Community discussions

MikroTik App

Search found 71 matches

by buraglio
Sat Jan 06, 2024 3:36 pm
Forum: SwOS
Topic: CSS106-1G-4P-1S IPv6 RA issues
Replies: 2
Views: 2841

Re: CSS106-1G-4P-1S IPv6 RA issues

This ended up being too much of an issue and I replaced the CSS106 with an RB450. Mikrotik support - this is a problem you should address, assuming it is not a user error on my part. Given that I have seen it on other platforms, I suspect perhaps it may be a chipset or SDK limitation, but either way...
by buraglio
Wed Dec 20, 2023 9:32 pm
Forum: SwOS
Topic: CSS106-1G-4P-1S IPv6 RA issues
Replies: 2
Views: 2841

CSS106-1G-4P-1S IPv6 RA issues

I will preface this by saying that I only have one SWOS device, so it's completely possible that this is user error. I operate an IPv6 only network, and other than the IPv4 necessary to manage this SWOS device, all other hosts connected are absent of IPv4. There is a problem which I have seen on som...
by buraglio
Thu Feb 16, 2023 3:28 pm
Forum: RouterOS beta
Topic: Feature Request - NAT64/DNS64 CGN
Replies: 27
Views: 21806

Re: Feature Request - NAT64/DNS64 CGN

NAT64, SIIT, SIIT-DC and the translation mechanisms are still very, very important...Please consider implementation.

Use cases can be provided if requested.
by buraglio
Thu Jan 12, 2023 5:57 pm
Forum: General
Topic: NAT64 and DNS64
Replies: 101
Views: 48828

Re: NAT64 and DNS64

Hey Mikrotik, gentle reminder that NAT64 is still pretty important and should be added ASAP. CLAT client would be pretty useful too....just sayin'.
by buraglio
Sun Nov 20, 2022 6:54 pm
Forum: RouterOS beta
Topic: Feature Request - NAT64/DNS64 CGN
Replies: 27
Views: 21806

Re: Feature Request - NAT64/DNS64 CGN

There are use cases for NAT66, especially with the absence of NPTv6, and with the dismal state of IPv6-multihoming without BGP. I have used it in rare cases with success - it solved a niche problem. The end to end principle is a lofty goal, and I support it 100%, but making the perfect the enemy of ...
by buraglio
Fri Aug 26, 2022 12:34 am
Forum: Forwarding Protocols
Topic: Feature request: BGP flowspec (RFC5575)
Replies: 29
Views: 15667

Re: Feature request: BGP flowspec (RFC5575)

it's 2022, any update on this for ROS7? Happy to test, big +1 to adding this.
by buraglio
Sun Aug 14, 2022 5:19 pm
Forum: General
Topic: NPTv6 / RFC 6296 Support?
Replies: 53
Views: 15767

Re: NPTv6 / RFC 6296 Support?

IETF can only request such a range from IANA, several of us wrote a draft requesting 200::/7 for lab space , but it was not adopted and has since expired. Given my experience so far, I would not expect that any time soon, as there is a long tail to the process, but we will continue to refine and req...
by buraglio
Tue Aug 02, 2022 4:26 pm
Forum: RouterOS beta
Topic: 802.1AE MACsec Progress or Examples ?
Replies: 40
Views: 18487

Re: 802.1AE MACsec Progress or Examples ?

This appears to be just not done or I am missing something (which is perfectly feasible). 7.4 has the same behavior, stuck in "negotiating". nb I've tried today to setup the MACsec between a 2004 and 1016, both with 7.3.1 that we have in LAB. We need to encrypt an internal gigabit link for...
by buraglio
Sat Jul 02, 2022 11:52 pm
Forum: General
Topic: NPTv6 / RFC 6296 Support?
Replies: 53
Views: 15767

Re: NPTv6 / RFC 6296 Support?

I am not proposing a solution - that isn't the point. The point of the IETF draft as well as the InfoBlox article is that there is a problem. At this time it is a problem without a good solution. If you read the IETF draft, it clearly explains that - if it doesn't let me know and I will update it. F...
by buraglio
Sat Jul 02, 2022 11:28 pm
Forum: General
Topic: NAT64 and DNS64
Replies: 101
Views: 48828

Re: NAT64 and DNS64

DNS64 is incompatible with DNSSEC. As both Android & iOS have supported 464XLAT for a number of years I would expect this approach, a Stateless IP/ICMP Translator (SIIT) at the client and NAT64 at the provider, to become more widespread so Mikrotik support for this would be good. PLAT is pretty...
by buraglio
Tue Jun 07, 2022 6:14 pm
Forum: General
Topic: NPTv6 / RFC 6296 Support?
Replies: 53
Views: 15767

Re: NPTv6 / RFC 6296 Support?

Related to the ULA discussion - ULA is functionally useless in dual stacked networks, as highlighted in the infloblox blog post above. It will almost never be used, so your mileage may vary if there is an expectation of using v6 by default in the presence of any IPv4 at all. There is an IETF draft i...
by buraglio
Fri Dec 31, 2021 7:48 pm
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 224516

Re: v7.1.1 is released!

Am I missing something or is there a pretty significant piece of BGP missing in ROS7? In ROS 6.x the ability to view advertised routes was pretty straightforward: [buraglio@gw] /routing bgp> /routing bgp advertisements print PEER PREFIX NEXTHOP AS-PATH ORIGIN LOCAL-PREF peer1. 3ffe:9440::/32 2001:db...
by buraglio
Sat Oct 30, 2021 7:48 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 309576

Re: ZeroTier added to RouterOS v7.1rc2

Has anyone seen the behavior where the networks are stuck in status="REQUESTING_CONFIGURATION" ? This worked for me for a while on 7.1RC4, but seems to be totally stuck now for whatever reason. I have not upgraded to RC5 and verified that the ZT networks do actually work. Upgrading to RC5...
by buraglio
Sat Oct 30, 2021 7:35 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 309576

Re: ZeroTier added to RouterOS v7.1rc2

Has anyone seen the behavior where the networks are stuck in status="REQUESTING_CONFIGURATION"? This worked for me for a while on 7.1RC4, but seems to be totally stuck now for whatever reason. I have not upgraded to RC5 and verified that the ZT networks do actually work.
by buraglio
Sun Oct 17, 2021 7:30 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 309576

Re: ZeroTier added to RouterOS v7.1rc2

Hello Guys, What is the procedure for connect to ZeroTier custom controller? Regards, Humberto Valencia Toxqui The procedure is no different. Once you build a cuustom controller it operates like any other. I have my test Mikrotik connected to ZeroTier networks from both the ZT cloud service as well...
by buraglio
Sat Oct 09, 2021 6:04 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 309576

Re: ZeroTier added to RouterOS v7.1rc2

Has anyone been able to get ZeroTier provisioned IPv6 addressing to work? I have tried with both my own controller and the ZT cloud controller. It appears to not work yet, but I don't want to assume I am doing it correctly since it is still RC. [buraglio@rb450Gx4v7] /ipv6/address> /system/package/pr...
by buraglio
Wed Sep 01, 2021 5:00 pm
Forum: RouterOS beta
Topic: Feature Request - NAT64/DNS64 CGN
Replies: 27
Views: 21806

Re: Feature Request - NAT64/DNS64 CGN

+1 for NAT64, NPTv6, SIIT. Very, very useful tools for v6 transitioning and new emerging markets. Having to run a NAT64 off to the side is a painful and operationally expensive measure (not to mention the capital cost associated with the commercial options)
by buraglio
Wed Jul 08, 2020 2:55 am
Forum: General
Topic: Feature request for v7.x
Replies: 296
Views: 106933

Re: Feature request for v7.x

I'd say that such an expensive hardware (as CCRs are) Apparently we have different definition of expensive... I think our CCR1009's are quite cheap. I think devs' time would be better used when implementing full feature set for IPv6 ... for example. I agree with that! But talking to MikroTIk staff ...
by buraglio
Mon May 18, 2020 4:53 pm
Forum: Forwarding Protocols
Topic: OpenFlow feature?
Replies: 17
Views: 74262

Re: OpenFlow feature?

Seconded. Faucet is unquestionably the de facto standard for doing openflow correctly in a production-ready and scalable way. They have a test suite that validates the vendor implementation making sure it's successful and supports all of the right components - the keys being multi-table and next-tab...
by buraglio
Sun Apr 05, 2020 7:21 pm
Forum: RouterOS beta
Topic: fq_codel or cake in v7
Replies: 68
Views: 41272

Re: fq_codel or cake in v7

Seconded. This would be a welcomed addition for many. Please consider it.
This is the way.
Indeed :lol:

It would be nice to be able to run either fq_codel or cake in RouterOS for better shaping options. Please consider adding this MikroTik.
by buraglio
Sat Mar 07, 2020 7:57 pm
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 39
Views: 21983

Re: WE NEED EIGRP

OSPF works fine for corporate/enterprise IS-IS works far better for 'service provider' environments EIGRP works in both This is **NOT** the way to look at routing protocols. Routing protocols solve problems. We have to stop looking at them as enterprise vs. service provider. You can't separate them...
by buraglio
Tue Apr 02, 2019 8:12 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

Dang, I was hoping I was wrong. Looking like probably not. nb With extreme fragmentation, it can result in no contiguous memory that satisfies the malloc() or realloc() and you either segfault in userland or (I'd imagine) panic in the kernel, hence the reboot even with memory theoretically available...
by buraglio
Tue Apr 02, 2019 5:17 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

More testing has yielded more data. This has not been properly replicated by anyone else that I know of, so take it as plausible hypothesis. I think I found more fallout from the ipv6 flaw: boxes that have their ND cache or their ipv6 route cache run up but not to the point of OOM reload experience ...
by buraglio
Mon Apr 01, 2019 8:13 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

I tested null routing with ip-filter enabled and it still drives the cache up. What I don't know is if /ip rp-filter also covers IPv6. If it doesn't then there appears to be no way to enable ipv6 RPF checking. Don't do full tables on CCRs. They are terrible at it. Why? Is work fine, i receive FV and...
by buraglio
Mon Apr 01, 2019 8:11 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

I understand how things work in "the infosec world". I have stated above how I describe this and I stand by my comments. Unauthenticated Denial of Service is just as I described it, and it is not exclusively in the domain of security vulnerability. It can definitely be leveraged that way, ...
by buraglio
Mon Apr 01, 2019 6:35 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

I have come pretty close to being able to exhaust the route cache "in the wild" (a controlled real network built for this purpose), meaning on gear attached to a public network. I am sure I can do it, but I want to know who else tried this. There is an old thread that implies some of this ...
by buraglio
Sun Mar 31, 2019 9:52 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

Dumb question, have you validated that this is remotely exploitable outside of a contained lab?
by buraglio
Sun Mar 31, 2019 9:10 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

If I understand correctly, you null route the offending host /128 (or /64) and the exhaustion still occurs, correct? If you null route the attacker IP address on the device that is transiting the traffic, does the OOM still occur? I am assuming that all routers are a mikrotik? I am working on this n...
by buraglio
Sun Mar 31, 2019 8:28 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

I can replicate both issues. This is very, vey easy to execute using simple, opensource pen-testing tools and is pretty effective at making a box reload, or under smaller load stop transiting traffic until the event stops. I do not consider this a security flaw at all. It's a very unfortunate implem...
by buraglio
Sun Mar 31, 2019 6:56 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

Can anyone verify in what order uRPF and route cache writes are processed? I suspect this is largely a solved problem, this was an issue in the early days of IPv6.
by buraglio
Sun Mar 31, 2019 1:42 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

Ideally this is how I would handle this. Again, we're super late in the game. 1. disclosed the environment hardware, in detail, that was used to test and confirm the the issue in. 2. have both validated it with a trusted, embargoed outside source(s). Ideally one is the vendor, clearly that didn't ha...
by buraglio
Sat Mar 30, 2019 5:58 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

No, I get it, it's not my first rodeo with zero-day or high priority CVE, or with giving talks on any number of high sensitivity or previously embargoed subjects. I agree that you have said you provided the details to them and that handling has also been poor from their side, I trust that happened i...
by buraglio
Sat Mar 30, 2019 5:50 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

Fair point, and great job on providing v6 back that far - few ISPs have that foresight. It's hard to infer context from a forum, and this thread runs the line of going "full-on UBNT forum" as it touches on a lot of peoples long held beliefs. Again, people should do what works for them. I'm...
by buraglio
Sat Mar 30, 2019 5:39 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

The ugly baby is how this has been dealt with over time, it isn't anyones process or workflow. Read my previous post. I stand by my statement - this has been handled poorly on all sides and because of this unnecessarily bad and totally avoidable mis-handling if it, we're forced to treat it like a ze...
by buraglio
Sat Mar 30, 2019 4:44 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

Totally disabling IPv6 before the details of the bug as well as how to exploit it are even public is over-reactionary and knee-jerk extreme, especially since MT has said that a fix will be available before the disclosure. As a relative outsider that has been involved in this kind of thing in the pas...
by buraglio
Fri Mar 29, 2019 6:45 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 80952

Re: UKNOF 43 CVE

I've been watching this quietly since it started. One of these CVEs, while important to note, is pretty straightforward to replicate with off the shelf, open source tools. I suspect the other is as well but I have not yet done so. MT should definitely address this and add testing of neighbor table i...
by buraglio
Wed Nov 21, 2018 4:34 pm
Forum: Forwarding Protocols
Topic: State of Openflow
Replies: 15
Views: 11962

Re: State of Openflow

Please MikroTik staff, any news about OpenFlow 1.3 or higher? I only need a date: 2018, 2019, 2020, ... SDN is here and we need to know if we can go forward with MikroTik or change to another manufacturer. Thanks. Any update? If this is ever going to happen it needs to meet a handful of requirement...
by buraglio
Fri Dec 22, 2017 4:26 pm
Forum: Forwarding Protocols
Topic: State of Openflow
Replies: 15
Views: 11962

Re: State of Openflow

Any news about OpenFlow 1.3 or higher? All the described features are in our todo list, thank you for raising the questions. At the moment there is no specific timeframe, when features will be available. My guess is that since OpenFlow has mostly being leveraged in datancenters and enterprise netwo...
by buraglio
Mon Nov 27, 2017 6:21 am
Forum: General
Topic: Feature Request: zerotier vpn
Replies: 32
Views: 17372

Re: Feature Request: zerotier vpn

Agreed, ZT + MT would be freaking amazing. I'd be more than willing to help alpha this.
+1 using ZT since the start its amazing and would be a great addition to mikrotik.
by buraglio
Wed Jul 19, 2017 8:10 pm
Forum: Wireless Networking
Topic: Disable CAPs
Replies: 2
Views: 11525

Re: Disable CAPs

It seems as if this was more simple than I expected.
[admin@wap1] /interface wireless cap> set enabled=no
by buraglio
Wed Jul 19, 2017 7:51 pm
Forum: Wireless Networking
Topic: Disable CAPs
Replies: 2
Views: 11525

Disable CAPs

I have a few wAP AC units that are currently configured for CAPsMAN management via an external CCR. I see how to enable that mode, but how do I disable it? I tried just doing the same process again but didn't have much luck. Hopefully I am just overlooking something simple.

Thanks!
nb
by buraglio
Fri Jul 07, 2017 4:36 pm
Forum: General
Topic: My IPv6 Triage List for ROS
Replies: 48
Views: 11838

Re: My IPv6 Triage List for ROS

[quote="maznu"]Excellent thread. I would like to add: IPv6 route rules and VRF The ability to do /ipv6 route rule routing-mark="foo" ... (and corresponding /ipv6 route routing-mark="foo" ... ) would be fantastic. Even older Linux kernels support this already (3.2.0 test...
by buraglio
Fri Jul 07, 2017 4:30 pm
Forum: General
Topic: Can SSH keys be listed or printed using CLI?
Replies: 3
Views: 1320

Re: Can SSH keys be listed or printed using CLI?

Is there a command to print or at least list existing public SSH keys installed? I cannot see them using /export The best way I have found for getting basic information is "/user ssh-key print detail" but it's not the content, which is obviously not ideal. You can see content of files lik...
by buraglio
Fri Jul 07, 2017 4:27 pm
Forum: General
Topic: Can SSH keys be listed or printed using CLI?
Replies: 3
Views: 1320

Re: Can SSH keys be listed or printed using CLI?

Is there a command to print or at least list existing public SSH keys installed? I cannot see them using /export Best I've found is , but it's no /user ssh-keys print detail t the content, which is obviously not ideal. You can see content of files like certificates with /file print detail , but as ...
by buraglio
Fri Jul 07, 2017 4:26 pm
Forum: General
Topic: Can SSH keys be listed or printed using CLI?
Replies: 3
Views: 1320

Re: Can SSH keys be listed or printed using CLI?

Is there a command to print or at least list existing public SSH keys installed? I cannot see them using /export Best I've found is /user ssh-keys print detail , but it's not the content, which is obviously not ideal. You can see content of files like certificates with /file print detail , but as f...
by buraglio
Wed Jul 05, 2017 9:07 pm
Forum: General
Topic: CAPsMAN with VPLS
Replies: 1
Views: 833

Re: CAPsMAN with VPLS

I also forgot to mention that CAPsMAN seems to work fine with simple lan bridging, but I'd like to have consistency in the overlay, thus the desire to do VPLS.

nb
by buraglio
Wed Jul 05, 2017 9:06 pm
Forum: General
Topic: CAPsMAN with VPLS
Replies: 1
Views: 833

CAPsMAN with VPLS

I've been fighting with getting CAPsMAN to work with a handful of RouterBOARD wAP G-5HacT2HnD using VPLS ass the L2 transport without much luck. MPLS/VPLS is working as expected and is able to transport LSPs to other non-wireless gear, but the hAC units seem to only support bridging with VLANs. I ha...
by buraglio
Wed Jul 05, 2017 4:26 pm
Forum: General
Topic: Capsman forwarding not compatible with IPv6
Replies: 13
Views: 5378

Re: Capsman forwarding not compatible with IPv6

Yes, I'm very, very familiar with IPv6 (but very much a novice when it comes to CAPsMAN). However, I think we're talking about two different things. My configuration is far more rudimentary than yours. I use CAPsMAN to manage a handful of last mile APs that hosts directly connect to, not that are CP...
by buraglio
Sat Jul 01, 2017 3:42 am
Forum: General
Topic: Capsman forwarding not compatible with IPv6
Replies: 13
Views: 5378

Re: Capsman forwarding not compatible with IPv6

Do you have an example config that isn't working? I've been using CAPSman with full dual stack for some time. I'm in the process of converting it all over to VPLS, but not forwarding IPv6 never popped up as an issue with me original config.

nb
by buraglio
Wed May 31, 2017 5:47 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

Great info, thanks for sharing. Of course it should work OK with a bridge but there are known issues with bridges in a couple of recent versions and the easiest way to work around them is not use a bridge when you don't need it. And having a bridge just to put 4 ethernet ports in a bridge group that...
by buraglio
Tue May 30, 2017 5:41 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

Come on, really??? Move all config from your bridge1 to ether2-master, make ether2-ether4 a slave of etner2-master and delete your bridge. I don't think that this is a well known caveat. For those that may have come from a more traditional layer3 switching background, or running Linux/Unix devices ...
by buraglio
Tue May 30, 2017 4:26 pm
Forum: General
Topic: Feature Request: IPerf
Replies: 70
Views: 24050

Re: Feature Request: IPerf

Ok, Mikrotik, can we have any rough statement to this? At least if iperf was denied, or if we can expect it in v7 since its beginning or in v6 yet since 6.39.2? :-) To add, iperf3 should be fairly easy to add - My understanding is that it's being ported to some CPE in the states. Along the same lin...
by buraglio
Thu Apr 06, 2017 11:32 pm
Forum: General
Topic: Feature request for v7.x
Replies: 296
Views: 106933

Re: Feature request for v7.x

Another potentially easier option for implementing segment routing would be to implement IPv6-SR (and the SRH). I'd personally rather have IS-IS because I believe it is a significantly better protocol, but implementation if SRH would likely be easier since there is already an IPv6 stack and public c...
by buraglio
Thu Mar 16, 2017 5:21 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

It could well be that because I normally use a bridge only when it really cannot be avoided. The examples I gave all have the DHCP server on an ethernet port or at most on a VLAN interface. This is great info - I have seen that there seems to be an apprehension to using bridges, is there a reason f...
by buraglio
Thu Mar 16, 2017 4:40 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

Interesting. In most of these cases the DHCP server is on a bridge. I'll check the admin-mac. I thought I had that set but there is a chance I am mis-remembering. Is this documented as undesirable or unsupported anywhere? Great info - thanks a bunch. nb I have seen this happen where the DHCP server ...
by buraglio
Thu Mar 16, 2017 2:58 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

I still maintain that the dhcp server isn't up to par. Or maybe it is your configuration that is not OK. I use the MikroTik DHCP server on several networks (often 2-4 networks on a single router) without any problem other than the occasional trouble with Apple clients. Sure, anything's possible. Ho...
by buraglio
Wed Mar 15, 2017 11:37 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

Oh no, I wasn't clear. It just made it easy to reproduce in that I can update to that version and cause the behavior. It didn't solve it for a number of locations. I still maintain that the dhcp server isn't up to par. I'm moving almost everything to ISC at this point, which I know well and does qui...
by buraglio
Wed Mar 15, 2017 8:16 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

Another data point: Upgrading to 6.38.5 seems to cause this behavior pretty to occur reliably for me on multiple platforms. Downgrading to the bugfix 6.37.5 fixes the issue.
by buraglio
Sat Mar 11, 2017 4:34 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

Packet loss is a problem everywhere, but I am unconvinced that it is the issue since I replaced everything including fiber, twisted pair, ROS devices, patch cables and structured cabling. Dropping in a stand alone dhcp server solved the issue immediately and permanently. I also saw no evidence of pa...
by buraglio
Fri Mar 10, 2017 8:16 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

I mostly saw this with embedded devices, predominately based on linux - but there is no exclusivity. I saw it on some apple iOS based devices, some chromebooks, some MacOS based laptops and desktops and one Windows 7 VM. There were a number of static DHCP entries, and those are the ones that had mos...
by buraglio
Fri Mar 10, 2017 7:55 pm
Forum: General
Topic: Duplicate Address Detection Proxy
Replies: 1
Views: 1522

Re: Duplicate Address Detection Proxy

RouterOS seems to support DAD, although I have been struggling to figure out how to clear it. I've done a lot of IPv6 deployments, I'd be happy to chat in the thread or offline if you'd like.

nb
by buraglio
Sun Feb 19, 2017 4:00 am
Forum: General
Topic: Feature request for v7.x
Replies: 296
Views: 106933

Re: Feature request for v7.x

IS-IS would be amazing . The ability to manage more than one routed protocol inside a single routing protocol that does not rely on the protocol it is routing for communication seems like a self evident great idea to me - but i don't have to code it and I get that building ISO/CLNS likely isn't stra...
by buraglio
Sun Feb 19, 2017 3:44 am
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

Yes, I have seen this behavior with 3 different routerboards in this environment over the last 18 or so months. A CRS, an RB2011 and an RB3011. The entire infrastructure is been replaced at this point with the exception of the structured cabling, which isn't in the critical path (and has been remove...
by buraglio
Sun Feb 19, 2017 3:23 am
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

I've tested these cables for continuity as well as attenuation and xtalk, they all test fine. In addition, there are clients attached via fiber (fiber also cleaned, scoped, and verified). I am not convinced that this is a physical issue since I have literally replaced everything in the path, with th...
by buraglio
Sat Feb 18, 2017 4:26 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

That's a good thought. I typically start my troubleshooting at layer 1, I've replaced the cabling (twice) during the process of seeing this and cable tested each time. Stats on the interfaces to the RB looks reasonable: 0 name="ether1" driver-rx-byte=27 026 766 911 driver-rx-packet=30 917 ...
by buraglio
Fri Feb 17, 2017 5:57 am
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Yet another "dhcp,warning offering lease without success" issue

I've been plagued with this issue "feb/16 16:21:34 dhcp,warning vlan8-lan offering lease without success" and have yet to figure out what the root cause is. I have built and rebuilt 3 MT devices, a CRS125, a RB2011 and most recently an RB3011. The problem has shown up in the current versio...
by buraglio
Wed Jun 15, 2016 10:51 pm
Forum: Forwarding Protocols
Topic: State of Openflow
Replies: 15
Views: 11962

Re: State of Openflow

I'd love to seen an update on this. Anyone? 
by buraglio
Wed Jun 15, 2016 10:49 pm
Forum: Forwarding Protocols
Topic: Any plans to implement segment routing
Replies: 5
Views: 2728

Re: Any plans to implement segment routing

Segment routing seems to be the thing to do at the moment to build a mpls network. Any plans? Realizing that this is an old topic, I'd also be interested in it. Segment routing brings a large set of highly desirable features around traffic control and simplification of configuration and troubleshoo...
by buraglio
Mon Jan 18, 2016 4:19 pm
Forum: Forwarding Protocols
Topic: State of Openflow
Replies: 15
Views: 11962

Re: State of Openflow

I didn't find a config guide, I just worked it out myself. I've been using OpenFlow since 2009 so it wasn't unfamiliar. I'm willing to write up a guide if folks are interested, but the bulk of the work isn't in routerOS, it's the controller. If you're interested in what it's like running SDN in prod...
by buraglio
Sat Dec 19, 2015 5:43 pm
Forum: Beginner Basics
Topic: Intermittent local and remote connectivity
Replies: 0
Views: 1285

Intermittent local and remote connectivity

I have a mikrotik CRS226-24G-2S+ that I am seeing some weird behavior with. I have 7 or so other mikrotik devices doing some other functions without issue, but my background is not in this hardware. I have almost 20 years in service provider backbone networking and I fear that some of my assumptions...
by buraglio
Mon Aug 10, 2015 6:05 pm
Forum: Forwarding Protocols
Topic: State of Openflow
Replies: 15
Views: 11962

Re: State of Openflow

I've been working with openflow since since the very early days, ~2009. I recently picked up some Mikrotik gear to start replacing a lot of old pfsense stuff. I'd like to start using the OpenFlow offering, but would really like to see something newer than 1.0. How is OpenFlow being implemented? Is i...