless Networking
Topic: [SOLVED] How to black list some 5Ghz channels?
Replies: 6
Views: 860

Re: [SOLVED] How to black list some 5Ghz channels?

yeah, that is fantastic feature. (but for ~ complex scan list doing them manually - not easy and there was also limitation in lenght, due to possible complexity of some).
so you can either filter-out known source of interference or prevent affecting sensitive by Your gear gear.
by Zorro
Fri Aug 12, 2016 1:35 am
Forum: General
Topic: Choose router?
Replies: 29
Views: 3365

Re: Choose router?

stick to UHS-I (UHS-II feats(same to UFS, XQD, which is ~ basically propriatery fork/derrivation of UHS-II))imply extra-contacts and electrial support, underlying, which is most devices lacking aswell as UHS-I support itself, but UHS-I label atleast mean that controller within card - wouldn't be so...
by Zorro
Fri Aug 12, 2016 1:16 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 105655

Re: Blacklist Filter update script

I haven't looked through the rules / etc on your list, Dave, but I was wondering if you plan to use the Raw table for the rule to drop blacklisted source/destination packets so that they don't create entries in the connection tracking table. I do, but the vast majority of routers pulling the list a...
by Zorro
Fri Aug 12, 2016 1:12 am
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

Попробовал netinstall, интерфейса нет. Tried netinstall, interface no. http://www.pixic.ru/i/70q102X2O0a9b4f8_preview.jpg http://www.pixic.ru/i/90x1Y2q2P0w9K501_preview.jpg try to downgrade ROS to say ROS 6.35, restart, install all "wireless, disable, all but "wireless-cm2", restart router, remove ...
by Zorro
Thu Aug 11, 2016 6:22 pm
Forum: RouterBOARD hardware
Topic: ARP limit on RouterBOARDs
Replies: 6
Views: 1497

Re: ARP limit on RouterBOARDs

on most new non-ccr devices numbers bit bigger, but still insane on newer devices :)
64k ? no problem 128k ? whatever :=)
by Zorro
Thu Aug 11, 2016 6:13 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

Hi, i think is not fair to post using a non english language :idea: "not make easier to communicate" maybe, "not fair" - definitely no. having thousands of languages on Earth have nothing with "fairness". and "fairness" have nothing with "making sense". its not sport or trade to care much about "fa...
by Zorro
Mon Aug 08, 2016 12:03 pm
Forum: RouterBOARD hardware
Topic: 802.11ac mesh hardware
Replies: 1
Views: 742

Re: 802.11ac mesh hardware

can you be more specifci bout application/goal of such intent ? eg what you going to use ? BATMAN, HWM(&derrivartives), HMMP, MME ? so far MME and HWMP support in ROS ~ working. there was not much commercial(more medial, educationa, social, military, scientific and etc) applications, projects, but t...
by Zorro
Mon Aug 08, 2016 11:59 am
Forum: General
Topic: Recover My Licence ( L4 )
Replies: 10
Views: 1292

Re: Recover My Licence ( L4 )

but in past days - if you had one of you RBdevices destroyed - you may used its license to upgrade ROS license on another(within same arch), eg if you had say HAP AC broken by lighning and would like to extend you rb2011 license ot level5(or whatever deceased unit may had) - you sometimes get it. bu...
by Zorro
Mon Aug 08, 2016 11:56 am
Forum: General
Topic: Strange slow internet connections
Replies: 20
Views: 1591

Re: Strange slow internet connections

if you read SoC datasheed(used in Pi)you will be surprised how its achieve even That speed, because its Extrmely weak, not only compared to used in RB SoC, but at all.
my point is: numbers are good. nothing "wrong" happen. its how ~it should be.
by Zorro
Mon Aug 08, 2016 11:32 am
Forum: General
Topic: Choose router?
Replies: 29
Views: 3365

Re: Choose router?

stick to UHS-I (UHS-II feats(same to UFS, XQD, which is ~ basically propriatery fork/derrivation of UHS-II))imply extra-contacts and electrial support, underlying, which is most devices lacking aswell as UHS-I support itself, but UHS-I label atleast mean that controller within card - wouldn't be so ...
by Zorro
Mon Aug 08, 2016 11:25 am
Forum: Beginner Basics
Topic: Router blacklist
Replies: 4
Views: 577

Re: Router blacklist

since they employed P2p/peernet/content devivery optimisation tech, which is basically torrent-like thing - blocking only DNS isn't enough. so filtering portion of services by IP remain good idea. its easy to google which part of MS/Apple IPv4 pool was belong to what kind of services, make appropria...
by Zorro
Sat Aug 06, 2016 9:40 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

generally i noticed that in last versions(last ~5 major versions or so)of ROS6 port-scan detection stopped working :/ thats not good, IMO.
also it think both DFS and especially radar-detection - should be bit more careful and slower(extra-math behind decision-making would make sense).
by Zorro
Sat Aug 06, 2016 5:24 am
Forum: RouterBOARD hardware
Topic: ARP limit on RouterBOARDs
Replies: 6
Views: 1497

Re: ARP limit on RouterBOARDs

CCR's except 1009 had separated PHY's on each port and thus not restrained to multi-port switch chips limiations. rest are - within ~2k. (http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features) and yep, generally its not sane idea to build "too flat" network with HUGE segments, not only from secu...
by Zorro
Sat Aug 06, 2016 5:19 am
Forum: Beginner Basics
Topic: Firewall rules and block list / blacklist
Replies: 11
Views: 5723

Re: Firewall rules and block list / blacklist

logically in "forward" ppl tend to blacklist "source" lists, not destination. thats (if you like to)for "output" chain, not "forward".
fors tart try forcus on input and forward chains and put in "source" adress lsit, not destination.
by Zorro
Sat Aug 06, 2016 5:14 am
Forum: General
Topic: Feature Request: NUT Client
Replies: 24
Views: 6466

Re: Feature Request: NUT Client

NUT would be nice. My Eaton Power Systems all have NUT servers embedded. However - the MikroTik guys have stated a few times that there is no problem with RouterOS losing power, it does not hurt them. some folks i worked with - would go for anything "NUT"-labeled just "for fun", because name itself...
by Zorro
Sat Aug 06, 2016 3:30 am
Forum: Forwarding Protocols
Topic: Microtik almost killed Huawei!!
Replies: 14
Views: 3098

Re: Microtik almost killed Huawei!!

while i prefer RB devices for most uses if i "had to" go with something Chinese - i usually pick ZTE or some 2 or 3 echelon brands :) for majority of usual reasons. Huawei despite relatively big and wealthy - not introduce almost anything to networking, just "repackage and sell" others technology, e...
by Zorro
Sat Aug 06, 2016 3:10 am
Forum: General
Topic: San Diego
Replies: 4
Views: 704

Re: San Diego

looking for how conspiratory he was - would be probably penetration attempt or anything else unlawful or even may ass-a-sination attempt ;)
/joke
by Zorro
Sat Aug 06, 2016 2:58 am
Forum: Forwarding Protocols
Topic: Microtik almost killed Huawei!!
Replies: 14
Views: 3098

Re: Microtik almost killed Huawei!!

Why would you choose a Huawei over a MikroTik? I have not had a Huawei in any of my networks for over 5 years. They were all removed from service after the backdoors were discovered. its more about "unfair compatition" and "state-backed lobbysm" than something security-related. btw, because FCC, Do...
by Zorro
Sat Aug 06, 2016 2:17 am
Forum: RouterBOARD hardware
Topic: devices with 2.5GBASE-T/5GBASE-T/MGBASE-T Ethernet copper ports ?
Replies: 2
Views: 912

Re: devices with NBASE-T Ethernet copper ports ?

its was typo/mistake in title, sorry. trying to correct that. 2.5GBASE-T and 5GBASE-T meant some links to relevant RFC or wiki, like say https://en.wikipedia.org/wiki/2.5GBASE-T_and_5GBASE-T http://standards.ieee.org/develop/project/802.3bz.html http://blog.siemon.com/standards/category/ieee/ieee-80...
by Zorro
Sat Aug 06, 2016 2:07 am
Forum: General
Topic: Feature Request: NUT Client
Replies: 24
Views: 6466

Re: Feature Request: NUT Client

but it never really become "standard", yet. right? so its not really good idea to push harder for proprietary stuff that replace some of really Standard things, even if they intend to "converge" or "simplify", "unify" or whatever of them they doing. its like https://xkcd.com/927/ or something. p.s. ...
by Zorro
Sat Aug 06, 2016 12:15 am
Forum: Beginner Basics
Topic: Bridge two Mik over unauthorized router
Replies: 4
Views: 692

Re: Bridge two Mik over unauthorized router

yeah, good point. usually management(let alone ITsec guys and generi admins)had frown stance on VPN-ing from home for most employers to installations/offices, except say management or beancounters. generally its sane to ask your admin/networker to help you if thats not case and thats tolerated/allow...
by Zorro
Sat Aug 06, 2016 12:08 am
Forum: General
Topic: San Diego
Replies: 4
Views: 704

Re: San Diego

judging from http://www.mikrotik.com/consultants/northamerica/usa yea, there was some. and that depend required expertise/complesty, so unless you asking for high-grade project(eg if you buid factory or something), you may simpler ask networking and hardware forums(say PC enthusiasts or MT forums ar...
by Zorro
Fri Aug 05, 2016 11:59 pm
Forum: RouterBOARD hardware
Topic: Mikrotik ATA
Replies: 16
Views: 2939

Re: Mikrotik ATA

idea not really good. but some of qualcomm chips - support ATA/SATA interface natively(eg used in say rb3011 and in ccr1036 chips for example)so technically its possible, but make not much sense. i prefer have SD(even microSD)slot or A-type USB-slot(or both)instead in most cases. He was asking abou...
by Zorro
Fri Aug 05, 2016 11:55 pm
Forum: RouterBOARD hardware
Topic: devices with 2.5GBASE-T/5GBASE-T/MGBASE-T Ethernet copper ports ?
Replies: 2
Views: 912

devices with 2.5GBASE-T/5GBASE-T/MGBASE-T Ethernet copper ports ?

personally i would like A LOT (eg to buy and use) routers, switches that able to pull up to 2.5gb or 5Gb bandwidth/load over legacy Cat5e cable(eg with NBASE-T Phy within them).
by Zorro
Fri Aug 05, 2016 11:52 pm
Forum: RouterBOARD hardware
Topic: hap lite issue
Replies: 16
Views: 6950

Re: hap lite issue

2.23 bootloader and therefore ROS like 6.30 should be considered absolyte minumum for devices with latest qlacomm SoC inside(both mipsbe and smips based).
by Zorro
Fri Aug 05, 2016 11:26 pm
Forum: General
Topic: PS4 One Public IP for all?
Replies: 19
Views: 2925

Re: PS4 One Public IP for all?

ideally would be increase pressure on Sony to speed up implementation(as 1st grade, major level) of IPv6 support for PSN and devices(not only "gaming"-labeled), made by them.
they did it(albeit very slow)for "industrial" gear they offer, but not for PS4, yet, sadly :/
by Zorro
Wed Aug 03, 2016 10:59 pm
Forum: General
Topic: [Feature Request] 10Mhz and 5Mhz channel-width for AC capable Boards
Replies: 1
Views: 692

Re: [Feature Request] 10Mhz and 5Mhz channel-width for AC capable Boards

for long-range - narrow-band sometimes helps too.
heck i ever knew guy who run LR bridge (with both yagi and dishes) in 802.11b mode which is Crazy, IMHO(atleast in 2016 ;).
by Zorro
Tue Aug 02, 2016 9:32 am
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

Maybe true but just a speculation. Mikrotik should give real official statement to this. There are already hardlocked device versions for USA and there is also a customizable locker tool available at mikrotik website so dealers can lock devices they are selling to special wireless parameters to ful...
by Zorro
Tue Aug 02, 2016 9:24 am
Forum: General
Topic: Enable TCP ECN for bandwidth efficiency
Replies: 9
Views: 4345

Re: Enable TCP ECN for bandwidth efficiency

any chance to see update/implementation on-topic ? even w/o say PURPLE queues ( f-GREEN and s-GREEN are not ECN-dependant) there was TOO much tech in modern networking that fail to work or Severely underperfrom w/o ECN support(both support, requence, enforcement, enabled/toggled in all kinds/points ...
by Zorro
Mon Aug 01, 2016 9:57 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

 with "radar-detect" enabled will end in endless frequency search loop, even when there is realy no radar That is not true. All countries in the EU, and the USA should have already been using this setting for a long time, and there are no problems like you describe.  If that was true... We have Mik...
by Zorro
Mon Aug 01, 2016 9:52 pm
Forum: General
Topic: feature request: add Port List to firewall
Replies: 34
Views: 6864

Re: feature request: add Port List to firewall

router IS firewall and vice versa. and decent router - insecure and useless/dangerous w/o decent firewall and decent firewall ~ useless w/o routing. There is a lot of places where you have router doing just routing and firewall doing just filtering and optionally NAT:ting (of course with default ro...
by Zorro
Sat Jul 30, 2016 4:07 am
Forum: RouterBOARD hardware
Topic: RB 850Gx2 Fan PINS
Replies: 20
Views: 2745

Re: RB 850Gx2 Fan PINS

Sunon Maglev MC17080V1 uses proprietary MagLev/VapoBearing, that supposed to be better in terms of resources, but not really time-tested. so far i would sitck with ball bearings thus. eg "Sunon Maglev MC17080B1 model for example. also Maglev fans are "High Airflow" fans which would be kinda overkill...
by Zorro
Sat Jul 30, 2016 3:59 am
Forum: RouterBOARD hardware
Topic: Mikrotik ATA
Replies: 16
Views: 2939

Re: Mikrotik ATA

idea not really good. but some of qualcomm chips - support ATA/SATA interface natively(eg used in say rb3011 and in ccr1036 chips for example)so technically its possible, but make not much sense.
i prefer have SD(even microSD)slot or A-type USB-slot(or both)instead in most cases.
by Zorro
Sat Jul 30, 2016 3:56 am
Forum: RouterBOARD hardware
Topic: RB3011 (not rackmount), Hex POE (gigabit) coming soon?
Replies: 8
Views: 1748

Re: RB3011 (not rackmount), Hex POE (gigabit) coming soon?

I understand the Hex POE gig delay. I am going to deploy many hundreds of these and I don't want problems in the field. I want Mikrotik to get it right. But the 3011 non rackmount, isn't that just putting the 3011 board in a 2011 case? The delay of that product seems very odd to me. Janis told me a...
by Zorro
Sat Jul 30, 2016 3:50 am
Forum: General
Topic: feature request: add Port List to firewall
Replies: 34
Views: 6864

Re: feature request: add Port List to firewall

router IS firewall and vice versa.
and decent router - insecure and useless/dangerous w/o decent firewall and decent firewall ~ useless w/o routing.
by Zorro
Sat Jul 30, 2016 12:30 am
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

since american FCC insisting on and MT depend on american chips and sdk a lot(let alone impact of licensing issues &/or access to relevant IP/patent to use in ROS) - they had no options than to comply. radar detection isn't bad, just implementation not really flawless, yet. same about DFS itself. bu...
by Zorro
Sat Jul 30, 2016 12:25 am
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 80
Views: 24800

Re: Feature Request TR-069 CPE

usually relevant to "basic config" options/management are common in TR-069, eg to ensure consistency/integrity of configuration across network, basically(&seamlessly update it too).
by Zorro
Fri Jul 29, 2016 3:42 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57195

Re: v6.37rc [release candidate] is released, only one wireless package!

weather radars isn't worst thing. there was some air traffic radars sometimes there too. and in some regions - paramedics used that band for walkie-talkie(&in their cars). i think FCC-alike enforcements should apply to their jurisdictions(which is MT approach so far), not attempts to enforce/lock-do...
by Zorro
Sat Jul 23, 2016 2:11 am
Forum: RouterBOARD hardware
Topic: hAP lite housing
Replies: 21
Views: 3982

Re: hAP lite housing

yay for compat, generic, small "bricks" with uniform coloring(without extremes in) :-)
thats why i particulary like both HEX and HAP ac and their cases - simple&neat/practical, yet cute.
and in SOHO more wall-mountability Rule too, yep
by Zorro
Sat Jul 23, 2016 2:05 am
Forum: General
Topic: Best Way To Link Two Routers With The Same Internal Subnet
Replies: 6
Views: 806

Re: Best Way To Link Two Routers With The Same Internal Subnet

how bout trying VPLS perhaps ?
by Zorro
Sat Jul 23, 2016 2:03 am
Forum: Beginner Basics
Topic: Cloud Core vs Routerboard?
Replies: 11
Views: 4327

Re: Cloud Core vs Routerboard?

if MT make "silent" eg "-PC" version of CCR1072 that would be funny option, perhaps :)
same about new 100Core(ARM arch)Tilera chip.
by Zorro
Thu Jul 21, 2016 11:39 am
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 42040

Re: v6.36 [current] is released!

thats FANTASTIC !!
*went to make some tea to celebrate that* :)
by Zorro
Thu Jul 21, 2016 11:38 am
Forum: Wireless Networking
Topic: Solving 20km wireless link issues
Replies: 147
Views: 102105

Re: Solving 20km wireless link issues

have you ever saw some new SOHO Wi-Fi routers ? 6x antennas !! 8x antennas !! and announced development of router with 10x and 12x !!!(but 4x and 6x of them advertised as "internal", Godness :) thats crazy ! (and crazy-looking IMHO :) and eventually become mainstream so routers/AP become AFAR-alike ...
by Zorro
Thu Jul 21, 2016 11:30 am
Forum: General
Topic: LLDP
Replies: 126
Views: 42874

Re: LLDP

... it may even stops aliens invasion !! It will be "fight of the millenium" ... ROS v7 vs. Plan 9 from Outer Space ... :) :D :lol: yeah, would be Epic battle ;) and then dragonflybd versus haiku versus MorphOS versus AmigaOS versus AROS versus would be cool too. my best bets would be on dfbsd fork...
by Zorro
Thu Jul 21, 2016 11:24 am
Forum: RouterBOARD hardware
Topic: Wireless performance on hAP ac (non lite)
Replies: 14
Views: 5581

Re: Wireless performance on hAP ac (non lite)

also try different ANI modes and try enable (both)frame protection. and last but not less important: with such Small distance - you devices may simply "scream too loud" and RX on both sides start perform sub-optimal. try reduce TX power by several steps. Thanks, but I can not find ANI and frame pro...
by Zorro
Thu Jul 21, 2016 11:01 am
Forum: General
Topic: can we're have bit more AQM queues ?
Replies: 0
Views: 545

can we're have bit more AQM queues ?

i mean atlest most popular ones, RED and BLUE GREEN -derived variations. like say ARED(for adaptive, yet agressive self-tuning), RRED(for DDoS -proof environament/applications), SPI-RED and NPD-RED combo, ERED, GRED, LRED, SARED, PD-RED, AP-RED, GRED/AGRED, FRED, ENRED and etc. personally i was part...
by Zorro
Thu Jul 21, 2016 10:31 am
Forum: General
Topic: how to block hotspot shield ?
Replies: 10
Views: 3072

Re: how to block hotspot shield ?

"direct" , crash-course approach with blocking relevant CIDR is also had some popularity. https://aacable.wordpress.com/2014/12/31/blocking-hotspot-shield-in-mikrotik/ https://community.spiceworks.com/topic/277623-best-way-to-block-hotspot-shield-and-other-unwanted-proxy-vpn-style-software but you h...
by Zorro
Thu Jul 21, 2016 10:28 am
Forum: RouterBOARD hardware
Topic: Omnitik has a new PCB Design
Replies: 3
Views: 1150

Re: Omnitik has a new PCB Design

MIPSBE 4.12 isn cool too :(
by Zorro
Thu Jul 21, 2016 10:27 am
Forum: General
Topic: Unable to Downgrade new RB750Gr2 routers
Replies: 3
Views: 650

Re: Unable to Downgrade new RB750Gr2 routers

you can't revert back old, 2.22 bootloader on 750Gr2. its only prohbitted thing.
you can't also travel back and put too old ROS too(which is start support HEX ? 6.22? 6.26 ?)
so basically if you install say 6.30 and then "upgrade" loader to 2.23, reboot, then you can go (bit)more down, but not much.
by Zorro
Thu Jul 21, 2016 10:24 am
Forum: General
Topic: hap lite overclock
Replies: 4
Views: 1501

Re: hap lite overclock

unless you're in Extremely hot location, power supply quality is poor(but linear PSU bit more noise-proof in that term. but more prone to brownout and overwoltage than AC-DC-DC-based) and there was Extreme vibrations(heatsink is hold at CPU by termal compound, which is Strong, but had some Limitatio...
by Zorro
Thu Jul 21, 2016 10:18 am
Forum: General
Topic: Unusual high number of blacklist for past 7 days
Replies: 2
Views: 450

Re: Unusual high number of blacklist for past 7 days

some funky(mismanaged and ingoring abuse reports and actions)data-centers/hoster blackhosted even on some popular resources, like social networks, corporate gates and etc this one - happens to be hammered from entering FLOSS and some gamers resourcs. even in Github it was yellow-flagged. never hit m...
by Zorro
Thu Jul 21, 2016 10:09 am
Forum: RouterBOARD hardware
Topic: CCR, "enterprise ready", seriously???
Replies: 35
Views: 5786

Re: CCR, "enterprise ready", seriously???

and damage control(if you failed 'risk management')skills aswell, yep.
generally (not only in IT) "management" eg Planning thing - do 80% of time, and only Rest(time, manpower/money,etc) - will come into actual Actions.
by Zorro
Thu Jul 21, 2016 10:04 am
Forum: RouterBOARD hardware
Topic: Wireless performance on hAP ac (non lite)
Replies: 14
Views: 5581

Re: Wireless performance on hAP ac (non lite)

to OP: try play with WMM and multicast helper(try it in "full"). also try different ANI modes and try enable (both)frame protection. also temporally disable "multicast buffering" and ensuare that "polling" was disabled too. do "spectral scan" and see where is less noise in you location and less outp...
by Zorro
Thu Jul 21, 2016 9:50 am
Forum: RouterBOARD hardware
Topic: Advice needed in choosing the right Mikrotik device
Replies: 33
Views: 4319

Re: Advice needed in choosing the right Mikrotik device

I think a "hAP ac medium" is missing (lite + gigabit ports). its Exactly original hAP AC hiche. its just "overpriced too much" even compared to "recommended prices", despite hype/demands. anyway "gigabit ports" was kinda "marketing trick" with such weak CPU inside (aside HAP AC you had 1Gb PHY/port...
by Zorro
Wed Jul 20, 2016 7:36 pm
Forum: General
Topic: DHCP deassigned, assigned every few minutes?!
Replies: 8
Views: 4328

Re: DHCP deassigned, assigned every few minutes?!

maybe just signal propagation issues? eg clients - go beyond radios performance and back again.
or someone simply trying saturation/dos(not ddos;)attack ;)
consumers with worst radios performance - may had some special adjustments for or may not.
by Zorro
Wed Jul 20, 2016 7:33 pm
Forum: General
Topic: OVPN behind two NAT
Replies: 2
Views: 751

Re: OVPN behind two NAT

maybe thats some medium party to blame ? eg say ISP(of any scale) or authorities ? for multiple NAT penetration - sadly other things suit better despite flaws. like SSTP and alikes. its pain .. to use, but would Work anyway. MPLS/VPLS isn't bad option too if you had uplink/ISP supporting/offering th...
by Zorro
Wed Jul 20, 2016 7:24 pm
Forum: RouterBOARD hardware
Topic: Small switch big performance
Replies: 14
Views: 2474

Re: Small switch big performance

sounds more like top-notch CRS you need, especially if you expecting both 24 ports to be ~ more or less saturated most time.
by Zorro
Wed Jul 20, 2016 7:23 pm
Forum: RouterBOARD hardware
Topic: hAP ac (and some other new rotuers) too small flash
Replies: 53
Views: 12960

Re: hAP ac (and some other new rotuers) too small flash

It's actually not about flash price problem. But because of many peoples use cheap hardware to do advanced task like metarouter, MT think: how to sell expensive hardware to get more money? Errr... Lets say, if we decrease flash size just for basic task, then if you want to use advanced task then go...
by Zorro
Wed Jul 20, 2016 7:19 pm
Forum: RouterBOARD hardware
Topic: Wireless performance on hAP ac (non lite)
Replies: 14
Views: 5581

Re: Wireless performance on hAP ac (non lite)

I think 550Mbps over the wireless is pretty darn good. Remember the wireless specifications are a theoretical airspeed rate. Much like one cannot achieve 300Mbps over wireless N. its very depend on radio spectrum condition in link location and whole nature of connection(eg how narrowbeam it, how po...
by Zorro
Wed Jul 20, 2016 8:20 am
Forum: General
Topic: Got fq_codel yet?
Replies: 36
Views: 10943

Re: Got fq_codel yet?

I've been reading up on AQM and managing buffer sizes and was a bit disappointed to only see RED available on my MT devices. Would love to see fq_codel / RRED available in future ROS versions as buffer bloat is a huge problem among residential users. well newer kernels had serious benefits even w/o...
by Zorro
Wed Jul 20, 2016 8:14 am
Forum: RouterBOARD hardware
Topic: Is ethernet bonding at the hardware level in CCR1072-1G-8S+?
Replies: 6
Views: 1265

Re: Is ethernet bonding at the hardware level in CCR1072-1G-8S+?

thats perhaps the Only possible advantage of aggregated switch chips used in cheaper devices(eg "multiple ports in one IC"), but among them - models with natively supported bonding not common(same about say MacSec, PortSec+ and other essential stuff, not working w/o proper PHY under it).
by Zorro
Wed Jul 20, 2016 8:09 am
Forum: RouterBOARD hardware
Topic: HAP AC faulty seriers - very poor LAN performance? (switch problem)
Replies: 77
Views: 24040

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

for 200Mbps its relatively simple/cheap/weak device i think. fastrack/fastpath combo can save you from some pain, but bring new ones instead. CPU isn't powerful enough generally, but thats kinda common for SOHO networking. todays we're had WiFi routers with advertises speeds with up to 1900 or 3200 ...
by Zorro
Wed Jul 20, 2016 8:01 am
Forum: RouterBOARD hardware
Topic: CCR1036 memory upgrade question
Replies: 29
Views: 4648

Re: CCR1036 memory upgrade question

as for SDN - it will, but it not just "work over bells&whistles and magical unicrons", its need platform Beyond it to run SDN framework and thats where scalability issues happen even Before SDN benefits (may)kick in business. thats generally Generic Linux flaw and thats why Tilera - come with heavil...
by Zorro
Sun Jul 17, 2016 8:05 pm
Forum: RouterBOARD hardware
Topic: CCR, "enterprise ready", seriously???
Replies: 35
Views: 5786

Re: CCR, "enterprise ready", seriously???

tile chips originally made to embrace scalability of "Zero overhead linux" of tilera itself, where Majority of stuff - runs in user-space(eg alike "microkernel-based" OS'es, just made off mainstream Linux, just like SEL4, but with emphasis on userspace, rather than medium rings of). so my guess unti...
by Zorro
Sun Jul 17, 2016 7:57 pm
Forum: General
Topic: No Interfaces after clean install
Replies: 11
Views: 2772

Re: No Interfaces after clean install

This was already the configuration before I posted. I have a linux VM(Ubuntu) and another linux VM(CentOS) running without issues on here as well.  So I guess I'm not sure what you are saying... Change ethernet driver? that would hurt to try, but as stated above - NetExtreme II already supported by...
by Zorro
Fri Jul 15, 2016 9:08 pm
Forum: General
Topic: No Interfaces after clean install
Replies: 11
Views: 2772

Re: No Interfaces after clean install

yup. contrary to vmware, vbox, parallels and eliks - default config for - not include "stub"/default inverface in H-V.
"bare metal" broadcom NetExtreme II was supported http://wiki.mikrotik.com/wiki/Supported_Hardware for awhile by both ROS5 and ROS6.
by Zorro
Fri Jul 15, 2016 9:05 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 105655

Re: Blacklist Filter update script

how about adding fetching ads lists from popular lists(like one from say ublock 3rd subscriptions. like this one https://pgl.yoyo.org/adservers/) malware from malwaredomains.com and similar resources(known to be several comunities for) ? then you can proces/convert then and then safely block them in...
by Zorro
Fri Jul 15, 2016 8:57 pm
Forum: RouterBOARD hardware
Topic: rb3011 based on ARM CPU
Replies: 57
Views: 28410

Re: rb3011 based on ARM CPU

RB3011 without acceleration can get around 150Mbps UDP traffic with 1400 byte packets. Thank you for the informative reply mrz. That is quite impressive for software crypto. Hopefully we one day see hardware crypto on ARM. i think hardware - advance faster than sofware implmentation for "advertised...
by Zorro
Fri Jul 15, 2016 11:14 am
Forum: RouterBOARD hardware
Topic: CCR, "enterprise ready", seriously???
Replies: 35
Views: 5786

Re: CCR, "enterprise ready", seriously???

you can't blame vendor for and start calling their ger "unlreliable" just because one of units malfunctioned. there is no "absolutely reliable" hardware of any kind. and if you looking for aerospace/military-reliability-grade networking gear - rugged "by design" and Heavily tested after, but it woul...
by Zorro
Fri Jul 15, 2016 10:55 am
Forum: RouterBOARD hardware
Topic: Need Router.....
Replies: 4
Views: 743

Re: Need Router.....

sounds like entry-level CCR models meant to buy.
by Zorro
Fri Jul 15, 2016 10:52 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134247

Re: HAP AC

What is better cm2 or fp for apple devices? What is it wireless-rep? FP package was deprecated and not supported anymore. in theory "Ultimate" was rep, especially if you need its major new features, otherwise you can save bits of resources(some speculated that it somewhat more loading RAM and CPU, ...
by Zorro
Fri Jul 15, 2016 10:48 am
Forum: Beginner Basics
Topic: Performance - Speeds
Replies: 22
Views: 2683

Re: Performance - Speeds

well, aside "radio performance" sometimes CPU speed and amount of RAM - may be seriously more bottlenecking factor than radios used in. if you compare HAP AC lite with say HAP AC (in "Performance test results" below each product description page) http://routerboard.com/RB952Ui-5ac2nD http://routerbo...
by Zorro
Fri Jul 15, 2016 10:30 am
Forum: General
Topic: LLDP
Replies: 126
Views: 42874

Re: LLDP

I understand they don't have unlimited resources, which is why they must focus on the features that will benefit the most their customers and IMHO a gentle "+1" on a thread isn't a bad way to show interest in a feature ... Also first post is from 2008, so I wouldn't call that "instantly". And final...
by Zorro
Fri Jul 15, 2016 4:45 am
Forum: General
Topic: No Interfaces after clean install
Replies: 11
Views: 2772

Re: No Interfaces after clean install

they may had intel, broadcom, nexten interfaces. not sure bout broadcom, but netxen may be not supported by ROS.
by Zorro
Thu Jul 14, 2016 11:29 pm
Forum: General
Topic: IPSEC High Cpu
Replies: 5
Views: 1274

Re: IPSEC High Cpu

if under "reset to factory" you mean "reset config" then yep, it may help in some cases.
but in more serious(whin integrity of ROS itself compromised, not config/settings)Netinstall remain the Only reliable option to fix that.
same about impact of flash storage wearing off and etc issues.
by Zorro
Thu Jul 14, 2016 11:25 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

does anyone else had not working "Manual/Wiki" within WinBox since rc40? (on say HAP and HEX for example) its not big deal, but quite unusual/infrequent for. but delay/netflow jitter kinda decreased(unlikely MT backported some patches to kernel, but build with different config kinda may had same imp...
by Zorro
Mon Jul 11, 2016 9:28 pm
Forum: General
Topic: IPSEC High Cpu
Replies: 5
Views: 1274

Re: IPSEC High Cpu

if you really so desperate - i would started with Netinstall perhaps. among unsual issues - malware sometimes cause that some time ago - ROS wasn't affected(as well as majority other routers firmware, but nowadays even ROS apparently targeted by creators of). but frequency -w its usually bruteforce ...
by Zorro
Sat Jul 09, 2016 12:06 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

can i make suggestion about newly-implemented "raw table"?
its lack support for dragging/re-ordering rules there like in "firewall" and "nat", "mangle" was. that would be helpful i think.
by Zorro
Fri Jul 08, 2016 11:12 pm
Forum: General
Topic: LLDP
Replies: 126
Views: 42874

Re: LLDP

as Normis already noted - they working on LLDP implementation already and perhaps there was no need to try push/poke them about anymore. they arent 5000ppl huge corporation and thus cannot "isntantly implement whatever anyone want from thru time/space continnum". just keep you finger crossed and pat...
by Zorro
Fri Jul 08, 2016 11:03 pm
Forum: General
Topic: IPSEC High Cpu
Replies: 5
Views: 1274

Re: IPSEC High Cpu

to troubleshoot things - try after backing up present config(its a Must IMHO)before - disable or even remove some packages in say order: "Security" then "ppp", "routing", "advanced", "mpls", "muticast", "hotspot". if thats happens with "security" and you not rely much on remote monitoring(and thus n...
by Zorro
Fri Jul 08, 2016 10:58 pm
Forum: General
Topic: Feature request: SFP monitoring via SNMP
Replies: 3
Views: 973

Re: Feature request: SFP monitoring via SNMP

and native Zabic, cacti, nagios support would be cool aswell ;)
but generally - thats are Dude for :=)
by Zorro
Fri Jul 08, 2016 10:56 pm
Forum: General
Topic: [Feature Request] Description field at Firewall address-list
Replies: 10
Views: 1269

Re: [Feature Request] Description field at Firewall address-list

yeah, just like pointed already - select desired rule, do right click and you will see at bootom "Comment" context action (Ctrl-M hotkey by default)for. if you had even moderately complex(more than say 10 rules or so) config in conntract then having firewall content throughly commented/described - a...
by Zorro
Wed Jul 06, 2016 8:40 am
Forum: General
Topic: Suggestion: more friendly and intuitive Firewall in Winbox
Replies: 33
Views: 3633

Re: Suggestion: more friendly and intuitive Firewall in Winbox

Zorro- can you post a link to a presentation or howto demonstration about how easily-penetrated a stateful firewall is? you've posted this pretty often and I'm curious to see working examples, especially as demonstrated exploit of up-to-date iptables, and not using any MITM/sandbox/trojan/drive by ...
by Zorro
Wed Jul 06, 2016 1:31 am
Forum: General
Topic: Cloud Router Switch CPU usage 100%
Replies: 7
Views: 2697

Re: Cloud Router Switch CPU usage 100%

aside forwarding overhead and tranfer overhead itself - qqueues would consume CONSIDERABLE portion of CPU in routers.
if thats you case - try shift to more streamlined/lighter from present. PCQ remain popular so far for that reason generally.
by Zorro
Wed Jul 06, 2016 1:27 am
Forum: General
Topic: Failover config please
Replies: 5
Views: 663

Re: Failover config please

you can setup virtual interface in wifi. in different mode if you wish and configure(from routing and firewall to deeper things(except wifi hardware options of course ;)separetely for each.
by Zorro
Wed Jul 06, 2016 1:22 am
Forum: General
Topic: Suggestion: more friendly and intuitive Firewall in Winbox
Replies: 33
Views: 3633

Re: Suggestion: more friendly and intuitive Firewall in Winbox

OP simply not understand for example that Present approach - allow him to use COMBINATION of such fields/options in any mix to configure rule, rather than "source/destination" plain chain(which would be messy/overcomplicated "in field" with such features implemtedin). if OP care about 'readability" ...
by Zorro
Wed Jul 06, 2016 1:15 am
Forum: General
Topic: GPON support
Replies: 4
Views: 1620

Re: GPON support

I guess people are appreciating the support and update cycles they are getting from mikrotik and would like something like that for PON networks, which start to be everywhere nowadays. well people would anything from anyone, perhaps. but with limited manpower, time, money - managers&engineers alway...
by Zorro
Wed Jul 06, 2016 1:09 am
Forum: General
Topic: NAT64 and DNS64
Replies: 77
Views: 25503

Re: NAT64 and DNS64

aside NAT64 relevant things - 6877 https://tools.ietf.org/html/rfc6877 was apprently common as say wiukd 6rd, DS, DS-lite or other things from that list https://en.wikipedia.org/wiki/IPv6_transition_mechanisms (in which - ANY thing make sense and important). from proprietary stuff among it perhaps M...
by Zorro
Wed Jul 06, 2016 12:57 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

comparing old "static entries" in adress-lists and "dynamic entries" with negative lifetime(basically ~ same functionality so far) i would admit that last one - make routers boot-up a LOT faster. so if you have say 15-50(and up to 0.4m on CCR's isn't extraordinary thing, but generally uncommon)k ent...
by Zorro
Mon Jul 04, 2016 10:27 pm
Forum: General
Topic: RB2011uias-2hnd good working LTE solution?
Replies: 8
Views: 1974

Re: RB2011uias-2hnd good working LTE solution?

OK, i will ask my question different ;) What is the cheapest Mikrotik solution to get a LTE 150/300mbit connection working?  Because as i know the e3372 solution means a capped ppp connection or a hilink connection with double nat. When i am wrong please tell me. Thanks! i think rb3011 would b good...
by Zorro
Fri Jul 01, 2016 11:13 pm
Forum: General
Topic: GPON support
Replies: 4
Views: 1620

Re: GPON support

well ironically using "fitting into SFP module" ONU is suggested approach for, which isn't many brands/models, yet. cosidering bogus/substandard code and locked-down and purposely proprietary deviations from standard in almost all vendor/brand products - it would be pain in ... to support that mess ...
by Zorro
Fri Jul 01, 2016 10:58 pm
Forum: General
Topic: LLDP
Replies: 126
Views: 42874

Re: LLDP

its not that "simple" basically and tiresome amount of work, perhaps. generally both UPnP(not usre bout PCP implementations), IGMP snooping and LLDP code, available for use in ~ "complete" state - vulnerable/broken as hell and (would)expose routers almost as forrest fire in each case, implemented "f...
by Zorro
Fri Jul 01, 2016 10:55 pm
Forum: General
Topic: any opinion about RFC4821 ?
Replies: 0
Views: 523

any opinion about RFC4821 ?

eg "Packetization Layer Path MTU Discovery" from https://tools.ietf.org/html/rfc4821 ?
by Zorro
Mon Jun 20, 2016 7:56 pm
Forum: General
Topic: Feature Request: IP Multicast Routing/mDNS/Zeroconf/Bonjour
Replies: 10
Views: 7724

Re: Feature Request: IP Multicast Routing/mDNS/Zeroconf/Bonjour

oh no. even for home use - its was expose you network "too much" so even common to reduce TX(and RX threeshoold) among avahi/mdns fans(usually that folks with home NAS stuff and video recorders, both handheld stuff and security CCTV). i guess that may be considered but as optional feature, outside m...
by Zorro
Mon Jun 20, 2016 7:52 pm
Forum: General
Topic: Feature request: Stateful HA with Conntrackd
Replies: 30
Views: 7188

Re: Feature request: Stateful HA with Conntrackd

maybe. if they pack nftables in ROS7 along with new routing engine. its converges iptables, ip6tables, arptables, ebtables feats TOGETHER both for routing AND firewalling, with generalised tracking(no "per protocol" mess), rather scalable JIT and human-readable(especially for anyone w/o netfilter/ip...
by Zorro
Mon Jun 20, 2016 7:38 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154585

Re: RouterOS v7.0 beta1 - when?

That is needed id NAT64 to be able to go 100% IPv6. This is for translating from IPv6 to IPv4 for 100% IPv6 clients. both NAT6to4, NAT4to6 and even NAT6to6 was pretty common requests actuallyl aswell as differnt (not only by name, but design)implementations of Dual stack. as for kernel - moving to ...
by Zorro
Mon Jun 20, 2016 7:26 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

When the mystical unicorn that is ROSv7 comes out, it's supposed to have an enhancement to the routing filters with a new action of add prefix to address list. This will open the gates for amazing dynamic realtime blacklists distributed via BGP, and would totally obviate the problem with the adding...
by Zorro
Sat Jun 18, 2016 4:59 pm
Forum: Announcements
Topic: MikroTik News May 2016 (Issue #72)
Replies: 26
Views: 21730

Re: MikroTik News May 2016 (Issue #72)

Are you working for a Gb Powerbox? considering horserpower, required for "wire speed" of 5 -ports 1Gbps device... dat would be complicated economically. despite preconfigured in switch config defaults. so far 1Gbps interfaces on "router"-labeled devices was remain pure marketing because processing ...
by Zorro
Sat Jun 18, 2016 4:53 pm
Forum: RouterBOARD hardware
Topic: 2011 & 3011 Series with POE PORT
Replies: 7
Views: 1534

Re: 2011 & 3011 Series with POE PORT

2011/3011 fork with all(not only one)PoE out would make sense, especially in case of Standard/interoperable PoE.
aside suggested Hex poe lite and 260's - you may be also interested in say Powerbox http://routerboard.com/RB750P-PBr2
by Zorro
Sat Jun 18, 2016 4:44 pm
Forum: RouterBOARD hardware
Topic: RB3011 Block diagram?
Replies: 230
Views: 50972

Re: RB3011 Block diagram?

usually its choosen magic-driven dice roll, touched by libastral.so device/stub. and sheduling(let alone balancing or parking) generally its tricky topic even in multi-core, let alone many-core platforms. several patents hold on-topic, several research stuff still ongoing. and since ARM percentage/p...
by Zorro
Sat Jun 18, 2016 4:35 pm
Forum: General
Topic: Why is it not possible to login hotspot users via API?
Replies: 16
Views: 3980

Re: Why is it not possible to login hotspot users via API?

Please give an example use case for this. What is the purpose for authenticating a user, which is not connected?  A typical example can be authenticating hotspot users automatically via API for example. Let's say you have a button and a custom login form (different from mikrotik) and you wanted the...
by Zorro
Sat Jun 18, 2016 4:32 pm
Forum: General
Topic: 6.31 can support x64,but 6.35 can't?
Replies: 5
Views: 1170

Re: 6.31 can support x64,but 6.35 can't?

metarouter woul dbe (atelast "potentially")implemented both on Tiler and Arm arch and already discussed/requested feature, but since Tile IP(and egineers) transition to Ez Chips then to Melanox - future of such/TIle Arch isn't clear to me.
by Zorro
Sat Jun 18, 2016 4:30 pm
Forum: General
Topic: Watchdog feature request
Replies: 6
Views: 1108

Re: Watchdog feature request

There is a netwatch.
Jarda - your posts are too long and unreadable.
Next time, just say "use netwatch"
Jeez!
;)
yeah, quoting wiki part on-topic with example - would help anyone aswell, perhaps.
by Zorro
Wed Jun 15, 2016 11:04 pm
Forum: RouterBOARD hardware
Topic: RB750Gr2 + RBGPOE + RB260GS <> 1000 Mbit
Replies: 4
Views: 1069

Re: RB750Gr2 + RBGPOE + RB260GS <> 1000 Mbit

maybe its because its different kind of "PoE" perhaps? (in case of each ~device).
to have working 1Gb link you need appropriate PoE injector for.
by Zorro
Wed Jun 15, 2016 11:02 pm
Forum: Beginner Basics
Topic: strange firewall behaviour
Replies: 8
Views: 1001

Re: strange firewall behaviour

yeah, but in theory - he also may use some other things i nat aswell. among popular/generic things are: apply portrange limitation to masquerading(usually done in ISP CPE, care to filter or atleast throttle "lower"/highsec ports, eg first 1024 for example), change TTL, tweak MSS, strip IPv4 options ...
by Zorro
Wed Jun 15, 2016 10:56 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) address-list - make "dynamic=yes" as read-only option; why-y-y?.. how to add dynamic entry in this version? the goal is excluding such entries from export and NOT writing them to NAND EXACTLY!  This change was also made in 6.35.4.   It makes no sense to eliminate a configuration capability that ...
by Zorro
Tue Jun 14, 2016 12:07 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

sounds like working spike-nail, but the main question is: why silly destroy what was working before?
thats EXACTLY my point.
there was number of situations, where you may need BOTH "dynamic" OR "static" entries in adress lists, used.
by Zorro
Sat Jun 11, 2016 3:16 pm
Forum: Beginner Basics
Topic: Mikrotik to Barracuda Firewall config
Replies: 2
Views: 1397

Re: Mikrotik to Barracuda Firewall config

AFAIK ROS support AES/SHA/DH generic combo in IPSec quite well. you just need to properly import certificates into it. never did site2site on ROS, yet. so can't be particularaly helpful. but i hope you find relevant wiki pages helpful somehow. they also had cute IPSec article/book about (made by Tom...
by Zorro
Sat Jun 11, 2016 3:13 pm
Forum: Beginner Basics
Topic: Port Forward 1433
Replies: 3
Views: 1970

Re: Port Forward 1433

well then you may setup DST-NAT(either by DST-nat itself or Netmap) on appropriate ports
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT
by Zorro
Sat Jun 11, 2016 3:03 pm
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 80
Views: 24800

Re: Feature Request TR-069 CPE

my guess since nobody mentioned such feat much from MT crew/designers/PR - its was worked low-priority. i hope thats will get "green light" atleast in ROSv7, but NOT in enforced/enabled-by-default state.
by Zorro
Sat Jun 11, 2016 3:01 pm
Forum: General
Topic: Feature Request: Main login page - Company contact, and display of Router ID
Replies: 5
Views: 1064

Re: Feature Request: Main login page - Company contact, and display of Router ID

would be helpful. especially for devices installed in public places around several other companies assets so anyone would know who they should contact and how (in any relevant case).
by Zorro
Sat Jun 11, 2016 2:59 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS + MTU/L2MTU = confused
Replies: 8
Views: 3795

Re: MPLS/VPLS + MTU/L2MTU = confused

Another question when using VLAN's, MPLS, VPLS on a network,If your Max L2MTU is 1526 and MPLS interface is set to 1526, should VPLS be set to 1508 or be set higher ? i think you should decrease it each step, reserving space for relevant header portion(eg add VLAN, MPLS and other things(or combinat...
by Zorro
Sat Jun 11, 2016 2:52 pm
Forum: General
Topic: Suggestion: add more ports (two, for example) between switch-chip and cpu
Replies: 2
Views: 698

Re: Suggestion: add more ports (two, for example) between switch-chip and cpu

its all about "cost of production" of resulted/designed unit. so "ALL-in one PHY/switch" saved MT contractors - a lot of money and basically make possible to them to remain ~ affordable. but frankly-speaking - i think OP right. i would LOVE such change, eg "one PHY chip per physical interface" in ER...
by Zorro
Sat Jun 11, 2016 2:47 pm
Forum: General
Topic: raw table, NOTRACK, SYN flood
Replies: 9
Views: 7060

Re: raw table, NOTRACK, SYN flood

cool.but aside raw table that remove most overhead(because skipping before any processing happens)mentioned in changelog would admit that some networkers - didn't implement flood detection(including syn flood) in their interfaces(sometimes its make sense not only on WAN interfaces, btw. espacially i...
by Zorro
Sat Jun 11, 2016 2:42 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80543

Re: Feature Req: IKEv2 server and client

but every kid knows: unicorns are COOL.
so ROS 7 had to be too ;)
by Zorro
Sat Jun 11, 2016 2:37 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

as for "dynamic-only" adress-list options - i still don' get whole idea of removing tweaking that option from ROS :( if its used not for operrational management(eg marking and balancing, routing traffic)but for example for tracking emerging threats, then persistent elements in adress-lists - a must(...
by Zorro
Sat Jun 04, 2016 9:56 pm
Forum: General
Topic: Feature request: ability to view MAC address table (FDB)
Replies: 11
Views: 6193

Re: Feature request: ability to view MAC address table (FDB)

thats part of 802.1x-2010 subset. specifically 802.1AC and other portions.
by Zorro
Sat Jun 04, 2016 9:52 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Please fix OSPFv3, Mikrotik isnt following the RFC.

https://tools.ietf.org/html/rfc5340#appendix-A.2
perhaps you right, its "not completely imlemented" case. same about DNS, IPv6 stack and other things (like netfilter portions, RIP and etc generallty legacy stuff).
by Zorro
Fri May 27, 2016 4:37 pm
Forum: General
Topic: LLDP
Replies: 126
Views: 42874

Re: LLDP

I don't spend much time on this forum. Is Zorro a serious poster or just a troll? i frankly don't think that "seriousness" or "trolling" are mutually-exclusive things. some trolls can be quite serious(and as pointless,despite that. and some posts above is clear example of that) and some not so seri...
by Zorro
Fri May 27, 2016 8:31 am
Forum: General
Topic: LLDP
Replies: 126
Views: 42874

Re: LLDP

thats not true "most" vendors - don't give a .. about LLDP. and for very obvuiys reasons. Huh what ? Mikrotik is the only equipment we use that doesn't support LLDP ! We use it all the time on HP, Extreme and Juniper switches. which is my point actually - most of other vendors do not care much abou...
by Zorro
Fri May 27, 2016 8:19 am
Forum: Beginner Basics
Topic: Mikrotic Router
Replies: 3
Views: 515

Re: Mikrotic Router

aside powersupply and capacitors in it, it may be overheating(faulty chip, broken heatsink or termal compund or other issues).
by Zorro
Thu May 26, 2016 9:59 pm
Forum: General
Topic: LLDP
Replies: 126
Views: 42874

Re: LLDP

Also strongly support the notion to add support for LLDP.
It's standard and supported by most vendors nowadays.
thats not true "most" vendors - don't give a .. about LLDP.
and for very obvuiys reasons.
by Zorro
Thu May 26, 2016 7:14 am
Forum: RouterBOARD hardware
Topic: RouterOS x86 Max Memory
Replies: 9
Views: 4032

Re: RouterOS x86 Max Memory

apparently CHR become major MT platform for x86 ROS. just marketing priority i guess(and balancing of worktinme/expenses in lesser scale). but MT instead can "extra charge" for extended features of x86 versions. that may had 64-bit version, newer stuff in or other unusual(yet) improvements inside it...
by Zorro
Thu May 26, 2016 7:11 am
Forum: RouterBOARD hardware
Topic: 2011UiAS-2HnD strange high CPU usage
Replies: 14
Views: 2722

Re: 2011UiAS-2HnD strange high CPU usage

sidenote: just not forget to make Backup of you gear config BEFORE you do important changes and periodically(1/2 dayly or weekly atleast) in both binary and text forms !! if you on CCR/PPC then personally i would also suggest writing script that do auto-backup on external storage(USB stick or SD car...
by Zorro
Thu May 26, 2016 7:08 am
Forum: RouterBOARD hardware
Topic: mAP Lite Ethernet susceptible to interference!
Replies: 44
Views: 8002

Re: mAP Lite Ethernet susceptible to interference!

cable itself is more EMI-vulnerable(or become part of pollution itself, which is even more important, sadly :/) than connector. but if you deploy STP or CAT7 cable(or one of those "improved 6a" cables with one-two-multiple screens(but weaker than on Cat7 somewhat and with weaker cable itself and ski...
by Zorro
Thu May 26, 2016 7:03 am
Forum: General
Topic: Feature request: EAP-PEAP for wireless client
Replies: 15
Views: 5193

Re: Feature request: EAP-PEAP for wireless client

why not also EAPoL too ? in both EAP/PEAP flavors ? and probably PEAPv1/EAP-GTC too ? :)
by Zorro
Thu May 26, 2016 7:00 am
Forum: General
Topic: how can i limit users according to amount of download ?
Replies: 9
Views: 1510

Re: how can i limit users according to amount of download ?

AH scratch that. looks like you have perminant users. i was thinking about pay as you go.
oh... for roaming users - you need use "hotspot" package(and had to had appropriate ROS license level for that, btw).
by Zorro
Thu May 26, 2016 6:59 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

frankly ROS also need suuport of EAPoL rather than just EAP/PEAP over Wifi or other 802.1x flavors/portions.
by Zorro
Mon May 23, 2016 1:41 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 against x86. Is it possible to replace?
Replies: 9
Views: 1293

Re:

6.31 was not considered to be good version. Use 6.32.4 rather instead. Read some threads here to get more info.
maybe on x86 or Tile - its had some issues aswell as on PPC, but on MIPS-BE its among 6.5 one of best version for latest Qualcomm chips/SoC.
by Zorro
Mon May 23, 2016 12:51 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 314
Views: 87367

Re: Mikrotik VDSL / DSL Modem?

DSL G.Fast stays in telecom "for long". not only in both americans and in Asia. after G.Fast 2 there was proposed G.Fast 3 evolution and etc i think. but trancievers/modems/Phy become(cause more complex modulation, error control and other improvements) more complicated/sophisticated/power-hugry so b...
by Zorro
Mon May 23, 2016 12:40 pm
Forum: Wireless Networking
Topic: Wireless product max distance
Replies: 60
Views: 43307

Re: Wireless product max distance

thats right, but suggestions - may have other supporters for obvious/sane reasons, cuz customers want wider/broad comparison among All devices from MT. for WISP that not issue/interests, sure, cuz they "know what they doing", usually, but for end users - Complete antennas performance charts for calc...
by Zorro
Mon May 23, 2016 11:51 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Because PSU has nothing to do with UPS? screenshot above given "just as reference", explanation how to create additionl(to deafult/pre-created by ROS deployment itself)logging rules/policies. but you may be right, i cannot reproduce PSU failures in logs ("Critical", "Warning" and "system" are check...
by Zorro
Mon May 23, 2016 11:40 am
Forum: General
Topic: how can i limit users according to amount of download ?
Replies: 9
Views: 1510

Re: how can i limit users according to amount of download ?

write different simple queries and simple script that switch them for, after exceeding their limit, throttling heavily them further. it would be easier if queries support address lists as arguments for input/output. so you can use it for consumers put in them(with sane/relevant time-out, generally)r...
by Zorro
Mon May 23, 2016 11:15 am
Forum: General
Topic: add sftp service
Replies: 1
Views: 693

Re: add sftp service

there already such.
by Zorro
Fri May 20, 2016 8:54 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Are you sure, UPS will log PSU failures? (on CCR with redundant PSU).
and why it shouldn't ?
Image
by Zorro
Thu May 19, 2016 2:23 am
Forum: General
Topic: new kernel for new ROS
Replies: 6
Views: 2035

Re: new kernel for new ROS

They can always backport the patch to whatever kernel v7 ships with. depends. "IF" they want to. "IF" they had manpower/time/money for. "IF" they consider that important; generally keeping alive old branches - remain kinda expensive thing, so thats why relatively mid/big-sized companies(also depend...
by Zorro
Thu May 19, 2016 2:13 am
Forum: General
Topic: MPLS feature request: Management VRF
Replies: 11
Views: 4733

Re: MPLS feature request: Management VRF

VRF originally more like "simple/direct solution for small setup/companies" rather than silver/bullet, panacea :=) and yeah, MPLS/VPLS evolution itself - make more sense/weigh to me too. aswell as all this "ad-hoc" stuff, like HWMPLUS/802.11s, BATMAN v3/4/5, cjdns and few less popular options. as fo...
by Zorro
Thu May 19, 2016 2:08 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Is there a possibility to log PSU failures on CCR in future versions? and what the problem with that today ? you just need: bump "UPS" part of logging to more verbose/obvious levels than non-existent/disabled default to say "disk", "echo" or "remote" variations of. and then use that logged infor fo...
by Zorro
Tue May 17, 2016 6:19 am
Forum: General
Topic: MPLS feature request: Management VRF
Replies: 11
Views: 4733

Re: MPLS feature request: Management VRF

VRF isn't perfect/flawless and aimed for relatively "simple", compact/dumb purposes/configuration. if you need something more flexible/manageable/elegant that not grow like behemoth over time in size and in resource consumption - PBR may be another option for you. anyway, VRF do its job. maybe with ...
by Zorro
Tue May 17, 2016 6:10 am
Forum: General
Topic: new kernel for new ROS
Replies: 6
Views: 2035

Re: new kernel for new ROS

Yeah, we know. This is why v7 will get a new kernel (but not 4.6 AFAIK) Changing Kernel will break many many things, this is why it can only happen in v7 yeah, toolchain consistency - mean lot of things. but sometimes certain/many of crucial things can't be easy backported or cannot at all and thus...
by Zorro
Mon May 16, 2016 3:21 pm
Forum: General
Topic: new kernel for new ROS
Replies: 6
Views: 2035

new kernel for new ROS

i tink many may found funny and handy some features in recent 4.6 kernel. like native MacSec support(https://git.kernel.org/torvalds/c/c09440f7dcb304002dfced8c0fea289eb25f2da0) , 5 version of BATMAN(https://www.open-mesh.org/projects/batman-adv/wiki/BATMAN_V), KCM (https://git.kernel.org/cgit/linux/...
by Zorro
Sun May 15, 2016 9:09 am
Forum: General
Topic: UPnP and NAT-PMP
Replies: 13
Views: 6377

Re: UPnP and NAT-PMP

PCP would be funny things :) https://en.wikipedia.org/wiki/Port_Control_Protocol
aswell as configurable NAT-T implementation.
implementing NAT-PMP(that ought to be replaced by PCP)had not much sense by itself.
by Zorro
Fri May 06, 2016 3:44 am
Forum: General
Topic: Bye bye MIKROTIK...
Replies: 29
Views: 8811

Re: Bye bye MIKROTIK...

anything and anyone had "strong" and "weak" sides and mikrotik had some reasons/points in both devices, firmware and business design. if someone - prefer Other kind of things in each part of - they free to pick Another vendor/products. so far is generally more chinese vendors ought to compete with, ...
by Zorro
Fri May 06, 2016 3:42 am
Forum: General
Topic: Feature Request: Full soport for a ITU-T G.984
Replies: 3
Views: 1236

Re: Feature Request: Full soport for a ITU-T G.984

that not a part of ITU-T G.984.
its one of 3 major PON problems: 1. nobody care about "standards". both vendors, ISP and officials/gov't. aside other two like 2. horrible equipment. 3. lack of security in both senses. 4. technical deficiency/inferiority.
by Zorro
Thu May 05, 2016 7:16 am
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 314
Views: 87367

Re: Mikrotik VDSL / DSL Modem?

judging from g.fast generations performance and alikes - i think copper still serve LOOONG time, atleast for last 150m-400m-1km "last mile" :=) same bout DOCSIS 3.1 and other legacy things :=) ana R&D and improvements and standardization - keep flowing, albeit slower anybody thinking this way about...
by Zorro
Thu May 05, 2016 7:01 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134247

Re: HAP AC

Please consider releasing a 2nd release-version of this device with more NAND, at least 32MB. I like the device, and i like the proce, but 16MB NAND is almost to less to debug the device. I just had to uninstall most packages including advanced-tools, ipv6, lte, ... just that the device allows debu...
by Zorro
Sat Apr 30, 2016 1:30 pm
Forum: General
Topic: Better default for firewall filter
Replies: 36
Views: 3914

Re: Better default for firewall filter

i don't think present config is good in terms of "bridging anything" lan-side. aside simlicity its not secure too. as for "stock rules" - naked conntrack is ~ penetrable regardless what you put into. sadly. so far "dropping anything not established on wan"(and "related" maybe) in input/forward chain...
by Zorro
Fri Apr 29, 2016 11:18 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

i was not tested eariler snapshots, but rc10 seems had broken "export" command so managing config not really possible.
update: my mistake its worked, just differently than in ancient versions. sorry for misleading.
by Zorro
Fri Apr 29, 2016 10:12 pm
Forum: General
Topic: Better default for firewall filter
Replies: 36
Views: 3914

Re: Better default for firewall filter

aside tweaking(and possibly bloating/expanding)"deafult config" template/setup, advised by topicstarter, which i cannot wholeheartly support(but quite understand both feelings and thoughts behind. and probably experience aswell), but i do admit that improving security of products are one of most imp...
by Zorro
Thu Apr 28, 2016 6:21 pm
Forum: Beginner Basics
Topic: Block Whatsapp
Replies: 60
Views: 54265

Re: Block Whatsapp

means no need to turn DSL into bridge mode.? then how filters will be applied on users direct connected to NAT ports of DSL router. all consumers - connect to DNS-resolved resources. which in turn thanks to static DNS override and DNS bypassing/forwarding blocking combo - ensure that Nobody can acc...
by Zorro
Thu Apr 28, 2016 6:13 pm
Forum: General
Topic: Feature request: AES-NI instruction set for x86 RouterOS
Replies: 15
Views: 4557

Re: Feature request: AES-NI instruction set for x86 RouterOS

It seems likely AES-NI instruction support will be available when Mikrotik do a 64-bit x86 build. AES-NI aside, we'd see a 15% performance increase (due to correspondingly higher IPC), which is important on low-end Atom boxes. performance-wise properly implemented AES-NI - had Bigger boost than 15%...
by Zorro
Thu Apr 28, 2016 5:57 pm
Forum: General
Topic: TCP Cookie Transactions introduction ?
Replies: 0
Views: 504

TCP Cookie Transactions introduction ?

does anyone else feel that TCPCT may be "very handy" in everyday networking ?
https://en.wikipedia.org/wiki/TCP_Cookie_Transactions
https://tools.ietf.org/html/rfc6013
by Zorro
Thu Apr 28, 2016 5:50 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65101

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

as for "interfaces list" addition - how about adding "ports list" aswell then for similar purposes ?
ie to make bit more streamlined/shortened, transparet and fast config
by Zorro
Tue Apr 26, 2016 12:59 am
Forum: Forwarding Protocols
Topic: Feature request: BGP flowspec (RFC5575)
Replies: 24
Views: 6688

Re: Feature request: BGP flowspec (RFC5575)

more options are always better and "generally" always better to had "Standard" things over proprietary stuff, even if thats Cisco-stuff (or other 1st echelon brands -lobbied/used).
and generic, standardised netflow (rather than cisco fork)is way to go IMHO.
by Zorro
Tue Apr 26, 2016 12:45 am
Forum: General
Topic: Better default for firewall filter
Replies: 36
Views: 3914

Re: Better default for firewall filter

whitelisting most essential services access(from FEW present/accesible from WAN interfaces)always not bad idea.
as for DNS amp and NTP amp attacks - usually affected devices/hosts - do even more dammage to other routers in internet, than suffer themselves. that aside CPU and RAM stress.
by Zorro
Mon Apr 25, 2016 8:01 pm
Forum: General
Topic: Mikrotik GPS Sync just like Airfiber
Replies: 124
Views: 29743

Re: Mikrotik GPS Sync just like Airfiber

Just to add some ideas / reading : http://www.ieee802.org/3/time_adhoc/public/apr09/lee_01_0509.pdf thats quite short and quite old article which despite highlight basic issues and conclusions about sync and PTP, referenced only for obsolete version of 802.1AS and PTP IEEE 1588v1. IEEE1588v2 had Mu...
by Zorro
Sun Apr 17, 2016 8:40 am
Forum: General
Topic: v6.35 [current] is released!
Replies: 103
Views: 24685

Re: v6.35 [current] is released!

cool.
and changelog is impressive, indeed :=)
by Zorro
Wed Apr 13, 2016 3:31 pm
Forum: General
Topic: Feature request: AES-NI instruction set for x86 RouterOS
Replies: 15
Views: 4557

Re: Feature request: AES-NI instruction set for x86 RouterOS

but dat "accelerations" severely compromise security. its improve things bout 5x-12x times on most modern (AES-NI aware) x86 chips but at that cost ... Can you be more specific, please? What cost? Why exactly using AES-NI instructions is less secure than doing the same math using "traditional" inst...
by Zorro
Tue Apr 12, 2016 12:56 am
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19312

Re: v6.0beta2 released!

will i by upgrading to v6 beta solve my driver problem? as posted on thread below: http://forum.mikrotik.com/viewtopic.php?f=2&t=56919 also, is it gonna safe to downgrade to v5 later? yes, no. if you think newer kernel had attansic NIC driver within(which i can't say about. ask Linux kernel forums/...
by Zorro
Tue Apr 12, 2016 12:51 am
Forum: General
Topic: requesting driver for onboard atheros gigabit LAN
Replies: 16
Views: 3771

Re: requesting driver for onboard atheros gigabit LAN

not to offend anyone(if someone feel this way), but its sometimes simpler replace NIC. frankly-speaking(i saw some of on ASUS boards for example)such branded NIC - aren't well-made, had obsolete drivers(latest was Vista driver. they released Win7 drivers later(which isn't really good either). and up...
by Zorro
Tue Apr 12, 2016 12:43 am
Forum: Announcements
Topic: Newsletter 71
Replies: 66
Views: 22229

Re: Newsletter 71

AC would be more important than gigabit, so the access-points can be set to only-AC, and not A/N/AC. its time to consider to be ready for AX i think. which mean shift from 2x core to 4x core SoC within even low-end stations and routers. even low-freq ARM(coolest option was ARM A35 4x chips. A32 had...
by Zorro
Tue Apr 12, 2016 12:39 am
Forum: General
Topic: Feature Request : DSCP on DHCP packets
Replies: 17
Views: 3918

Re: Feature Request : DSCP on DHCP packets

I would suggest that, at the same time that you try to convince MikroTik that they should support this DSCP setting, you try to convince your ISP that they should not perform needless checking. Fine if they give out modems that send DHCP at higher priority, but why would you check in the server tha...
by Zorro
Tue Apr 12, 2016 12:34 am
Forum: General
Topic: Feature request: AES-NI instruction set for x86 RouterOS
Replies: 15
Views: 4557

Re: Feature request: AES-NI instruction set for x86 RouterOS

no. its not. despite NSA PR about. its not works this way and ASIC can't do that. not That "size" of logic behind AES-NI in x86 chips ;) (would be 1/3 of whole CPU ~ or around :) its achieved by purposely compromising/crippling math behind cipher in several "hot spots of code", tremendously boosting...
by Zorro
Mon Apr 11, 2016 10:23 pm
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 105598

Re: v6.35rc [release candidate] is released, new wireless package!

had weird issues with UPnP since 6.29 or later ~ in few online games, like BF4, Planetside 2(less frequent) and UT4. without UPnP its works flawless. not hard to reproduce, but time of issue after round - are vary/different/unpredictible. (other customers report other games, especially PunkBuster-aw...
by Zorro
Sun Apr 03, 2016 6:57 am
Forum: General
Topic: Mikrotik is very bad in network Solutions. why ?
Replies: 11
Views: 3134

Re: Mikrotik is very bad in network Solutions. why ?

as for ethernet and TCP/IP networking - there is no cure for L2 vulnerabilities, making stack "broken by design" by USA authority/agencies purposely to exploit that for years. thats why following 802.1x-2010 extensions pushed to market by relevant SIG and consortion(include most networking vendors a...
by Zorro
Wed Mar 30, 2016 1:12 am
Forum: General
Topic: Feature request: MLPPP server
Replies: 30
Views: 7504

Re: Feature request: MLPPP server

whats wrong with old-fashioned bonding for example ?
p.s. sorry for stupid/ignorant question. but cannot not ask.
by Zorro
Wed Mar 30, 2016 1:07 am
Forum: General
Topic: how about bigger Jumbo frames, btw ?
Replies: 8
Views: 2154

Re: how about bigger Jumbo frames, btw ?

you intentionally missed whole point of usage/purpose of Jumbo frames, then. No to the contrary, I think you are missing the whole point, because you suggest jumboframe capability in MikroTik equipment. But I won't reply anymore, I don't want to start a fight, I just think it is not useful outside ...
by Zorro
Mon Mar 28, 2016 12:41 pm
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 105598

Re: Re:

Where can I find previous version of rc files? Need 6.35rc19. http://download2.mikrotik.com/routeros/6.19/all_packages-mipsbe-6.19.zip ? actually... http://download2.mikrotik.com/routeros/6.35rc19/all_packages-mipsbe-6.35rc19.zip change the "mipsbe" to the platform you need. yeah, right. i just pic...
by Zorro
Thu Mar 24, 2016 11:43 pm
Forum: General
Topic: Feature Request : DSCP on DHCP packets
Replies: 17
Views: 3918

Re: Feature Request : CoS on DHCP packets

generally its much better to make ISP respect standards instead.
relying on 802.1x-2010 instead, for example(and MacSec, PortSec and other stuff in it), instead.
by Zorro
Thu Mar 24, 2016 11:40 pm
Forum: General
Topic: Feature request: AES-NI instruction set for x86 RouterOS
Replies: 15
Views: 4557

Re: Feature request: AES-NI instruction set for x86 RouterOS

but dat "accelerations" severely compromise security. its improve things bout 5x-12x times on most modern (AES-NI aware) x86 chips but at that cost ... think about that: there is no "free cheese/beer" in real world and "improvements" that let CPU do things 10x faster(we're talking bout 95W-178W CPU'...
by Zorro
Thu Mar 24, 2016 10:37 pm
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 105598

Re:

Where can I find previous version of rc files? Need 6.35rc19.
http://download2.mikrotik.com/routeros/ ... e-6.19.zip ?
by Zorro
Thu Mar 24, 2016 10:29 pm
Forum: Announcements
Topic: Newsletter 71
Replies: 66
Views: 22229

Re: Re:

Actual CPU like QCA9531 can provide more than 400 Mbps in duplex mode. its only possible if you run it in "dumb" configuraton, stripping off all sane firewall rules, options and routing config, no vlan for you not tunneling. which is possible frankly-speaking only in corporate invironment, not in I...
by Zorro
Sat Mar 19, 2016 2:07 pm
Forum: General
Topic: Hotspot Feature: Social Networks
Replies: 20
Views: 12524

Re: Hotspot Feature: Social Networks

in fact most here already tried to implement it, so that the "API" that you say that mikrotik available is limited, it does not have many options, At least she chose to implement some dynamic web language that could make external communication such as PHP, ahi yes it would be possible this and many...
by Zorro
Sat Mar 19, 2016 2:04 pm
Forum: General
Topic: Integrate WAN Optimization based on SoloWAN
Replies: 3
Views: 2017

Re: Integrate WAN Optimization based on SoloWAN

With userspace I meant that there is no kernel patching needed as the mikrotik kernel is heavily modified so that would be tricky to apply. A user space program with only a few dependencies should be much easier to integrate. ;-) you can use "meta-router" or "OpenFlow" features on relevant platform...