Community discussions

Search found 89 matches

  • 1
  • 2
by karwos
Wed May 29, 2019 11:58 pm
Forum: Virtualization
Topic: SR-IOV PCI bypass
Replies: 2
Views: 271

Re: SR-IOV PCI bypass

It would be big step forward - adding sr-iov drivers. They are regular ethernet drivers, so if MT can handle that out, I think baremetal x64 ROS dream would come true.
by karwos
Sun May 19, 2019 11:47 pm
Forum: SwOS
Topic: Feature Request - Link down/up count
Replies: 3
Views: 381

Re: Feature Request - Link down/up count

In SwOS? Yes, i know it is avaiable in ROS, but I dont see it nowhere in SWOS.

Xan You post screenshot and tell me whixh device does have it?

I know swos have diffrences between devices but...
by karwos
Sun May 19, 2019 11:44 pm
Forum: SwOS
Topic: SWOS or ROUTEROS: Confused
Replies: 3
Views: 379

Re: SWOS or ROUTEROS: Confused

In the end, all traffic is handled by specialised switch chip. Its just the way how HW registers of such specialises chip is configured (vlans, speed, acls, port isolations), but also way how administration os done (snmp, routeros), personal preferences. Routeros is more complex, but also can be con...
by karwos
Sat May 18, 2019 2:50 am
Forum: SwOS
Topic: Feature Request - Link down/up count
Replies: 3
Views: 381

Feature Request - Link down/up count

I think it's most missing feature, so port flaps events are much harder to diagnose.

Please consider.
by karwos
Fri May 10, 2019 2:24 pm
Forum: Virtualization
Topic: CHR + ESXI = Need urgent new version with disabled LRO / TSO
Replies: 2
Views: 422

Re: CHR + ESXI = Need urgent new version with disabled LRO / TSO

"Hello,

TSO & LRO are disabled on virtual Ethernet drivers since 6.41rc14. Our devs are looking possibility to fix TCP connection offloading issue."
by karwos
Wed May 08, 2019 3:57 am
Forum: Virtualization
Topic: CHR + ESXI = Need urgent new version with disabled LRO / TSO
Replies: 2
Views: 422

CHR + ESXI = Need urgent new version with disabled LRO / TSO

Hi, It's been 2 years now and problem is not fixed (it was reported problems w/ MPLS). I have ESXI 6 box. ESXi have disabled following flags: Net.Vmxnet3SwLRO Net.Vmxnet3HwLRO And in general, all things related to TSO/LRO, software emulation, etc. I can verify this approach in esxcfg-info -n | less ...
by karwos
Thu May 02, 2019 8:39 pm
Forum: Forwarding Protocols
Topic: Mikrotik ECMP - how nexthop is calculated? Hashing?
Replies: 2
Views: 301

Re: Mikrotik ECMP - how nexthop is calculated? Hashing?

It uses hashing: Source Address, Destination Address, Protocol, Source Port, Destination Port

That is if you are talking about IPv4
Then why single tcp connection during transfer gets randomly swapped between nexthops ?
by karwos
Thu May 02, 2019 2:41 am
Forum: Forwarding Protocols
Topic: Mikrotik ECMP - how nexthop is calculated? Hashing?
Replies: 2
Views: 301

Mikrotik ECMP - how nexthop is calculated? Hashing?

How ECMP nexthop is calculated in Mikrotik implementation? Does it hash src addr/dst addr/ports ? Or other method ? I have tested and single TCP connections and it get switched during transfer between interfaces, so looks like it's like some round-robing algorithm not related to identified flow. Is ...
by karwos
Mon Apr 29, 2019 10:11 pm
Forum: Virtualization
Topic: The CPU has been disabled by the guest operating system
Replies: 32
Views: 5445

Re: The CPU has been disabled by the guest operating system

Guys, disable conn tracking and problem will gone.
It's been known for a long time. It dies once DDOS kicks in. They not fixed that, but I can confirm disabling conntracks not causing CPU to go offline and machine halt.
by karwos
Mon Apr 29, 2019 5:01 am
Forum: General
Topic: Mikrotik ECMP - how nexthop is calculated? Hashing?
Replies: 0
Views: 159

Mikrotik ECMP - how nexthop is calculated? Hashing?

How ECMP nexthop is calculated in Mikrotik implementation? Does it hash src addr/dst addr/ports ? Or other method ? I have tested and single TCP connections and it get switched during transfer between interfaces, so looks like it's like some round-robing algorithm not related to identified flow. Is ...
by karwos
Sun Feb 10, 2019 10:31 pm
Forum: General
Topic: Beware using Winbox v3.x with ROS v5.x devices
Replies: 1
Views: 330

Beware using Winbox v3.x with ROS v5.x devices

Yes, we know 5.x is legacy systems, but since they were extremely stable, we secured them well and held upgrade process, seems will need to little speedup that. Don't use Winbox v3.11 with v5.x systems. They aren't properly closing Winbox sessions and when you open users->active session you will get...
by karwos
Mon Aug 13, 2018 9:10 pm
Forum: SwOS
Topic: Website download for CRS 2.8 links to CSS
Replies: 4
Views: 880

Re: Website download for CRS 2.8 links to CSS

Okay Now we're confused, we double checked the download link on https://mikrotik.com/download and the link for "version 2.8 for CRS328-24P-4S+" links to the https://download2.mikrotik.com/swos2/css328p/swos-css328p-2.8.bin CSS version ? Not sure if this is a fluke for not. But since the upgrade 2.8...
by karwos
Mon Aug 13, 2018 9:05 pm
Forum: SwOS
Topic: CSS326-24G-2S+ firmware 2.8 broken web UI
Replies: 4
Views: 1186

Re: CSS326-24G-2S+ firmware 2.8 broken web UI

Already tried that 3 times, waiting increasingly amounts of time 30 sec, 5 mins and 30 mins. Still no access to the gui. After upgrade to v2.8, switch goes from "static IP" to "DHCP with fallback", - looks like a bug. so put DHCP server on top of swtich and use that dynamic assigned IP to back to S...
by karwos
Sat Aug 11, 2018 1:50 pm
Forum: SwOS
Topic: CSS106, v2.8 and SFP DDM
Replies: 0
Views: 552

CSS106, v2.8 and SFP DDM

Hi, it's nice that you added SNMP for optical table. However, I couldn't get TX and RX power for CSS106. I can see all SFP info in webinterface, but in snmp i can get all values (bias, temperature, interface name, wavelength) but no TX/Rx Power. The OID i use for temperature is 1.3.6.1.4.1.14988.1.1...
by karwos
Tue Jul 03, 2018 8:58 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: CRS125 and SFP DDM
Replies: 1
Views: 342

CRS125 and SFP DDM

Is there any way to fix that damn bug?
DDM read works fine for other Mt products (crs106), but for crs125 i have to physically re-insert module (after switch bootup).. after that, DDM is readen ok...
by karwos
Tue Jul 03, 2018 8:57 pm
Forum: RouterBOARD hardware
Topic: DDM not showing on SFP prot
Replies: 2
Views: 464

Re: DDM not showing on SFP prot

Same here, on CRS106-all OK.
On CRS125 works only if you re-insert SFP module after CRS bootup. try it and let know about results.
by karwos
Fri May 25, 2018 11:06 pm
Forum: Forwarding Protocols
Topic: BGP peering route stall and rpfilter
Replies: 0
Views: 330

BGP peering route stall and rpfilter

Hi, I am *supposing* bug with rp_filter=loose option. From time to time, I am loosing connectivity with one of peering partners. Thats not L2 problem, I can refresh, resend routes, i see established session and everything seems to be OK. However, i don't see RX traffic on that interface (besides of ...
by karwos
Sun May 13, 2018 2:38 am
Forum: Virtualization
Topic: CHR kernel crash when heavy traffic
Replies: 7
Views: 1704

Re: CHR kernel crash when heavy traffic

Disable conntrack
by karwos
Sun Apr 22, 2018 1:20 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 26263

Re: v6.42 [current]

My experience of new NV2 implementation: 1) Overall throughput increased, that's true. Previously, as I look on graphs on 2 test APs it didn't reached 40MBits. Now can reach 85mbits easily. 2) However there is some problem with TDMA timing. For example, let run btest between AP with 6.42 and some 2 ...
by karwos
Sun Apr 22, 2018 12:58 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 26263

Re: v6.42 [current]

Does 5.26 to 6.41 upgrade go without problems? Jumping 43 versions ahead with MAJOR change of bridge and switch implementations? Brave move.
5.26 to 6.40 - no problems, Mr Smartie
by karwos
Sun Apr 22, 2018 4:01 am
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 26263

Re: v6.42 [current]

SXT bricked after 5.26 upgrade to 6.42
Please withdraw this release or add some warning on top.
by karwos
Sun Apr 22, 2018 12:00 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 107922

Re: v6.43rc [release candidate] is released!

Phone: huawei p9 lite Problem: slow Wlan throughput and packet loss Reported: year ago :D Fixed: in v6.43rc3 Speedtest before upgrade: 19mbit / 39mbit After upgrade: 89mbit/89mbit Wondering if "auto" channel problems fixed too. It would be prefferable to merge that fix to current/bugfix branch, so I...
by karwos
Fri Mar 16, 2018 11:03 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Does Mikrotik use underlying Quagga for BGP?
Replies: 8
Views: 1313

Re: Does Mikrotik use underlying Quagga for BGP?

I think it may be worth to proceed with extensive security audit of Mikrotik BGP implementation... It's not Quagga! Also, I can see some clear misunderstanding. BGP is a routing "control" protocol. It does no forwarding of packets so changing/upgrading BGP engine will have no effect on the packet f...
by karwos
Thu Mar 15, 2018 11:48 pm
Forum: Virtualization
Topic: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.
Replies: 8
Views: 1609

Re: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.

Bump:
When router will eventually recover from lock-up (with holdtimer expired message), even if it's receiving traffic from bgp - it's not forwarding that traffic.

Conclusion: whole routing package is going to die.
by karwos
Thu Mar 15, 2018 11:19 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Does Mikrotik use underlying Quagga for BGP?
Replies: 8
Views: 1313

Re: Does Mikrotik use underlying Quagga for BGP?

I think it may be worth to proceed with extensive security audit of Mikrotik BGP implementation...
by karwos
Thu Mar 15, 2018 11:18 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Does Mikrotik use underlying Quagga for BGP?
Replies: 8
Views: 1313

Re: Does Mikrotik use underlying Quagga for BGP?

Quagga Security Note 2018-1114 ============================== https://www.quagga.net/security/Quagga-2018-1114.txt Affects: -------- - Likely to affect all versions of Quagga Summary ------- The Quagga BGP daemon, bgpd, can double-free memory when processing certain forms of UPDATE message, containi...
by karwos
Thu Mar 15, 2018 11:17 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Does Mikrotik use underlying Quagga for BGP?
Replies: 8
Views: 1313

Re: Does Mikrotik use underlying Quagga for BGP?

Quagga Security Note 2018-1975 ============================== https://www.quagga.net/security/Quagga-2018-1975.txt Affects: -------- - Quagga version 0.99.9, and all later versions - All versions, if the "override-capability" neighbour option is set (not the default). Summary ------- The Quagga BGP ...
by karwos
Thu Mar 15, 2018 10:58 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Does Mikrotik use underlying Quagga for BGP?
Replies: 8
Views: 1313

Re: Does Mikrotik use underlying Quagga for BGP?

If Mikrotik use Quagga fork, then it may be worth fixing, cos I'm experiencing DenialOfService since last 48hrs on BOTH , independant bgp routers... Still diagnosing though. BGP Flaws Patched in Quagga Routing Software Friday, 16 February 2018 Administrator Security News 0 Comments Several vulnerabi...
by karwos
Thu Mar 15, 2018 7:59 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Does Mikrotik use underlying Quagga for BGP?
Replies: 8
Views: 1313

Does Mikrotik use underlying Quagga for BGP?

If anyone knows, I would be thankfull for the answer.
by karwos
Thu Mar 15, 2018 7:44 pm
Forum: Virtualization
Topic: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.
Replies: 8
Views: 1609

Re: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.

Does mikrotik use Quagga ? BGP Flaws Patched in Quagga Routing Software Friday, 16 February 2018 Administrator Security News 0 Comments Several vulnerabilities that could lead to denial-of-service (DoS), information disclosure, and remote code execution have been patched this week in the Quagga rout...
by karwos
Thu Mar 15, 2018 5:04 pm
Forum: Virtualization
Topic: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.
Replies: 8
Views: 1609

Re: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.

This have to be related with malcious BGP UPDATEs received. I have observed Slave server now and it looks like this: 1) It takeover traffic, when Master goes down 2) Traffic flowing NORMALLY through two BGP peers 3) It gets UNRESPONSIVE for 10-15 seconds, while i see Traffic with 1st BGP peer is 0by...
by karwos
Tue Mar 13, 2018 10:32 pm
Forum: Virtualization
Topic: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.
Replies: 8
Views: 1609

Re: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.

It have to be traffic related, there is no other f**g way. Master server crashed 19:06:59 Then, Slave took over traffic and crashed 19:07:04 I have tried 6.40.6 - no luck Testing RC with open-vm-tools now... is there anyway to enable kernel debugging and intercept the kernel panic stack calls ???
by karwos
Tue Mar 13, 2018 6:52 pm
Forum: Virtualization
Topic: CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.
Replies: 8
Views: 1609

CHR locking up again and again, VMAutomation_HandleCLIHLTEvent. Do nothing.

Any clue. Locking up on both machines. VMWare log: 2018-03-13T14:32:22.381Z| vcpu-0| I120: Vix: [35317 vmxCommands.c:7739]: VMAutomation_HandleCLIHLTEvent. Do nothing. 2018-03-13T14:32:22.381Z| vcpu-0| I120: MsgHint: msg.monitorevent.halt 2018-03-13T14:32:22.381Z| vcpu-0| I120+ The CPU has been disa...
by karwos
Tue Mar 13, 2018 6:23 pm
Forum: Virtualization
Topic: Using 'Hardware' watchdog
Replies: 1
Views: 600

Re: Using 'Hardware' watchdog

+1
Chr lockup getting to be more and more frequent and annoying
by karwos
Mon Nov 27, 2017 6:28 pm
Forum: Virtualization
Topic: CHR 6.37.5 and ESXI 6.0 - "The CPU has been disabled by the guest operating system. Power off or reset the machine"
Replies: 0
Views: 530

CHR 6.37.5 and ESXI 6.0 - "The CPU has been disabled by the guest operating system. Power off or reset the machine"

Hi! As i stated yesterday, we had hardware failure of BGP machine yesterday. I have restored BGP image on second machine. Same ESXi version, SAME hw configuration, same BGP CHR Mikrotik Image w/configuration. It worked stable since yesterday, today it hanged up and got this message in ESXi events: "...
by karwos
Sun Nov 26, 2017 6:52 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: BGP filters - set pref src with invalid IP - route silently DROPPED without any message
Replies: 1
Views: 620

BGP filters - set pref src with invalid IP - route silently DROPPED without any message

Hi Mikrotik Team, Today i had another blackout, and needed couple of long minutes to work it out what exactly happened. However, this time I cannot 100% blame Mikrotk, anyway something might be done *better* so other might have their ass saved in future. So, I have two BGP servers: 1) BGP1 2) BGP2 B...
by karwos
Thu Sep 07, 2017 12:09 pm
Forum: General
Topic: Hotspot Attack ( high CPU use )
Replies: 9
Views: 1992

Re: Hotspot Attack ( high CPU use )

i tested the above rules with hotspot login page. when i click rapidly (F5) refresh in chrome at login page i can see that mikrotik cpu usage was 20-30%. the above rules didnt filter this. when i was rapidly pressing a bookmark http link (http://www.imdb.com) at chrome the cpu usage was normal 5-10...
by karwos
Thu Sep 07, 2017 2:34 am
Forum: General
Topic: Hotspot Attack ( high CPU use )
Replies: 9
Views: 1992

Re: Hotspot Attack ( high CPU use )

Hi R1CH, Thanks for your reply. Everytime this happens I block the MAC in Hotspot > IP-Binginds. So it happened again today and here are some informations: http://prodatastelecom.com.br/assets/images/attack2.png http://prodatastelecom.com.br/assets/images/attack3.png Sometimes it does not take 100%...
by karwos
Wed Sep 06, 2017 11:20 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 31113

Re: CHR suggestions for new functionality

Guys, I think CHR should be kept clean, as it is now. It's damn small, and you can backup and restore your vm image in disaster recovery scenario quickly. Thats virtual router, not full blown linux machine. Thats why routeros (beside its bugs, sometimes) is rock solid. Adding too much stuff will en...
by karwos
Wed Sep 06, 2017 11:17 pm
Forum: Virtualization
Topic: Problem CPU CHR 100 % whit 27 GHZ xeon processor
Replies: 36
Views: 4884

Re: Problem CPU CHR 100 % whit 27 GHZ xeon processor

Hi, we have installed a CHR realease of rouuteros on a vmware VM on a dedicated host phisical machine in our datacenter. It acts as pppoe server on our network, 1850 subscribers active. On peak hours, subscribers have packet loss when they ping hosts on the internet (se when they pass through the p...
by karwos
Wed Sep 06, 2017 11:12 pm
Forum: Virtualization
Topic: Problem CPU CHR 100 % whit 27 GHZ xeon processor
Replies: 36
Views: 4884

Re: Problem CPU CHR 100 % whit 27 GHZ xeon processor

Hi, we have installed a CHR realease of rouuteros on a vmware VM on a dedicated host phisical machine in our datacenter. It acts as pppoe server on our network, 1850 subscribers active. On peak hours, subscribers have packet loss when they ping hosts on the internet (se when they pass through the p...
by karwos
Wed Sep 06, 2017 10:50 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 31113

Re: CHR suggestions for new functionality

Guys, I think CHR should be kept clean, as it is now. It's damn small, and you can backup and restore your vm image in disaster recovery scenario quickly. Thats virtual router, not full blown linux machine. Thats why routeros (beside its bugs, sometimes) is rock solid. Adding too much stuff will end...
by karwos
Sat Jul 29, 2017 1:59 pm
Forum: Announcements
Topic: v6.40 [current]
Replies: 101
Views: 21694

Re: v6.40 [current]

@TomjNorthIdaho Uplink/Downlink ratio support doesn't work. Test many times in p2p & p2mp scenario 0 extra download ratio for clients only limit upload too 20%. 0 extra download speed for clients NV2 MT 6.40 vs 6.38.5 no matter dynamic or fixed ratio. Yeah, it will limit UP speed to 20%, because it...
by karwos
Wed Jul 26, 2017 5:48 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: X86_64 ROS - 64bit Mikrotik
Replies: 79
Views: 27659

Re: X86_64 ROS - 64bit Mikrotik

I am running two BGP servers and they are just work perfect in CHR. what traffic do you have on them? BGP without full view works perfect on any RB hardware :) total ~800k routes CHR 6.37.5 vmxnet3 driver and PVSCSI driver Connection tracking ON, few queue trees, 1k simple queues, couple of firewal...
by karwos
Tue Jul 25, 2017 10:18 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: VRRP and BGP - default disabled behaviour and BGP trigger
Replies: 3
Views: 690

Re: VRRP and BGP - default disabled behaviour and BGP trigger

You should create a direct cable link between the two routers and allow them to forward packets between each other directly. This would fix your problem because when VRRP comes up, the newly-booted router could pass traffic through the well-established router while its routing table gets populated ...
by karwos
Tue Jul 25, 2017 7:33 pm
Forum: General
Topic: Hot to get Multiple Public IP's on 1 interface?
Replies: 8
Views: 2504

Re: Hot to get Multiple Public IP's on 1 interface?

Change operator. they should route a subnet for you - this is correct way.
But in this case i think VLAN is only way to go.
by karwos
Tue Jul 25, 2017 7:29 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: X86_64 ROS - 64bit Mikrotik
Replies: 79
Views: 27659

Re: X86_64 ROS - 64bit Mikrotik

Guys is there any real *benefit* from running CHR in x86_64 native environment? I know VM puts some overhead, but c'mon, that's not 2006, It's 2017 when most of hardware, including CPUs and NICs have hardware virtualization support. Overhead is small nowadays, I am running two BGP servers and they a...
by karwos
Tue Jul 25, 2017 6:55 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: VRRP and BGP - default disabled behaviour and BGP trigger
Replies: 3
Views: 690

VRRP and BGP - default disabled behaviour and BGP trigger

Hi, I am having two BGP servers in VRRP cluster, Both of servers having established BGP sessions to upstream, and prepending paaths according to VRRP situation. This work smooth and with 100ms vrrp interval, outage is no loger than 300ms. I am using preemption, because 1st server is always prefered....
by karwos
Sat Jul 15, 2017 2:42 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: SNMP Trap and Master port in switches - not working as expected
Replies: 1
Views: 437

SNMP Trap and Master port in switches - not working as expected

Hi, i have setup a SNMP trap in various of CRS switches. However, traps are reported only in slave ports. Master ports remain active, even after disconnection of cable. So please change behaviour, because it is now useless on master ports - no SNMP trap becoming because link state becomes still "act...
by karwos
Wed Jul 12, 2017 7:06 pm
Forum: SwOS
Topic: Css106 (rb260gs) v2 - any way to disable flow control
Replies: 1
Views: 554

Re: Css106 (rb260gs) v2 - any way to disable flow control

After upgrading to v2.3 i could disable flow ctrl on sfp normally.
Weird, no any info about that in changelogs.
  • 1
  • 2